Cisco Ftd License
- Activating PLR License On Cisco FDM - Cisco License
- Cisco Firepower Threat Defense Configuration Guide For ...
- Cisco Firepower Series PLR License - Cisco License
- Cisco Ftd Anyconnect License
- Firepower Management Center Configuration Guides
- How To Apply Cisco Smart License For FTD Through FMC - YouTube
- Cisco Ftd Licensing
Now is the time to learn about the Cisco FTD. Before we dig into the software components and hardware platforms, let’s try to identify the difference between the FirePOWER Services and Firepower Threat Defense (FTD).
FirePOWER Service Versus Firepower Threat Defense (FTD)
As you might have guessed, FirePOWER Services refers to features that are similar to the pre-acquisition period software releases, such as Next-Generation Intrusion Prevention System Virtual (NGIPSv). In FTD, Cisco converges all the Sourcefire FirePOWER features, ASA firewall features, and some additional new features into one single unified software image.
Cisco APIC PLR or permanent license reservation solution is a secure way to activate all the premium capabilities on your leaves and spines, within the highly secure network where no inbound or outbound connection is allowed, permanently. Mar 01, 2021 Move or Remove Licenses from FTD Devices. Use this procedure to manage licenses for Firepower Threat Defense devices managed by an Firepower Management Center. For example, you can move a license from one FTD device to another device registered to the same FMC, or to remove a license from a device.
Figure 1 illustrates the convergence of Cisco ASA software with Sourcefire FirePOWER software into the FTD code. Due to this convergence, FirePOWER Services no longer runs as a separate service module, which reduces overhead and increases efficiency.
Figure 1Logical Representation of the FTD Software
Note
This book is written based on Firepower Version 6.1 running on FTD. Although this book uses the ASA 5500-X Series hardware, managed using the Firepower Management Center (FMC), you can still apply this knowledge on other platforms running Firepower technologies.
Firepower System Software Components
The Firepower System offers lot of security features. Unlike with traditional Cisco ASA firewall software, the security features of the Firepower System are delivered as multiple software components:
- Firepower core software: The core part of the software includes the Snort engine for intrusion detection and prevention, a web server for the graphical user interface (GUI), a database to store events, firmware for the hardware, and so on. The core software image for the Firepower System depends on the hardware platform you are using.
- Software patches and hotfixes: Cisco releases software patches periodically to address any security vulnerabilities and to fix any defects with the Firepower System. When an issue demands resolution earlier than a scheduled maintenance update, Cisco may release a hotfix for it, on case-by-case basis.
- Snort/Sourcefire rules: The Snort engine uses a special ruleset to detect and prevent intrusion attempts. Each rule considers certain conditions. When a packet goes through a sensor and matches a condition in a Snort rule, the Snort engine takes the appropriate action.
- Vulnerability database (VDB): A VDB stores vulnerability information and fingerprints of various applications, services, and operating systems (OSs). The Firepower System uses the fingerprints to discover the application, service, and OS running on a network host, and then it correlates the application and network discovery data with the vulnerability information on a VDB.
- Geolocation database (GeoDB): A GeoDB stores geographical information and associated IP addresses. For example, when the Firepower System displays an intrusion event in the GUI, you can view the name and flag of the country that originated that intrusion attempt. This information allows you to make decisions quickly, without performing reverse lookups for IP addresses.
Figure 2 illustrates the various software components installed on the Firepower System. All these software components are explained in my later blogs.
Figure 2Firepower System Software Components
- URL filtering database: The Firepower System can categorize websites based on their targeted audiences or business purposes. To give you more granular control, the system also enables you to control access to a certain type of website, based on its reputation or known risk level. All this information is stored in the URL filtering database. Unlike with Firepower software components, any updates for the URL filtering database are provided directly through the Cisco cloud, so your FMC must be connected to the Internet.
- Security Intelligence Feed: Talos, the Cisco threat intelligence team, is continuously researching the Internet to identify potential malicious IP addresses, domain names, and URLs. For Firepower System users, Talos shares intelligence data through the Security Intelligence Feed. The FMC can download the feed directly from the cloud.
- Local malware detection: With a malware license, FTD can detect viruses in your files. This allows you to block the spread of malware across your network. FTD uses the ClamAV engine to analyze files locally. The FMC obtains the signatures of the latest viruses through the local malware detection updates.
