Today I’ll go over Cisco Smart Licensing process for FirePOWER Defense Center (DC). As of right now, it is optional for FirePOWER sensors but for Firepower Threat Defense (FTD) it is mandatory.
Cisco FirePOWER: 6.0
Before Smart License can be assigned to the sensor, it needs to be authorized on DC under System > Licenses > Smart Licenses. Smart License enablement is a multi-step process and you are immediately prompted for Registration Token. However, if you don’t have it then there is one click “Evaluation mode” that lasts 90 days.
There is no rollback option for Smart Licenses so after 90 days permanent registration will be required.
In Evaluation Mode, you can start assigning licenses to the device right away. All capabilities (Control, Malware and URL Filtering) are available during evaluation.
Once you select “Cisco Smart Software manager” link you will be taken to Smart Account page. If you do not have Smart Account you will need to create one and authorize DC yourself.
If someone in your company already created an account, and you try to create on, you will get Duplicate Account warning.
If account was already created then you most likely do not have privileges to access Smart Software Licenses portal and you’ll get another warning. At this time you’ll need to contact the person responsible for Smart account or you can contact Cisco support if you do not know who it is.
Once your access is granted you most likely be assigned a virtual account. Select you account under Inventory > Virtual Account drop down and proceed with generating a new security token for DC.
Download new token under Actions > Copy/Download and apply it to DC on Smart Licenses page.
Now you can start assigning Smart licenses to sensors and manage them. If you already assigned evaluation licenses to sensors then on Smart License Portal under Licenses tab you will see a shortage. It needs to be resolved by converting classic licenses to smart which is discussed next.
It is time to start converting PAKs and licenses associated with DC license key (MAC address) to Smart Licenses.
To convert PAK(s) follow these steps:
- Go to https://software.cisco.com/
- Select License Tab > Traditional Licensing and you will now be redirected to Product License Registration Portal.
- To initiate Smart Entitlement conversion from PAK, you can select the check box and choose the action from the Actions Drop-down menu or left click on the pack and select the Convert to Smart Entitlements.
- Select the Smart Account \Virtual account you wish the Entitlements to be assigned, then Ok.
- When the conversion is complete you will receive confirmation prompt saying PAKs have been successfully converted. You will also receive an email confirming the successful Entitlement conversion.
To convert Defense Center license follow these steps:
- License Tab > Smart Software Licensing > License conversion > Convert Licenses…
- Choose Product Family > Firepower Product – Perpetual > Enter License Key (DC MAC address) > Click Search and Next.
- Choose virtual account you were assigned by administrator > Select Firepower SKU > Next.
- Review selection and choose Convert Licenses.
Once the licenses have been converted to Smart Software Licenses, they cannot be converted back to traditional licenses.
Once all the licenses converted sync it from DC with Smart License portal to clear any discrepancies.