{"title":"Cisco Firewalls - License Options","description":"\u003cp\u003e\u003cspan style=\"color: rgb(0, 0, 0);\" class=\"citation-17\"\u003eCisco ASA uses perpetual keys for routing\/VPN. FTD (NGFW) requires digital Smart Licenses with 1-, 3-, or 5-year subs for Threat, Malware, and URL filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"citation-17\"\u003eCisco managed firewalls rely entirely on \u003c\/span\u003e\u003cb data-index-in-node=\"41\" data-path-to-node=\"0\"\u003e\u003cspan class=\"citation-17\"\u003eCisco Smart Licensing\u003c\/span\u003e\u003c\/b\u003e\u003cspan class=\"citation-17 citation-end-17\"\u003e managed digitally through a central Smart Account, eliminating old node-locked product keys.\u003csup data-turn-source-index=\"1\" class=\"superscript\"\u003e\u003c!----\u003e\u003c\/sup\u003e\u003c\/span\u003e \u003cspan class=\"citation-16\"\u003eWhile a classic \u003c\/span\u003e\u003cb data-index-in-node=\"172\" data-path-to-node=\"0\"\u003e\u003cspan class=\"citation-16\"\u003eASA\u003c\/span\u003e\u003c\/b\u003e\u003cspan class=\"citation-16\"\u003e image typically utilizes a permanent, perpetual Base license for basic stateful routing and VPN, running the next-generation \u003c\/span\u003e\u003cb data-index-in-node=\"301\" data-path-to-node=\"0\"\u003e\u003cspan class=\"citation-16\"\u003eFTD\u003c\/span\u003e\u003c\/b\u003e\u003cspan class=\"citation-16 citation-end-16\"\u003e (Firepower Threat Defense) software unlocks full NGFW capabilities by pairing that base layer with modular, term-based subscriptions.\u003csup data-turn-source-index=\"2\" class=\"superscript\"\u003e\u003c!----\u003e\u003c\/sup\u003e\u003c\/span\u003e These are purchased in 1-, 3-, or 5-year increments and can be bought à la carte or bundled together (the standard TMC bundle) to cover advanced security services like Threat Protection (IPS), Malware Defense (AMP), and URL Filtering.\u003c\/span\u003e\u003c\/p\u003e","products":[{"product_id":"cisco-firepower-1010-next-generation-firewall-license-options","title":"Cisco Firepower 1010 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003cp data-mce-fragment=\"1\" class=\"p\"\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefence Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44538618904819,"sku":"L-FPR1010T-T-1Y","price":134.83,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44538618937587,"sku":"L-FPR1010T-T-3Y","price":404.5,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44538618970355,"sku":"L-FPR1010T-T-5Y","price":782.01,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44538619003123,"sku":"L-FPR1010T-TC-1Y","price":269.65,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44538619035891,"sku":"L-FPR1010T-TC-3Y","price":808.95,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44538619068659,"sku":"L-FPR1010T-TC-5Y","price":1564.01,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44538619101427,"sku":"L-FPR1010T-TM-1Y","price":269.65,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44538619134195,"sku":"L-FPR1010T-TM-3Y","price":808.95,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44538619166963,"sku":"L-FPR1010T-TM-5Y","price":1564.01,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44538619199731,"sku":"L-FPR1010T-TMC-1Y","price":364.04,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44538619232499,"sku":"L-FPR1010T-TMC-3Y","price":1092.13,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44538619265267,"sku":"L-FPR1010T-TMC-5Y","price":2111.41,"currency_code":"GBP","in_stock":false},{"title":"Defense Orchestrator (P) \/ 1 Year","offer_id":44565360214259,"sku":"L-FPR1010-P-1Y","price":13.5,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 3 Years","offer_id":44565360247027,"sku":"L-FPR1010-P-3Y","price":32.41,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 5 Years","offer_id":44565360279795,"sku":"L-FPR1010-P-5Y","price":54.0,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-1010-next-generation-firewall-license-options-367568.png?v=1734953854"},{"product_id":"cisco-firepower-1120-next-generation-firewall-license-options","title":"Cisco Firepower 1120 Next Generation Firewall - License Options","description":"\u003cp class=\"title topictitle2\" id=\"ariaid-title2\" data-mce-fragment=\"1\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\" data-mce-fragment=\"1\"\u003e\n\u003cp class=\"p\" data-mce-fragment=\"1\"\u003eYour Firepower products (\u003cspan class=\"ph\" data-mce-fragment=\"1\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 id=\"ariaid-title15\" class=\"title topictitle4\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\" class=\"section\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\" class=\"ph i\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\" class=\"ph i\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\" class=\"ph i\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\" class=\"ph i\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 id=\"ariaid-title14\" class=\"title topictitle4\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\" class=\"section\"\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\" class=\"ph codeph\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\" class=\"xref\" style=\"color: rgb(64, 64, 64);\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 id=\"ariaid-title16\" class=\"title topictitle4\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\" class=\"section\"\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565243756787,"sku":"L-FPR1120T-T-1Y","price":530.85,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565243789555,"sku":"L-FPR1120T-T-3Y","price":1592.57,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44565243822323,"sku":"L-FPR1120T-T-5Y","price":3078.95,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565243855091,"sku":"L-FPR1120T-TC-1Y","price":1061.72,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565243887859,"sku":"L-FPR1120T-TC-3Y","price":3185.12,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565243920627,"sku":"L-FPR1120T-TC-5Y","price":6157.9,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565243953395,"sku":"L-FPR1120T-TM-1Y","price":1061.72,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565243986163,"sku":"L-FPR1120T-TM-3Y","price":3185.12,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565244018931,"sku":"L-FPR1120T-TM-5Y","price":6157.9,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565244051699,"sku":"L-FPR1120T-TMC-1Y","price":1433.32,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565244084467,"sku":"L-FPR1120T-TMC-3Y","price":4299.92,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565244117235,"sku":"L-FPR1120T-TMC-5Y","price":8313.18,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 1 Year","offer_id":44565370929395,"sku":"L-FPR1120-P-1Y","price":53.15,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 3 Years","offer_id":44565370962163,"sku":"L-FPR1120-P-3Y","price":127.58,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 5 Years","offer_id":44565370994931,"sku":"L-FPR1120-P-5Y","price":212.62,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-1120-next-generation-firewall-license-options-480695.png?v=1734953854"},{"product_id":"cisco-firepower-1140-next-generation-firewall-license-options","title":"Cisco Firepower 1140 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003cp data-mce-fragment=\"1\" class=\"p\"\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Pencil icon\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Magnifying glass\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565255454963,"sku":"L-FPR1140T-T-1Y","price":885.14,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565255487731,"sku":"L-FPR1140T-T-3Y","price":2655.45,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44565255520499,"sku":"L-FPR1140T-T-5Y","price":5133.86,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565255553267,"sku":"L-FPR1140T-TC-1Y","price":1770.31,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565255586035,"sku":"L-FPR1140T-TC-3Y","price":5310.9,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565255618803,"sku":"L-FPR1140T-TC-5Y","price":10267.73,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565255651571,"sku":"L-FPR1140T-TM-1Y","price":1770.31,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565255684339,"sku":"L-FPR1140T-TM-3Y","price":5310.9,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565255717107,"sku":"L-FPR1140T-TM-5Y","price":10267.73,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565255749875,"sku":"L-FPR1140T-TMC-1Y","price":2389.89,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565255782643,"sku":"L-FPR1140T-TMC-3Y","price":7169.7,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565255815411,"sku":"L-FPR1140T-TMC-5Y","price":13861.43,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 1 Year","offer_id":44565373976819,"sku":"L-FPR1140-P-1Y","price":88.63,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 3 Years","offer_id":44565374009587,"sku":"L-FPR1140-P-3Y","price":212.7,"currency_code":"GBP","in_stock":true},{"title":"Defense Orchestrator (P) \/ 5 Years","offer_id":44565374042355,"sku":"L-FPR1140-P-5Y","price":354.53,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-1140-next-generation-firewall-license-options-629625.png?v=1734953854"},{"product_id":"cisco-firepower-1150-next-generation-firewall-license-options","title":"Cisco Firepower 1150 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003cp data-mce-fragment=\"1\" class=\"p\"\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565263810803,"sku":"L-FPR1150T-T-1Y","price":1691.83,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565263843571,"sku":"L-FPR1150T-T-3Y","price":5075.5,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44565263876339,"sku":"L-FPR1150T-T-5Y","price":9812.62,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565263909107,"sku":"L-FPR1150T-TC-1Y","price":3383.65,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565263941875,"sku":"L-FPR1150T-TC-3Y","price":10150.98,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565263974643,"sku":"L-FPR1150T-TC-5Y","price":19625.24,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565264007411,"sku":"L-FPR1150T-TM-1Y","price":3383.65,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565264040179,"sku":"L-FPR1150T-TM-3Y","price":10150.98,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565264072947,"sku":"L-FPR1150T-TM-5Y","price":19625.24,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565264105715,"sku":"L-FPR1150T-TMC-1Y","price":4567.94,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565264138483,"sku":"L-FPR1150T-TMC-3Y","price":13703.83,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565264171251,"sku":"L-FPR1150T-TMC-5Y","price":26494.08,"currency_code":"GBP","in_stock":true},{"title":"Defence Orchestrator (P) \/ 1 Year","offer_id":44565376860403,"sku":"L-FPR1150-P-1Y","price":169.4,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 3 Years","offer_id":44565376893171,"sku":"L-FPR1150-P-3Y","price":406.57,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 5 Years","offer_id":44565376925939,"sku":"L-FPR1150-P-5Y","price":677.62,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-1150-next-generation-firewall-license-options-846680.png?v=1734953777"},{"product_id":"cisco-firepower-3110-next-generation-firewall-license-options","title":"Cisco Firepower 3110 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003cp data-mce-fragment=\"1\" class=\"p\"\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565548728563,"sku":"L-FPR3110T-T-1Y","price":5185.92,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565548761331,"sku":"L-FPR3110T-T-3Y","price":15557.78,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44565548794099,"sku":"L-FPR3110T-T-5Y","price":25929.62,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565548826867,"sku":"L-FPR3110T-TC-1Y","price":10371.84,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565548859635,"sku":"L-FPR3110T-TC-3Y","price":31115.54,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565548892403,"sku":"L-FPR3110T-TC-5Y","price":51859.24,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565548925171,"sku":"L-FPR3110T-TM-1Y","price":10371.84,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565548957939,"sku":"L-FPR3110T-TM-3Y","price":31115.54,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565548990707,"sku":"L-FPR3110T-TM-5Y","price":51859.24,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565549023475,"sku":"L-FPR3110T-TMC-1Y","price":14002.0,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565549056243,"sku":"L-FPR3110T-TMC-3Y","price":42005.97,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565549089011,"sku":"L-FPR3110T-TMC-5Y","price":70009.98,"currency_code":"GBP","in_stock":true},{"title":"Defence Orchestrator (P) \/ 1 Year","offer_id":44565549121779,"sku":"L-FPR3110-P-1Y","price":432.97,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 3 Years","offer_id":44565549154547,"sku":"L-FPR3110-P-3Y","price":1039.11,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 5 Years","offer_id":44565549187315,"sku":"L-FPR3110-P-5Y","price":1731.86,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-3110-next-generation-firewall-license-options-711532.png?v=1734954012"},{"product_id":"cisco-firepower-3120-next-generation-firewall-license-options","title":"Cisco Firepower 3120 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003cp