- Integration: You can integrate the Firepower System with various products and technologies, such as Cisco Identity Services Engine (ISE), Microsoft Windows Active Directory Server, Event Streamer (eStreamer), and Syslog Server. This empowers you with unlimited opportunities to monitor and secure your network. (This book focuses on core Firepower technologies, and features related to integration are beyond the scope of this book. Please read the official Firepower user guide to learn more about integration.)
Firepower System Hardware Platforms
FTD Version 6.1 is available on a wide variety of hardware platforms. The internal architecture of each platform is different. There are, of course, differences in form factor, throughput, and price. Later in this book, you will learn more about the architectures and operations of the Firepower System.
Table 1 summarizes the hardware platforms (available as of this writing) that support FTD software. All of the following platforms support Version 6.1, except Firepower 2100 Series (Version 6.2.1 or greater) and Microsoft Azure (Version 6.2 or greater).
Table 1Hardware Platforms That Support FTD Software
Hardware Category | Platform Name/Model Number |
| ASA5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X, 5512-X, 5515-X, 5525-X, 5545-X, 5555-X |
| Firepower 2110, 2120, 2130, 2140 |
| Firepower 4110, 4120, 4140, 4150 |
| Firepower 9300 |
| VMWare ESXi/vSphere, Kernel-Based Virtual Machine (KVM), Amazon Web Services (AWS) Microsoft Azure |
Figure 3 illustrates the placement of various ASA and Firepower platforms in different types of networking environments. The throughput of appliances varies significantly depending on the number of enabled features, such as firewall (FW) only, firewall along with Cisco Application Visibility and Control (AVC), next-generation intrusion prevention system (NGIPS), URL filtering, SSL decryption, and so on.
Figure 3Placement of ASA and Firepower Appliances in Various Networking Environments with Different Needs
Note
To find out what hardware models support FTD and the throughput of each hardware model, please check the Cisco Firepower NGFW data sheet at cisco.com or contact your account representative.
Firepower Accessories
When you open a brand-new Firepower appliance box, you will find various accessories along with the actual appliance. The accessories are necessary to configure the initial setup and obtain a license. Figure 4 shows an example of the accessories that come with a Cisco ASA 5506-X appliance:
- The ASA 5506-X appliance (see #1 in Figure 4)
- A DB-9 to RJ-45 console cable (see #2)
- Envelope with the product activation key (PAK) (see #3)
- Power adapter (see #4)
- Power cord to connect with the power adapter (see #5)
Figure 4Cisco ASA 5506-X Appliance Accessories Example
Note
The accessories in a box are subject to change, depending on various factors. In your box, you may receive more or fewer items than are shown in this example.
Tip
Read the Installation Guide for your appliance model (available at cisco.com) to learn how to install it into a rack and power it up.
Let's discuss now how to add security FTD features to your Cisco ASA equipment?
Вас заинтересует / Intresting for you:
Cisco Firepower Series PLR License
Cisco Firepower Series PLR license or Permanent License Reservation is a smart licensing solution for enterprises prefer that their networks to be isolated and any inbound or outbound connections be restricted. While Cisco smart licensing requires constant or periodic connection to the Cisco smart software manger in order to register all instances and activate all premium features permanently.
Cisco ASA 5500-X PLR License
By applying these licenses on the ASA 5500-X series can enable the following throughput capacity and all FTD premium (If the image was upgraded to Firepower Threat Defense Software):
Model | NGFW |
ASA 5506-X | Up to 300 Mbps |
| ASA 5508-X | Up to 500 Mbps |
| ASA 5512-X | Up to 1.2 Gbps |
ASA 5515-X | Up to 1.2 Gbps |
ASA 5516-X | Up to 900 Mbps |
| ASA 5525-X | Up to 4 Gbps |
| ASA 5545-X | Up to 1 Gbps |
Please be noted that Firepower software modules on these devices DO NOT support smart licensing. Therefore, they need classic PAK licenses to be activated.
Cisco FPR 1000 PLR License
By applying these licenses on the FPR 1000 series customers can enable the following throughput capacity and all FTD premium:
Model | NGFW | Next-Generation Intrusion Prevention System (NGIPS) |
| FPR-1010 | 650 Mbps | 650 Mbps |
| FPR-1120 | 1.5 Gbps | 1.5 Gbps |
FPR-1140 | 2.2 Gbps | 2.2 Gbps |
Cisco FPR 2000 PLR License
By applying these licenses on the FPR 2000 series customers can enable the following throughput capacity and all FTD premium:
| Model | Firewall (ASA) | NGFW (FTD) | NGIPS |
| FPR-2110 | 3G | 2.3G | 2.3G |
FPR-2120 | 6G | 3G | 3G |
FPR-2130 | 10G | 5G | 5G |
| FPR-2140 | 20G | 9G | 9G |
Cisco FPR 4100 PLR License
By applying these licenses on the FPR 4100 series customers can enable the following throughput capacity and all FTD premium:
Model | Firewall (ASA) | NGFW (FTD) | NGIPS |
FPR-4110 | 35G | 11G | 15G |
FPR-4115 | 80G | 26G | 27G |
FPR-4120 | 60G | 19G | 27G |
FPR-4125 | 80G | 35G | 41G |
| FPR-4140 | 70G | 27G | 38G |
| FPR-4145 | 80G | 45G | 55G |
| FPR-4150 | 75G | 39G | 52G |
By activating Cisco FPR 4100 full capabilities, customers also can benefit from multi-instance features on these devices.
Cisco FPR 9300 PLR License
By applying these licenses on the FPR 9300 series customers can enable the following throughput and all FTD premium:
Model | Firewall (ASA) | NGFW (FTD) | NGIPS |
SM-24 | 75G | 21G | 30G |
SM-36 | 80G | 29G | 37G |
SM-40 | 80G | 48G | 57G |
SM-44 | 80G | 43G | 57G |
| SM-44 x 3 | 234G | 132G | 148G |
| SM-48 | 80G | 55G | 65G |
SM-56 | 80G | 64G | 73G |
| SM-56 x 3 | 235G | 153G | 175G |
By activating Cisco FPR 9300 full capabilities using a Cisco permanent license reservation, customers also can benefit from multi-instance features on these devices.
Cisco FTD PLR License
Using a Cisco Firepower PLR license on the Cisco Secure firewall products will activate all Cisco FTD features permanently.
Threat Intrusion detection and prevention / File control / Security Intelligence filteringMalware AMP for Networks (network-based Advanced Malware Protection) / Cisco Threat Grid / File storageURL Filtering Category and reputation-based URL filteringExport-Controlled FeaturesFeatures that are subject to national security, foreign policy, and anti-terrorism laws and regulationsRemote Access VPN:
- AnyConnect Apex
- AnyConnect Plus
- AnyConnect VPN Only
License You Assign in Firepower System | Granted Capabilities |
PLR License | User and application control / Switching and routing / NAT Intrusion detection and prevention / File control / Security Intelligence filtering AMP for Networks (network-based Advanced Malware Protection) / Cisco Threat Grid / File storage Category and reputation-based URL filtering Features that are subject to national security, foreign policy, and anti-terrorism laws and regulations AnyConnect Remote access VPN configuration |
The Cisco PLR license for its secure products enables features included in the following licenses, although the PLR licenses are permanent and need no renewal. Customers must apply the Cisco Secure firewall’s PLR licenses using either product’s on-box device manager (Cisco FDM) or Cisco FMC.
Activating PLR License On Cisco FDM - Cisco License
L-ASA5555T-TMC-5Y
Cisco ASA5555 Threat Defense Threat, Malware and URL 5Y Subs $61,455.00
L-ASA5545T-TMC-5Y
Cisco ASA5545 Threat Defense Threat, Malware and URL 5Y Subs $45,030.00
L-ASA5525T-TMC-5Y
Cisco ASA5525 Threat Defense Threat, Malware and URL 5Y Subs $24,675.00
L-ASA5515T-TMC-5Y
Cisco ASA5515 Threat Defense Threat, Malware and URL 5Y Subs $13,125.00
L-ASA5512T-TMC-5Y
Cisco ASA5512 Threat Defense Threat, Malware and URL 5Y Subs $10,780.00
L-ASA5516T-TMC-5Y
Cisco ASA5516 Threat Defense Threat, Malware and URL 5Y Subs $14,400.00
L-ASA5508T-TMC-5Y
Cisco ASA5508 Threat Defense Threat, Malware and URL 5Y Subs $8,640.00
L-ASA5506HT-TMC-5Y
Cisco ASA5506H Threat Defense Threat, Malware, URL 5Y Subs $8,085.00
L-ASA5506WT-TMC-5Y
Cisco Firepower Threat Defense Configuration Guide For ...
