Cisco Cisco FirePOWER Appliance 7020
52-7
FireSIGHT System User Guide
Chapter 52 Licensing the FireSIGHT System
Understanding Licensing
and Spero analysis to determine whether they contain malware. The Malware license also allows you add
specific files to a file list and enable the file list within a file policy, allowing those files to be
automatically allowed or blocked on detection.
specific files to a file list and enable the file list within a file policy, allowing those files to be
automatically allowed or blocked on detection.
Although you can add a malware-detecting file policy to an access control rule without a Malware
license, the file policy is marked with a warning icon (
license, the file policy is marked with a warning icon (
) in the access control rule editor. Within the
file policy, Malware Cloud Lookup rules are also marked with the warning icon. Before you can apply
an access control policy that includes a malware-detecting file policy, you must add a Malware license,
then enable it on the devices targeted by the policy. If you later disable the license on the devices, you
cannot reapply an existing access control policy to those devices if it includes file policies that perform
malware detection.
an access control policy that includes a malware-detecting file policy, you must add a Malware license,
then enable it on the devices targeted by the policy. If you later disable the license on the devices, you
cannot reapply an existing access control policy to those devices if it includes file policies that perform
malware detection.
If you delete all your Malware licenses or they all expire, the Defense Center stops performing malware
cloud lookups, and also stops acknowledging retrospective events sent from the Cisco cloud. You cannot
reapply existing access control policies if they include file policies that perform malware detection. Note
that for a very brief time after a Malware license expires or is deleted, the system can use cached
dispositions for files detected by Malware Cloud Lookup file rules. After the time window expires, the
system assigns a disposition of
cloud lookups, and also stops acknowledging retrospective events sent from the Cisco cloud. You cannot
reapply existing access control policies if they include file policies that perform malware detection. Note
that for a very brief time after a Malware license expires or is deleted, the system can use cached
dispositions for files detected by Malware Cloud Lookup file rules. After the time window expires, the
system assigns a disposition of
Unavailable
to those files, rather than performing a lookup.
Note that a Malware license is only required if you want the system to detect malware in network traffic.
Without a Malware license, the Defense Center can receive endpoint-based malware events from the
Cisco cloud if your organization has a FireAMP subscription. For more information, see
Without a Malware license, the Defense Center can receive endpoint-based malware events from the
Cisco cloud if your organization has a FireAMP subscription. For more information, see
VPN
License:
VPN
Supported Devices:
Series 3
VPN allows you to establish secure tunnels between endpoints via a public source, such as the Internet
or other network. You can configure the FireSIGHT System to build secure VPN tunnels between the
virtual routers of Cisco managed devices. To enable VPN, you must also enable Protection and Control
licenses.
or other network. You can configure the FireSIGHT System to build secure VPN tunnels between the
virtual routers of Cisco managed devices. To enable VPN, you must also enable Protection and Control
licenses.
Without a VPN license, you cannot configure a VPN deployment with your managed devices. Although
you can create deployments, they are not useful without at least one VPN-enabled routed interface to
populate them.
you can create deployments, they are not useful without at least one VPN-enabled routed interface to
populate them.
If you delete your VPN license from the Defense Center or disable VPN on individual devices, the
affected devices do not break the current VPN deployments. Although you can edit and delete existing
deployments, you cannot apply your changes to the affected devices.
affected devices do not break the current VPN deployments. Although you can edit and delete existing
deployments, you cannot apply your changes to the affected devices.
Licensing High Availability Pairs
License:
Any
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
Defense Centers in a high availability pair do not share licenses. You must apply equivalent licenses to
each member of the pair. Because Cisco generates licenses based on each Defense Center’s unique
license key, you cannot use the same licenses on different Defense Centers.
each member of the pair. Because Cisco generates licenses based on each Defense Center’s unique
license key, you cannot use the same licenses on different Defense Centers.