Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3547
Views
10
Helpful
7
Replies

License required for Firepower module services

Go to solution
LovejitSingh130013
Level 2
Level 2

‎03-18-2022 11:32 AM

Hello Experts @Marvin Rhoads  @Rob Ingram  @balaji.bandi 

 

They got multiple licenses like Malware (AMP), URL, Malware, Base.

Need to know which one is required for Geo-Blocking ? and blocking multiple domains like xyzlawyers.com etc

also, what does Base license means?

 

Also, Is there any way to block Applications like we do on Fortigate, like Application Control, which license is required for that?

 

Thanks,

LJ 

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-18-2022 11:51 AM

@LovejitSingh130013 

Base is the license that comes with the device and does not require a subscription.

Here is a break down of the features per license:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/licensing_the_firepower_system.html

 

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-18-2022 01:00 PM

check base License here :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/Licensing_the_Firepower_System.html

 

with IPS you can block geo-based ( make sure you get geo database updated periodically)

 

If you know the IP address range, you can directly block using ACP

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LovejitSingh130013

‎03-19-2022 01:30 AM

Whether you need Smart or Classic licenses depends on the type of devices you are managing.

ASA Firepower service modules use classic licenses. They start with Control + Protect (Free) and add on IPS subscription, Malware and URL Filtering (all paid).

FTD devices (running on either Firepower appliances, VMs or ASA hardware) use smart licenses. They start with Base (free) and add on Threat, Malware and URL Filtering (all paid).

View solution in original post

7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎03-18-2022 11:51 AM

@LovejitSingh130013 

Base is the license that comes with the device and does not require a subscription.

Here is a break down of the features per license:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/licensing_the_firepower_system.html

 

Go to solution
LovejitSingh130013
Level 2
Level 2
In response to Rob Ingram

‎03-18-2022 12:02 PM

Thanks @Rob Ingram  

 

When I need to purchase the Smart license, just it needs to purchase with Sfr serial no. or ASA serial no.

 

Also, My FMC is not even showing Base as licensed. is it normal or it needs some work.

 

ASA.JPG

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LovejitSingh130013

‎03-19-2022 01:30 AM

Whether you need Smart or Classic licenses depends on the type of devices you are managing.

ASA Firepower service modules use classic licenses. They start with Control + Protect (Free) and add on IPS subscription, Malware and URL Filtering (all paid).

FTD devices (running on either Firepower appliances, VMs or ASA hardware) use smart licenses. They start with Base (free) and add on Threat, Malware and URL Filtering (all paid).

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-18-2022 01:00 PM

check base License here :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/Licensing_the_Firepower_System.html

 

with IPS you can block geo-based ( make sure you get geo database updated periodically)

 

If you know the IP address range, you can directly block using ACP

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
LovejitSingh130013
Level 2
Level 2
In response to balaji.bandi

‎03-22-2022 07:42 AM

Hello @Marvin Rhoads  @balaji.bandi @Rob Ingram 

 

Does TC (Threat + URL) will be enough to perform Geo-blocking?

 

Thanks,

 

LJ

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LovejitSingh130013

‎03-22-2022 09:26 AM

@LovejitSingh130013 yes it will suffice.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to LovejitSingh130013

‎03-22-2022 10:22 AM

yes that should work (if you not able to use ACP to block)

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card