Access Control Policies Won’t Apply to New Firepower Devices

I recently ran into a fairly simple issue during a Firepower installation. I registered some 5506-X Firepower modules to a Firepower Management Center (FMC) before I had any licensing applied to the FMC. I am using the classic licensing model, so this process may be different under smart licensing. After linking the control licenses with the FMC ID in the Cisco portal, I added the licenses to the FMC. The licenses I applied were being used, however the devices appeared in the FMC under ‘device management’ had no access control policy attached to them.

I remember setting access control policies when  adding these devices, so I knew something was up. Click on the pencil icon on the right side of the device in question to edit that device. Click on the device tab to show general device information. If there is now adequate licensing for the device, you should be able to select different licensing schemes depending on what you have purchased and are using. The basic control license gives you ‘control’ and ‘protection’. Once those are both selected, your device will appear under the device management screen as having an access policy which can now be deployed.

Leave a Reply

Your email address will not be published. Required fields are marked *