萬盛學電腦網

 萬盛學電腦網 >> 病毒防治 >> ASA系列防火牆license知識

ASA系列防火牆license知識

Note The ASA 5580 is not supported in Version 8.0; for ASA 5580 information, see the licensing documentation for Version 8.1 or later. The PIX 500 series security appliance does not support temporary licenses. Items that are in italics are separate, optional licenses with which that you can replace the Base or Security Plus license. You can mix and match licenses, for example, the 10 security context license plus the Strong Encryption license; or the 500 SSL VPN license plus the GTP/GPRS license; or all four licenses together. You cannot use Active/Active failover and VPN; if you want to use VPN, use Active/Standby failover. pix不支持SSL VPN,不能做VPN load blance。
How the Temporary License Timer Works
• The timer for the temporary license starts counting down when you activate it on the security appliance.
• If you stop using the temporary license before it times out, for example you activate a permanent license or a different temporary license, then the timer halts. The timer only starts again when you reactivate the temporary license.
• If the temporary license is active, and you shut down the security appliance, then the timer continues to count down. If you intend to leave the security appliance in a shut down state for an extended period of time, then you should activate the permanent license before you shut down to preserve the temporary license.
• When a temporary license expires, the next time you reload the security appliance, the permanent license is used; you are not forced to perform a reload immediately when the license expires.
Note We suggest you do not change the system clock after you install the temporary license. If you set the clock to be a later date, then if you reload, the security appliance checks the system clock against the original installation time, and assumes that more time has passed than has actually been used. If you set the clock back, and the actual running time is greater than the time between the original installation time and the system clock, then the license immediately expires after a reload.
How Multiple Licenses Interact
• When you activate a temporary license, then features from both permanent and temporary licenses combine to form the running license. The security appliance uses the highest value from each license for each feature, and displays any resolved conflicts between the licenses when you enter a temporary activation key. In the rare circumstance that a temporary license has lower capability than the permanent license, the permanent license values are used. • When you activate a permanent license, it overwrites the currently-running permanent and temporary licenses and becomes the running license.
Note If the permanent license is a downgrade from the temporary license, then you need to reload the security appliance to disable the temporary license and restore the permanent license. Until you reload, the temporary license continues to count down.
Interim release 8.0(4.16) includes an enhancement so that you do not need to reload the security appliance after reactivating the already installed permanent license; this enhancement stops the temporary license from continuing to count down with no disruption of traffic. • To reenable the features of the temporary license if you later activate a permanent license, simply reenter the temporary activation key. For a license upgrade, you do not need to reload. • To switch to a different temporary license, enter the new activation key; the new license is used instead of the old temporary license and combines with the permanent license to create a new running license. The security appliance can have multiple temporary licenses installed; but only one is active at any given time.
 
In multiple context mode, apply the activation key in the system execution space. Activation keys are available in both routed and transparent mode. Additional Guidelines and Limitations
• The activation key is not stored in your configuration file; it is stored as a hidden file in Flash memory.
• The activation key is tied to the serial number of the device. Feature licenses cannot be transferred between devices (except in the case of a hardware failure). If you have to replace your device due to a hardware failure, contact the Cisco Licensing Team to have your existing license transferred to the new serial number. The Cisco Licensing Team will ask for the Product Authorization Key reference number and existing serial number.
• Once purchased, you cannot return a license for a refund or for an upgraded license.
• You cannot add two separate licenses for the same feature together; for example, if you purchase a 25-session SSL VPN license, and later purchase a 50-session license, you cannot use 75 sessions; you can use a maximum of 50 sessions. Shows the installed licenses, including information about temporary licenses.
hostname# show activation-key detail Note For a failover pair, you need separate activation keys for each unit. Make sure the licenses included in the keys are the same for both units. You can enter one permanent key, and multiple temporary keys. The last temporary key entered is the active one. ASA系列防火牆license知識.
copyright © 萬盛學電腦網 all rights reserved