data-mce-fragment=\"1\" class=\"p\"\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565560033523,"sku":"L-FPR3120T-T-1Y","price":7490.78,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565560066291,"sku":"L-FPR3120T-T-3Y","price":22472.34,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44565560099059,"sku":"L-FPR3120T-T-5Y","price":37453.9,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565560131827,"sku":"L-FPR3120T-TC-1Y","price":14981.56,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565560164595,"sku":"L-FPR3120T-TC-3Y","price":44944.68,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565560197363,"sku":"L-FPR3120T-TC-5Y","price":74907.8,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565560230131,"sku":"L-FPR3120T-TM-1Y","price":14981.56,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565560262899,"sku":"L-FPR3120T-TM-3Y","price":44944.68,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565560295667,"sku":"L-FPR3120T-TM-5Y","price":74907.8,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565560328435,"sku":"L-FPR3120T-TMC-1Y","price":20225.11,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565560361203,"sku":"L-FPR3120T-TMC-3Y","price":60675.31,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565560393971,"sku":"L-FPR3120T-TMC-5Y","price":101125.52,"currency_code":"GBP","in_stock":true},{"title":"Defence Orchestrator (P) \/ 1 Year","offer_id":44565560426739,"sku":"L-FPR3120-P-1Y","price":625.39,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 3 Years","offer_id":44565560459507,"sku":"L-FPR3120-P-3Y","price":1500.95,"currency_code":"GBP","in_stock":true},{"title":"Defence Orchestrator (P) \/ 5 Years","offer_id":44565560492275,"sku":"L-FPR3120-P-5Y","price":2501.57,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-3120-next-generation-firewall-license-options-528848.png?v=1734954012"},{"product_id":"cisco-firepower-3130-next-generation-firewall-license-options","title":"Cisco Firepower 3130 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003cp data-mce-fragment=\"1\" class=\"p\"\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565561508083,"sku":"L-FPR3130T-T-1Y","price":11524.29,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565561540851,"sku":"L-FPR3130T-T-3Y","price":34572.84,"currency_code":"GBP","in_stock":false},{"title":"Threat (T) \/ 5 Years","offer_id":44565561573619,"sku":"L-FPR3130T-T-5Y","price":57621.38,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565561606387,"sku":"L-FPR3130T-TC-1Y","price":23048.55,"currency_code":"GBP","in_stock":false},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565561639155,"sku":"L-FPR3130T-TC-3Y","price":69145.65,"currency_code":"GBP","in_stock":false},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565561671923,"sku":"L-FPR3130T-TC-5Y","price":115242.76,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565561704691,"sku":"L-FPR3130T-TM-1Y","price":23048.55,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565561737459,"sku":"L-FPR3130T-TM-3Y","price":69145.65,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565561770227,"sku":"L-FPR3130T-TM-5Y","price":115242.76,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565561802995,"sku":"L-FPR3130T-TMC-1Y","price":31115.54,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565561835763,"sku":"L-FPR3130T-TMC-3Y","price":93346.64,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565561868531,"sku":"L-FPR3130T-TMC-5Y","price":155577.72,"currency_code":"GBP","in_stock":true},{"title":"Defence Orchestrator (P) \/ 1 Year","offer_id":44565561901299,"sku":"L-FPR3130-P-1Y","price":962.13,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 3 Years","offer_id":44565561934067,"sku":"L-FPR3130-P-3Y","price":2309.13,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 5 Years","offer_id":44565561966835,"sku":"L-FPR3130-P-5Y","price":3848.57,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-3130-next-generation-firewall-license-options-963128.png?v=1734954012"},{"product_id":"cisco-firepower-3140-next-generation-firewall-license-options","title":"Cisco Firepower 3140 Next Generation Firewall - License Options","description":"\u003cp data-mce-fragment=\"1\" id=\"ariaid-title2\" class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout Firepower Licenses\u003cbr\u003e\u003cbr\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/span\u003eYour Firepower products (\u003cspan data-mce-fragment=\"1\" class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described here.\u003c\/p\u003e\n\u003csection data-mce-fragment=\"1\" class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eP\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eDefense Orchestrator\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003ch4 class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/h4\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat (T) \/ 1 Year","offer_id":44565564948723,"sku":"L-FPR3140T-T-1Y","price":13252.91,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 3 Years","offer_id":44565564981491,"sku":"L-FPR3140T-T-3Y","price":39758.75,"currency_code":"GBP","in_stock":true},{"title":"Threat (T) \/ 5 Years","offer_id":44565565014259,"sku":"L-FPR3140T-T-5Y","price":66264.59,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 1 Year","offer_id":44565565047027,"sku":"L-FPR3140T-TC-1Y","price":26505.84,"currency_code":"GBP","in_stock":false},{"title":"Threat + URL Filtering (TC) \/ 3 Years","offer_id":44565565079795,"sku":"L-FPR3140T-TC-3Y","price":79517.52,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL Filtering (TC) \/ 5 Years","offer_id":44565565112563,"sku":"L-FPR3140T-TC-5Y","price":132529.18,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware (TM) \/ 1 Year","offer_id":44565565145331,"sku":"L-FPR3140T-TM-1Y","price":26505.84,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 3 Years","offer_id":44565565178099,"sku":"L-FPR3140T-TM-3Y","price":79517.52,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware (TM) \/ 5 Years","offer_id":44565565210867,"sku":"L-FPR3140T-TM-5Y","price":132529.18,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 1 Year","offer_id":44565565243635,"sku":"L-FPR3140T-TMC-1Y","price":35782.88,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware + URL Filtering (TMC) \/ 3 Years","offer_id":44565565276403,"sku":"L-FPR3140T-TMC-3Y","price":107348.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL Filtering (TMC) \/ 5 Years","offer_id":44565565309171,"sku":"L-FPR3140T-TMC-5Y","price":178914.38,"currency_code":"GBP","in_stock":true},{"title":"Defence Orchestrator (P) \/ 1 Year","offer_id":44565565341939,"sku":"L-FPR3140-P-1Y","price":1106.46,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 3 Years","offer_id":44565565374707,"sku":"L-FPR3140-P-3Y","price":2655.51,"currency_code":"GBP","in_stock":false},{"title":"Defence Orchestrator (P) \/ 5 Years","offer_id":44565565407475,"sku":"L-FPR3140-P-5Y","price":4425.85,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-3140-next-generation-firewall-license-options-589339.png?v=1734954012"},{"product_id":"cisco-firewall-200-series-options","title":"Cisco Secure Firewall 200 Series - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003cbr\u003e\u003cbr\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eCisco's approach to licensing their Secure Firewall 200 Series (such as the 220 appliance) running Firewall Threat Defense (FTD).\u003c\/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"citation-47\"\u003eLike the rest of the modern Cisco enterprise firewall lineup, it utilizes \u003c\/span\u003e\u003cspan class=\"citation-47\"\u003eCisco Smart Licensing\u003c\/span\u003e\u003cspan class=\"citation-47 citation-end-47\"\u003e—meaning everything is managed digitally through your Cisco Smart Software Manager (CSSM) account rather than using old node-locked product keys.