03-17-2018 11:22 PM - edited 02-21-2020 07:31 AM
Hi !!
I have a FPR2110 firewall in currently in the network. I have license for just one firewall for 1. Threat 2. Malware 3. URL License 4. RA VPN
We recently bought one more firewall FPR2110 along with FMC. I do not have any plan to put it in redundant mode so I didnt buy any license for the firewall features.
My questions are:
1. If I disabled the license on existing firewall which is FDM managed, then will I lose any configuration on it ?
2. Once I disable the licenses on existing FTD firewall, can I reuse them to configure my new spare firewall by applying the smart license through the FMC? & once this configuration is complete I want to release the licenses again to apply them back into the FTD firewall from where they were disabled again.
Is this feasible with Smart licenses? Do I lose any configuration when I disable/release the license?
03-18-2018 12:08 AM - edited 03-18-2018 03:36 AM
You won't lose any configuration by disabling a given Smart license. The features that it licenses will continue to work but stop being configurable. RA VPN will not accept new connections. Other than that, later reapplying the license will result in everything working normally once again.
You could also just setup and configure the new firewall using the 90 day free trial license.
03-18-2018 12:34 AM - edited 03-18-2018 12:42 AM
Thanks Marvin. My plan for disabling the license from existing firewall is to get it applied on the new one so I can configure the new firewall for RA VPN as well which is not possible in current 90-day eval license.
Once the new spare firewall is configured completely, I will continue using the new firewall as it will be managed by FMC and keep the old FPR2110 as a spare (not in network).
If ever the new firewall fails then keep the old one ready to be connected back manually in the network by again reapplying the licenses to the old exisitng FPR2110. so everything works back again. Thus I hope everything works as planned as per your confirmation.
03-18-2018 03:39 AM
You can do what you're asking but it adds a fair amount of operational complexity and what is known as "technical debt" to save some money. You could have bought the pair as a bundle and Cisco offers 50% off the Threat, URL and Malware licenses for the second unit.
The AnyConnect licenses are per user (not per device) and available to be applied to both units.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: