Hence we have never bought network appliances with base license, I haven't involved with licensing so much, do I get a base license right out of the box when I buy a FPR 2130? that base license already includes 2000 Anyconnect peers, and the number of site to sites, clustering enabled, multi context, what about for example bit torrent deep packet inspection?
and what features will be added if I buy a threat defense license?
Not sure what License you have purchased, Look at the License model : ( section - FTD License Types and Restrictions)
I found something from your last comment about anyconnect..
but I guess my question is still the same, what doesn't come with the base license?
Base license configure your FTD devices to perform switching and routing (including DHCP relay and NAT) configure FTD devices as a high availability pair configure security modules as a cluster within a Firepower 9300 chassis (intra-chassis clustering) configure Firepower 9300 or Firepower 4100 series devices running Firepower Threat Defense as a cluster (inter-chassis clustering) implement user and application control by adding user and application conditions to access control rules
Threat and malware detection and URL filtering features require additional, optional licenses.
this is from cisco, is there more than Threat and malware detection and URL filtering?
what about site to site?that comes with the base too?
and for 2,499 anyconnect clients for 3 years I just need to purchase this L-AC-APX-3Y-S5? I found it pretty cheap, it's bellow $10.
you can do S2S VPN just fine wit the basic license.
The other licensing options (on top) are malware, threat and url filtering.
In case of AnyConnect, pricing is per user, so while the SKU shows below $10, that is per user.
base comes with standard as like any other FW, rest all addons you need to buy license optional. ( it used to 2 users vpn user free should be same i guess in FTD, but more users you need to buy as per the license model).
how about strong encryption, do I need that for site to site? that comes with the base as well?
I have one firepower that when I run the show license all it says
asa(config-smart-lic)# show license all
Smart licensing enabled: Yes
Compliance status: In compliance
Overall licensed status: Authorized (3)
Enforcement mode: Authorized
Requested time: 2020
Requested count: 1
Request status: Complete
License mode: Smart Licensing
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 10
Carrier : Disabled
AnyConnect Premium Peers : 20000
AnyConnect Essentials : Disabled
Other VPN Peers : 20000
Total VPN Peers : 20000
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 15000
it means I payed for 20000 peers here already?(I don't think we payed $6.9 per user, there should be some other way that we bought this license, in a package with something else, idk how it works), is it possible?
how can I know if it's apex or not?