\u003csup class=\"superscript\" data-turn-source-index=\"1\"\u003e\u003c!----\u003e\u003c\/sup\u003e\u003c\/span\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003cp class=\"p\"\u003e\u003cspan class=\"citation-47 citation-end-47\" style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"citation-41\"\u003eTo unlock full security capabilities, Cisco offers modular, term-based software subscriptions (available in \u003c\/span\u003e\u003cspan class=\"citation-41\"\u003e1-year, 3-year, or 5-year\u003c\/span\u003e\u003cspan class=\"citation-41 citation-end-41\"\u003e increments).\u003csup class=\"superscript\" data-turn-source-index=\"7\"\u003e\u003c!----\u003e\u003c\/sup\u003e\u003c\/span\u003e While you can purchase these a-la-carte, the vast majority of deployments utilize the combined TMC Bundle.\u003c\/span\u003e\u003c\/p\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eT\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTM\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTMC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat \/ 1 Year","offer_id":56795897037180,"sku":"L-CSF220-T-1Y","price":107.26,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 3 Year","offer_id":56795897069948,"sku":"L-CSF220-T-3Y","price":321.77,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 5 Year","offer_id":56795897102716,"sku":"L-CSF220-T-5Y","price":536.26,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 1 Year","offer_id":56795897135484,"sku":"L-CSF220-TC-1Y","price":214.51,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 3 Year","offer_id":56795897168252,"sku":"L-CSF220-TC-3Y","price":643.52,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 5 Year","offer_id":56795897201020,"sku":"L-CSF220-TC-5Y","price":1072.52,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 1 Year","offer_id":56795897233788,"sku":"L-CSF220-TM-1Y","price":214.51,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 3 Year","offer_id":56795897266556,"sku":"L-CSF220-TM-3Y","price":643.52,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 5 Year","offer_id":56795897299324,"sku":"L-CSF220-TM-5Y","price":1072.52,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 1 Year","offer_id":56795897332092,"sku":"L-CSF220-TMC-1Y","price":289.57,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 3 Year","offer_id":56795897364860,"sku":"L-CSF220-TMC-3Y","price":868.74,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 5 Year","offer_id":56795897397628,"sku":"L-CSF220-TMC-5Y","price":1447.9,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/cisco-firepower-3110-next-generation-firewall-license-options-711532.png?v=1734954012"},{"product_id":"cisco-secure-firewall-1210-license-options","title":"Cisco Secure Firewall 1210 - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe Cisco Secure Firewall 1200 Series supports Cisco Secure Firewall Threat Defense (FTD). \u003cbr\u003e\u003cbr\u003eThe base license provides core firewall functionality such as routing, NAT, VPN, and standard security services, while advanced features are enabled through additional subscriptions. These optional licenses include Threat\/IPS protection with Snort 3 and Talos updates, URL filtering, and Malware Defense for advanced file and sandbox analysis.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp data-start=\"470\" data-end=\"787\" data-is-last-node=\"\" data-is-only-node=\"\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eCisco uses Smart Licensing for the 1200 Series, with subscriptions commonly available in 1-, 3-, or 5-year terms. Many deployments use bundled security packages that combine IPS, malware, and URL filtering services, while remote-access VPN connectivity through Cisco Secure Client may require separate user licensing.\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eT\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTM\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTMC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/p\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca style=\"color: rgb(64, 64, 64);\" class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"CSF1210CE \/ Threat \/ 1 Year","offer_id":56800200786300,"sku":"L-CSF1210CE-T-1Y","price":278.48,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat \/ 3 Year","offer_id":56800200819068,"sku":"L-CSF1210CE-T-3Y","price":835.41,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat \/ 5 Year","offer_id":56800200851836,"sku":"L-CSF1210CE-T-5Y","price":1392.34,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + URL \/ 1 Year","offer_id":56800200884604,"sku":"L-CSF1210CE-TC-1Y","price":717.82,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + URL \/ 3 Year","offer_id":56800200917372,"sku":"L-CSF1210CE-TC-3Y","price":2153.46,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + URL \/ 5 Year","offer_id":56800200950140,"sku":"L-CSF1210CE-TC-5Y","price":3589.12,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + Malware \/ 1 Year","offer_id":56800200982908,"sku":"L-CSF1210CE-TM-1Y","price":717.82,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + Malware \/ 3 Year","offer_id":56800201015676,"sku":"L-CSF1210CE-TM-3Y","price":2153.46,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + Malware \/ 5 Year","offer_id":56800201048444,"sku":"L-CSF1210CE-TM-5Y","price":3589.12,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + Malware + URL \/ 1 Year","offer_id":56800201081212,"sku":"L-CSF1210CE-TMC-1Y","price":751.86,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + Malware + URL \/ 3 Year","offer_id":56800201113980,"sku":"L-CSF1210CE-TMC-3Y","price":2255.58,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CE \/ Threat + Malware + URL \/ 5 Year","offer_id":56800201146748,"sku":"L-CSF1210CE-TMC-5Y","price":3759.31,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat \/ 1 Year","offer_id":56800251052412,"sku":"L-CSF1210CP-T-1Y","price":318.26,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat \/ 3 Year","offer_id":56800251085180,"sku":"L-CSF1210CP-T-3Y","price":954.75,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat \/ 5 Year","offer_id":56800251117948,"sku":"L-CSF1210CP-T-5Y","price":1591.24,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + URL \/ 1 Year","offer_id":56800251150716,"sku":"L-CSF1210CP-TC-1Y","price":820.38,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + URL \/ 3 Year","offer_id":56800251183484,"sku":"L-CSF1210CP-TC-3Y","price":2461.12,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + URL \/ 5 Year","offer_id":56800251216252,"sku":"L-CSF1210CP-TC-5Y","price":4101.86,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + Malware \/ 1 Year","offer_id":56800251249020,"sku":"L-CSF1210CP-TM-1Y","price":820.38,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + Malware \/ 3 Year","offer_id":56800251281788,"sku":"L-CSF1210CP-TM-3Y","price":2461.12,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + Malware \/ 5 Year","offer_id":56800251314556,"sku":"L-CSF1210CP-TM-5Y","price":4101.86,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + Malware + URL \/ 1 Year","offer_id":56800251347324,"sku":"L-CSF1210CP-TMC-1Y","price":859.27,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + Malware + URL \/ 3 Year","offer_id":56800251380092,"sku":"L-CSF1210CP-TMC-3Y","price":2577.81,"currency_code":"GBP","in_stock":true},{"title":"CSF1210CP \/ Threat + Malware + URL \/ 5 Year","offer_id":56800251412860,"sku":"L-CSF1210CP-TMC-5Y","price":4296.34,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/1210License.png?v=1779459275"},{"product_id":"cisco-secure-firewall-1220-license-options","title":"Cisco Secure Firewall 1220 - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003cbr\u003e\u003cbr\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe Cisco Secure Firewall 1200 Series supports Cisco Secure Firewall Threat Defense (FTD). \u003cbr\u003e\u003cbr\u003eThe base license provides core firewall functionality such as routing, NAT, VPN, and standard security services, while advanced features are enabled through additional subscriptions. These optional licenses include Threat\/IPS protection with Snort 3 and Talos updates, URL filtering, and Malware Defense for advanced file and sandbox analysis.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp data-is-only-node=\"\" data-is-last-node=\"\" data-end=\"787\" data-start=\"470\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eCisco uses Smart Licensing for the 1200 Series, with subscriptions commonly available in 1-, 3-, or 5-year terms. Many deployments use bundled security packages that combine IPS, malware, and URL filtering services, while remote-access VPN connectivity through Cisco Secure Client may require separate user licensing.\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eT\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTM\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTMC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp id=\"ariaid-title15\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\" class=\"section\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\" class=\"ph i\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\" class=\"ph i\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\" class=\"ph i\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\" class=\"ph i\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title14\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\" class=\"section\"\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\" class=\"p\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Pencil icon\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\"\u003e\n\u003cp\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\" class=\"p\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\" class=\"p\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\" class=\"p\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\" class=\"ph codeph\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\" class=\"p\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/p\u003e\n\u003cp class=\"p\"\u003eSee also important information at \u003ca href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\" class=\"xref\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/p\u003e\n\u003cp id=\"ariaid-title16\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\" class=\"section\"\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Magnifying glass\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat \/ 1 Year","offer_id":56800293618044,"sku":"L-CSF1220CX-T-1Y","price":435.69,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 3 Year","offer_id":56800293650812,"sku":"L-CSF1220CX-T-3Y","price":1307.1,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 5 Year","offer_id":56800293683580,"sku":"L-CSF1220CX-T-5Y","price":2178.48,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 1 Year","offer_id":56800293716348,"sku":"L-CSF1220CX-TC-1Y","price":1123.13,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 3 Year","offer_id":56800293749116,"sku":"L-CSF1220CX-TC-3Y","price":3369.38,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 5 Year","offer_id":56800293781884,"sku":"L-CSF1220CX-TC-5Y","price":5615.65,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 1 Year","offer_id":56800293814652,"sku":"L-CSF1220CX-TM-1Y","price":1123.13,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 3 Year","offer_id":56800293847420,"sku":"L-CSF1220CX-TM-3Y","price":3369.38,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 5 Year","offer_id":56800293880188,"sku":"L-CSF1220CX-TM-5Y","price":5615.65,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 1 Year","offer_id":56800293912956,"sku":"L-CSF1220CX-TMC-1Y","price":1176.38,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 3 Year","offer_id":56800293945724,"sku":"L-CSF1220CX-TMC-3Y","price":3529.13,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 5 Year","offer_id":56800293978492,"sku":"L-CSF1220CX-TMC-5Y","price":5881.9,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/1220_License.png?v=1779458996"},{"product_id":"cisco-secure-firewall-1230-license-options","title":"Cisco Secure Firewall 1230 - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003cbr\u003e\u003cbr\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe Cisco Secure Firewall 1200 Series supports Cisco Secure Firewall Threat Defense (FTD). \u003cbr\u003e\u003cbr\u003eThe base license provides core firewall functionality such as routing, NAT, VPN, and standard security services, while advanced features are enabled through additional subscriptions. These optional licenses include Threat\/IPS protection with Snort 3 and Talos updates, URL filtering, and Malware Defense for advanced file and sandbox analysis.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp data-start=\"470\" data-end=\"787\" data-is-last-node=\"\" data-is-only-node=\"\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eCisco uses Smart Licensing for the 1200 Series, with subscriptions commonly available in 1-, 3-, or 5-year terms. Many deployments use bundled security packages that combine IPS, malware, and URL filtering services, while remote-access VPN connectivity through Cisco Secure Client may require separate user licensing.