Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1890
Views
0
Helpful
2
Replies

FPR 1010 running ASA - Possible to activate license without internet?

tmbenne
Level 1
Level 1

‎10-15-2021 10:10 AM

We have a customer that currently has ASA 5500s, we are going to replace them with the FPR1010 using ASA code. We need to activate the SEC Plus license in order to run them in HA. However, it doesnt look like its possible to activate the license without the FPR having access to the internet.  If I do allow the 1010s temporary access so they can register the license, will there be a problem if I shut off internet access after that? The customer has to have a closed network for security reasons, so the FPR's wont have access to the internet.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎10-15-2021 11:37 AM

After activating the License that does not have any effect on the firewall, and you may see a compliance issue, the device is not able to communicate with the smart License.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎10-16-2021 12:18 AM

Hi @tmbenne,

You actually have several different options here:

  • You can allow periodic access to Internet in order to license devices, as permanent connectivity is not required, only periodical. However, I think this is a bad option, as sooner or later, someone will forget to do it.
  • You could install Smart Software Manager Satelite - on-prem component serving as a proxy for licensing. You would register FPR1010 to SSM (which is inside of your network, so no Internet access is required), and only SSM would communicate to Internet. You could register your other Cisco devices same way, making SSM a single point of contact.
  • Same as above, just that SSM is not permanently connected to the Internet. Rather, you do manual periodic sync by downloading some file from SmartAccount, and uploading it back to SSM.
  • By using PLR (Permanent License Reservation) licensing. It could be a tricky one, as this one needs to be ordered spearately (it could be with low/no price), and I believe there is additional export-control delivery hold.

Leaving your devices ut of compliance is the worst option from my standpoint, given that air-gapped networks are something that Cisco actually anticipated and offered a solution for those.

BR,

Milos

0 Helpful
Customers Also Viewed These Support Documents