Cisco ASA5506W Threat Defense Threat, Malware, URL 5Y Subs $2,680.00
L-ASA5506T-TMC-5Y
Cisco ASA5506 Threat Defense Threat, Malware and URL 5Y Subs $2,680.00
————————————————————————————————————————————–
L-FPR1010T-TMC-5Y
Cisco FPR1010 Threat Defense Threat, Malware and URL 5Y Subs $2,870.00
L-FPR1120T-TMC-5Y
Cisco FPR1120 Threat Defense Threat, Malware and URL 5Y Subs $10,790.00
L-FPR1140T-TMC-5Y
Cisco FPR1140 Threat Defense Threat, Malware and URL 5Y Subs $17,990.00
L-FPR1150T-TMC-5Y
Cisco FPR1150 Threat Defense Threat, Malware and URL 5Y Subs $35,990.00
L-FPR2110T-TMC-5Y
Cisco FPR2110 Threat Defense Threat, Malware and URL 5Y Subs $22,430.00
L-FPR2120T-TMC-5Y
Cisco FPR2120 Threat Defense Threat, Malware and URL 5Y Subs $40,790.00
L-FPR2130T-TMC-5Y
Cisco Firepower Series PLR License - Cisco License
Cisco FPR2130 Threat Defense Threat, Malware and URL 5Y Subs $61,190.00
L-FPR2140T-TMC-5Y
Cisco FPR2140 Threat Defense Threat, Malware and URL 5Y Subs $132,590.00
L-FPR4110T-TMC-5Y
Cisco FPR4110 Threat Defense Threat, Malware and URL 5Y Subs $198,890.00
L-FPR4112T-TMC-5Y
Cisco FPR4112 Threat Defense Threat, Malware and URL 5Y Subs $198,890.00
Cisco Ftd Anyconnect License
L-FPR4115T-TMC-5Y
Cisco FPR4115 Threat Defense Threat, Malware and URL 5Y Subs $265,189.00
L-FPR4120T-TMC-5Y
Cisco FPR4120 Threat Defense Threat, Malware and URL 5Y Subs $331,490.00
L-FPR4125T-TMC-5Y
Cisco FPR4125 Threat Defense Threat, Malware and URL 5Y Subs $419,889.00
L-FPR4140T-TMC-5Y
Cisco FPR4140 Threat Defense Threat, Malware and URL 5Y Subs $442,670.00
L-FPR4145T-TMC-5Y
Cisco FPR4145 Threat Defense Threat, Malware and URL 5Y Subs $552,489.00
L-FPR4150T-TMC-5Y
Cisco FPR4150 Threat Defense Threat, Malware and URL 5Y Subs $526,990.00
L-FPR9K-24T-TMC-5Y
Cisco FPR9K SM-24 Threat Defense Threat, Malware, URL 5Y Sub $307,065.98
L-FPR9K-36T-TMC-5Y
Cisco FPR9K SM-36 Threat Defense Threat, Malware, URL 5Y Sub $458,995.00
L-FPR9K-44T-TMC-5Y
Cisco FPR9K SM-44 Threat Defense Threat, Malware, URL 5Y Sub $535,495.00
L-FPRTD-V-TMC-5Y
Cisco Firepower TD Virtual Threat, Malware, URL 5Y Sub $16,360.00
L-FPR9K-40T-TMC-5Y
Firepower Management Center Configuration Guides
Cisco FPR9K SM-40 Threat Defense Threat, Malware, URL 5Y Sub $509,987.00
How To Apply Cisco Smart License For FTD Through FMC - YouTube
L-FPR9K-48T-TMC-5Y
Cisco Ftd Licensing
Cisco FPR9K SM-48 Threat Defense Threat, Malware, URL 5Y Sub $764,987.00
L-FPR9K-56T-TMC-5Y
Cisco FPR9K SM-56 Threat Defense Threat, Malware, URL 5Y Sub $892,487.00