Cisco Security Licensing and Software
Access Process for Partner Help
Global Virtual Engineering
Security PoV/Lab License Fulfillment Team
Aug 27, 2021
Cisco Security Licensing and Software Access
Table of Contents
1
Introduction................................................................................................................................ 4
2
Partner Help Tickets................................................................................................................ 4
3
Fire Jumper TAC Access .......................................................................................................... 5
3.1.1
3.1.2
Verification of Partner SE Fire Jumper status ............................................................................... 5
Opening TAC Case for Fire Jumpers .............................................................................................. 5
4
Software Access ......................................................................................................................... 7
4.1
Downloading / Publishing Software ................................................................................................. 7
5
Cisco Smart Licenses ..............................................................................................................10
6
POV and Lab Licensing ..........................................................................................................11
6.1
Firepower Threat Defense (FTD) and AnyConnect .........................................................................11
6.1.1 Partner Lab Cisco Smart Licensing for AnyConnect with FTD ....................................................11
6.1.2 POV Cisco Smart Licensing for AnyConnect with FTD ................................................................13
6.1.3 Partner Lab Smart Licensing FMC and FTD ................................................................................15
6.1.4 POV Smart Licensing FMC and FTD ............................................................................................19
6.1.5 Classic Licensing for Firepower Management Center (FMC)......................................................23
6.1.6 Classic Licensing for Firepower Services for ASA or Firepower ..................................................25
6.2
Adaptive Security Appliance (ASA) .................................................................................................28
6.2.1 Classic Licensing for ASA5500-X .................................................................................................28
6.2.2 Partner Lab Cisco Smart Licensing for ASA on Firepower 2100 .................................................32
6.2.3 Partner POV Cisco Smart Licensing for ASA on Firepower 2100 ................................................33
6.2.4 Cisco Smart Licensing for ASA on Firepower 1000 / 4100 / 9300 Chassis..................................35
6.3
Adaptive Security Virtual Appliance (ASAv) ...................................................................................39
6.3.1 Partner Lab Smart Licensing for ASAv ........................................................................................39
6.3.2 POV Smart Licensing for ASAv ....................................................................................................41
6.4
Secure Endpoint (aka AMP For Endpoint) ......................................................................................43
6.4.1 Initial Setup and Portal Access: AMP .........................................................................................43
6.4.2 Verify Existing Partner Lab Licenses ...........................................................................................45
6.4.3 Partner Public Cloud Lab License Requests ................................................................................46
6.4.4 Partner Private Cloud Lab License Requests...............................................................................50
6.4.5 Cisco Employee Public Cloud Lab Requests ................................................................................52
6.4.6 Cisco Employee Private Cloud Lab Requests ..............................................................................54
6.5
Threat Grid ......................................................................................................................................56
6.5.1 Cisco Lab Licensing for Threat Grid ............................................................................................56
6.5.2 Partner Lab Licensing for Threat Grid ........................................................................................56
6.5.3 POV Licensing for Threat Grid ....................................................................................................61
6.6
Umbrella .........................................................................................................................................63
2
Cisco Security Licensing and Software Access
6.6.1 Cisco Internal Employee Umbrella Account ...............................................................................63
6.6.2 Cisco Umbrella Partner Console (UPC) .......................................................................................64
6.6.3 Cisco Umbrella Managed Security Services Partner (MSSP) Portal ...........................................72
6.7
Stealthwatch Enterprise .................................................................................................................77
6.7.1 Partner Lab License Software Access and Licensing Initial Request...........................................77
6.7.1.1
Partner Lab License Extensions: Versions 7.2x and above .....................................................78
6.7.1.2
Partner Lab License Extensions: Versions prior to 7.2x ..........................................................79
6.7.2 On-premise POV Software Access and Licensing Initial Request ...............................................81
6.7.2.1
On-premise POV Extension Requests: Versions 7.2x and above ............................................82
6.7.2.2
On-premise POV Extension Requests: Versions prior to 7.2x .................................................83
6.8
Cisco Defense Orchestrator (CDO) .................................................................................................83
6.9
Identity Services Engine (ISE)..........................................................................................................84
6.9.1 Partner Lab License Requests Prior to v3.0 Software .................................................................84
6.9.2 Partner POV License Requests Prior to v3.0 Software................................................................86
6.9.3 Partner Lab License Requests and Renewals in Software v3.0 and Above ................................89
6.9.4 Partner POV License Requests and Renewals in Software v3.0 and Above ...............................91
6.10
Web Security Appliance (WSA) .......................................................................................................94
6.10.1
Licensing: WSA .......................................................................................................................94
6.11
Email Security Appliance (ESA) .......................................................................................................95
6.11.1
Licensing: ESA.........................................................................................................................95
6.12
Security Management Appliance (SMA).........................................................................................96
6.12.1
Licensing: SMA .......................................................................................................................96
6.13
Cloud Email Security (CES) ..............................................................................................................97
6.13.1
Licensing: Cloud Email Security, Domain Protection, Advanced Phishing Protection ............97
6.13.2
Evaluation Extensions or Conversion from Evaluation to Production licenses ......................99
7
Cisco Cloud Mailbox Defense (CMD) ............................................................................. 100
8
Not-for-Resale (NFR) Requests ............................................................................................. 100
9
Next Steps ............................................................................................................................... 100
10
Change Log ............................................................................................................................. 101
3
Cisco Security Licensing and Software Access
1
Introduction
The Cisco Global Security Sales Organization (GSSO) follows the Proof of Value (POV) process that aims
to provide unique business value to key decision makers when positioning security solutions. It relies on
security success criteria to properly scope engagements while increasing the win rate and decreasing
the time to close. This document outlines the process that Partner Help agents will follow after receiving
a license or software request for a Partner Executed Proof of Value (POV) or Partner lab.
2
Partner Help Tickets
There are three types of support that partners will request: Licensing, Hardware, or Software. Licenses
that partners will request are for POV or Lab. POV is for sales opportunities and limited to in duration
with the option for one extension. Lab licenses are for partner labs and limited to six months or the
maximum duration available in the licensing tool.
A Cisco partner or employee will go to www.cisco.com/go/ph to open a ticket with Partner Help. In the
ticket, the subject will help you determine if the request is Software Access, POV License or Lab License.
All tickets should come in with a Service Type of ‘Cisco Sales Enablement Services’ and you will select the
correct Sub Service Type based on the actual request. Cases with a subject of Software Access are for
partners that are looking for special file publish of software. Cases with POV License should be for POVs.
Cases with a subject of Lab License should be for partner labs. The details in the Question field will help
you verify this information.
For each request, verify that the partner entered complete information in the Question field. Refer to
the partner facing guide to determine the information partners should provide for each case:
Security Partner Community - Cisco Security Licensing and Software Access Guide
4
Cisco Security Licensing and Software Access
3
Fire Jumper TAC Access
As part of supporting Security Partners with POVs, we are allowing Fire Jumpers to request TAC access
through Partner Help. Partner Fire Jumpers requesting TAC access will open Partner Help requests using
the standard procedures and the information needed to make these requests. The Partner Help team
will reach out via phone to the appropriate support team and will then open the TAC case on behalf of
the Fire Jumper. These TAC cases can ONLY be opened for Pre-sales POV opportunities, so ensure this
requirement in the request. The Fire Jumpers should be aware of this requirement, but if there are any
issues, please escalate to Lena Olympio (holympio@cisco.com) with the details.
If a Partner is not a Fire Jumper and wants information on the Fire Jumper program, you can provide the
following URL for their information.
https://community.cisco.com/t5/security-documents/fire-jumper-academy/ta-p/3629021
3.1.1 Verification of Partner SE Fire Jumper status
Partner SEs requesting TAC access MUST have Fire Jumper status in ANY of the Fire Jumper Competency
Areas before the Partner Help team proceeds with the request. To ensure the Partner SE has reached
this requirement, the Partner Help Agent should find their Contact Record in Tableau by typing in the
partner’s CCO id, selecting the check box next to the CCO id once it appears and then hitting “Apply.”
Check to ensure at least one Competency Area is checked for the Fire Jumper stage.
3.1.2 Opening TAC Case for Fire Jumpers
5
Cisco Security Licensing and Software Access
The Partner Help agent should contact the Customer Interaction Network (CIN) team at +1 408.906.1929
and ask to open a Bypass Entitlement Case for GSSO Proof of Value Support and have the CIN team
open a case in the Fire Jumper’s Name. The Partner Help agent should provide the following to the CIN
team as the case is being opened. If the information below has not been provided by the Fire Jumper,
you should request this before contacting the CIN team.
• Partner Help Agent’s Cisco User ID
• Fire Jumpers CCO ID
• Identify the issue as GSSO Proof of Value Support
• Problem Description
• Product IDs (PIDs) and all components of the POV Hardware bundles, software, and/or virtual
machines
• Preferred Contact Method [Phone or Email]
• Preferred Contact Information [Phone Number or Email Address]
Note: If TAC declines support for the Fire Jumper TAC access case please refer the CIN team to this link
Once the case has been created by the CIN team, the case number will be provided and should be
delivered to the Fire Jumper who opened the Partner Help request. Once the Fire Jumper acknowledges
the receipt of the case number, confirm the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to ‘POV License’.
6
Cisco Security Licensing and Software Access
4
Software Access
This section covers the process to download the required software for the Partner. There are many
possible software requirements and the information below serves as an example of a common example
for a partner executed POV or a Lab. Adjust the process outlined below as required to match your
specific request.
4.1
Downloading / Publishing Software
To download/publish software, go to http://software.cisco.com/download/navigator.html. Select the
Browse All option to display all of the possible options.
Then scroll down and select the Security option in the left panel to begin navigating to the correct
Security product for the Partner Request. You should ask the Partner if a specific software version is
required or if the latest software is acceptable.
7
Cisco Security Licensing and Software Access
Then select the Publish icon for the software version required.
After selecting the Publish icon for the software item(s), check the box next to the software and enter
the partner CCO ID in the open field. When complete, click Continue.
8
Cisco Security Licensing and Software Access
Confirm the publication details and click Continue.
Confirm the Partner has received the email and can access the URL provided to download the software.
After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’
and change the Sub Service Type to the appropriate setting (e.g. ‘Lab Software’ or ‘POV Software) within
SFDC and close the case.
9
Cisco Security Licensing and Software Access
5
Cisco Smart Licenses
Many Security features are now enabled via Cisco Smart Licensing which will be configured within the
Management interfaces of those Security products. Before requesting any Lab or POV Security feature
licenses which are enabled via Smart Licensing, the Partner SE and/or Organization must either have an
existing Cisco Smart Account or create a new Cisco Smart Account to associate the Security feature
licenses to. The steps for this have been detailed in Section 2 of the Partner facing Cisco Security
Licensing and Software Access Guide.
The Partner Help team can request Cisco Smart Licenses for Lab or POV requests once the Partner SE or
AM has created the appropriate Smart Accounts. However, the Partner Help Agent must first request
and be granted access to the PEGA tool as shown in the “Access to PEGA tool is a Pre-Requisite for demo
request” bullet item in the “Initiate Smart Demo License Request” as follows:
Select the link to connect to OnRamp and follow these steps:
•
Under Accounts, select New Account Request
•
Select Request for Myself
•
In the “Search for any Resource” text box, enter CSW and select “Go”
•
In the search results, select the “Jump To” link after the EMAN>Groups>Security>Business
Process & Rules Management System>CSW>Production option
•
Follow the remaining steps shown in the picture above to complete the request
•
In the text box requesting justification on the final screen, enter the following:
“Partner Help Agent assisting the Global Security Sales Organization Channels team in fulfilling
Security POV and Partner Security Lab Smart License requests” and select “Submit”
Once the request for access to the PEGA tool has been approved, the Partner Help Agent should be able
to access the tool to submit Smart License requests via the PEGA Tool.
