Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
959
Views
10
Helpful
3
Replies

Smart licenses for FPR2110 (Release/Disable)

Nandan Mathure
Level 1
Level 1

‎03-17-2018 11:22 PM - edited ‎02-21-2020 07:31 AM

Hi !!

 

I have a FPR2110 firewall in currently in the network. I have license for just one firewall for 1. Threat 2. Malware 3. URL License 4. RA VPN 

 

We recently bought one more firewall FPR2110 along with FMC. I do not have any plan to put it in redundant mode so I didnt buy any license for the firewall features. 

 

My questions are:

1. If I disabled the license on existing firewall which is FDM managed, then will I lose any configuration on it ?

2. Once I disable the licenses on existing FTD firewall, can I reuse them to configure my new spare firewall by applying the smart license through the FMC? & once this configuration is complete I want to release the licenses again to apply them back into the FTD firewall from where they were disabled again.

 

Is this feasible with Smart licenses? Do I lose any configuration when I disable/release the license?

 

 

 

Labels:
Preview file
176 KB
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-18-2018 12:08 AM - edited ‎03-18-2018 03:36 AM

You won't lose any configuration by disabling a given Smart license. The features that it licenses will continue to work but stop being configurable. RA VPN will not accept new connections. Other than that, later reapplying the license will result in everything working normally once again.

 

You could also just setup and configure the new firewall using the 90 day free trial license.

Nandan Mathure
Level 1
Level 1
In response to Marvin Rhoads

‎03-18-2018 12:34 AM - edited ‎03-18-2018 12:42 AM

Thanks Marvin. My plan for disabling the license from existing firewall is to get it applied on the new one so I can configure the new firewall for RA VPN as well which is not possible in current 90-day eval license.

Once the new spare firewall is configured completely, I will continue using the new firewall as it will be managed by FMC and keep the old FPR2110 as  a spare (not in network).

 

If ever the new firewall fails then keep the old one ready to be connected back manually in the network by again reapplying the licenses to the old exisitng FPR2110. so everything works back again. Thus I hope everything works as planned as per your confirmation.

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Nandan Mathure

‎03-18-2018 03:39 AM

You can do what you're asking but it adds a fair amount of operational complexity and what is known as "technical debt" to save some money. You could have bought the pair as a bundle and Cisco offers 50% off the Threat, URL and Malware licenses for the second unit.

 

The AnyConnect licenses are per user (not per device) and available to be applied to both units.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card