Introduction
This document describes how to apply Permanent Licenses in Air-Gapped Networks on Firepower Device Manager (FDM).
Prerequisites
Requirements
It is recommended to have knowledge of this topic:
- Cisco Secure Firewall Threat Defense initial configuration
Components Used
The information in this document is based on the software version:
- Firepower Threat Defense version 7.4.1.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Configure
Enable PLR mode
Step 1. Enable PLR Mode in your device.
Click Device and navigate to Smart License.
Step 2. Click the gear and select Switch to Universal PLR.
Note: If your device is using smart licensing, you must unregister the device.
Caution: Once you switch to PLR mode, you cannot switch back to evaluation mode.
In the preview window, select the Performance Tier and click Yes.
Step 3. Save the Request Code.
Step 4. Log in to your CSSM account and navigate to > Licenses and click License Reservation.
Click Proceed.
Paste your Request Code and click Next.
Select your license and click Next.
Click Generate Authorization Code.
To save the Authorization Code, click Download as File or Copy to Clipboard.
Click Close to finish the process.
Step 5. Go back to FDM and paste the Authorization Code and click Register.
Note: Refresh the page to see the current status of the license.
Cancel PLR registration
I Have a License in CSSM
Use this option, when you complete the License Registration wizard in CSSM and you have an authorization code. For example, you started the process in the wrong FDM, so you must release your license in your CSSM account.
Step 1. Click Device and navigate to Smart License.
Step 2. Click the gear and select Cancel PLR.
Step 3. Select I have a license in CSSM.
Step 4. Paste your Authorization Code and click Generate Release Code.
Save your Release License Code.
Step 5. Log in to your CSSM account and navigate to > Product Instances.
Step 6. Search your device by name.
Note: The Name is the device serial number.
Step 7. Click
Paste your Release License Code and click Remove Reservation.
Step 8. Go back to your device and click Ok.
Note: Refresh the page to see the current status of the license.
I do not Have a License in CSSM
Use this option when you do not complete the License Registration wizard in CSSM. For example, you started the PLR process in your FDM, but you do not have the correct licenses in your CSSM.
Step 1. Click Device and navigate to Smart License.
Step 2. Click the gear and select Cancel PLR.
Step 3. Select I do not have a license in CSSM.
Click Ok to complete.
Unregister the Device in PLR Mode
Step 1. Click Device and navigate to Smart License.
Step 2. Click the gear and select Unregister Universal PLR.
Step 3. Click Yes to continue the process.
Step 4. Save the Release License Code.
Step 5. Log in to your CSSM account and navigate to > Product Instances.
Step 6. Search your device by name.
Note: The Name is the device serial number.
Step 7. Click
Paste your Release License Code and click Remove Reservation.
Step 8. Go back to your device and click Unregister.
Verify
Navigate to Device > Smart License and you can see that the license is Universal PLR.
Troubleshoot
1. Look for errors in /ngfw/var/log/cisco/smart_agent.log.
For example, in these logs, you can see that the registration process was successful.
> expert
admin@firepower:~$ sudo su
Password:
root@firepower:/home/admin# cd /ngfw/var/log/cisco/
root@firepower:/ngfw/var/log/cisco# tail smart_agent.log
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO LicenseSoftwareIds:82 - Selected software ID: regid.2019-11.com.cisco.VIRTSEC,1.0_9aa10401-8a9a-4bfb-8e41-bea8ea257aad
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO DefaultSmartAgentFactoryProvider:398 - New platform tag is regid.2019-11.com.cisco.VIRTSEC,1.0_9aa10401-8a9a-4bfb-8e41-bea8ea257aad
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO PLRUnhandledNotificationHandler:31 - Handling listener class com.cisco.ngfw.onbox.backend.services.SmartAgentStatusServiceDelegate for Notification: NotifyReservationInstalled
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO PLRUnhandledNotificationHandler:31 - Handling listener class com.cisco.ngfw.onbox.backend.platform.SmartAgentConfFileSync for Notification: NotifyReservationInstalled
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO SmartAgentConfFileSync:178 - RegistrationStatus : REGISTERED AuthorizationStatus : AUTHORIZED
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO SmartAgentConfFileSync:192 - updated the smart Agent File with the status
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO PLRUnhandledNotificationHandler:31 - Handling listener class com.cisco.ngfw.onbox.backend.services.LicenseServiceDelegate for Notification: NotifyReservationInstalled
2024-02-09 03:21:21 ajp-nio-8009-exec-8: INFO DefaultSmartAgentManager:159 - Received notification from Nesla: 'NotifyExportControlled'.
2. Take a pigtail to request TAC assistance and attach it to the case notes. You can request support assistance in Cisco Technical Support & Downloads.
> expert
admin@firepower:~$ sudo su
root@firepower:/home/admin# pigtail all -outfile LogsRegistration.txt
3. The license status is also reported in the /etc/sf/smart_agent.conf file. If the device is in Universal Permanent Licensing Reservation mode, the smart_agent.conf shows as REGISTERED and AUTHORIZED.
> expert
admin@firepower:~$ sudo su
root@firepower:/home/admin# tail /etc/sf/smart_agent.conf
#Fri Feb 09 03:21:21 UTC 2024
virtual_acct=
registration=REGISTERED,null
authorization=AUTHORIZED,1707448881842
Common Issues
Not enough licenses.
In the License Reservation process, you got this error:
Recommended Action.
Verify that you have enough licenses in your CSSM account. If you have enough licenses, request TAC assistance.
You cannot see the License Reservation button.
Recommended Action
You must contact your Cisco representative to enable PLR mode in your account.
Related Information