Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1144
Views
0
Helpful
4
Replies

FirePOWER license Failover cluster

Oleg Volkov
Spotlight
Spotlight

‎07-07-2017 02:03 AM

Hello!

I have two ASA5515-X and want to upgrade to FirePOWER

I need 50 AnyConnect license.

Can I buy 25 license for active and 25 for standby and get 50 license total or I must buy 50 license for each unit?

Also if I want to install AMP endpoint in my Inside hosts (Desctop PC), I must buy FP-AMP-LIC= for each host?

Thanks!

PS:

I attach file with configuration

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎07-07-2017 02:51 AM

Both licenses are unrelated to the Firepower service module on the ASA:

AnyConnect: Is typically licensed per user that installs the client. One PLUS-license is needed per user regardless of the concurrent connections. These licenses can be applied to both ASAs, but the ASAs itself share licenses so it is not needed. There is also the option to license an individual ASA, you have to calculate which license fits your needs:

http://www.cisco.com/c/dam/en/us/products/collateral/security/anyconnect-og.pdf

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200191-AnyConnect-Licensing-Frequently-Asked-Qu.html

AMP for Endpoints: This is not the AMP you can activate on Firepower. AMP for Endpoint runs on the PCs and is licensed per PC where the software gets installed.

The mentioned SKU is the base-license and you need to add the subscription duration and the amount  of end devices.

Firepower on the ASA: these are the services that you need for your firewalls. In a HA/Cluster setup, both units need Firepower licenses. In addition to that you also need a Firepower Management Center to manage Firepower.

0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to Karsten Iwen

‎07-07-2017 02:57 AM

I change AnyConnect to APEX:

ASA5515-FP-UPG Upgrade Kit: ASA5515-X FW, IPS, CX to ASA5515-X FirePower
ASA5515-CTRL-LIC= Cisco ASA5515 Control License
ASA5500X-SSD120= ASA 5512-X through 5555-X 120 GB MLC SED SSD (Spare)
CON-SNT-ASD120 SNTC-8X5XNBD ASA 5512-X through 5
FS-VMW-2-SW-K9 Cisco Firepower Management Center,(VMWare) for 2 devices
CON-ECMU-VMWSW2 SWSS UPGRADES Cisco Firepower Management Center,(VMWare) for
L-ASA5515-TAM= Cisco ASA5515 FirePOWER IPS and AMP Licenses
L-ASA5515-TAM-1Y Cisco ASA5515 FirePOWER IPS and AMP 1YR Subs.
L-AC-APX-LIC= Cisco AnyConnect Apex Term License, Total Authorized Users
L-AC-APX-3Y-S1 Cisco AnyConnect Apex License, 3YR, 25-99 Users

And 

ASA5515-FP-UPG Upgrade Kit: ASA5515-X FW, IPS, CX to ASA5515-X FirePower
ASA5515-CTRL-LIC= Cisco ASA5515 Control License
L-ASA5515-TAM= Cisco ASA5515 FirePOWER IPS and AMP Licenses
L-ASA5515-TAM-1Y Cisco ASA5515 FirePOWER IPS and AMP 1YR Subs.
ASA5500X-SSD120= ASA 5512-X through 5555-X 120 GB MLC SED SSD (Spare)
CON-SNT-ASD120 SNTC-8X5XNBD ASA 5512-X through 5
L-AC-APX-LIC= Cisco AnyConnect Apex Term License, Total Authorized Users
L-AC-APX-3Y-S1 Cisco AnyConnect Apex License, 3YR, 25-99 Users

It is for Active and Standby units

What will be total simultaneous AnyConnect session count? 50? 

Thanks!

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

Karsten Iwen
VIP
VIP
In response to Oleg Volkov

‎07-07-2017 03:12 AM

AnyConnect PLUS and APEX do not count simultaneous connections. You license the amount of users (or humans) that will use AnyConnect (or a licensed feature of AnyConnect).

Example: You have 50 employees in your organization. 25 of these need VPN. You buy 25 AnyConnect licenses for these users. All 25 users can use the VPN simultaneously with any amount of devices. But if you install AnyConnect on additional PCs and additional users are using the VPN, you are doing a license violation (although it will technically work as the number of licenses is not enforced yet).

As PLUS and APEX is licensed per user, you don't need these licenses for the secondary ASA. 

0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to Karsten Iwen

‎07-07-2017 05:04 AM

Thanks!

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful
Customers Also Viewed These Support Documents