Activate Smart Licensing and Troubleshoot on ESA/SMA/WSA

Introduction

This document describes the activation process, definitions, and troubleshooting steps for the Smart Licensing Service on Cisco ESA, SMA, and WSA appliances.

Components Used

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

The information in this document is based on these software and hardware versions:

• Email Security Appliance (ESA) AsyncOS Version 12.0 and newer
• Security Management Appliance (SMA) AsyncOS Version 12.0 and newer
• Web Security Appliance (WSA) AsyncOS Version 11.7 and newer

Caution: Activation of the Smart License Feature on ESA, SMA, or WSA is permanent. Reverting an appliance to Classic License Mode is not permitted.

Background Information

Smart Licensing enables centralized license management for Cisco ESA, SMA, and WSA appliances. Key benefits include:

• Centralized management of all product licenses

• Unified licensing process for both physical and virtual appliances

• Easy application of licenses to ESA/SMA/WSA

• License expiration alerts

• Hardware model ESA/SMA/WSA devices provide a 90-day Evaluation Period for all services out of the box

Prerequisites

Smart Licensing Requirements

• Registration of the ESA/SMA/WSA appliance with Smart Licensing requires a Smart Account

• Smart Accounts are issued one per domain

• Administrators can create Virtual Accounts to segregate resources and restrict access to different Cisco Product Licenses

• Cisco Smart Software Manager (CSSM) is used to manage licenses and download registration token

Note: For network communication, TCP traffic via port 443 must be allowed Outbound to smartreceiver.cisco.com.

Smart Licensing Resources

For more information on Smart Licensing, Cisco provides the following resources:

• Create New Smart Account or Request to add a user to an existing account
• Smart Software Licensing Overview Cisco WebPage
• Smart Licensing Deployment Guide

• Cisco Smart Accounts Cisco Page

• Smart Software Manager Cisco Page

• Cisco Smart Software Manager (CSSM)

Out of the Box

• All hardware model ESA, SMA, and WSA appliances purchased include 90-day Evaluation Licenses for all features.

• Hardware models migrating with existing Classic Licenses (CL) are provided with 90-day Evaluation Licenses.

• All Virtual ESA, SMA, and WSA models require loading a basic Virtual License (VLN) (.xml) file to the appliance to connect to the upgrade or update server.

• When created, Virtual ESA, SMA, and WSA models do not include 90-day Evaluation Licenses and require registration using the Classic License VLN (.xml) file.

• Virtual ESA, SMA, and WSA models migrating with existing Classic Licenses (CL) receive 90-day Evaluation Licenses.

Review CSSM Inventory Tabs

A basic rundown of the CSSM Inventory tabs:

General Tab Overview

• The General Tab provides the area to generate a registration token. This token is time-based and can be used to register multiple ESA, SMA, or WSA appliances.

• Confirm the correct Virtual Account is selected, as a user can have multiple Virtual Accounts.

• Selecting New Token opens a template to complete. This process results in a new Token entry in the table.

• Actions in the General Tab can be performed multiple times and include options to Copy, Download, and Revoke the token.

Licenses Tab Overview

• Use the Licenses Tab to review and confirm the presence and availability of licenses.

• The License column displays the names of the purchased services or bundles.

• The Purchased column shows the presence of usable license keys.

• The Alerts column provides important messages related to each specific license.

Product Instances Tab Overview

• The Product Instances Tab displays individual appliance names, models, the date of last communication, and any associated alerts.

Generate a Token from CSSM

1. Launch the Cisco Smart Software Manager (CSSM) webpage.

2. At the top of the page, select Inventory.

3. Once the Inventory page loads, choose the correct Virtual Account from the top right. Ensure the Virtual Account selected matches the ESA, SMA, or WSA licenses you need to manage.

4. The Inventory page includes tabs for General, Licenses, Product Instances, and Event Log.

5. To generate a token, go to General > Product Instance Registration Tokens > select New Token.

6. Enter a Description, set an Expire After date, and click Create Token.

7. Return to the General tab. Use the Actions drop-down menu to copy or download the token as needed.

Enable Smart License Feature on ESA, SMA, or WSA

Web UI Activation

• Go to System Administration > Smart Software Licensing in the appliance web interface.

• Select Enable Smart Software Licensing.

• The interface presents two options for requesting feature keys:

  • Option 1: Use a token to register and request the required features.

  • Option 2: Register without a token and activate a 90-day Evaluation Period.

• Select OK.

• Commit the changes.

CLI Activation

• Run the command: license_smart > Enable > Y

• The CLI displays the same two options as the web interface:

  • Option 1: Use a token to register and request needed features.

  • Option 2: Register without a token for a 90-day Evaluation Period.

• Select OK.

• Commit the changes.

Register ESA, SMA, or WSA to a Smart Account Using a Token

• Go to System Administration > Smart Software Licensing in the web interface.

• Select the Register button to open the registration pop-up page.

• Paste the copied token into the provided field under step 4.

• Select Register to complete the registration process. The pop-up window closes when finished.

• After 30 seconds, refresh the Smart Software Licensing page to view the updated status.

• When registration is successful, the Registration Status field displays Registered and shows the registration expiration dates.

Actions from the Smart Licensing Actions Drop-Down Menu

Renew Authorization

• Manually renew the License Authorization Status for all licenses listed under License Type.

Note: License authorization automatically renews every 30 days. If the ESA, SMA, or WSA does not communicate with CSSM, the authorization status expires after 90 days.

