03-11-2022 12:26 PM
We recently updated our Cisco Firepower FMC and ASA sensor to version 7.X and realized the the User Agent software is no longer supported. I've been researching this and it seems that the new alternative is to use the ISE product. We have active support for the FMC and the ASA's. Is licensing for ISE included with the firepower licensing? We really only use for correlation between user logins and any detected events but it would be nice to have that functionality.
03-11-2022 01:34 PM
Hi mjohnston@ncta.com ,
It's correct, the user agent is reaching its end of support period. FMC version 6.6 is the last version with which you can enable the user agent.
To get the Active Directory passive authentication, you'll need to install the ISE-PIC.
After install this VM, you can use the evaluation license for 90 days, and then you'll need to buy the licenses as below:
R-ISE-PIC-VM-K9= (just for 3k parallel sessions);
L-ISE-PIC-UPG= (300k parallel sessions);
Note that I'm assuming you haven't an active ISE on your network.
Hope this helps!
Regards,
03-11-2022 10:07 PM
if your fmc is under smartnet you can have ise-pic license for free, there is a specific code to order which I can't remember, but I'm sure that with a quick search you'll find it
03-12-2022 06:13 PM
03-14-2022 03:05 AM
The free ISE-PIC offer is only for customers who have purchased hardware FMC or FMCv 300. The SKU for that is L-FMC-ISE-PIC.
Otherwise it must be purchased using the SKUs @tjezer mentioned.
03-14-2022 09:01 AM
You can refer to this doc:
Customers with a physical or virtual (FMCv25, FMCv300) Firepower Management Center appliance as mentioned in Table 1 with active support contracts will be eligible to receive Cisco ISE-PIC at no additional cost.
Regards,
Chakshu
Hope that helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide