Advertisement
Cisco ASA and Firepower Threat Defense Reimage Guide
Validating activation key. This may take a few minutes...
Failed to retrieve permanent activation key.
Both Running and Flash permanent activation key was updated with the requested key.
Because this ASA did not yet have an activation key installed, you see the "Failed to retrieve permanent
activation key." message. You can ignore this message.
You can only install one permanent key, and multiple time-based keys. If you enter a new permanent key, it
overwrites the already installed one. If you ordered additional licenses after you installed the 3DES/AES
license, the combined activation key includes all licenses plus the 3DES/AES license, so you can overwrite
the 3DES/AES-only key.
Step 14
The ASA FirePOWER module uses a separate licensing mechanism from the ASA. No licenses are pre-installed,
but depending on your order, the box might include a PAK on a printout that lets you obtain a license activation
key for the following licenses:
• Control and Protection. Control is also known as "Application Visibility and Control (AVC)" or "Apps".
If you did not buy an ASA 5500-X that included the ASA FirePOWER services, then you can purchase an
upgrade bundle to obtain the necessary licenses. See the Cisco ASA with FirePOWER Services Ordering
Guide for more information.
Other licenses that you can purchase include the following:
• Advanced Malware Protection (AMP)
• URL Filtering
These licenses do generate a PAK/license activation key for the ASA FirePOWER module. See the
ASA with FirePOWER Services Ordering Guide
System Feature
To install the Control and Protection licenses and other optional licenses, see the ASA quick start guide for
your model.
Reimage the Firepower Threat Defense Device
This procedure describes how to use ROMMON to reimage an existing FTD to a new version of FTD software.
This procedure restores the device to a factory default condition. If you want to perform a regular upgrade,
see the upgrade guide instead.
In ROMMON, you must use TFTP on the Management interface to download the new FTD boot image; only
TFTP is supported. The boot image can then download the FTD system software install package using HTTP
or FTP. The TFTP download can take a long time; ensure that you have a stable connection between the FTD
and the TFTP server to avoid packet loss.
Protection is also known as "IPS". In addition to the activation key for these licenses, you also need
"right-to-use" subscriptions for automated updates for these features.
The Control (AVC) updates are included with a Cisco support contract.
The Protection (IPS) updates require you to purchase the IPS subscription from
http://www.cisco.com/go/ccw. This subscription includes entitlement to Rule, Engine, Vulnerability,
and Geolocation updates. Note: This right-to-use subscription does not generate or require a PAK/license
activation key for the ASA FirePOWER module; it just provides the right to use the updates.
Licenses.
Reimage the Firepower Threat Defense Device
for ordering information. See also the
Cisco ASA and Firepower Threat Defense Reimage Guide
Cisco
Cisco Firepower
23
Advertisement
