Cisco Cisco Firepower Management Center 4000
52-5
FireSIGHT System User Guide
Chapter 52 Licensing the FireSIGHT System
Understanding Licensing
•
File control allows you to detect and, optionally, block users from uploading (sending) or
downloading (receiving) files of specific types over specific application protocols. With a Malware
license (see
downloading (receiving) files of specific types over specific application protocols. With a Malware
license (see
), you can also inspect and block a restricted set of those file types
based on their malware dispositions.
•
Security Intelligence filtering allows you to blacklist—deny traffic to and from—specific IP
addresses, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow
you to immediately blacklist connections based on the latest intelligence. Optionally, you can use a
“monitor-only” setting for Security Intelligence filtering.
addresses, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow
you to immediately blacklist connections based on the latest intelligence. Optionally, you can use a
“monitor-only” setting for Security Intelligence filtering.
Although you can configure an access control policy to perform Protection-related inspection without a
license, you cannot apply the policy until you first add a Protection license to the Defense Center, then
enable it on the devices targeted by the policy.
license, you cannot apply the policy until you first add a Protection license to the Defense Center, then
enable it on the devices targeted by the policy.
If you delete your Protection license from the Defense Center or disable Protection on managed devices,
the Defense Center stops acknowledging intrusion and file events from the affected devices. As a
consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the
Defense Center will not contact the internet for either Cisco-provided or third-party Security Intelligence
information. You cannot reapply existing policies until you re-enable Protection.
the Defense Center stops acknowledging intrusion and file events from the affected devices. As a
consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the
Defense Center will not contact the internet for either Cisco-provided or third-party Security Intelligence
information. You cannot reapply existing policies until you re-enable Protection.
Because a Protection license is required for URL Filtering, Malware, and Control licenses, deleting or
disabling a Protection license has the same effect as deleting or disabling your URL Filtering, Malware,
or Control license.
disabling a Protection license has the same effect as deleting or disabling your URL Filtering, Malware,
or Control license.
Note
Series 2 devices automatically have most Protection capabilities; you do not have to purchase or enable
Protection licenses for these devices. However, Series 2 devices cannot perform Security Intelligence
filtering.
Protection licenses for these devices. However, Series 2 devices cannot perform Security Intelligence
filtering.
Control
License:
Control
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
feature dependent
A Control license allows you to implement user and application control by adding user and application
conditions to access control rules. It also allows you to configure your Series 3 managed devices to
perform switching and routing (including DHCP relay and NAT), as well as cluster managed devices. To
enable Control on a managed device, you must also enable Protection.
conditions to access control rules. It also allows you to configure your Series 3 managed devices to
perform switching and routing (including DHCP relay and NAT), as well as cluster managed devices. To
enable Control on a managed device, you must also enable Protection.
Note
Although you can enable a Control license on a virtual device, Sourcefire Software for X-Series, or
ASA FirePOWER device, these devices do not support switching, routing, stacking, or clustering.
ASA FirePOWER device, these devices do not support switching, routing, stacking, or clustering.
Although you can add user and application conditions to access control rules without a Control license,
you cannot apply the policy until you first add a Control license to the Defense Center, then enable it on
the devices targeted by the policy.
you cannot apply the policy until you first add a Control license to the Defense Center, then enable it on
the devices targeted by the policy.
Note that the DC500 Defense Center does not support adding user conditions in access control rules.
Without a Control license, you cannot create switched, routed, or hybrid interfaces on your managed
devices; create NAT entries; or configure DHCP relay for virtual routers. Although you can create virtual
switches and routers, they are not useful without switched and routed interfaces to populate them.
devices; create NAT entries; or configure DHCP relay for virtual routers. Although you can create virtual
switches and routers, they are not useful without switched and routed interfaces to populate them.