Cisco Firepower 1010 Next Generation Firewall - License Options
£17.05 inc vat
L-FPR1010T-T-1Y
9999
About Firepower Licenses
Your Firepower products (Firepower Management Center and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.
| Subscription You Purchase | Smart Licenses You Assign in Firepower System |
| T | Threat |
| TC | Threat + URL Filtering |
| TM | Threat + Malware |
| TMC | Threat + URL Filtering + Malware |
| P | Defence Orchestrator |
Threat Licenses
A Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:
-
Intrusion detection and prevention allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.
-
File control allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. AMP for Networks, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.
-
Security Intelligence filtering allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.
You can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).
If you disable Threat on managed devices, the Firepower Management Center stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the Firepower Management Center will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.
Malware Licenses for Firepower Threat Defense Devices
A Malware license for Firepower Threat Defense devices allows you to perform Cisco Advanced Malware Protection (AMP) with AMP for Networks and Cisco Threat Grid. With this feature, you can use Firepower Threat Defense devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.
Note |
Firepower Threat Defense managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior. |
You configure AMP for Networks as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. AMP for Networks allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the Cisco Threat Grid cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.
If you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include AMP for Networks configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of Unavailable to those files.
Note that a Malware license is required only if you deploy AMP for Networks and Cisco Threat Grid. Without a Malware license, the Firepower Management Center can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.
See also important information at License Requirements for File and Malware Policies.
URL Filtering Licenses for Firepower Threat Defense Devices
The URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.
Tip |
Without a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic. |
Although you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the Firepower Management Center will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the Firepower Management Center, then enable it on the devices targeted by the policy.
If you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your Firepower Management Center can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.
About Firepower Licenses
Your Firepower products (Firepower Management Center and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions, as described in this chapter.
| Subscription You Purchase | Smart Licenses You Assign in Firepower System |
| T | Threat |
| TC | Threat + URL Filtering |
| TM | Threat + Malware |
| TMC | Threat + URL Filtering + Malware |
| P | Defence Orchestrator |
Threat Licenses
A Threat license allows you to perform intrusion detection and prevention, file control, and Security Intelligence filtering:
-
Intrusion detection and prevention allows you to analyze network traffic for intrusions and exploits and, optionally, drop offending packets.
-
File control allows you to detect and, optionally, block users from uploading (sending) or downloading (receiving) files of specific types over specific application protocols. AMP for Networks, which requires a Malware license, allows you to inspect and block a restricted set of those file types based on their dispositions.
-
Security Intelligence filtering allows you to block —deny traffic to and from—specific IP addresses, URLs, and DNS domain names, before the traffic is subjected to analysis by access control rules. Dynamic feeds allow you to immediately block connections based on the latest intelligence. Optionally, you can use a “monitor-only” setting for Security Intelligence filtering.
You can purchase a Threat license as a stand-alone subscription (T) or in combination with URL Filtering (TC), Malware (TM), or both (TMC).
If you disable Threat on managed devices, the Firepower Management Center stops acknowledging intrusion and file events from the affected devices. As a consequence, correlation rules that use those events as a trigger criteria stop firing. Additionally, the Firepower Management Center will not contact the internet for either Cisco-provided or third-party Security Intelligence information. You cannot re-deploy existing intrusion policies until you re-enable Threat.
Malware Licenses for Firepower Threat Defense Devices
A Malware license for Firepower Threat Defense devices allows you to perform Cisco Advanced Malware Protection (AMP) with AMP for Networks and Cisco Threat Grid. With this feature, you can use Firepower Threat Defense devices to detect and block malware in files transmitted over your network. To support this feature license, you can purchase the Malware (AMP) service subscription as a stand-alone subscription or in combination with Threat (TM) or Threat and URL Filtering (TMC) subscriptions.
|
Note |
Firepower Threat Defense managed devices with Malware licenses enabled periodically attempt to connect to the AMP cloud even if you have not configured dynamic analysis. Because of this, the device’s Interface Traffic dashboard widget shows transmitted traffic; this is expected behavior. |
You configure AMP for Networks as part of a file policy, which you then associate with one or more access control rules. File policies can detect your users uploading or downloading files of specific types over specific application protocols. AMP for Networks allows you to use local malware analysis and file preclassification to inspect a restricted set of those file types for malware. You can also download and submit specific file types to the Cisco Threat Grid cloud for dynamic and Spero analysis to determine whether they contain malware. For these files, you can view the network file trajectory, which details the path the file has taken through your network. The Malware license also allows you to add specific files to a file list and enable the file list within a file policy, allowing those files to be automatically allowed or blocked on detection.
If you disable all your Malware licenses, the system stops querying the AMP cloud, and also stops acknowledging retrospective events sent from the AMP cloud. You cannot re-deploy existing access control policies if they include AMP for Networks configurations. Note that for a very brief time after a Malware license is disabled, the system can use existing cached file dispositions. After the time window expires, the system assigns a disposition of Unavailable to those files.
Note that a Malware license is required only if you deploy AMP for Networks and Cisco Threat Grid. Without a Malware license, the Firepower Management Center can receive AMP for Endpoints malware events and indications of compromise (IOC) from the AMP cloud.
See also important information at License Requirements for File and Malware Policies.
URL Filtering Licenses for Firepower Threat Defense Devices
The URL Filtering license allows you to write access control rules that determine the traffic that can traverse your network based on URLs requested by monitored hosts, correlated with information about those URLs. To support this feature license, you can purchase the URL Filtering (URL) service subscription as a stand-alone subscription or in combination with Threat (TC) or Threat and Malware (TMC) subscriptions.
|
Tip |
Without a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block. This gives you granular, custom control over web traffic, but does not allow you to use URL category and reputation data to filter network traffic. |
Although you can add category and reputation-based URL conditions to access control rules without a URL Filtering license, the Firepower Management Center will not download URL information. You cannot deploy the access control policy until you first add a URL Filtering license to the Firepower Management Center, then enable it on the devices targeted by the policy.
If you disable the URL Filtering license on managed devices, you may lose access to URL filtering. If your license expires or if you disable it, access control rules with URL conditions immediately stop filtering URLs, and your Firepower Management Center can no longer download updates to URL data. You cannot re-deploy existing access control policies if they include rules with category and reputation-based URL conditions.
Related Products
Cisco CBS250 8-Port Smart Managed Gigabit PoE+ Switch + 2 x Combo | CBS250-8FP-E-2G-UK
£218.81 inc VAT
Out of Stock
Cisco CBS250 16-Port Smart Managed Gigabit PoE+ Switch + 2 x SFP | CBS250-16P-2G-UK
£321.41 inc VAT
Out of Stock
Cisco CBS250 8-Port Smart Managed Gigabit Switch | CBS250-8T-D-UK
£97.76 inc VAT
Out of Stock
Cisco CBS350 8-Port L3 Managed Gigabit PoE+ Switch + 2 x Combo | CBS350-8FP-2G-UK
£326.70 inc VAT
In Stock
Cisco Catalyst 1000 8-Port Gigabit PoE+ Switch + 2x Combo Ports | C1000-8P-E-2G-L
£226.92 inc VAT
In Stock
Cisco CBS350 24-Port L3 Managed Gigabit PoE+ Switch + 4 x SFP | CBS350-24P-4G-UK
£512.11 inc VAT
Out of Stock
Cisco CBS350 8-Port L3 Managed Gigabit Switch + 2 x Combo | CBS350-8T-E-2G-UK
£182.14 inc VAT
Out of Stock
Cisco Catalyst 1300 24-Port Gigabit PoE+ Switch + 4 x SFP+ | C1300-24P-4X
£697.61 inc VAT
Out of Stock