The process to enter the required Smart License fields will be detailed in each of the appropriate
sections below.
10
Cisco Security Licensing and Software Access
6
POV and Lab Licensing
The POV and Lab License processes support multiple security products. The Product Type line in the
Question field will help you determine which product license is being requested and which process to
follow below.
6.1
Firepower Threat Defense (FTD) and AnyConnect
The Firepower Threat Defense and AnyConnect features require Cisco Smart Licensing to be applied
within the FMC, so the Partner MUST have a Cisco Smart Account before this process can continue.
Virtual FMCs running v6.0 or later require a separate Smart License. If the case notes do not include
Smart Account information, you must ask the Partner to complete the steps provided in the partner
facing guide first.
6.1.1 Partner Lab Cisco Smart Licensing for AnyConnect with FTD
The Partner Help Agent can provide a maximum duration of 365 days for Lab licenses. Once you have
the required Smart Account information from the Partner, the Partner Help Agent should be able to
access the PEGA tool. If you receive a message indicating you do not have correct authorization to the
PEGA tool, you must request access via the instructions provided in Section 5 of this guide.
11
Cisco Security Licensing and Software Access
Once in the tool, select “AnyConnect Eval for FTD” from the Product Family drop down box, and then
enter the required fields into the tool. The list below details the correct information to enter into the
tool.
• Product SKU:
L-AC-APX-LIC-SMART=
• Requested License Term:
Other
• Duration Text Box:
365
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
Lab
• Business Justification:
Partner Name – SFDC Case number
Then select Submit.
Confirm the Partner has the appropriate license in their Smart Account and instruct them to follow the
Smart License Account Activation instructions from the partner facing guide. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘Lab License’ within SFDC and close the case.
12
Cisco Security Licensing and Software Access
6.1.2 POV Cisco Smart Licensing for AnyConnect with FTD
The Partner Help Agent can provide a maximum duration of 60-day licenses for POV requests. Once you
have the required Smart Account information from the Partner, the Partner Help Agent should be able
to access the PEGA tool. If you receive a message indicating you do not have correct authorization to
the PEGA tool, you must request access via the instructions provided in Section 5 of this guide.
Once in the tool, select “AnyConnect Eval for FTD” from the Product Family drop down box, and then
enter the required fields into the tool. The list below details the correct information to enter into the
tool.
• Product SKU:
L-AC-APX-LIC-SMART=
• Requested License Term:
90
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
POV
• End Customer Name:
Customer Name
13
Cisco Security Licensing and Software Access
Then select Submit.
Confirm the Partner has the appropriate license in their Smart Account and instruct them to follow the
Smart License Account Activation instructions from the partner facing guide. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘POV License’ within SFDC and close the case.
14
Cisco Security Licensing and Software Access
6.1.3 Partner Lab Smart Licensing FMC and FTD
Once the required Smart Account information is collected from the Partner, the Partner Help Agent
should be able to access the PEGA tool. If you receive a message indicating you do not have correct
authorization to the PEGA tool, you must request access via the instructions provided in Section 5 of this
guide. The Partner Help Agent can provide a maximum duration of 365 days for Lab license requests.
Once in the tool, select “Firepower Management Center” from the Product Family drop down box, and
then enter the required fields into the tool. The list below details the correct information to enter into
the tool.
• Product SKU : Select the appropriate SKU based on the Virtual FMC type requested
o SF-FMC-VMW-K9
Cisco Firepower Management Center, (VMWare) for 25 devices
o SF-FMC-VMW-10-K9
Cisco Firepower Management Center,(VMWare) for 10 devices
o SF-FMC-VMW-2-K9
Cisco Firepower Management Center,(VMWare) for 2 devices
o SF-FMC-KVM-K9
Cisco Firepower Management Center, (KVM) for 25 devices
o SF-FMC-KVM-10-K9
Cisco Firepower Management Center, (KVM) for 10 devices
o SF-FMC-KVM-2-K9
Cisco Firepower Management Center, (KVM) for 2 devices
• Requested License Term:
Other
• Duration Text Box:
365
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
15
Cisco Security Licensing and Software Access
•
•
Purpose:
Business Justification:
Lab
Partner Name – SFDC Case
Then select Submit.
You should see a confirmation screen noting all of the information entered as well as a “Raise Another
Request” option; select this option to begin another request for the FTD Smart License. For the second
request, select “Firepower Threat Defense” from the Product Family drop down box, and then enter the
required fields into the tool. The list below details the correct information to enter into the tool.
•
o
o
o
o
o
o
o
o
o
o
Product SKU : Select the appropriate SKU based on the Virtual FMC type requested
L-FPRTD-V-TMC=
Cisco Firepower TD Virtual Threat, Malware, & URL Licenses
L-DEMO-FPR2110-TMC
Firepower 2110 Threat Defense, Malware, and URL License
L-DEMO-FPR2120-TMC
Firepower 2120 Threat Defense, Malware, and URL License
L-DEMO-FPR2130-TMC
Firepower 2130 Threat Defense, Malware, and URL License
L-DEMO-FPR2140-TMC
Firepower 2140 Threat Defense, Malware, and URL License
L-SMART-DEMO-ASA5506
ASA5506 Threat Defense, Malware and URL License
L-SMART-DEMO-ASA5506H
ASA5506H Threat Defense, Malware and URL Lic
L-SMART-DEMO-ASA5506W
ASA5506W Threat Defense, Malware and URL Lic
L-SMART-DEMO-ASA5508
ASA5508 Threat Defense , Malware and URL License
L- SMART-DEMO-ASA5512
ASA5512 Threat Defense , Malware and URL License
16
Cisco Security Licensing and Software Access
o
o
o
o
o
o
o
o
o
o
o
o
•
•
•
•
L- SMART-DEMO-ASA5515
L- SMART-DEMO-ASA5516
L- SMART-DEMO-ASA5525
L- SMART-DEMO-ASA5545
L- SMART-DEMO-ASA5555
L- SMART-DEMO-FPR4110
L- SMART-DEMO-FPR4120
L- SMART-DEMO-FPR4140
L- SMART-DEMO-FPR4150
L-FPR9K-24T-TMC
L-FPR9K-36T-TMC
L-FPR9K-24T-TMC
Requested License Term:
Duration Text Box:
License Quantity:
Smart Account:
•
Virtual Account:
•
•
•
Intended User Type:
Purpose:
Business Justification:
ASA5515 Threat Defense , Malware and URL License
ASA5516 Threat Defense , Malware and URL License
ASA5525 Threat Defense , Malware and URL License
ASA5545 Threat Defense, Malware and URL License
ASA5555 Threat Defense , Malware and URL License
FPR 4110 Threat Defense , Malware and URL License
FPR 4120 Threat Defense , Malware and URL License
FPR 4140 Threat Defense, Malware and URL License
FPR 4150 Threat Defense, Malware and URL License
FPR 9300 SM-24 Threat Defense, Malware, and URL License
FPR 9300 SM-36 Threat Defense, Malware, and URL License
FPR 9300 SM-44 Threat Defense, Malware, and URL License
Other
365
1
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
Partner
Lab
Partner Name – SFDC Case
17
Cisco Security Licensing and Software Access
Then select Submit
You should see a confirmation screen noting all of the information entered. At this point, reach out to
the partner to confirm that they have the appropriate license in their Smart Account. Instruct them to
follow the Smart License Account Activation instructions from the partner facing guide. After
confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
18
Cisco Security Licensing and Software Access
6.1.4 POV Smart Licensing FMC and FTD
Once the required Smart Account information is collected from the Partner, the Partner Help Agent
should be able to access the PEGA tool. If you receive a message indicating you do not have correct
authorization to the PEGA tool, you must request access via the instructions provided in Section 5 of this
guide.
Once in the tool, select “Firepower Management Center” from the Product Family drop down box, and
then enter the required fields into the tool. The list below details the correct information to enter into
the tool.
• Product SKU : Select the appropriate SKU based on the Virtual FMC type requested
o SF-FMC-VMW-K9
Cisco Firepower Management Center, (VMWare) for 25 devices
o SF-FMC-VMW-10-K9
Cisco Firepower Management Center,(VMWare) for 10 devices
o SF-FMC-VMW-2-K9
Cisco Firepower Management Center,(VMWare) for 2 devices
o SF-FMC-KVM-K9
Cisco Firepower Management Center, (KVM) for 25 devices
o SF-FMC-KVM-10-K9
Cisco Firepower Management Center, (KVM) for 10 devices
o SF-FMC-KVM-2-K9
Cisco Firepower Management Center, (KVM) for 2 devices
• Requested License Term:
90
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
POV
19
Cisco Security Licensing and Software Access
•
•
End Customer Name
Business Justification:
Customer Name from case notes (Tool will verify)
Opportunity Name and Value from the case notes
Then select Submit.
You should see a confirmation screen noting all of the information entered as well as a “Raise Another
Request” option; select this option to begin another request for the FTD Smart License. For the second
request, select “Firepower Threat Defense” from the Product Family drop down box, and then enter the
required fields into the tool. The list below details the correct information to enter into the tool.
•
o
o
o
o
o
o
o
o
o
o
Product SKU : Select the appropriate SKU based on the Virtual FMC type requested
L-FPRTD-V-TMC=
Cisco Firepower TD Virtual Threat, Malware, & URL Licenses
L-DEMO-FPR2110-TMC
Firepower 2110 Threat Defense, Malware, and URL License
L-DEMO-FPR2120-TMC
Firepower 2120 Threat Defense, Malware, and URL License
L-DEMO-FPR2130-TMC
Firepower 2130 Threat Defense, Malware, and URL License
L-DEMO-FPR2140-TMC
Firepower 2140 Threat Defense, Malware, and URL License
L-SMART-DEMO-ASA5506
ASA5506 Threat Defense, Malware and URL License
L-SMART-DEMO-ASA5506H
ASA5506H Threat Defense, Malware and URL Lic
L-SMART-DEMO-ASA5506W
ASA5506W Threat Defense, Malware and URL Lic
L-SMART-DEMO-ASA5508
ASA5508 Threat Defense , Malware and URL License
L- SMART-DEMO-ASA5512
ASA5512 Threat Defense , Malware and URL License
20
Cisco Security Licensing and Software Access
o
o
o
o
o
o
o
o
o
o
o
o
•
•
•
L- SMART-DEMO-ASA5515
L- SMART-DEMO-ASA5516
L- SMART-DEMO-ASA5525
L- SMART-DEMO-ASA5545
L- SMART-DEMO-ASA5555
L- SMART-DEMO-FPR4110
L- SMART-DEMO-FPR4120
L- SMART-DEMO-FPR4140
L- SMART-DEMO-FPR4150
L-FPR9K-24T-TMC
L-FPR9K-36T-TMC
L-FPR9K-24T-TMC
Requested License Term:
License Quantity:
Smart Account:
•
Virtual Account:
•
•
•
•
Intended User Type:
Purpose:
End Customer Name
Business Justification:
ASA5515 Threat Defense , Malware and URL License
ASA5516 Threat Defense , Malware and URL License
ASA5525 Threat Defense , Malware and URL License
ASA5545 Threat Defense, Malware and URL License
ASA5555 Threat Defense , Malware and URL License
FPR 4110 Threat Defense , Malware and URL License
FPR 4120 Threat Defense , Malware and URL License
FPR 4140 Threat Defense, Malware and URL License
FPR 4150 Threat Defense, Malware and URL License
FPR 9300 SM-24 Threat Defense, Malware, and URL License
FPR 9300 SM-36 Threat Defense, Malware, and URL License
FPR 9300 SM-44 Threat Defense, Malware, and URL License
90
1
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
Partner
POV
Customer Name from case notes (Tool will verify)
Opportunity Name and Value from the case notes
21
Cisco Security Licensing and Software Access
Then select Submit
You should see a confirmation screen noting all of the information entered. At this point, reach out to
the partner to confirm that they have the appropriate license in their Smart Account. Instruct them to
follow the Smart License Account Activation instructions from the partner facing guide. After
confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to ‘POV License’ within SFDC and close the case.
