KB ID 0001672
Problem
So we have unboxed and setup our Firepower 1010 device, simply logging into the ASDM fires off warnings that it’s only running DES and I need to register the unit go get any decent level of encryption, (seriously why is 3DES still an ‘add on’ licence, who is still doing 56bit encryption!)
So let’s get is registered and licenced.
Solution
The ‘Licence Envelope’ in the box is simply instructions on setting up a Cisco Smart Account. I already have one of those. If you don’t you will first need to setup a Cisco CCO logon account, (this is free, and you need to log into any of the Cisco Sites). Once you have that sorted you can go to https://software.cisco.com/ and request a Smart Licence (again this is free, it involves some email exchanges).
Now ‘What I do‘ is then create a ‘Virtual account‘ in that Smart account, what you use these for is up to you, but if you want to share the licensing e.g. with your colleagues or employer, then you can do so without giving them access to all your Cisco licences etc. Go back to Software central and select under Administration > Manage Smart Account (normally you just go to Smart Software Licensing).
Creating a Cisco Smart Account ‘Virtual Account’
Virtual Accounts > New Virtual Account > Give it a name and description > Set Access Level ‘Public’ > Next
Give it a name and description > Set Access Level ‘Public’ > Next.
Assign any users that you want to give access to, (you can revisit this later) > Next.
Review the settings > Create Virtual Account.
Register a Cisco FirePower 1010 With Cisco
OK, Cisco Say you need the licences to exist in your Smart account before you licence the hardware, they also say that;
Standard license—L-FPR1000-ASA=. The Standard license is free, but you still need to add it to your Smart Software Licensing account.
Security Plus license—L-FPR1010-SEC-PL=. The Security Plus license enables failover.
Strong Encryption (3DES/AES) license—L-FPR1K-ENC-K9=. This license is free. Although this license is not generally required (for example, ASA’s that use older Satellite Server versions (pre-2.3.0) require this license), you should still add it to your account for tracking purposes.
So I opened a call with Cisco, and was told;
Hey Pete,
L-FPR1000-ASA= license usually comes with the device and it’s free, however it has to be under a sales order in order for us to provision it into the account.As for L-FPR1K-ENC-K9 license it is not free and if you need that licenses please provide a Order under which the license is purchased.
Now getting that sales order number was a chore! I had to get it from the Disti that my company purchased the hardware from, after many emails I finally sent them the order only to be told;
Hey Pete,
Please be informed that this is a disti stocking SO. A disti stocking SO contains products and licenses that may be owned by multiple end customers.Hence, we do not get a link to assign disti stocking SOs to an end customer smart account in CCW. Also, the licenses associated with a disti stocking SO will get provisioned once the end customer registers the device on his/her respective smart account. So please ask the customer to register the devices owned by them on their smart account and the licenses will be automatically provisioned to the smart account. If, after the devices have been registered, the licenses do not get provisioned, then please revert and we will investigate the request.
So here’s what your Smart Licence Virtual Account SHOULD LOOK LIKE before you start;
How To Register a Firepower Appliance
Within your virtual account create a ‘New Token’ > Give it a description > New Token.
Copy it to the clipboard.
You need to have Smart Call-Home enabled On your FirePower 1010 First: Configuration > Device Management > Smart Call-Home > Turn it on and provide and email address > Check the Cisco TAC option > Apply.
Configuration > Device Management > Licensing > Smart Licensing > Enable Smart Licences. >Register > Paste your token in > Register.
Go and put the kettle on > After a few minutes, refresh and it should say registered.
Back in smart Licensing portal It should now look like this;
So either documentation is wrong, or I’ve been given incorrect information by Cisco. Either way I’m not looking forward to negotiating this ‘bag of spanners’ every-time I have to install or deploy one of these!
Next Step: Cisco Firepower 1010 Configuration
Related Articles, References, Credits, or External Links
NA