\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eT\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTM\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTMC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title15\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli class=\"li\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\"\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\"\u003e\u003cem class=\"ph i\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/p\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title14\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\"\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\" alt=\"Pencil icon\" style=\"margin-bottom: 16px; float: none;\"\u003e\n\u003cp\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode class=\"ph codeph\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/p\u003e\n\u003cp class=\"p\"\u003eSee also important information at \u003ca class=\"xref\" href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/p\u003e\n\u003cp class=\"title topictitle4\" id=\"ariaid-title16\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection class=\"section\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\"\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/p\u003e\n\u003cdiv class=\"tableContainer\" style=\"text-align: start;\"\u003e\n\u003ctable class=\"olh_note\" border=\"0\" role=\"note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd width=\"1%\" class=\"olh_note\" role=\"heading\" border=\"0\"\u003e\n\u003cimg src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\" alt=\"Magnifying glass\" style=\"margin-bottom: 16px; float: none;\"\u003e\n\u003cp\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd border=\"0\" class=\"olh_note\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/p\u003e\n\u003cp class=\"p\" id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat \/ 1 Year","offer_id":56800315310460,"sku":"L-CSF1230-T-1Y","price":1010.82,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 3 Year","offer_id":56800315343228,"sku":"L-CSF1230-T-3Y","price":3032.45,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 5 Year","offer_id":56800315375996,"sku":"L-CSF1230-T-5Y","price":5054.07,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 1 Year","offer_id":56800315408764,"sku":"L-CSF1230-TC-1Y","price":2021.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 3 Year","offer_id":56800315441532,"sku":"L-CSF1230-TC-3Y","price":6064.89,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 5 Year","offer_id":56800315474300,"sku":"L-CSF1230-TC-5Y","price":10108.15,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 1 Year","offer_id":56800315507068,"sku":"L-CSF1230-TM-1Y","price":2021.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 3 Year","offer_id":56800315539836,"sku":"L-CSF1230-TM-3Y","price":6064.89,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 5 Year","offer_id":56800315572604,"sku":"L-CSF1230-TM-5Y","price":10108.15,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 1 Year","offer_id":56800315605372,"sku":"L-CSF1230-TMC-1Y","price":2729.21,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 3 Year","offer_id":56800315638140,"sku":"L-CSF1230-TMC-3Y","price":8187.61,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 5 Year","offer_id":56800315670908,"sku":"L-CSF1230-TMC-5Y","price":13646.02,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/1230_License.png?v=1779458996"},{"product_id":"cisco-secure-firewall-1240-license-options","title":"Cisco Secure Firewall 1240 - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/span\u003eThe Cisco Secure Firewall 1200 Series supports Cisco Secure Firewall Threat Defense (FTD). \u003cbr\u003e\u003cbr\u003eThe base license provides core firewall functionality such as routing, NAT, VPN, and standard security services, while advanced features are enabled through additional subscriptions. These optional licenses include Threat\/IPS protection with Snort 3 and Talos updates, URL filtering, and Malware Defense for advanced file and sandbox analysis.\u003c\/p\u003e\n\u003cp data-is-only-node=\"\" data-is-last-node=\"\" data-end=\"787\" data-start=\"470\"\u003eCisco uses Smart Licensing for the 1200 Series, with subscriptions commonly available in 1-, 3-, or 5-year terms. Many deployments use bundled security packages that combine IPS, malware, and URL filtering services, while remote-access VPN connectivity through Cisco Secure Client may require separate user licensing.\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eT\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTM\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003eTMC\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003eThreat + Malware + URL Filtering\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp id=\"ariaid-title15\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\" class=\"section\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\" class=\"ph i\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\" class=\"ph i\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\" class=\"ph i\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\" class=\"ph i\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title14\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\" class=\"section\"\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Pencil icon\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\" class=\"ph codeph\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\" class=\"xref\" style=\"color: rgb(64, 64, 64);\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title16\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\" class=\"section\"\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Magnifying glass\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat \/ 1 Year","offer_id":56800326844796,"sku":"L-CSF1240-T-1Y","price":1853.16,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 3 Year","offer_id":56800326877564,"sku":"L-CSF1240-T-3Y","price":5559.49,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 5 Year","offer_id":56800326910332,"sku":"L-CSF1240-T-5Y","price":9265.83,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 1 Year","offer_id":56800326943100,"sku":"L-CSF1240-TC-1Y","price":3706.33,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 3 Year","offer_id":56800326975868,"sku":"L-CSF1240-TC-3Y","price":11118.97,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 5 Year","offer_id":56800327008636,"sku":"L-CSF1240-TC-5Y","price":18531.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 1 Year","offer_id":56800327041404,"sku":"L-CSF1240-TM-1Y","price":3706.33,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 3 Year","offer_id":56800327074172,"sku":"L-CSF1240-TM-3Y","price":11118.97,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 5 Year","offer_id":56800327106940,"sku":"L-CSF1240-TM-5Y","price":18531.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 1 Year","offer_id":56800327139708,"sku":"L-CSF1240-TMC-1Y","price":5003.54,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 3 Year","offer_id":56800327172476,"sku":"L-CSF1240-TMC-3Y","price":15010.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 5 Year","offer_id":56800327205244,"sku":"L-CSF1240-TMC-5Y","price":25017.71,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/1240License.png?v=1779459085"},{"product_id":"cisco-secure-firewall-1250-license-options","title":"Cisco Secure Firewall 1250 - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003cbr\u003e\u003cbr\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe Cisco Secure Firewall 1200 Series supports Cisco Secure Firewall Threat Defense (FTD). \u003cbr\u003e\u003cbr\u003eThe base license provides core firewall functionality such as routing, NAT, VPN, and standard security services, while advanced features are enabled through additional subscriptions. These optional licenses include Threat\/IPS protection with Snort 3 and Talos updates, URL filtering, and Malware Defense for advanced file and sandbox analysis.