22
Cisco Security Licensing and Software Access
6.1.5 Classic Licensing for Firepower Management Center (FMC)
Prior to v6.0, the FMC requires a Classic License which can be provided using the instructions below. For
POV licenses, you should issue 45-day licenses with one 45-day extension per opportunity. For Lab
licenses, you should issue 180-day licenses. Note that you may provide keys for products that are
annotated with “For Internal purposes only.” Additionally, we now support on-box Firepower
configuration for some of the ASA appliances. In this case, partners will still provide a license key, but
they may not need a Firepower MC license.
To generate activation keys go to the SWIFT Internal License Generation Tool: http://wwwintools.cisco.com/SWIFT/SSCSLT/viewIntPubKeyGen.action?subGroup=SFIRETERMFEAT&keytype=PUBLICI
NTERNAL
For the FMC Key, enter the following information and click Issue Key.
•
•
•
•
•
•
Product Name = FS-VMW-SW-K9-EVAL -or- FSXXXX-FSIGHT-LIC-EVAL
Email ID = Partner Help SE Email Address
License Key = License Key from Partner Help Case
Expiring in = 45 Days -or- 180 Days
Reason = POV -or- Development/QA
Notes = Partner Executed POV -or- Partner Lab
23
Cisco Security Licensing and Software Access
You should receive a confirmation that an email has been sent.
Next, proceed to the appropriate section below to download the appropriate chassis software and issue
the necessary feature licenses.
24
Cisco Security Licensing and Software Access
6.1.6 Classic Licensing for Firepower Services for ASA or Firepower
For this product, you may provide Control, AMP, and URL licenses. Products that fall into this category
are the ASA 5500-X, FP 7000, FP 8000, and FP VMWs running Firepower Services for ASA or Firepower.
Refer to the process in the section above for Firepower Threat Defense license requests. Note that you
may provide keys for products that annotated with “For Internal purposes only.” Additionally, we now
support on-box Firepower configuration for some of the ASA appliances. In this case, partners will still
provide a license key, but they may not need a Firepower MC license.
To generate activation keys go to the SWIFT Internal License Generation Tool: http://wwwintools.cisco.com/SWIFT/SSCSLT/viewIntPubKeyGen.action?subGroup=SFIRETERMFEAT&keytype=PUBLICI
NTERNAL
For the Control Key, change the product name to match the ticket and click Issue Key.
•
•
•
•
•
•
Product Name = ASA55XX-CTRL-LIC-EVAL -or- FPXXXX-CTRL-EVAL -or- FP-VMW-CTRL-EVAL
Email ID = Partner Help SE Email Address
License Key = License Key from Partner Help Case
Expiring in = 45 Days -or- 180 Days
Reason = POV -or- Development/QA
Notes = Partner Executed POV -or- Partner Lab
25
Cisco Security Licensing and Software Access
Continue the process for the AMP Key, change the product name and click Issue Key.
• Product Name = L-ASA55XX-AMP-EVAL -or- FPXXXX-AMP-EVAL -or- FP-VMW-AMP-EVAL
• Email ID = Partner Help SE Email Address
• License Key = License Key from Partner Help Case
• Expiring in = 45 Days -or- 90 Days
• Reason = POV -or- Development/QA
• Notes = Partner Executed POV -or- Partner Lab
Complete the process for the URL Key, change the product name and click Issue Key.
• Product Name = L-ASA55XX-URL-EVAL -or- FPXXXX-URL-EVAL -or- FP-VMW-URL-EVAL
• Email ID = Partner Help SE Email Address
• License Key = License Key from Partner Help Case
• Expiring in = 45 Days -or- 90 Days
• Reason = POV -or- Development/QA
• Notes = Partner Executed POV -or- Partner Lab
26
Cisco Security Licensing and Software Access
When finished, copy all four license key zip files, (1) for the FMC from the previous section and (3) from
this section, from your email and provide them to the partner SE as attachments to an email in the
Partner Help ticket. Add license installations instructions as an attachment or paste them into to the
body of the email.
In your email response, confirm that the partner SE was able to successfully load the licenses and that
they have access to all software and any ASA platform license keys as required. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘POV License’ within SFDC and close the case.
27
Cisco Security Licensing and Software Access
6.2
Adaptive Security Appliance (ASA)
6.2.1 Classic Licensing for ASA5500-X
ASA licensing is managed via an internal web portal. For POV licenses, you should issue 7-week licenses
with one 7-week extension per opportunity. For Lab licenses, you should issue 26-week licenses.
For ASA 5500-X appliances, you may provide any feature keys requested. Note that you may request
licenses for time periods that “Requires additional justification.”
To request activation keys go to the internal licensing tool: https://asa-license.cisco.com/ and select the
appropriate chassis from the drop down list.
Then work through the form from top to bottom and enter the required information.
•
•
•
•
•
•
•
•
•
•
Your Cisco ID = Partner Help SE CCO ID
Reason for License Request = Evaluation / Demo on Cisco Owned Equipment
Business Opportunity / Deal Size = Opportunity dollar amount from Partner Help Case
Business Opportunity / SSL License Seats = Required SSL seat count from Partner Help Case
Estimated Close Date = 90 days after current date
Customer Company Name = Customer name for POV license -or- Partner name for Lab license
Customer Company Location = Customer location for POV license -orPartner location for Lab license
Time Based License Length (Weeks) box = Enter 7 for POV licenses or 26 for Lab licenses
Serial Number from “show version” output
Select the following based upon Partner requirements and chassis limitations
• Platform License = Base or Plus
• VPN Features
28
Cisco Security Licensing and Software Access
•
•
•
•
•
Desired SSL VPN License (AnyConnect Premium License)
Select Firewall Features
Desired Number of Security Contexts
Desired UC Proxy Limit
Intercompany Media Engine
Enter the following comment [GVE LAB CASE FOR LEA] and then paste the show version in the
Comments & “sh version” output and select “Create Request”.
29
Cisco Security Licensing and Software Access
30
Cisco Security Licensing and Software Access
When finished, copy the License/Activation Key from your browser and provide it to the partner SE as
attachments to an email in the Partner Help ticket.
In your email response, confirm that the partner SE was able to successfully load the licenses. After
confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to the appropriate type (‘Lab License or ‘POV License’) within SFDC and
close the case.
31
Cisco Security Licensing and Software Access
6.2.2 Partner Lab Cisco Smart Licensing for ASA on Firepower 2100
The ASA features on the Firepower 2100 Series chassis require Cisco Smart Licensing to be applied
within the FMC, so the Partner MUST have a Cisco Smart Account before this process can continue. If
the case notes do not include Smart Account information, you must ask the Partner to complete the
steps provided in the partner facing guide first.
Once you have the required Smart Account information from the Partner, the Partner Help Agent should
be able to access the PEGA tool. If you receive a message indicating you do not have correct
authorization to the PEGA tool, you must request access via the instructions provided in Section 5 of this
guide.
Once in the tool, select “Firepower Threat Defense” from the Product Family drop down box, and then
enter the required fields into the tool. The list below details the correct information to enter into the
tool.
• Product SKU : Select the appropriate SKU based on the Virtual FMC type requested
o FPR-2100-ASA
Cisco Firepower 2100 Standard ASA License
o FPR2K-ENC-K9=
Cisco Firepower 2100 Encryption License
• Requested License Term:
Other
• Duration Text Box:
365
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
32
Cisco Security Licensing and Software Access
•
•
•
Intended User Type:
Purpose:
Business Justification:
Partner
Lab
Partner Name – SFDC Case
Then select Submit.
Confirm the Partner has the appropriate license in their Smart Account and instruct them to follow the
Smart License Account Activation instructions from the partner facing guide. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘Lab License’ within SFDC and close the case.
6.2.3 Partner POV Cisco Smart Licensing for ASA on Firepower 2100
The ASA features on the Firepower 2100 Series chassis require Cisco Smart Licensing to be applied
within the FMC, so the Partner MUST have a Cisco Smart Account before this process can continue. If
the case notes do not include Smart Account information, you must ask the Partner to complete the
steps provided in the partner facing guide first.
Once you have the required Smart Account information from the Partner, the Partner Help Agent should
be able to access the PEGA tool. If you receive a message indicating you do not have correct
authorization to the PEGA tool, you must request access via the instructions provided in Section 5 of this
guide.
33
Cisco Security Licensing and Software Access
Once in the tool, select “Firepower Threat Defense” from the Product Family drop down box, and then
enter the required fields into the tool. The list below details the correct information to enter into the
tool.
• Product SKU : Select the appropriate SKU based on the Virtual FMC type requested
o FPR-2100-ASA
Cisco Firepower 2100 Standard ASA License
o FPR2K-ENC-K9=
Cisco Firepower 2100 Encryption License
• Requested License Term:
90
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
POV
• End Customer Name:
Customer Name
• Business Justification:
Partner Name – SFDC Case
34
Cisco Security Licensing and Software Access
Then select Submit.
Confirm the Partner has the appropriate license in their Smart Account and instruct them to follow the
Smart License Account Activation instructions from the partner facing guide. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘POV License’ within SFDC and close the case.
6.2.4 Cisco Smart Licensing for ASA on Firepower 1000 / 4100 / 9300 Chassis
The ASA features on the Firepower 1000, 4100 and/or 9300 Series chassis require Cisco Smart Licensing
to be applied within the FMC, so the Partner MUST have a Cisco Smart Account before this process can
continue. If the case notes do not include Smart Account information, you must ask the Partner to
complete the steps provided in the partner facing guide first.
Once you have the required Smart Account information from the Partner, you should open a request via
the Support Case Manager Tool. Once in the tool, select “Security Related Licensing” and then “Open
Case”.
35
Cisco Security Licensing and Software Access
This should spawn a new window where you can enter the necessary information for the Licensing team
to complete the Smart License provisioning. The list below details the correct information to enter into
the web request.
• Title:
ASA Licenses for Firepower Appliance
• Problem Description: You can use the following text and fill in the appropriate information
I am assisting a Partner with a Lab license request for running ASA code on the Firepower [Enter
Appliance Type] Appliance and need the ASA platform as well as Strong Encryption Licenses to
be provisioned to the Partner's Smart Account for a duration of [Enter Duration] days.