Renew Registration

• Manually renew the appliance registration.

Note: Initial registration is valid for one year. Registration renews automatically every six months if the appliance maintains connectivity to CSSM.

De-register

• Disconnect the ESA, SMA, or WSA from CSSM.

• The system moves to Evaluation Mode.

• Licenses previously consumed by the appliance are released and credited back to the smart account for re-use.

Re-register

• Re-register the ESA, SMA, or WSA with CSSM.

Note: Use Re-register to migrate the appliance between different Virtual Accounts within an organization.

Understand Definitions Related to Smart License

License Types

• Classic License (CL): CL refers to legacy licensing methods used for both hardware and virtual appliances.

• Smart License (SL): SL refers to Smart Licensing.

License Authorization Status

• License Authorization Status indicates the current state of a license within the appliance.

• The ESA, SMA, or WSA does not display the actual expiration date on the Smart Licenses page.

  • To view status:

    • Web UI: System Administration > Licenses

    • CLI: license_smart > summary

Feature Status Values

• Eval: Smart Licensing Service is enabled on a new hardware ESA, SMA, or WSA without token registration, or enabled on an appliance with a current Classic License installed.

• Eval Expired: The 90-day Evaluation Smart License has expired, and the appliance has entered a 30-day grace period.

• In Compliance: The appliance is registered using a token and the feature consumes a valid license.

• Out of Compliance (Grace Period): This status appears if a temporary 30-day feature license is requested or if a license expires and the appliance enters the 30-day grace period.

• Out of Compliance (Expired): The license has fully expired and the associated service is no longer functional.

Note: The Web UI Smart Licensing pages contain informational buttons in the form of a question mark (?) to help define values.

View License Expiration Dates

To see the actual license expiration date, use the CSSM Smart Software Management Site.

• Navigate to Inventory > Virtual Account > Licenses.

• Select a license name to open a pop-up window.

  • The Overview tab displays the current license count along with purchase and expiration dates.

  • The Transaction History tab lists each purchase and expiration by transaction.

How to View License Expiration

How do I see the actual expiration date?

The License Expiration Dates can be viewed within the CSSM Smart Software Management Site.

• Navigate to: Inventory > Virtual Account > Licenses >. Click a license name to open the pop-up window.
• The Overview tab shows the current license count, purchase and expiration dates.
• The Transaction History tab shows each purchase/expiration per transaction.

Review Smart Licensing Log Activities on ESA, SMA, or WSA

ESA, SMA, and WSA appliances record Smart Licensing activities in the smartlicense logs. These logs are accessible through the CLI.

Here is a sample output from the smartlicense logs that captures a registration action:

Mon Jan 28 08:40:57 2025 Info: The administrator has requested to register the product with Smart Software Manager.
Mon Jan 28 08:41:07 2025 Info: Smart License: NotifyExportControlled notification has been ignored
Mon Jan 28 08:41:12 2025 Info: The product is registered successfully with Smart Software Manager.
Mon Jan 28 08:41:17 2025 Info: Smart License: Moved out of evaluation mode
Mon Jan 28 08:41:17 2025 Info: Renew authorization of the product with Smart Software Manager is successful.
Mon Jan 28 08:42:18 2025 Info: Email Security Appliance Anti-Spam License license has been moved to In Compliance successfully.
Mon Jan 28 08:42:23 2025 Info: Email Security Appliance Outbreak Filters license has been moved to In Compliance successfully.
Mon Jan 28 08:42:28 2025 Warning: Email Security Appliance Graymail Safe-unsubscribe license has been moved to Out of Complaince successfully.
Mon Jan 28 08:42:33 2025 Warning: Email Security Appliance Cloudmark Anti-Spam license has been moved to Out of Complaince successfully. Mon Jan 28 08:42:44 2025 Warning: The Mail Handling is in Out of Compliance (OOC) state. You have 4 days remaining in your grace period.
Mon Jan 28 08:42:48 2025 Info: Email Security Appliance Sophos Anti-Malware license has been moved to In Compliance successfully.
Mon Jan 28 08:42:53 2025 Warning: Email Security Appliance PXE Encryption license has been moved to Out of Complaince successfully.
Mon Jan 28 08:42:59 2025 Warning: Email Security Appliance Data Loss Prevention license has been moved to Out of Complaince successfully.
Mon Jan 28 08:43:04 2025 Warning: Email Security Appliance Advanced Malware Protection license has been moved to Out of Complaince successfully.
Mon Jan 28 08:43:09 2025 Warning: Email Security Appliance McAfee Anti-Malware license has been moved to Out of Complaince successfully.
Mon Jan 28 08:43:14 2025 Warning: Email Security Appliance Intelligent Multi-Scan license has been moved to Out of Complaince successfully.
Mon Jan 28 08:43:15 2025 Warning: The Email Security Appliance Intelligent Multi-Scan is in Out of Compliance (OOC) state. You have 4 days remaining in your grace period.
Mon Jan 28 08:43:19 2025 Info: Email Security Appliance External Threat Feeds license has been moved to In Compliance successfully.
Mon Jan 28 08:43:24 2025 Info: Email Security Appliance Bounce Verification license has been moved to In Compliance successfully.
Mon Jan 28 08:43:29 2025 Info: Email Security Appliance Image Analyzer license has been moved to In Compliance successfully.
Mon Jan 28 10:18:56 2025 Info: Renew authorization of the product with Smart Software Manager is successful.

Related Information

• ESA User Guides
• ESA Release Notes
• ESA CLI Reference Guides