Threat Defense 1 Year License features?

WiLL-I-Am · ‎09-27-2020

Hence we have never bought network appliances with base license, I haven't involved with licensing so much, do I get a base license right out of the box when I buy a FPR 2130? that base license already includes 2000 Anyconnect peers, and the number of site to sites, clustering enabled, multi context, what about for example bit torrent deep packet inspection?

and what features will be added if I buy a threat defense license?

thank you

balaji.bandi · ‎09-27-2020

Not sure what License you have purchased, Look at the License model : ( section - FTD License Types and Restrictions)

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/licensing_the_firepower_system.html#concept_5B8D7BC78F154A34A31118D05B26D851

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

WiLL-I-Am · ‎09-27-2020

I found something from your last comment about anyconnect..

but I guess my question is still the same, what doesn't come with the base license?

Base license
    configure your FTD devices to perform switching and routing (including DHCP relay and NAT)
    configure FTD devices as a high availability pair
    configure security modules as a cluster within a Firepower 9300 chassis (intra-chassis clustering)
    configure Firepower 9300 or Firepower 4100 series devices running Firepower Threat Defense as a cluster (inter-chassis clustering)
    implement user and application control by adding user and application conditions to access control rules

Threat and malware detection and URL filtering features require additional, optional licenses.

this is from cisco, is there more than Threat and malware detection and URL filtering?

what about site to site?that comes with the base too?

and for 2,499 anyconnect clients for 3 years I just need to purchase this L-AC-APX-3Y-S5? I found it pretty cheap, it's bellow $10.

rschlayer · ‎09-27-2020

Hello@WiLL-I-Am

you can do S2S VPN just fine wit the basic license.

The other licensing options (on top) are malware, threat and url filtering.

In case of AnyConnect, pricing is per user, so while the SKU shows below $10, that is per user.

Best regards

Rick

balaji.bandi · ‎09-28-2020

base comes with standard as like any other FW, rest all addons you need to buy license optional. ( it used to 2 users vpn user free should be same i guess in FTD, but more users you need to buy as per the license model).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

WiLL-I-Am · ‎09-28-2020

how about strong encryption, do I need that for site to site? that comes with the base as well?

I have one firepower that when I run the show license all it says

asa(config-smart-lic)# show license all

Smart licensing enabled: Yes

Compliance status: In compliance

Overall licensed status: Authorized (3)

Entitlement(s):

Feature tier:
Tag: regid.2015-10.com.cisco.FIREPOWER_4100_ASA_STANDARD,1.0_7d7f5ee2-1398-4b0e-aced-b3f7fb1cacfc
Version: 1.0
Enforcement mode: Authorized
Handle: 1
Requested time:  2020 
Requested count: 1
Request status: Complete

Serial Number: 

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 10
Carrier : Disabled
AnyConnect Premium Peers : 20000
AnyConnect Essentials : Disabled
Other VPN Peers : 20000
Total VPN Peers : 20000
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 15000
Clustetext

it means I payed for 20000 peers here already?(I don't think we payed $6.9 per user, there should be some other way that we bought this license, in a package with something else, idk how it works), is it possible?

how can I know if it's apex or not?

thanks