The License SKUs are as follows:
[Enter License SKU/SKUs from list below]
The Partner Smart Account information is as follows:
Smart Account Domain ID :
Smart Account Domain Name from the case notes
Smart Account Name :
Smart Account Name from the case notes
Smart Virtual Account Name : Smart Account Virtual Name from the case notes
License Quantity: [X]
License Duration: [X] days
License Intended Use: [X]
•
All other fields can be left blank
36
Cisco Security Licensing and Software Access
•
o
o
o
o
o
o
o
o
o
o
o
o
o
o
•
•
•
Select the appropriate SKU or SKUs based on the Appliance type
L-F9K-ASA=
Cisco Firepower 9300 Base License
L-F9K-ASA-ENCR-K9= Cisco Firepower 9300 Encryption License
L-F9K-ASA-SC-10=
Cisco Firepower 9300 Security Context License
L-F9K-ASA-CAR=
Cisco Firepower 9300 Carrier License
L-FPR4100-ASA=
Cisco Firepower 4100 Base License
L-FPR4K-ENC-K9=
Cisco Firepower 4100 Encryption License
L-FPR4K-ASAC-10=
Cisco Firepower 4100 Security Context License
L-FP4K-ASA-CAR=
Cisco Firepower 4100 Carrier License
L-FPR2K-ASASC-10=
Cisco Firepower 2100 (10) Security Context License
L-FPR2K-ASASC-5=
Cisco Firepower 2100 (5) Security Context License
L-FPR1000-ASA=
Cisco Firepower 1000 Standard ASA License
L-FPR1K-ENC-K9=
Cisco Firepower 1000 Encryption License
L-FPR1K-ASASC-5=
Cisco Firepower 1000 (5) Security Context License
L-FPR1K-ASASC-10=
Cisco Firepower 1000 (10) Security Context License
License Quantity:
Typically 1, but can expand to a reasonable amount (3-5) if requested
License Term (in days): POV License 45 days / Lab Licenses 180 days
License Intended Use: Partner POV / Partner Lab
37
Cisco Security Licensing and Software Access
Example form:
You will receive an acknowledgement from the case creation and will work within the case until
resolved. Once the Licensing Team has completed the request, reach out to the partner to confirm that
they have the appropriate license in their smart account. Instruct them to follow the Smart License
Account Activation instructions from the partner facing guide. After confirmation from the partner,
ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub Service Type to
either ‘Lab License’ or ‘POV License’ within SFDC and close the case.
38
Cisco Security Licensing and Software Access
6.3
Adaptive Security Virtual Appliance (ASAv)
6.3.1 Partner Lab Smart Licensing for ASAv
The ASAv features utilize Cisco Smart Licensing, but the Partner MUST have a Cisco Smart Account
before this process can continue. If the case notes do not include Smart Account information, you must
ask the Partner to complete the steps provided in the partner facing guide first. Once you have the
required Smart Account information from the Partner, the Partner Help Agent should be able to access
the PEGA tool. If you receive a message indicating you do not have correct authorization to the PEGA
tool, you must request access via the instructions provided in Section 5 of this guide.
Once in the tool, select “Cisco Adaptive Security Virtual Appliance(ASAv)” from the Product Family drop
down box, and then enter the required fields into the tool. The list below details the correct
information to enter into the tool.
• Product SKU: Select the appropriate SKU based on the Virtual ASA type from the case notes
o L-ASAV5S-STD-8
8-pack Cisco ASAv5 (100 Mbps) with all firewall features licensed
o L-ASAV10S-STD
Cisco ASAv10 (1 Gbps) with all firewall features licensed
o L-ASAV30S-STD
Cisco ASAv30 (2 Gbps) with all firewall features licensed
o L-ASAV30S-STD-4
4-pack Cisco ASAv30 (2 Gbps) with all firewall features licensed
• Requested License Term:
Other
• Duration Text Box:
180
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
39
Cisco Security Licensing and Software Access
•
•
•
Intended User Type:
Purpose:
Business Justification:
(The tool will search to find the name; select the correct name)
Partner
Lab
Partner Name – SFDC Case
Then select Submit.
At this point, reach out to the partner to confirm that they have the appropriate license in their Smart
Account. Instruct them to follow the Smart License Account Activation instructions from the partner
facing guide. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales
Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
40
Cisco Security Licensing and Software Access
6.3.2 POV Smart Licensing for ASAv
The ASAv features utilize Cisco Smart Licensing, but the Partner MUST have a Cisco Smart Account
before this process can continue. If the case notes do not include Smart Account information, you must
ask the Partner to complete the steps provided in the partner facing guide first. Once you have the
required Smart Account information from the Partner, the Partner Help Agent should be able to access
the PEGA tool. If you receive a message indicating you do not have correct authorization to the PEGA
tool, you must request access via the instructions provided in Section 5 of this guide.
Once in the tool, select “Cisco Adaptive Security Virtual Appliance(ASAv)” from the Product Family drop
down box, and then enter the required fields into the tool. The list below details the correct
information to enter into the tool.
• Product SKU: Select the appropriate SKU based on the Virtual ASA type from the case notes
o L-ASAV5S-STD-8
8-pack Cisco ASAv5 (100 Mbps) with all firewall features licensed
o L-ASAV10S-STD
Cisco ASAv10 (1 Gbps) with all firewall features licensed
o L-ASAV30S-STD
Cisco ASAv30 (2 Gbps) with all firewall features licensed
o L-ASAV30S-STD-4
4-pack Cisco ASAv30 (2 Gbps) with all firewall features licensed
• Requested License Term:
45
• License Quantity:
1
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
POV
41
Cisco Security Licensing and Software Access
•
•
End Customer Name
Business Justification:
Customer Name from case notes (Tool will verify)
Opportunity Name and Value from the case notes
Then select Submit.
At this point, reach out to the partner to confirm that they have the appropriate license in their Smart
Account. Instruct them to follow the Smart License Account Activation instructions from the partner
facing guide. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales
Enablement Services’ and change the Sub Service Type to ‘POV License’ within SFDC and close the case.
42
Cisco Security Licensing and Software Access
6.4
Secure Endpoint (aka AMP For Endpoint)
Update: As of March 22, 2021, the process for partners to request an AMP for Endpoint PoV license has
changed. Partners wishing to request an AMP for Endpoint POV trial license should be directed to use
the following URL - https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/freetrial.html
Partners can continue to request AMP for Endpoint lab licenses via the Partner Help request process.
AMP license creation is managed via an internal web portal which will set the duration and seat counts.
Partner Lab licenses should be created for 100 seats with a 6-month duration. Partner Help agents are
able to provide unlimited 180-day extensions for Partner Lab licenses as Cisco Lab licenses will
automatically be renewed.
GVE will also continue to support the creation of AMP for Endpoint lab accounts for internal Cisco
employees as per the processes documented below.
Please note, license extensions must be requested before the original license expires to ensure
uninterrupted service. If the license has expired, the Partner Help agent should create a new license
with the correct duration as explained above.
6.4.1 Initial Setup and Portal Access: AMP
To generate licenses, Partner Help agents must first search the Americas, EMEAR, and APJC portals and
enable two-step verification. This is a one-time process that is required for support portal access. While
Partner Help agents will search all portals to ensure there are no existing accounts, YOU MUST
PROVISION THE ACCOUNTS IN THE AMERICAS PORTAL as the activation process for the Partners will
allow them to pick the correct region for their location. If you do not provision in the Americas portal,
the Partner WILL NOT receive an activation email.
• Americas: https://support-portal.amp.cisco.com/support
•
EMEAR: https://support-portal.eu.amp.cisco.com/support
•
APJC: https://support-portal.apjc.amp.cisco.com/support
Access the links above and enter the credentials created for your account. If you do not have an
account, send an email to Jeff Sweeney (jesweene@cisco.com) mentioning you are a Partner Help agent
who needs an account to provide AMP for Endpoint Lab and POV license. If you experience issues with
the portal giving error messages, send an email to fireamp-provisioning@cisco.com explaining the
issues.
43
Cisco Security Licensing and Software Access
Once logged in, select Accounts > Users.
Then, click your email address.
Next, click Manage next to Two-Factor Verification and follow the onscreen instruction.
Before proceeding, ensure that you successfully pass Step 3: Test Verification Code.
44
Cisco Security Licensing and Software Access
Next, log out and back into the NAM support portal to access Lab and POV licensing features. To
authenticate, first enter your email address and password. Then, enter your Two-Factor verification
code and select the Remember this computer for 30 days option.
• NAM Support Portal: https://support-portal.amp.cisco.com/support
6.4.2 Verify Existing Partner Lab Licenses
Since the new process allows for the Partner to choose which portal the final account is provisioned, the
Partner Help agents MUST verify there are no existing Lab licenses in ANY of the portals before creating
new licenses. As such, you must log into each of the portals individually and search for the email
address of the requester before proceeding to any other step.
•
Americas: https://support-portal.amp.cisco.com/support
•
EMEAR: https://support-portal.eu.amp.cisco.com/support
•
APJC: https://support-portal.apjc.amp.cisco.com/support
45
Cisco Security Licensing and Software Access
6.4.3 Partner Public Cloud Lab License Requests
Partners are provided a 6-month Lab license with unlimited renewals. Partners are limited to one lab
license per company, so prior to generating lab licenses, search for the partner and SE name in ALL
THREE of the support portals.
6.4.3.1 Add User to Existing Partner Lab Account
If the partner is already listed, add an additional user to the existing account instead of creating a new
account. In order to add an additional user to an existing AMP for Endpoints Account, first select the
partner name in the Business Name column, then select the Users option, and then select the +New
User option.
46
Cisco Security Licensing and Software Access
Enter the User’s first name, last name, login email address, notification email, and whether or not that
user is administrator. For Partner Accounts it is helpful is all Partner Systems Engineers are
administrators so they can edit policies and create additional accounts for testing. After verifying the
information is correct, select Save and an activation email will be sent to the new user.
At this point, reach out to the partner to confirm that they received the activation email for their
account. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement
Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
6.4.3.2 Generate New Partner Lab License
If the partner company does not have an existing AMP for Endpoint Lab License in any of the three
support portals, log into the Americas portal and select the Orders option.
• Americas: https://support-portal.amp.cisco.com/support
47
Cisco Security Licensing and Software Access
Then select the +New Order option.
Then enter the following information and select Submit. Please note, the Partner Help agent should
enter his/her own email in addition to the Partner SE email to receive the notification email in case the
Partner does not receive it due to SPAM/Junk filters.
• Order Type = Partner
• Business Name = Partner Business name
• SKU = PARTNER
• Email = Partner SE Email, Partner Help agent email
At this point, reach out to the partner to confirm that they received the activation email for their
account. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement
Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
48
Cisco Security Licensing and Software Access
6.4.3.3 Extend Partner Lab License
Please note: If the Partner SE is found with a search, but the license has expired, the Partner Help agent
should create a new license rather than extending the expired license.
First select the partner name in the Business Name column, then ensure License is selected, then the
correct Device which has the current license. Note that searching for a specific email address may result
in a user account record. If so, select the record and use the breadcrumb to access the business account.
On the next screen, select Edit for the correct license.
49
Cisco Security Licensing and Software Access
Next, extend the License end date 6 months from the current date and select Save.
At this point, reach out to the partner to confirm that they are still able to log into the portal for their lab
account. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement
Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
6.4.4 Partner Private Cloud Lab License Requests
For new Private Cloud lab requests, Partners will be provided the ability to download the OVA to then
install and activate the license created by the Partner Help agent. The Partner facing guide will provide
the necessary instructions to perform these tasks as the Partner Help agent will not be able to provide
assistance beyond creating the Private Cloud license.
6.4.4.1 Generate New Private Cloud Lab Licenses
Partners are provided a Private Cloud lab license for 100 seats and a 6-month duration with unlimited
renewals. Partners are limited to one lab license per company, so prior to generating lab licenses,
search for the partner and SE name in ALL THREE of the support portals.
If the partner company does not have an existing AMP for Endpoint Private Cloud Lab License in any of
the three support portals, log into the Americas portal and select the Orders option.
• Americas: https://support-portal.amp.cisco.com/support
50
Cisco Security Licensing and Software Access
Then select the +New Order option.
Then enter the following information and select Submit. Please note, the Partner Help agent should
enter his/her own email in addition to the Partner SE email to receive the notification email in case the
Partner does not receive it due to SPAM/Junk filters.
• Order Type = Partner
• Business Name = Partner Business name
• SKU = PARTNER-PRI
• Email = Partner SE Email, Partner Help agent email
51
Cisco Security Licensing and Software Access
At this point, reach out to the partner to confirm that they received the activation email for the new
Private Cloud account. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales
Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
6.4.5 Cisco Employee Public Cloud Lab Requests
Cisco employees are each entitled to their own Public Cloud lab license but must first pass the AMP101
exam and provide proof. Cisco employees are provided a 6-month Lab license with automatically
provisioned renewals. Cisco employees should not be requesting Public Cloud POV Licenses as Cisco
Internal POV requests should be going through SalesForce (SDFC) to receive POV licenses.