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp data-is-only-node=\"\" data-is-last-node=\"\" data-end=\"787\" data-start=\"470\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eCisco uses Smart Licensing for the 1200 Series, with subscriptions commonly available in 1-, 3-, or 5-year terms. Many deployments use bundled security packages that combine IPS, malware, and URL filtering services, while remote-access VPN connectivity through Cisco Secure Client may require separate user licensing.\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eT\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTM\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTMC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp id=\"ariaid-title15\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\" class=\"section\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\" class=\"ph i\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\" class=\"ph i\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\" class=\"ph i\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\" class=\"ph i\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title14\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\" class=\"section\"\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Pencil icon\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\" class=\"ph codeph\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\" class=\"xref\" style=\"color: rgb(64, 64, 64);\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title16\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\" class=\"section\"\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Magnifying glass\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat \/ 1 Year","offer_id":56800329204092,"sku":"L-CSF1250-T-1Y","price":3032.45,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 3 Year","offer_id":56800329236860,"sku":"L-CSF1250-T-3Y","price":9097.34,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 5 Year","offer_id":56800329269628,"sku":"L-CSF1250-T-5Y","price":15162.25,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 1 Year","offer_id":56800329302396,"sku":"L-CSF1250-TC-1Y","price":6064.89,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 3 Year","offer_id":56800329335164,"sku":"L-CSF1250-TC-3Y","price":18194.68,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 5 Year","offer_id":56800329367932,"sku":"L-CSF1250-TC-5Y","price":30324.47,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 1 Year","offer_id":56800329400700,"sku":"L-CSF1250-TM-1Y","price":6064.89,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 3 Year","offer_id":56800329433468,"sku":"L-CSF1250-TM-3Y","price":18194.68,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 5 Year","offer_id":56800329466236,"sku":"L-CSF1250-TM-5Y","price":30324.47,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 1 Year","offer_id":56800329499004,"sku":"L-CSF1250-TMC-1Y","price":8187.61,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 3 Year","offer_id":56800329531772,"sku":"L-CSF1250-TMC-3Y","price":24562.83,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 5 Year","offer_id":56800329564540,"sku":"L-CSF1250-TMC-5Y","price":40938.05,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/1250_License.png?v=1779458998"},{"product_id":"cisco-secure-firewall-3105-license-options","title":"Cisco Secure Firewall 3105 - License Options","description":"\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(0, 0, 0);\"\u003eCisco FTD licensing uses Smart Licensing with a base licence plus add-ons: Threat (IPS), Malware (AMP), and URL Filtering, all managed via Cisco Smart Software Manager.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"title topictitle2\"\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cstrong\u003eAbout FTD Licensing\u003cbr\u003e\u003c\/strong\u003e\u003c\/span\u003e\u003cmeta charset=\"UTF-8\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe \u003cspan class=\"hover:entity-accent entity-underline inline cursor-pointer align-baseline\"\u003e\u003cspan class=\"whitespace-normal\"\u003eCisco Secure Firewall 3100 Series\u003c\/span\u003e\u003c\/span\u003e supports Cisco Secure Firewall Threat Defense (FTD). \u003cbr\u003e\u003cbr\u003eThe base Essentials\/Standard license is required for FTD deployments and includes core firewall services such as routing, NAT, VPN, application visibility, and policy management. Advanced subscriptions add IPS with Snort 3 and Talos intelligence, URL filtering, Malware Defense, and optional Carrier features for telecom environments. \u003cspan data-state=\"closed\" class=\"\"\u003e\u003c\/span\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp data-end=\"1000\" data-start=\"491\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe 3100 Series uses Cisco Smart Licensing and supports subscription terms typically offered in 1-, 3-, and 5-year bundles. Cisco Secure Client (AnyConnect) remote-access VPN licensing is separate, and enterprises commonly deploy bundled licenses combining IPS, malware, and URL filtering services. The series includes models 3105 through 3140, designed for higher-throughput branch, campus, and data center deployments with support for FTD operating modes.\u003c\/span\u003e\u003c\/p\u003e\n\u003csection class=\"body conbody\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003e Subscription You Purchase\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cstrong\u003eSmart Licenses You Assign in Firepower System\u003c\/strong\u003e\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eT\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTM\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd style=\"width: 38.0075%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eTMC\u003c\/span\u003e\u003c\/td\u003e\n\u003ctd style=\"width: 57.9925%;\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThreat + Malware + URL Filtering\u003c\/span\u003e\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003cp id=\"ariaid-title15\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003e\u003cbr\u003eThreat Licenses\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__section_3C0ACEA2F219407BB764D9F53DF19621\" class=\"section\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000f8\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:\u003c\/span\u003e\u003c\/p\u003e\n\u003cul class=\"ul\"\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_E7FF3C179336445FA5D4D8F52FE52304\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fa\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fc\" class=\"ph i\"\u003eIntrusion detection and prevention\u003c\/em\u003e allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_DB7D24190B3F45B89A1D221FBD79DC3B\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000fd\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-000000ff\" class=\"ph i\"\u003eFile control\u003c\/em\u003e allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. \u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000100\" class=\"ph