cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
36049
Views
40
Helpful
31
Replies

SourceFire - How to get License Key of the Defense center

dhvenkat
Cisco Employee
Cisco Employee

Obtain the License Key for a Firepower Device and a Firepower Service Module

Document ID200376

Updated:Mar 09, 2016

Download Document

 

Print

Contents

Introduction

Obtain the License Key

Using the Firepower Management Center (FMC)

Using the Adaptive Security Device Manager (ASDM)

Related Documents

Introduction

In order to generate a Classic License for any Firepower service, a License Key is necessary. You can use a Firepower Management Center (FMC) or an Adaptive Security Device Manager (ASDM) to determine the license key. This document describes the steps to obtain the License Key for a Classic License from both user interfaces - FMC and ASDM.

Obtain the License Key

Using the Firepower Management Center (FMC)

If the device is managed by the Firepower Management Center, follow the steps below to find the License Key:

  1. Login to the Firepower Management Center.
  2. Navigate to the SystemLicense > Classic Licenses

Note: If the FMC is running a version prior to 6.x, navigate to the System > License page.

 

  1. Click onAdd New License 
  2. From the screen, obtain the License Key.

Using the Adaptive Security Device Manager (ASDM)

If the device is managed by the Adaptive Security Device Manager, follow the steps below to find the License Key:

  1. Select the Configurationoption that is located at the top of the window.
  2. Select the ASA FirePOWER Configurationoption which is located at the bottom of left pane.
  3. Select the Licenseoption from the middle of the left pane.

  4. Click the Add New Licensebutton to obtain the License Key.

 


 

-- DD (Sourcefire Acquisition Business Analyst)

31 Replies 31

Hello i.popov01,

 

Thank you for sharing this! after wasting 1 hour by googling around due to lack of proper documentation I found your post. And it did the trick.

Unlike 5510 onwards Appliances, Mgmt port on this firewall is only for FirePOWER feature and it has to be connected and routable to the interface from where you are connected to ASDM and then you have to run the wizard to configure FirePOWER IP by running firewall wizard (or cli). Only then you will be able to see the extra tab as mentioned in Cisco doc and Marvin in this thread.

Here's a fun one: I'm stuck on step 2.5. I have a Firepower tab on the home screen, but no ASA Firepower Configuration option on the Configuration screen. Any thoughts?

Hi,

Do you have the Firepower module installed completely on the device ?

Can you make sure that the management interface is up on the ASA ?

Please verify that the user id has at least privilege 15.  The user id needs high enough privilege to access the FirePOWER components.

Thanks,

Pujita

Rate if it helps !

Also if the module has been registered to a FirePOWER Manager, then ASDM will not show the FirePOWER configuration or monitoring options - only the module status on the home page.

Yeah, I overlooked you guys talking about that further up this thread. Have it working now. Thanks!

Hi Mavin,

i need urgent assistance on this issue of license key. the ASA firepower tab is showing up, but under configuration i can't find ASA firePower configuration tab. so, i am stuck in generating the license key for my ASA 5506-X appliance. i want to generate license for url filtering. i don't know if there is another way of doing this. Kindly find the attached of the screenshots of the challenge.

I will really appreciate your feedback, i am seriously running out of time.

Thanks.

Olag,

it appears your FirePOWER module either has not been completely setup ( module IP address, gateway etc.) or else your ASDM session cannot reach the module via its IP address. The information appearing in the home tab is retrieved from the main ASA software and the configuration (and monitoring) tabs require IP connectivity to the module. 

Hi Mavin,

Many thanks for your response. I am using the device mangement IP address to reach the asdm. Is there any special way to configure FirePOWER module IP address, apart from interfaces IP addresses?

Thanks.

Please refer to the ASA FirePOWER module Quick Start Guide. 

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html

Both the ASA and the FirePOWER module need to have distinct management addresses. The module uses the physical management interface only. The ASA can use that one as well ( with its own different address as long as it's in the same subnet) or any other physical interface. Both interfaces addresses must be configured and accessible from your client running ASDM for the FirePOWER configuration and monitoring functions to be displayed in ASDM. 

Many thanks Mavin.....I just glance through the doc. It should be helpful.

I will update you.

If you are using local credentials, make sure you have the following configured on the ASA a username name with privilege 15 and you must have configured AAA authorization, than reload the ASDM and the tab will show up.  

username cisco password cisco123 privilege 15

aaa authorization command LOCAL

Regards,

evan.chadwick1
Level 1
Level 1

This is the go to page for licensing the asa 5506-x? A blog forum, really? 

It is very unprofessional,looping through the registartion tool and back again. Very frustrating. Can any vendor get the licensing part smooth?

Evan,

Cisco Support Community, while hosted by Cisco, is contributed to by mostly non-Cisco volunteers who give freely of their time to help the greater community.

If you have an operational issue requiring direct support, there are a variety of options to get such support via the Cisco TAC and partners. 

SUre thing. Strange that the quick start process sends everyone to this forum as their point of reference to learn what to do. Very surprised. 

Cheers, 

evan.chadwick1
Level 1
Level 1

I have registered my interest for the firepower demo lic, I received the email. 
It says to rgister my control lic first via go/license. 

after performing a cli show activation-key detail. I 

1/ entered my PAK that came with the 5506-x

2/ copied my lic from the key detail command

3/ received the frustrating error of 'error occured, invalid request or your session may have expired.

Help anyone?

Review Cisco Networking for a $25 gift card