If the Cisco employee does not have an existing AMP for Endpoint Public Cloud Lab License in any of the
three support portals, log into the Americas portal and select the Orders option.
• Americas: https://support-portal.amp.cisco.com/support
52
Cisco Security Licensing and Software Access
Then select the +New Order option.
Then enter the following information and select Submit. Please note, the Partner Help agent should
enter his/her own email in addition to the Partner SE email to receive the notification email in case the
Partner does not receive it due to SPAM/Junk filters.
• Order Type = Employee
• Business Name = Cisco – CEC ID
• SKU = EMPLOYEE
• Email = Cisco Email, Partner Help agent email
At this point, reach out to the partner to confirm that they received the activation email for the new
Private Cloud account. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales
Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
53
Cisco Security Licensing and Software Access
6.4.6 Cisco Employee Private Cloud Lab Requests
Cisco employees are each entitled to their own Private Cloud lab license and are provided a 6-month Lab
license with automatically provisioned renewals. Cisco employees should not be requesting Private
Cloud POV Licenses as Cisco Internal POV requests should be going through SalesForce (SDFC) to receive
POV licenses.
If the Cisco employee does not have an existing AMP for Endpoint Private Cloud Lab License in any of
the three support portals, log into the Americas portal and select the Orders option.
• Americas: https://support-portal.amp.cisco.com/support
54
Cisco Security Licensing and Software Access
Then select the +New Order option.
Then enter the following information and select Submit. Please note, the Partner Help agent should
enter his/her own email in addition to the Partner SE email to receive the notification email in case the
Partner does not receive it due to SPAM/Junk filters.
• Order Type = Employee
• Business Name = Cisco – CEC ID
• SKU = EMPLOYEE-PRI
• Email = Cisco Email, Partner Help agent email
At this point, reach out to the partner to confirm that they received the activation email for the new
Private Cloud account. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales
Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
55
Cisco Security Licensing and Software Access
6.5
Threat Grid
Partner SEs requesting Threat Grid Lab licenses will open Partner Help requests using the standard
procedures and the information needed to fulfill these licenses will be taken from the case notes. The
Threat Grid team will provision a single 6-month Lab licenses for each Partner SE with unlimited
extensions and 45-day POV licenses with one extension. The Threat Grid provisioning team requires (3)
business days to receive and process both Lab and POV account requests, so if the Partner and/or
Customer does not hear back after this time, please escalate to Lena Olympio (holympio@cisco.com) or
Ernest Jackson (erjackso@cisco.com).
6.5.1 Cisco Lab Licensing for Threat Grid
Cisco SEs requesting Threat Grid Lab licenses will need to make the request themselves following the
process found in the ATS 102 – Threat Grid Fundamentals section of the ATS University page.
6.5.2 Partner Lab Licensing for Threat Grid
6.5.2.1 Requesting Partner Lab Licenses for Threat Grid
Threat Grid will provision a 6-month API key per Partner SE. In order to request the API key, the Partner
Help Agent will need to provide the following information from the case notes within an email to tgprovisioning@cisco.com .
•
Partner Company Name: [Company Name]
•
Partner Company Country: [Country]
•
Partner SE Title: [SE Title]
•
Partner SE Email Address: [Email Address]
Example email
56
Cisco Security Licensing and Software Access
57
Cisco Security Licensing and Software Access
If the Partner Organization is requesting Threat Grid API keys for multiple Partner SEs, create an Excel
spreadsheet with each Partner SE listed separately and forward the Excel spreadsheet to the mailer.
Example email
Once the Threat Grid provisioning team receives the email, they will provision the account(s). Once the
request has been fulfilled, the Partner SE will receive an email with the instructions to access the API key
to use in the configuration of the Threat Grid subscription and the Partner Help Agent will be blind
copied on the email. Do not close the case with the Partner SE until this email has been received. After
confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
58
Cisco Security Licensing and Software Access
6.5.2.2 Requesting Partner Lab License Extensions for Threat Grid
Threat Grid will provision unlimited 6-month API license key extensions per Partner Organization. In
order to request the API key extension, the Partner Help Agent will need to provide the following
information from the case notes within an email to tg-provisioning@cisco.com noting this will be an
extension to the existing Lab license.
• Partner Company Name: [Company Name]
•
Partner SE Name: [Name]
•
Partner SE Title: [SE Title]
•
Partner SE Email Address: [Email Address]
Example email
If the Partner Organization is requesting Threat Grid API key extensions for multiple Partner SEs, create
an Excel spreadsheet with each Partner SE listed separately and forward the Excel spreadsheet to the
mailer.
59
Cisco Security Licensing and Software Access
Example email
Once the Threat Grid provisioning team receives the email, a ticket will be created for the Partner Help
Agent to track the status of the request. Once the request has been fulfilled, the Partner SE will receive
an email with the API key to use in the configuration of the Threat Grid subscription and the Partner
Help Agent will be blind copied on the email. Do not close the case with the Partner SE until this email
has been received. After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales
Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
60
Cisco Security Licensing and Software Access
6.5.3 POV Licensing for Threat Grid
6.5.3.1 Requesting POV Licenses for Threat Grid
Threat Grid will provision a 45-day API key per POV. In order to request the API key, the Partner Help
Agent will need to provide the following information from the case notes within an email to tgprovisioning@cisco.com.
•
Customer Technical Contact Name: [Name]
•
Customer Technical Contact Email: [Email Address]
•
Customer Technical Contact Role: [Title]
•
Customer Company Name: [Company Name]
•
Customer Company Country: [Country]
•
Partner SE Name: [Name]
•
Partner SE Email: [Email Address]
Example email
Once the Threat Grid provisioning team receives the email, a ticket will be created for the Partner Help
Agent to track the status of the request. Once the request has been fulfilled, the Customer Technical
Contact and Partner SE will receive an email with the API key to use in the configuration of the Threat
Grid subscription and the Partner Help Agent will be blind copied on the email. Do not close the case
with the Partner SE until this email has been received by one of the contacts. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘Lab License’ within SFDC and close the case.
61
Cisco Security Licensing and Software Access
6.5.3.2 Requesting POV Extensions for Threat Grid
Threat Grid will provision one 45-day API key extension per POV. In order to request the API key
extension, the Partner Help Agent will need to provide the following information from the case notes
within an email to tg-provisioning@cisco.com noting this will be an extension to the existing POV
license.
• Customer Technical Contact Name: [Name]
•
Customer Technical Contact Email Address: [Email Address]
•
Customer Technical Contact Role: [Title]
•
Customer Company Name: [Company Name]
•
Customer Company Country: [Country]
•
Partner SE Name: [Name]
•
Partner SE Email Address: [Email Address]
Example email
Once the Threat Grid provisioning team receives the email, a ticket will be created for the Partner Help
Agent to track the status of the request. Once the request has been fulfilled, the Customer Technical
Contact and Partner SE will receive an email with the API key to use in the configuration of the Threat
Grid subscription and the Partner Help Agent will be blind copied on the email. Do not close the case
with the Partner SE until this email has been received by one of the contacts. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘Lab License’ within SFDC and close the case.
62
Cisco Security Licensing and Software Access
6.6
Umbrella
Partner SEs requesting access to the Umbrella Partner Console or Managed Security Services Partner
Console will open Partner Help requests using the standard procedures and the information needed to
fulfill these licenses will be taken from the case notes. The Partner Help team will provision the portal
and a single administrator for each portal and will provide the information back to the Partner SE.
NOTE: Cisco internal can also submit these requests on behalf of the Partner as long as they provide the
relevant information to confirm eligibility as discussed later.
The Partner Help Agent should verify the Administrator email is associated to the Partner Contact
Record in SFDC. If the email addresses do not match, then there will be an issue with Portal
authentication, so if this occurs, the Partner Help Agent should notify the Administrator to update
his/her CCO profile with the correct email address. If the CCO profile cannot be modified, then the
Administrator will have to utilize the existing email address associated to the CCO profile.
Please note, there can only be one Umbrella Partner Console and one MSSP Portal per Partner
Organization. Any Partner SEs requesting access to an existing Portal must be added by the
administrator of the Portal and not by the Partner Help Agent. Also, as referenced above the email
address associated with the nominated Administrator’s CCO profile will be used as the authentication
mechanism for the UPC/MSSP Portals, so please ensure the correct email address is associated to the
Partner organization BEFORE provisioning the portal. Personal email addresses in CCO profiles will not
be accepted, so please ensure the correct work email address is used.
If there are any issues with the initial provisioning of the UPC/MSSP Portals, please open a support
ticket via the Business Systems - Help & Support Portal. Select Open an Umbrella Salesforce Support
Ticket and then choose a Task Type of either Page or Application Error or Provisioning Issue based on
the problem. Complete the remainder of the form and submit the request. The SLA for support tickets
is one business day for initial response and 3-4 days maximum for final resolution. Most tickets should
not take that long, but you should notify the Partner if a ticket is to be opened for an issue and set
expectations based on the SLA.
For any post-provisioning portal issues, please copy partner-umbrella-support@cisco.com in the SFDC
case requesting assistance.
6.6.1 Cisco Internal Employee Umbrella Account
Partner Help Agents cannot provision Cisco Internal employee Umbrella Lab licenses as there is a predefined process to review training materials and pass a COLT exam which will then trigger the account
creation. If a Cisco Internal employee requests a personal Umbrella Lab account, you should redirect
them to the Umbrella Accounts for Cisco Employees page.
63
Cisco Security Licensing and Software Access
6.6.2 Cisco Umbrella Partner Console (UPC)
6.6.2.1 Cisco Umbrella Partner Console: Partner SE and Organization Validation
Partner SEs requesting Umbrella Partner Console Portal access MUST meet the following requirements
before proceeding:
1. The Partner SE must either:
• Complete Stage 4 or Stage 5 in the Fire Jumper Cloud & Content Security Competency
Area
OR
•
Pass the Cisco Umbrella Technical Training Assessment COLT exam (screen shot of
passing score must be provided)
2. The Partner MUST NOT be a Distributor
To determine if the Partner SE has reached the Stage 4 or Stage 5 Fire Jumper requirement, the Partner
Help Agent should find their Contact Record in Tableau by typing in the partner’s CCO id, selecting the
check box next to the CCO id once it appears and then hitting “Apply.” Check to ensure at least one
Competency Area is checked for the Fire Jumper stage.
If the Partner SE has not completed Stage 4 or Stage 5, then they must provide a screen shot showing a
passing score for the Cisco Umbrella Technical Training Assessment COLT exam.
64
Cisco Security Licensing and Software Access
Example COLT exam
65
Cisco Security Licensing and Software Access
If the Partner SE passes one of these validation checks, the Partner Help Agent should then select the
Account Name field in the Contact Detail section of the Partner Contact record.
To determine if a Partner Organization is a Distributor, view the Type field in the Account Details
section. If this field contains Distributor as shown below, DO NOT PROCEED and advise the Partner SE
you cannot fulfill the request due to Umbrella Partner Console access is not being provided to
Distributors at this time. You should also copy Simon Wenet (swenet@cisco.com) on the response to
the Partner SE and note they can reach out directly to Simon for any further discussions.
If the Partner Organization is not a Distributor, scroll to the Partner Database Channel Account
Identifiers section of the record and copy the Site ID (PDB) field information. This will be used in the
next steps if the remaining validation check is successful.
Please note: If any of the criteria above has not been met, DO NOT PROCEED and advise the Partner SE
why you are unable to provision the UPC. However, if all of the criteria has been met, proceed to the
next section for provisioning a new UPC.