i\"\u003e\u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e\u003c\/em\u003e, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003cli id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__li_A4BFF1E86902453EB201CB1E653B8DCD\" class=\"li\" style=\"color: rgb(64, 64, 64);\"\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000103\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cem id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-00000105\" class=\"ph i\"\u003eSecurity Intelligence filtering\u003c\/em\u003e allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_C38742BBC6364CA7BA6F6DA4E3A8C6F7__ID-2240-0000010a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable Threat on managed devices, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title14\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eMalware Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_A9ED087DCFE949168C403EA2EA140063__section_DFDE67C704604FE49A1BF0D7C46753CF\" class=\"section\"\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000017e\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eA Malware license for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices allows you to perform Cisco Advanced Malware Protection (AMP) with \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. With this feature, you can use \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Pencil icon\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/note.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eNote\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000185\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000018a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eYou configure \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-00000196\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of \u003ccode id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019c\" class=\"ph codeph\"\u003eUnavailable\u003c\/code\u003e to those files.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_A9ED087DCFE949168C403EA2EA140063__ID-2240-0000019d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eNote that a Malware license is required only if you deploy \u003cspan class=\"ph\"\u003eAMP for Networks\u003c\/span\u003e and \u003cspan class=\"ph\"\u003eCisco Threat Grid\u003c\/span\u003e. Without a Malware license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eSee also important information at \u003ca href=\"https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/security\/firepower\/601\/configuration\/guide\/fpmc-config-guide-v601\/Reference_a_wrapper_Chapter_topic_here.html#id_101648\" class=\"xref\" style=\"color: rgb(64, 64, 64);\"\u003eLicense Requirements for File and Malware Policies\u003c\/a\u003e.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"ariaid-title16\" class=\"title topictitle4\"\u003e\u003cstrong\u003e\u003cspan style=\"color: rgb(191, 0, 29);\"\u003eURL Filtering Licenses for \u003cspan class=\"ph\"\u003eFirepower Threat Defense\u003c\/span\u003e Devices\u003c\/span\u003e\u003c\/strong\u003e\u003c\/p\u003e\n\u003csection class=\"body refbody\"\u003e\n\u003csection id=\"reference_0FB126619D0649D79B4F666AACE82BAD__section_94660A4F86DF429297F4AE620ACFBDCF\" class=\"section\"\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015a\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eThe URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv style=\"text-align: start;\" class=\"tableContainer\"\u003e\n\u003ctable role=\"note\" border=\"0\" class=\"olh_note\"\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd border=\"0\" role=\"heading\" class=\"olh_note\" width=\"1%\"\u003e\n\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e \u003cimg style=\"margin-bottom: 16px; float: none;\" alt=\"Magnifying glass\" src=\"https:\/\/www.cisco.com\/content\/dam\/en\/us\/td\/i\/templates\/tip.gif\"\u003e \u003c\/span\u003e\n\u003cp\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003e\u003cb\u003eTip\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/td\u003e\n\u003ctd class=\"olh_note\" border=\"0\"\u003e\n\u003csection class=\"note__content\"\u003e\u003chr\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-0000015d\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eWithout a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic.\u003c\/span\u003e\u003c\/p\u003e\n\u003chr\u003e\u003c\/section\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/tbody\u003e\n\u003c\/table\u003e\n\u003c\/div\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000160\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eAlthough you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e, then enable it on the devices targeted by the policy.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp id=\"reference_0FB126619D0649D79B4F666AACE82BAD__ID-2240-00000166\" class=\"p\"\u003e\u003cspan style=\"color: rgb(64, 64, 64);\"\u003eIf you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your \u003cspan class=\"ph\"\u003eFirepower Management Center\u003c\/span\u003e can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e\n\u003c\/section\u003e","brand":"Network Warehouse V6","offers":[{"title":"Threat \/ 1 Year","offer_id":56800369607036,"sku":"L-FPR3105T-T-1Y","price":3572.52,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 3 Year","offer_id":56800369639804,"sku":"L-FPR3105T-T-3Y","price":10717.57,"currency_code":"GBP","in_stock":true},{"title":"Threat \/ 5 Year","offer_id":56800369672572,"sku":"L-FPR3105T-T-5Y","price":17862.63,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 1 Year","offer_id":56800369705340,"sku":"L-FPR3105T-TC-1Y","price":7145.04,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 3 Year","offer_id":56800369738108,"sku":"L-FPR3105T-TC-3Y","price":21435.16,"currency_code":"GBP","in_stock":true},{"title":"Threat + URL \/ 5 Year","offer_id":56800369770876,"sku":"L-FPR3105T-TC-5Y","price":35725.25,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware \/ 1 Year","offer_id":56800369803644,"sku":"L-FPR3105T-TM-1Y","price":7145.04,"currency_code":"GBP","in_stock":false},{"title":"Threat + Malware \/ 3 Year","offer_id":56800369836412,"sku":"L-FPR3105T-TM-3Y","price":21435.16,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware \/ 5 Year","offer_id":56800369869180,"sku":"L-FPR3105T-TM-5Y","price":35725.25,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 1 Year","offer_id":56800369901948,"sku":"L-FPR3105T-TMC-1Y","price":9645.81,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 3 Year","offer_id":56800369934716,"sku":"L-FPR3105T-TMC-3Y","price":28937.46,"currency_code":"GBP","in_stock":true},{"title":"Threat + Malware + URL \/ 5 Year","offer_id":56800369967484,"sku":"L-FPR3105T-TMC-5Y","price":48229.1,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/files\/3105_License.png?v=1779458997"}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0373\/2137\/5882\/collections\/cisco-next-generation-firewalls-license-options-777607.png?v=1734947999","url":"https:\/\/networkwarehouse.co.uk\/collections\/cisco-firewalls-license-options.oembed","provider":"Network Warehouse","version":"1.0","type":"link"}