Cisco Cisco FirePOWER Appliance 8130
52-9
FireSIGHT System User Guide
Chapter 52 Licensing the FireSIGHT System
Understanding Licensing
For example, you can monitor 1000 hosts and 1000 users with the DC500.
If your Defense Center was previously running Version 4.10.x of the FireSIGHT System and you used
an ISO file to “restore” the appliance to Version 5.x factory defaults, you may be able to use your legacy
RNA Host and RUA User licenses instead of a FireSIGHT license.
an ISO file to “restore” the appliance to Version 5.x factory defaults, you may be able to use your legacy
RNA Host and RUA User licenses instead of a FireSIGHT license.
For more information, see the following sections:
•
•
•
•
Understanding the FireSIGHT Host Limit
License:
FireSIGHT
The FireSIGHT license on your Defense Center determines how many individual hosts you can monitor
with the Defense Center and its managed devices, and therefore how many hosts you can store in your
network map.
with the Defense Center and its managed devices, and therefore how many hosts you can store in your
network map.
Note that the system counts MAC-only hosts separately from hosts identified by both IP addresses and
MAC addresses. All IP addresses associated with a host are counted together as one host.
MAC addresses. All IP addresses associated with a host are counted together as one host.
When the system detects activity associated with a host with an IP address in your monitored network
(as defined by your network discovery policy), that host is added to the network map.
(as defined by your network discovery policy), that host is added to the network map.
If you reach the host limit and the system detects a new host, whether the new host is added to the
network map depends on the
network map depends on the
When Host Limit Reached
setting in your network discovery policy. You can
configure the system either to stop adding new hosts to the database, or to replace the hosts that have
remained inactive for the longest time.
remained inactive for the longest time.
Note
Even if you cannot add a new host to the network map, the system still performs access control on that
host’s network traffic. Although reaching the FireSIGHT host limit does not prevent you from
performing access control on hosts discovered after you reached your licensed limit, you cannot view or
perform analysis on those hosts using host profile data. For example, you cannot use compliance white
lists to monitor network compliance for those hosts, or use those hosts in host profile qualifications, and
so on.
host’s network traffic. Although reaching the FireSIGHT host limit does not prevent you from
performing access control on hosts discovered after you reached your licensed limit, you cannot view or
perform analysis on those hosts using host profile data. For example, you cannot use compliance white
lists to monitor network compliance for those hosts, or use those hosts in host profile qualifications, and
so on.
You can also manually delete a host, an entire subnet, or all of your hosts from the network map. Keep
in mind, however, that if the system detects activity associated with a deleted host, it re-adds the host to
the network map.
in mind, however, that if the system detects activity associated with a deleted host, it re-adds the host to
the network map.
Note also that if the system has not detected network traffic from a host in the last
Host Timeout
period
specified in your network discovery policy, the host is removed from the network map. The default
setting is 10080 minutes (7 days).
setting is 10080 minutes (7 days).
DC3500
300,000
virtual
50,000
Table 52-2
FireSIGHT Limits by Defense Center Model (continued)
Defense Center Model
FireSIGHT Host and User Limit