66
Cisco Security Licensing and Software Access
6.6.2.2 Cisco Umbrella Partner Console: New Portal Provisioning
Once the Partner SE and Organization verifications have passed, the Partner Help Agent should navigate
to the Umbrella SFDC system via: Umbrella Partner Portal Creation Tool and ensure the Partner Portal
Creation tab is selected. To create the UPC Portal, the Partner Help Agent should enter the Site ID (PDB)
collected from the previous step into the text box and select Next.
6.6.2.3 Cisco Umbrella Partner Console: New Portal Provisioning with matching Site ID
If the Partner’s Site ID already exists in the Umbrella SFDC system, the Partner Help Agent will enter the
following information from the case notes:
•
Admin Email: [Partner SE CCO Email Address]
•
Admin First Name: [Partner SE First Name]
•
Admin Las Name: [Partner SE Last Name]
•
Portal Type: [UPC]
Then select Next.
67
Cisco Security Licensing and Software Access
Once the UPC has been provisioned, a confirmation screen will appear with the relevant information to
send to the Partner SE. You should also Bcc the umb-mssp-provision alias when sending this
information back to the Partner SE.
•
UPC BFG ID
•
Admin Email
•
Admin Name
The Partner SE should receive a welcome email at the address entered, so when sending the portal
information back to the Partner SE, confirm the Partner SE also received this before closing the case.
After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’
and change the Sub Service Type to ‘POV License’ within SFDC and close the case.
6.6.2.4 Cisco Umbrella Partner Console: New Portal Provisioning without matching Site ID
If the next screen notes the Partner Site ID does not exist, copy the Company Name EXACTLY as it shows
in the Account Name or Partner Account Records from the previous step.
Company Name from Partner Account Record
Enter the Company Name into the Account Name and select DVAR as the Partner Type from the drop
down window.
Next, the Partner Help Agent will enter the following information from the case notes:
•
Admin Email: [Partner SE CCO Email Address]
•
Admin First Name: [Partner SE First Name]
68
Cisco Security Licensing and Software Access
•
Admin Las Name: [Partner SE Last Name]
•
Portal Type: [UPC]
Then select Next.
Once the UPC has been provisioned, a confirmation screen will appear with the relevant information to
send to the Partner SE. You should also Bcc the umb-mssp-provision alias when sending this
information back to the Partner SE.
•
UPC BFG ID
•
Admin Email
•
Admin Name
The Partner SE should receive a welcome email at the address entered, so when sending the portal
information back to the Partner SE, confirm the Partner SE also received this before closing the case.
After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’
and change the Sub Service Type to ‘POV License’ within SFDC and close the case.
69
Cisco Security Licensing and Software Access
6.6.2.5 Cisco Umbrella Partner Console: Existing UPC
If the Partner has an existing UPC, the system will provide an error message noting the status and asking
if an MSSP Portal should be created instead.
If the Partner has an existing UPC and MSSP Portal already provisioned, the following error message will
be provided.
If either of these messages are received, DO NOT PROCEED WITH PROVISIONING THE UPC. Instead, the
Partner Help Agent should provide the UPC Administrator information back to the Partner SE as the
Administrator will need to add the Partner SE as a new user in the existing UPC
To find the Administrator Information, the Partner Help Agent should enter the Site ID (PDB) in the
Search box and select Search.
The Partner Help Agent should then scroll to the Partner Portals section of the results and select the
record which has UPC as the Partner Type.
70
Cisco Security Licensing and Software Access
Collect the Administrator Name and Email address information and provide it back to the Partner SE.
After sending the Portal Administrator information to the Partner SE, ensure the Service Type is set to
‘Cisco Sales Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and
close the case.
71
Cisco Security Licensing and Software Access
6.6.3 Cisco Umbrella Managed Security Services Partner (MSSP) Portal
Partner SEs requesting Umbrella Managed Security Services Partner Console access will be approved
before the request is sent to Partner Help. If a Partner SE comes directly to Partner Help to provision an
MSSP Portal, redirect the Partner SE to https://communities.cisco.com/docs/DOC-64565 and advise
they must follow the processes outlined there.
6.6.3.1 Cisco Umbrella MSSP Portal: Collecting Partner Site ID Information
Once a Partner SE has been validated, an email will be generated with the relevant information for the
MSSP Portal Administrator contained within. This confirmation email MUST be provided before
continuing, so if the case notes do not have this, ask the requester for it before proceeding.
72
Cisco Security Licensing and Software Access
If the email address in the case notes is associated to the Partner Contact Record, the Partner Help
Agent should click the Account Name field to move to the next step.
From the Account record window, scroll to the Partner Database Channel Account Identifiers section of
the record and copy the Site ID (PDB) field information. This information is utilized to create the MSSP
Portal in the next steps.
6.6.3.2 Cisco Umbrella MSSP Portal: New MSSP Portal Creation
Once Site ID (PDB) information is collected, the Partner Help Agent should navigate to the Umbrella
SFDC system via: https://cloudsec.my.salesforce.com and ensure the Partner Portals tab is selected. To
create the MSSP Portal, the Partner Help Agent should enter the Site ID (PDB) into the text box and
select Next.
73
Cisco Security Licensing and Software Access
If the Partner does not have an existing MSSP Portal, the Partner Help Agent will enter the following
information from the case notes:
•
Admin Email: [Partner SE CCO Email Address]
•
Admin First Name: [Partner SE First Name]
•
Admin Las Name: [Partner SE Last Name]
•
Portal Type: [MSSP]
Then select Next.
Once the MSSP Portal has been provisioned, a confirmation screen will appear with the relevant
information to provide back to the Partner SE. You should also Bcc the umb-mssp-provision alias when
sending this information back to the Partner SE.
•
MSSP BFG ID
•
Admin Email
•
Admin Name
The Partner SE should receive a welcome email at the address entered, so when sending the portal
information back to the Partner SE, confirm the Partner SE also received this before closing the case.
After confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’
and change the Sub Service Type to ‘POV License’ within SFDC and close the case.
74
Cisco Security Licensing and Software Access
6.6.3.3 Cisco Umbrella MSSP Portal: Existing Umbrella Portal
If the Partner has an existing MSSP or PPOV Portal, the system will provide an error message noting the
status and asking if you wish to proceed.
If there is an existing MSSP portal, you can move forward. However, if there is an existing MSSP Portal,
DO NOT PROCEED. Instead the Partner Help Agent should provide the MSSP Portal Administrator
information back to the Partner SE as the Administrator will need to add the Partner SE as a new user in
the existing MSSP Portal.
Alternatively, if the Partner has an existing PPOV and MSSP Portal already provisioned, the following
error message will be provided.
If this message is received, DO NOT PROCEED. Instead, the Partner Help Agent should provide the MSSP
Portal Administrator information back to the Partner SE as the Administrator will need to add the
Partner SE as a new user in the existing PPOV Portal.
75
Cisco Security Licensing and Software Access
To find the Administrator Information, the Partner Help Agent should enter the Site ID (PDB) in the
Search box and select Search.
The Partner Help Agent should then scroll to the Partner Portals section of the results and select the
record which has MSSP as the Partner Type.
Collect the Administrator Email, First, and Last Name and provide it back to the Partner SE.
After sending the URL and Portal Administrator information to the Partner SE, ensure the Service Type is
set to ‘Cisco Sales Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC
and close the case.
76
Cisco Security Licensing and Software Access
6.7 Stealthwatch Enterprise
There are several options for obtaining Stealthwatch Enterprise licenses based on their intended use
and software version. Stealthwatch Enterprise has recently migrated to Smart Licensing in version
7.2.1. All previous versions of software are licensed through the Stealthwatch Enterprise legacy
licensing portal Flexera which is managed by the Stealthwatch Operations Team.
All lab and POV initial requests should be provisioned using version 7.2x in Smart Licensing. All existing
labs and POVs may be extended until further notice for versions below 7.2. The sections below will
provide insight into each option and information on how to create a request through the Partner Help
team if applicable.
6.7.1 Partner Lab License Software Access and Licensing Initial Request
The Partner Lab Stealthwatch Enterprise software should be downloaded from CCO and installed in the
Partner lab. The downloaded software has a 90-day evaluation license which can be used for the initial
Lab deployment.
To download the Stealthwatch Enterprise software, the Partner should navigate to
https://software.cisco.com/download/home/286307451 and then select and install the following:
• Stealthwatch Flow Collector Virtual Appliance
• Stealthwatch Management Console Virtual Appliance
• Stealthwatch Flow Sensor Virtual Appliance (OPTIONAL)
• Stealtwatch UDP Director Virtual Appliance (OPTIONAL)
Cognitive Threat Analytics is built into the Stealthwatch Management Console download and Threat
Intelligence is available within the SMC, but the feature will need to be turned on. In order to do this, go
to Central Management (the top right of dashboard, Settings icon), then for the SMC in the list, choose
Actions -> Edit Appliance Configurations and look for External Services in the General tab. You will then
see a "Enable Threat Intelligence Feed" check box. Note: You will not see out of compliance messages
for Threat Intelligence licenses while in evaluation mode, so you can simply follow the steps provided to
enable it. However, once the evaluation license has expired and you then register the appliance to a
Smart Account without a corresponding Threat Intelligence license, you will see out of compliance
messages.
Once the installation is properly running, ensure the Service Type is set to ‘Cisco Sales Enablement
Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
77
Cisco Security Licensing and Software Access
6.7.1.1 Partner Lab License Extensions: Versions 7.2x and above
Once the 90-day eval period is complete the appliances will stop collecting flows and must be registered
in the Partner’s Smart Account. After registering the appliances in the Partner’s Smart Account the
Partner may open a case with GVE to request a lab license extension.
Once the required Smart Account information is collected from the Partner, the Partner Help Agent
should be able to access the PEGA tool. If you receive a message indicating you do not have correct
authorization to the PEGA tool, you must request access via the instructions provided in Section 5 of this
guide.
Once in the tool, select “Stealthwatch” from the Product Family drop down box, and then enter the
required fields into the tool. The list below details the licenses that may be requested. Additional
extensions may be requested however extensions beyond 365 days will require approval through the
PEGA tool.
• Product SKU : Select the appropriate SKU based on what is being used. The SMCVE and FCVE
appliances do not require a license as a license will autogenerate when registered to the Smart
Account.
o L-LC-TI-FC1k=
Threat Intelligence License for Flow Collector 1k
o L-LC-TI-FC2k=
Threat Intelligence License for Flow Collector 2k
o L-LC-TI-FC4k=
Threat Intelligence License for Flow Collector 4k
o L-LC-TI-FC5k=
Threat Intelligence License for Flow Collector 5k
o L-ST-EP-LIC=
Endpoint License, select number of Endpoints needed
o L-ST-FR-LIC=
Flow Rate License, 3000 max
o L-ST-FS-VE-K9
Flow Sensor, select number of Flow Sensors needed
78
Cisco Security Licensing and Software Access
•
•
•
•
o L-ST-UDP-VE-K9
Requested License Term:
Duration Text Box:
License Quantity:
Smart Account:
•
Virtual Account:
•
•
Intended User Type:
Purpose:
UDP Director, select number of UDPs needed
Other
364
Request Quantity Needed
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
Partner
Lab
Approvals should be processed quickly by the Stealthwatch team, but if you do not get an approval
within ONE BUSINESS DAY, you can email the Stealthwatch-ops@cisco.com alias with the request ID
requiring approval.
6.7.1.2 Partner Lab License Extensions: Versions prior to 7.2x
The Partner SE can request additional 90-day Lab license extensions. The Partner SE would create a case
noting a Stealthwatch Enterprise Lab License extension is requested. If the appropriate Serial Numbers
are not included in the initial request, instruct the Partner SE to provide the Serial Numbers for EACH of
the devices installed as noted in the previous instructions for the initial request.
