In this video you'll learn how to apply Cisco Smart License on FMC and assign license to FTD (Firepower Threat Defense)Linkedin: https://www.linkedin.com/in/. Cisco Firepower allows for feed based filtering of networks (IP addresses), as well as URLs, and DNS requests through security intelligence polices. From my understanding, network feeds when applied block traffic with the destination IP addresses, and DNS feeds inspect DNS requests inline and drop traffic to flagged domains. For more information, Cisco Firewall ASA-FTD-X License Part Number Meet the industry’s first adaptive, threat-focused next-generation firewall (NGFW) designed for a new era of threat and advanced malware protection. Firepower 2110 Security Appliance:6.6.4:Firepower Threat Defense (FTD) Software Login and Valid Contract Required ASA 5516-X with FirePOWER Services:7.16.1.150:Adaptive Security Appliance (ASA) Device Manager Login and Valid Contract Required. Cisco Firepower TD Virtual Base License. FTD-V-(X)S-T. Cisco Firepower TD Virtual Threat Protection. FTD-V-(X)S-TM. Cisco Firepower TD Virtual Threat and Malware Protection. FTD-V-(X)S-TC. Cisco Firepower TD Virtual Threat Protection and URL. FTD-V-(X)S-TMC. Cisco Firepower TD Virtual Threat, Malware, and URL Filtering.
Firepower Management Center Configuration Guide ... - Cisco
Smart License Types
Your purchase of an FTD automatically includes a Base license. All additional licenses are optional.The following table explains the licenses available for Firepower Threat Defense (FTD) devices.
| License | Duration | Granted Capabilities |
|---|---|---|
| Base License (automatically included) | Perpetual | All features not covered by the subscription term licenses. You must also specify whether to Allow export-controlled functionality on the products registered with this token. You can select this option only if your country meets export-control standards. This option controls your use of advanced encryption and the features that require advanced encryption. |
| Threat | Term-based | Intrusion detection and prevention—Intrusion policies analyze network traffic for intrusions and exploits and, optionally, drop offending packets. File control—File policies detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types. AMP for Firepower, which requires a Malware license, allows you to inspect and block files that contain malware. You must have the Threat license to use any type of File policy. Security Intelligence filtering—Drop selected traffic before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to drop connections based on the latest intelligence immediately. |
| Malware | Term-based | File policies that check for malware, which use Cisco Advanced Malware Protection (AMP) with AMP for Firepower (network-based Advanced Malware Protection) and Cisco Threat Grid. File policies can detect and block malware in files transmitted over your network. |
| URL License | Term-based |
You can perform URL filtering on individual URLs without this license. |
RA VPN Only License RA VPN Plus License RA VPN Apex License | Term-based or perpetual based on the license type | Remote access VPN configuration. Your base license must allow export-controlled functionality to configure RA VPN. You select whether you meet export requirements when you register the device. Firepower Device Manager can use any valid AnyConnect license. The available features do not differ based on the license type. If you have not already purchased one, see Licensing Requirements for Remote Access VPN. Also, see the Cisco AnyConnect Ordering Guide, http://www.cisco.com/c/dam/en/us/products/collateral/security/anyconnect-og.pdf. |
FTDv Tiered Licenses in Version 7.0
Version 7.0 supports performance-tiered Smart Licensing for virtual FTD (FTDv) devices based on throughput requirements and RA VPN session limits. When the FTDv is licensed with one of the available performance licenses, two things occur: session limits for RA VPNs are determined by the installed FTDv platform entitlement tier, and enforced via a rate limiter.
Firepower Management Center Configuration Guides
CDO does not fully support tiered smart licensing at this time; see the following limitations:
See All Results For This Question
- You cannot modify the tiered license through CDO. You must make the changes in the FDM UI.
- If you register an FTDv to CDO for cloud services, the tiered license selection automatically resets to Variable, which is the default tier.
- If you onboard an FTDv running 7.0 and select a license that is not a default license during the onboarding process, the tiered license selection automatically resets to Variable, which is the default tier.
We strongly recommend selecting a tier for your FTDv license after onboarding your device to avoid the issues listed above. See Managing Smart Licenses for more information.