Cisco CBS350 8-Port L3 Managed Gigabit PoE+ Switch + 2 x Combo | CBS350-8FP-E-2G-UK
£297.31 inc VAT
Out of Stock
Cisco CBS110 24-Port Unmanaged Gigabit PoE Switch + 2 x Combo | CBS110-24PP-UK
£228.88 inc VAT
In Stock
Cisco CBS250 24-Port Smart Managed Gigabit PoE+ Switch + 4 x SFP | CBS250-24P-4G-UK
£399.95 inc VAT
In Stock
Cisco CBS350 24-Port L3 Managed Gigabit Switch + 4 x SFP | CBS350-24T-4G-UK
£393.68 inc VAT
In Stock
Cisco CBS350 16-Port L3 Managed Gigabit PoE+ Switch + 2 x SFP | CBS350-16P-2G-UK
£410.02 inc VAT
In Stock
Cisco Catalyst 1000 8-Port Gigabit PoE+ Switch + 2x Combo Ports | C1000-8P-2G-L
£287.15 inc VAT
In Stock
Cisco CBS110 8-Port Unmanaged Gigabit Desktop Switch | CBS110-8T-D-UK
£38.09 inc VAT
In Stock
Cisco Catalyst 1300 8-Port Gigabit PoE+ Switch + 2 x Gig Combo | C1300-8P-E-2G
£258.00 inc VAT
In Stock
Cisco CBS250 8-Port Smart Managed Gigabit PoE+ Switch + 2 x Combo | CBS250-8PP-E-2G-UK
£189.18 inc VAT
Out of Stock
Cisco CBS350 16-Port L3 Managed Gigabit PoE+ Switch + 2 x SFP | CBS350-16FP-2G-UK
£610.94 inc VAT
In Stock
Cisco CBS350 24-Port L3 Managed Gigabit PoE+ Switch + 4 x SFP | CBS350-24FP-4G-UK
£762.86 inc VAT
In Stock
Cisco Catalyst 1000 24-Port Gigabit PoE+ Switch + 4x SFP | C1000-24P-4G-L
£680.48 inc VAT
In Stock
Cisco CBS110 5-Port Unmanaged Gigabit Desktop Switch | CBS110-5T-D-UK
£30.76 inc VAT
In Stock
Cisco 19" Rack Kit for Compact C1000, C1200 & C1300 Switches | RCKMNT-CMPCT-1K=
£30.72 inc VAT
Out of Stock
Cisco Catalyst 1300 24 x Multigigabit Switch + 4x 10G SFP+ | C1300-24MGP-4X
£1,026.64 inc VAT
In Stock
Cisco Catalyst 1300 8-Port Multigigabit PoE+ Switch + 2x SFP+ | C1300-8MGP-2X
£549.31 inc VAT
In Stock
Cisco Catalyst 1200 24-Port Gigabit Switch + 4x SFP+ | C1200-24T-4X
£415.13 inc VAT
In Stock
Cisco CBS220 48-Port Smart Managed Gigabit PoE+ Switch + 4 x SFP | CBS220-48P-4G-UK
£583.15 inc VAT
Out of Stock
Cisco CBS220 16-Port Smart Managed Gigabit PoE+ Switch + 2 x SFP | CBS220-16P-2G-UK
£228.34 inc VAT
In Stock
Cisco ISR 921 Gigabit Ethernet Security Router | C921-4P
£340.03 inc VAT
Out of Stock
Cisco Catalyst 9115 Wi-Fi 6 Access Point, Internal Antenna | C9115AXI-E
£473.93 inc VAT
In Stock
Cisco CBS350 48-Port L3 Managed Gigabit Switch + 4 x SFP+ | CBS350-48T-4X-UK
£1,045.32 inc VAT
In Stock
Cisco CBS350 48-Port L3 Managed Gigabit Switch + 4 x SFP | CBS350-48T-4G-UK
£618.29 inc VAT
In Stock
Cisco Catalyst 1000 8-Port Gigabit PoE+ Switch + 2x Combo Ports | C1000-8FP-2G-L
£461.86 inc VAT
In Stock
Cisco CBS110 16-Port Unmanaged Gigabit Switch | CBS110-16T-UK
£101.80 inc VAT
In Stock
Cisco CBS250 24-Port Smart Managed Gigabit Switch + 4 x SFP | CBS250-24T-4G-UK
£224.44 inc VAT
In Stock
Cisco Catalyst 1300 48-Port PoE+ Gigabit Switch + 4 x SFP+ | C1300-48FP-4X
£1,469.26 inc VAT
In Stock
Cisco Catalyst 1300 24-Port Gigabit Switch + 4 x SFP+ | C1300-24T-4X
£584.75 inc VAT
In Stock
Cisco Catalyst 1200 24-Port Gigabit PoE+ Switch + 4x SFP | C1200-24P-4G
£361.56 inc VAT
In Stock
Cisco Catalyst 1200 8-Port Gigabit Desktop Switch | C1200-8T-D
£112.20 inc VAT
In Stock
Cisco Catalyst 9200CX 12-Port Gigabit Switch + 2x 10G + 2x 1G | Network Essentials | C9200CX-12T-2X2G-E
£927.13 inc VAT
In Stock
Cisco CW9166 High Performance WiFi 6E Access Point | CW9166I-ROW
£1,035.86 inc VAT
In Stock