Once the Partner SE provides the Serial Numbers, the Partner Help agent should complete a web form
at https://app.smartsheet.com/b/form/157cc0bafa49444d9c0264c8a82691ad with the following
information included:
• Name:
[Partner SE Name]
•
Email:
[Partner SE Email Address]
•
CECID or CCOID:
[Partner SE CCO ID]
•
Role:
[Partner]
•
SMCVE Serial Number:
[SMC Serial Number]
•
FCNFVE Serial Number:
[Flow Collector Serial Number]
•
Additional Information/Serials: [Flow Sensor and/or UDP Director Serial Number(s)]
It is recommended to select the option to send a copy of the responses and then enter your email
address to have a copy of your submission to the Smartsheet.
79
Cisco Security Licensing and Software Access
Example Web form:
A member of the Stealthwatch Operations team monitoring the Smartsheet will provision the license
extension and should then provide notification to the Partner SE when this has taken place. The Partner
Help agent should then contact the Partner SE to advise the licenses have been extended and confirm
the extension was successful. After confirmation from the partner, ensure the Service Type is set to
‘Cisco Sales Enablement Services’ and change the Sub Service Type to ‘Lab License’ within SFDC and
close the case.
80
Cisco Security Licensing and Software Access
6.7.2 On-premise POV Software Access and Licensing Initial Request
The Partner On-premise POV Stealthwatch Enterprise software should be downloaded from CCO and
installed in the customer’s environment. The downloaded software has a 90-day evaluation license
which can be used for the initial POV deployment.
Once the 90-day eval period is complete the appliances will stop collecting flows and must be registered
in the Customer’s Smart Account.
To download the Stealthwatch software, the Partner should navigate to
https://software.cisco.com/download/home/286307451 and then select and install the following:
• Stealthwatch Flow Collector Virtual Appliance
• Stealthwatch Management Console Virtual Appliance
• Stealthwatch Flow Sensor Virtual Appliance (OPTIONAL)
• Stealtwatch UDP Director Virtual Appliance (OPTIONAL)
Cognitive Threat Analytics is built into the Stealthwatch Management Console download and Threat
Intelligence is available within the SMC, but the feature will need to be turned on. In order to do this, go
to Central Management (the top right of dashboard, Settings icon), then for the SMC in the list, choose
Actions -> Edit Appliance Configurations and look for External Services in the General tab. You will then
see a "Enable Threat Intelligence Feed" check box. Note: You will not see out of compliance messages
for Threat Intelligence licenses while in evaluation mode, so you can simply follow the steps provided to
enable it. However, once the evaluation license has expired and you then register the appliance to a
Smart Account without a corresponding Threat Intelligence license, you will see out of compliance
messages.
Once the installation is properly running, ensure the Service Type is set to ‘Cisco Sales Enablement
Services’ and change the Sub Service Type to ‘POV License’ within SFDC and close the case.
81
Cisco Security Licensing and Software Access
6.7.2.1 On-premise POV Extension Requests: Versions 7.2x and above
Once the 90-day eval period is complete the appliances will stop collecting flows and must be registered
in the Customer’s Smart Account. After registering to the Customer’s Smart Account, the Partner may
open a case with GVE to request a POV license extension.
Once the required Smart Account information is collected from the Partner, the Partner Help Agent
should be able to access the PEGA tool. If you receive a message indicating you do not have correct
authorization to the PEGA tool, you must request access via the instructions provided in Section 5 of this
guide.
Once in the tool, select “Stealthwatch” from the Product Family drop down box, and then enter the
required fields into the tool. The list below details the correct information to be entered into the tool.
Additional extensions may be requested in 30 day increments however extensions beyond 90 days will
require approval through the PEGA tool.
• Product SKU : Select the appropriate SKU based on what is being used. The SMCVE and FCVE
appliances do not require a license as a license will autogenerate when registered to the Smart
Account.
o L-LC-TI-FC1k=
Threat Intelligence License for Flow Collector 1k
o L-LC-TI-FC2k=
Threat Intelligence License for Flow Collector 2k
o L-LC-TI-FC4k=
Threat Intelligence License for Flow Collector 4k
o L-LC-TI-FC5k=
Threat Intelligence License for Flow Collector 5k
o L-ST-EP-LIC=
Endpoint License, select number of Endpoints needed
o L-ST-FR-LIC=
Flow Rate License, 3000 max
o L-ST-FS-VE-K9
Flow Sensor, select number of Flow Sensors needed
82
Cisco Security Licensing and Software Access
•
•
•
o L-ST-UDP-VE-K9
Requested License Term:
License Quantity:
Smart Account:
•
Virtual Account:
•
•
Intended User Type:
Purpose:
UDP Director, select number of UDPs needed
30
Request Quantity Needed
Customer Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
Customer Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
Partner
POV
Approvals should be processed quickly by the Stealthwatch team, but if you do not get an approval
within ONE BUSINESS DAY, you can email the Stealthwatch-ops@cisco.com alias with the request ID
requiring approval.
6.7.2.2 On-premise POV Extension Requests: Versions prior to 7.2x
The Stealthwatch software comes with a built-in 90-day license for all features, so if the POV runs
beyond this time, Partner Help agents CANNOT request POV extensions for Partners. Instead, the
Partner MUST reach out to their Partner AM/SE or the Account AM/SE associated to the customer and
they must create a Stealthwatch POV request from an opportunity in SFDC. The Partner SE/AM or
Account SE/AM should know how to follow the necessary processes in SFDC, so advise the Partner to
reach out accordingly.
6.8
Cisco Defense Orchestrator (CDO)
Cisco Defense Orchestrator (CDO) is now licensed via an external mailer and Partners can request Lab
and POV licenses directly through it. The CDO team will also allow for Lab and POV extensions with
business justification. In the event a partner opens a case with you requesting a CDO Lab or POV license
please tell them they can directly contact the CDO provisioning team at cdosales@cisco.com.
83
Cisco Security Licensing and Software Access
6.9
Identity Services Engine (ISE)
Prior to v3.0, the Identity Services Engine (ISE) is licensed through the SWIFT tool. By default, ISE images
downloaded from CCO have all features enabled for 90 days, so this could be used for initial POV
deployments, but for new Lab license requests or Lab license renewals, the Partner Help agent should
issue 365-day licenses.
Starting in v3.0, the Identity Services Engine utilizes Smart Licensing which can be provisioned via the
PEGA tool. As such, the Partner MUST have a Cisco Smart Account before this process can continue. If
the case notes do not include Smart Account information, you must ask the Partner to complete the
steps provided in the partner facing guide first. Once you have the required Smart Account information
from the Partner, the Partner Help Agent should be able to access the PEGA tool. If you receive a
message indicating you do not have correct authorization to the PEGA tool, you must request access via
the instructions provided in Section 5 of this guide. Please note, at the initial v3.0 release is the ISE VM
license as well as the Device Administration are still provisioned using the SWIFT tool.
6.9.1 Partner Lab License Requests Prior to v3.0 Software
Identity Services Engine (ISE) is licensed through the SWIFT tool. There is also an option for partners to
download ISE images from CCO with all features enabled for 90 days, but for new Lab license requests or
Lab license renewals, you should issue 365-day licenses.
To generate activation keys go to the SWIFT Internal License Generation Tool: http://wwwintools.cisco.com/SWIFT/SSCSLT/viewIntPubKeyGen.action?subGroup=POSITRONFEAT&keytype=PUBLICI
NTERNAL
For the Base, Advanced, Plus, Apex, TACACS Device Admin, or VMWare licenses, enter the following
information and click Issue Key repeating the process if multiple keys are required.
•
•
•
•
•
Product Name = [Select required license from drop down list]
Email = Partner Help SE Email Address
Primary Product ID = ISE-VM-K9 -or- SPID from Partner Help Case
Primary Serial No = Serial from Partner Help Case
Primary Version Id = V01 -or- VPID from Partner Help Case
84
Cisco Security Licensing and Software Access
You should receive a confirmation that an email has been sent.
If multiple keys are required, simply close the pop-up in your browser so you can leverage cached
information and select the additional product names from the drop down list.
When finished, copy the license key zip file(s) from your email and provide them to the partner SE as
attachments to an email in the Partner Help ticket. Add license installations instructions as an
attachment or paste them into to the body of the email.
85
Cisco Security Licensing and Software Access
In your email response, confirm that the partner SE was able to successfully load the licenses. After
confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to ‘Lab License’ within SFDC and close the case.
6.9.2 Partner POV License Requests Prior to v3.0 Software
Identity Services Engine (ISE) is licensed through the SWIFT tool. There is also an option for partners to
download ISE images from CCO with all features enabled for 90 days, but for new POV licenses, you
should issue 90-day licenses.
To generate activation keys go to the SWIFT Internal License Generation Tool: http://wwwintools.cisco.com/SWIFT/SSCSLT/viewIntPubKeyGen.action?subGroup=POSITRONFEAT&keytype=PUBLICI
NTERNAL
For the Base, Advanced, Plus, Apex, TACACS Device Admin, or VMWare licenses, enter the following
information and click Issue Key repeating the process if multiple keys are required.
•
•
•
•
•
Product Name = [Select required license from drop down list]
Email = Partner Help SE Email Address
Primary Product ID = ISE-VM-K9 -or- SPID from Partner Help Case
Primary Serial No = Serial from Partner Help Case
Primary Version Id = V01 -or- VPID from Partner Help Case
86
Cisco Security Licensing and Software Access
You should receive a confirmation that an email has been sent.
If multiple keys are required, simply close the pop-up in your browser so you can leverage cached
information and select the additional product names from the drop down list.
When finished, copy the license key zip file(s) from your email and provide them to the partner SE as
attachments to an email in the Partner Help ticket. Add license installations instructions as an
attachment or paste them into to the body of the email.
87
Cisco Security Licensing and Software Access
In your email response, confirm that the partner SE was able to successfully load the licenses. After
confirmation from the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and
change the Sub Service Type to ‘POV License’ within SFDC and close the case.
88
Cisco Security Licensing and Software Access
6.9.3 Partner Lab License Requests and Renewals in Software v3.0 and Above
The Partner Help Agent can provide up to a maximum quantity of 100 and duration of 365 days with
unlimited renewals for Lab licenses without BU approval. Once you have the required Smart Account
information from the Partner, the Partner Help Agent should be able to access the PEGA tool. If you
receive a message indicating you do not have correct authorization to the PEGA tool, you must request
access via the instructions provided in Section 5 of this guide.
89
Cisco Security Licensing and Software Access
Once in the tool, select CISE (Cisco Identity Services Engine) from the Product Family drop down box,
and then enter the required fields into the tool. The list below details the correct information to enter
into the tool and then select Submit.
• Product SKU:
ISE-E-LIC (ISE Essentials – User Visibility / Enforcement)
ISE-A-LIC (ISE Advantage – Context)
ISE-P-LIC (ISE Premier – Full Stack)
L-ISE-TACACS-ND= (TACACS / Device Administration)
R-ISE-VML-K9= (ISE VM )
• Requested License Term:
Other
• Duration Text Box:
365
• License Quantity:
100
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
Lab
• Business Justification:
Partner Name – SFDC Case number
Confirm the Partner has the appropriate license in their Smart Account and instruct them to follow the
Smart License Account Activation instructions from the partner facing guide. After confirmation from
90
Cisco Security Licensing and Software Access
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘Lab License’ within SFDC and close the case.
6.9.4 Partner POV License Requests and Renewals in Software v3.0 and Above
By default, ISE images downloaded from CCO have all features enabled for 90 days and 100 seats, so this
could be used for initial POV deployments, but the Partner Help Agent can provide (1) renewal at 90days with business justification without BU approval. Once you have the required Smart Account
information from the Partner, the Partner Help Agent should be able to access the PEGA tool. If you
receive a message indicating you do not have correct authorization to the PEGA tool, you must request
access via the instructions provided in Section 5 of this guide.
