Showing results for 
Search instead for 
Did you mean: 


Threat Defense 1 Year License features?

Hence we have never bought network appliances with base license, I haven't involved with licensing so much, do I get a base license right out of the box when I buy a FPR 2130? that base license already includes 2000 Anyconnect peers, and the number of site to sites, clustering enabled, multi context, what about for example bit torrent deep packet inspection?


and what features will be added if I buy a threat defense license?


thank you

VIP Mentor

Not sure what License you have purchased, Look at the License model : ( section - FTD License Types and Restrictions)



*** Rate All Helpful Responses ***

I found something from your last comment about anyconnect..

but I guess my question is still the same, what doesn't come with the base license?


Base license
    configure your FTD devices to perform switching and routing (including DHCP relay and NAT)
    configure FTD devices as a high availability pair
    configure security modules as a cluster within a Firepower 9300 chassis (intra-chassis clustering)
    configure Firepower 9300 or Firepower 4100 series devices running Firepower Threat Defense as a cluster (inter-chassis clustering)
    implement user and application control by adding user and application conditions to access control rules

Threat and malware detection and URL filtering features require additional, optional licenses.

this is from cisco, is there more than Threat and malware detection and URL filtering?

what about site to site?that comes with the base too?

and for 2,499 anyconnect clients for 3 years I just need to purchase this L-AC-APX-3Y-S5? I found it pretty cheap, it's bellow $10.



you can do S2S VPN just fine wit the basic license.

The other licensing options (on top) are malware, threat and url filtering.

In case of AnyConnect, pricing is per user, so while the SKU shows below $10, that is per user.

Best regards



base comes with standard as like any other FW, rest all addons you need to buy license optional. ( it used to 2 users vpn user free should be same i guess in FTD, but more users you need to buy as per the license model).



*** Rate All Helpful Responses ***

how about strong encryption, do I need that for site to site? that comes with the base as well?

I have one firepower that when I run the show license all it says


asa(config-smart-lic)# show license all

Smart licensing enabled: Yes

Compliance status: In compliance

Overall licensed status: Authorized (3)


Feature tier:
Version: 1.0
Enforcement mode: Authorized
Handle: 1
Requested time: 2020
Requested count: 1
Request status: Complete

Serial Number:

License mode: Smart Licensing

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 1024
Inside Hosts : Unlimited
Failover : Active/Active
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 10
Carrier : Disabled
AnyConnect Premium Peers : 20000
AnyConnect Essentials : Disabled
Other VPN Peers : 20000
Total VPN Peers : 20000
AnyConnect for Mobile : Enabled
AnyConnect for Cisco VPN Phone : Enabled
Advanced Endpoint Assessment : Enabled
Shared License : Disabled
Total TLS Proxy Sessions : 15000


it means I payed for 20000 peers here already?(I don't think we payed $6.9 per user, there should be some other way that we bought this license, in a package with something else, idk how it works), is it possible?

how can I know if it's apex or not?



Content for Community-Ad