Showing results for 
Search instead for 
Did you mean: 

Cisco Employee

SourceFire - How to get License Key of the Defense center

Obtain the License Key for a Firepower Device and a Firepower Service Module

Document ID200376

Updated:Mar 09, 2016

Download Document





Obtain the License Key

Using the Firepower Management Center (FMC)

Using the Adaptive Security Device Manager (ASDM)

Related Documents


In order to generate a Classic License for any Firepower service, a License Key is necessary. You can use a Firepower Management Center (FMC) or an Adaptive Security Device Manager (ASDM) to determine the license key. This document describes the steps to obtain the License Key for a Classic License from both user interfaces - FMC and ASDM.

Obtain the License Key

Using the Firepower Management Center (FMC)

If the device is managed by the Firepower Management Center, follow the steps below to find the License Key:

  1. Login to the Firepower Management Center.
  2. Navigate to the SystemLicense > Classic Licenses

Note: If the FMC is running a version prior to 6.x, navigate to the System > License page.


  1. Click onAdd New License 
  2. From the screen, obtain the License Key.

Using the Adaptive Security Device Manager (ASDM)

If the device is managed by the Adaptive Security Device Manager, follow the steps below to find the License Key:

  1. Select the Configurationoption that is located at the top of the window.
  2. Select the ASA FirePOWER Configurationoption which is located at the bottom of left pane.
  3. Select the Licenseoption from the middle of the left pane.

  4. Click the Add New Licensebutton to obtain the License Key.



-- DD (Sourcefire Acquisition Business Analyst)

Cisco Employee

The DC License key is:

•Unique identifier which locks the license to a node
•Consists of the Defense Center Product Name Code and its MAC ID
•License Key will be found on the installed Defense Center
-Merv Reyes
Licensing PM

the asa 5506-x is a piece of JUNK

poor license process

i have unlimted interaces yet the gui wont let me use more than two

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 30 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 50 perpetual
Total VPN Peers : 50 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Total UC Proxy Sessions : 160 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Disabled perpetual

poor docuementation

it states that the mgmt if and int 1/2 should be on the same subnet

on the gui you get a subnet overlap error if using the same subnet

the later short document is inconsistent

w.r.t. to firepower access

my ASDM is never able to access or load the firepower modeule

i try to apply my PAK . it tells me i need a virtual mgmt appliance to get a key (;


there is a known bug in the lastest version of ASDM (7.51), downgrade ASDM 7.43 in order to provision multiple interfaces on the ASA platform.

Cisco Employee


Can you tell me what are the Product IDs for the Sourcefire Defense Center?



Merv Reyes


We have Physical and Virtual Defense Center in SourceFire,

Physical DC License PIDs: FS750-FSIGHT-LIC=, FS1500-FSIGHT-LIC=, FS3500-FSIGHT-LIC=

Virtual DC License PIDs : FS_VMW-SW-K9



For many new technologies such as this, we deploy the system multiple times before the production deployment on-prem for the client. I'm using their ASA, but a vDC (virtual Defense Center) is being used to manage the SFR module.

How difficult is it to re-host a license? I need to be able to configure the module in our pre-deployment lab but if I use the client's license key for this purpose than it's locked to our very temporary vDC instance. Once I spin up the client's vDC, I won't be able to register the PAC again to its serial # and will have to 're-host' the license. Are there any eval/demo licenses that I can leverage rather than re-host?

Kind Regards, Kevin Sheahan, CCIE # 41349


You can create Demo/EVAL licenses by using the Internal License generation tool,





The Internal License generation tool link doesn't work for me; is there another?





I am getting an error (activation key reqd) while generating license file on "", I have license keys for the sensor but don't have the activation key, do i need to use serial number in place of activation key, since there is no activation key for 8000 series and DC 1500.

Any help will be appreciated ?






Are these PAKs created from CISCO, if so then you need to register them on Cisco licensing tool rather than SourceFire Keyserver.





i have just received my brand new ASA5506-X and trying to register the product.

i have the PAK but i dont know how to log in to "Defense Center" to get the License Key!

appreciate your help


It's an official document from cisco but wasn't helpful for me. 

I have two, brand new 5506-X and on Step 2 (Assign to a Target Device) after entering PAK I get "Invalid License Key"... and everything stops here.

I don't want to use FirePower/SourceFire/whatever right now. I just want to register my ASA and obtain Security Plus license and proceed with failover config!

Probably I use a wrong manual but anyway - I'm going to open a Support Case and wait for their recommendation.



Networld-ITS - I hope you resolved this by now but in case you haven't, the "Defense Center" is either an external Defense Center / FireSIGHT Management Center appliance (or VM) OR - in the case of ASA 5560 / 5508 and 5516 - it can be the FireSIGHT section withing ASDM GUI for those platforms.

So for your ASA 5506 just log into ASDM and get the license key from it. See screenshot below. (I have blacked out my ASA's license key value.)

i.popov01 - It sounds like you may be using the PAK for FireSIGHT features and not the Security Plus license PAK.



Thank you for a comment Marvin.

I found where my misconception starts and Cisco TAC land me to same point:


1. When you log into ASDM, do you see 3 ASA FirePOWER tabs on the home screen?

2. If yes, please skip this step. If no, please answer the following

 - Have you performed the initial ip configuration of the module?

 - Is the management interface of the ASA plugged in?

3. If you see the 3 ASA FIrePOWER tabs, then you are able to communicate with the module. To find the license key, please do the following:

 - From ASDM

 - Select Configuration

 - Select ASA FirePOWER Configuration (left hand pane)

 - You should see the ASA FirePOWER Configuration options in the left hand pane

 - Select the option Licenses

 - A new page will load

 - Select Add New License in the upper right hand corner of the new page

 - You will now see your license key

Content for Community-Ad