91
Cisco Security Licensing and Software Access
Once in the tool, select CISE (Cisco Identity Services Engine) from the Product Family drop down box,
and then enter the required fields into the tool. The list below details the correct information to enter
into the tool and then select Submit.
• Product SKU:
ISE-E-LIC (ISE Essentials – User Visibility / Enforcement)
ISE-A-LIC (ISE Advantage – Context)
ISE-P-LIC (ISE Premier – Full Stack)
L-ISE-TACACS-ND= (TACACS / Device Administration)
R-ISE-VML-K9= (ISE VM )
• Duration Text Box:
90
• License Quantity:
100
• Smart Account:
Smart Account Name from the case notes
(The tool will search to find the name; select the correct name)
• Virtual Account:
Smart Account Virtual Name from the case notes
(The tool will search to find the name; select the correct name)
• Intended User Type:
Partner
• Purpose:
POV
• End Customer Name:
Customer Business Name
• Business Justification:
Partner Name – SFDC Case number
92
Cisco Security Licensing and Software Access
Confirm the Partner has the appropriate license in their Smart Account and instruct them to follow the
Smart License Account Activation instructions from the partner facing guide. After confirmation from
the partner, ensure the Service Type is set to ‘Cisco Sales Enablement Services’ and change the Sub
Service Type to ‘POV License’ within SFDC and close the case.
93
Cisco Security Licensing and Software Access
6.10 Web Security Appliance (WSA)
6.10.1 Licensing: WSA
For POV licenses, you should issue 45-day licenses with one 45-day extension per opportunity. For Lab
licenses, you should issue 180-day licenses. To generate licenses for new customers go to the SWIFT
Internal License Generation Tool. To generate a la carte licenses for existing customers that want to test
an incremental feature, go to the SWIFT A La Carte Internal License Generation Tool.
For the Web Security Appliance (WSA) Key, enter the following information and click Issue Key. If the
partner already has the WSA deployed and is asking for a new feature key to test out, ensure that you
fill in the Serial Number field so that the original license is not overwritten.
•
•
•
•
•
•
•
Product Name = WSA-WSS-LIC= (Select appropriate bundle or a la carte license as applicable)
Reason = POV -or- Partner Demo License
Notes = Partner Help Case Number
Email Address = Partner Help SE Email Address
Serial Number = Serial number from Partner Help Case (Only required for Physical Appliances)
Hardware Product ID = WSA-XXX from Partner Help Case (Only required for Physical Appliances)
Expiring in = 45 Days -or- 180 Days
After sending the license to the Partner and confirming receipt, ensure the Service Type is set to ‘Cisco
Sales Enablement Services’ and change the Sub Service Type to the appropriate type (‘POV License or
‘Lab License’) within SFDC and close the case.
94
Cisco Security Licensing and Software Access
6.11 Email Security Appliance (ESA)
6.11.1 Licensing: ESA
For POV licenses, you should issue 45-day licenses with one 45-day extension per opportunity. For Lab
licenses, you should issue 180-day licenses. To generate licenses for new customers go to the SWIFT
Internal License Generation Tool. To generate a la carte licenses for existing customers that want to test
an incremental feature, go to the SWIFT A La Carte Internal License Generation Tool.
For the Email Security Appliance (ESA) Key, enter the following information and click Issue Key. If the
partner already has the ESA deployed and is asking for a new feature key to test out, ensure that you fill
in the Serial Number field so that the original license is not overwritten.
•
•
•
•
•
•
•
Product Name = ESA-ESP-AT-LIC= (Select appropriate bundle or a la carte license as applicable)
Reason = POV -or- Partner Demo License
Notes = Partner Help Case Number
Email Address = Partner Help SE Email Address
Serial Number = Serial number from Partner Help Case (Only required for Physical Appliances)
Hardware Product ID = ESA-XXX from Partner Help Case (Only required for Physical Appliances)
Expiring in = 45 Days -or- 180 Days
After sending the license to the Partner and confirming receipt, ensure the Service Type is set to ‘Cisco
Sales Enablement Services’ and change the Sub Service Type to the appropriate type (‘POV License or
‘Lab License’) within SFDC and close the case.
95
Cisco Security Licensing and Software Access
6.12 Security Management Appliance (SMA)
6.12.1 Licensing: SMA
SMA licensing is managed via SWIFT. If the partner is requesting SMA-EMGT and SMA-WMGT licenses
for a virtual appliance, first request the SMA-EMGT license. Use the serial number from this license in
the second license request for the SMA-WMGT. To generate licenses for new customers go to the SWIFT
Internal License Generation Tool. To generate a la carte licenses for existing customers that want to test
an incremental feature, go to the SWIFT A La Carte Internal License Generation Tool.
For the Security Management Appliance (SMA) Key, enter the following information and click Issue Key.
•
•
•
•
•
•
•
Product Name = SMA-EMGT-LIC= -or- SMA-WMGT-LIC=
Reason = POV -or- Partner Demo License
Notes = Partner Help Case Number
Email Address = Partner Help SE Email Address
Serial Number = Serial number from Partner Help Case (Only required for Physical Appliances)
Hardware Product ID = SMA-XXX from Partner Help Case (Only required for Physical Appliances)
Expiring in = 45 Days -or- 180 Days
After sending the license to the Partner and confirming receipt, ensure the Service Type is set to ‘Cisco
Sales Enablement Services’ and change the Sub Service Type to the appropriate type (‘POV License or
‘Lab License’) within SFDC and close the case.
96
Cisco Security Licensing and Software Access
6.13 Cloud Email Security (CES)
6.13.1 Licensing: Cloud Email Security, Domain Protection, Advanced Phishing Protection
Initial Setup and Portal Access
Cloud Email Security (CES) and/or Domain Protection/Advanced Phishing Protection (DP/APP) is licensed
through a portal which can be accessed by Cisco Sales teams OR by Partners directly, but we are
directing Partners to PH for assistance. For POV licenses, you should request the evaluation licenses on
behalf of the Partner via the link below and click the Start Your Free Trial Today! box.:
https://order.ces.cisco.com/eval/
Enter the required fields as shown below and click the Start My Trial! box. If any of the required fields
were not provided in the original PH request, you should respond to the Partner asking for the missing
information. If the Partner does not have a Deal ID, you can use “pending” for that input.
NOTE: When communicating with the requester, please clarify the following. For APJC requesters,
please ask if they require to be provisioned in the APJC - Melborne or APJC - Japan Datacenter. For
EMEAR requesters, please ask if they if the customer is located in Germany and if so, select the Europe –
Germany Datacenter, otherwise, you can select the Europe Datacenter.
97
Cisco Security Licensing and Software Access
98
Cisco Security Licensing and Software Access
You should then see a confirmation screen stating an email will be sent in 30 minutes. NOTE: Do not
advise the Partner the account will be ready in 30 minutes as the provisioning takes longer than this
amount of time.
Follow-up with the Partner to confirm the Customer receives the email and is able to log into the CES
portal. If the customer does not receive the email within 3-to-4 business days, send an email to cesactivations mailer with the Customer Name and Company information. After confirming with the
Partner the CES portal is available, ensure the Service Type is set to ‘Cisco Sales Enablement Services’
and change the Sub Service Type to the appropriate type (‘POV License or ‘Lab License’) within SFDC and
close the case.
6.13.2 Evaluation Extensions or Conversion from Evaluation to Production licenses
One 45-day license extensions will be granted when business justification can be provided to the Cloud
Email Security team. The customer can also convert the 45-day / 90-day evaluation licenses to full
licenses once they have been purchased eliminating the need to request new production licenses. To
receive the extension or to convert the evaluation licenses to production licenses, the customer should
work with the Cisco Account SE and/or the Partner SE and request for the extension by contacting the
ces-eval-extension mailer with valid business justifications. Once approved, the cloud-email ops team
will extend the licenses.
Note: Automatic expiry alerts are sent in advance to the registered contacts with CES and TAC can
provide a temporary extension for 5-10 days to avoid any outage or customer inconvenience.
99
Cisco Security Licensing and Software Access
7
Cisco Cloud Mailbox Defense (CMD)
Cisco Channel Partners can sign their customers up for a 30-day free trial of Cloud Mailbox Defense
(CMD) via the following URL: https://www.cisco.com/c/en/us/products/security/cloud-mailboxdefense/free-trial.html?
When submitting the required information be sure to check the button to indicate "Yes - I am a client
referred by a partner". The trial activation credentials will be directly sent to the customer when the
form is submitted, and a Cisco representative will be available to support the trial.
8
Not-for-Resale (NFR) Requests
If a partner opens a case to request NFR s/w, h/w or license or for an NFR license renewal you will need
to confirm whether it is indeed an NFR related request. The NFR program provides partners with
discounted h/w and s/w for internal lab purposes. Some partners confuse the PoV/Lab licenses offered
via PH with NFR purchase requests for internal lab h/w and s/w.
If a partner case is related to an NFR request or renewal please advise the requester to proceed as
follows:
•
•
•
•
Create a deal in CCW and get it approved
Go to CCW-R and search for their contract
Put the approved NFR deal into the quote
Discount will automatically populate
Essentially the partner creates a new BoM and applies the NFR discount after approval. You can also
direct the partner to review the NFR program info here via the link below and/or contact their Cisco
partner representative.
https://www.cisco.com/c/en/us/partners/incentives/standard-not-for-resale.html?dtid=osscdc000283
9
Next Steps
This completes the POV and lab license request process document for partner help. For information on
how partners open licensing cases with partner help, review the POV and lab licensing document on the
partner security community:
https://community.cisco.com/t5/security-documents/cisco-security-licensing-and-software-access/tap/3633739
100
Cisco Security Licensing and Software Access
For additional support, please post your question into the “GVE Security Licensing and Software Access”
WxT room.
10 Change Log
13-Apr, 2020:
23-Apr, 2020:
Document creation
Updated AMP for Endpoint with Tier and Locale information
28-Apr, 2020:
08-May, 2020:
12-May, 2020:
13-May, 2020:
Updated AMP for Endpoint and Umbrella support information
Updated Stealthwatch, ESA, WSA, CES/APP/DP information
Updated Fire Jumper TAC Access and AMP for Endpoint Cisco Employee requests
Updated Umbrella MSSP Console creation process to allow for Cisco internal requesters
19-May, 2020:
01-June, 2020:
11-June, 2020:
16-June, 2020:
licenses
18-June, 2020:
22-June, 2020:
21-July, 2020:
22-July, 2020:
03-Aug, 2020:
Updated AMP for Endpoint instructions
Updated Lab Smart License duration for FTD, FMC, ASAv, and AnyConnect for FTD
Updated Stealthwatch Licensing to include Smart Licensing options for v7.2.1
Updated to include Firepower 1000 Appliance ASA, Encryption, and Security Context
13-Aug, 2020:
27-Aug, 2020:
25-Sep, 2020:
02-Oct, 2020:
23-Nov, 2020:
Removed Cisco Security Manger (CSM)
Updated Stealthwatch 7.2+ Lab license duration to 364 days to avoid approval delay
Updated A4E and ISE processes to reflect portal and Smart licensing changes
Updated Stealthwatch Enterprise POV license extension process
Added Not-for-Resale (NFR) guidance
Updated Cloud Email Security to note different APJC and Europe Datacenters
Updated Lab license duration for Firepower/FMC Smart Licenses to 180 days
Updated A4E Lab, POV, and Private Cloud request sections
Updated A4E and Threat Grid Lab license sections
Updated A4E Partner POV license duration from 2 months to 1 month per BU
10-Mar, 2021: Removed ACS
01-Apr, 2021: Updated Umbrella support contact info in Section 6.6
101