Enable the Export Control Feature for Accounts Without Global Permission
If your Smart Account is not authorized for strong encryption, but Cisco has determined that you are allowed to use strong encryption, you can manually add a stong encryption license to your account.
Before you begin
-
Make sure that your deployment does not already support the export-controlled functionality.
If your deployment supports export-controlled features, you will see an option that allows you to enable export-controlled functionality in the Create Registration Token page in the Smart Software Manager. For more information, see https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html.
-
Make sure your deployment is not using an evaluation license.
-
In the Smart Software Manager, on the page, verify that you have the license that corresponds to your CDO:
Export Control License
CDO Model
Cisco Virtual FMC Series Strong Encryption (3DES/AES)
All FMCvs
Cisco FMC 1K Series Strong Encryption (3DES/AES)
750, 1500,
Cisco FMC 2K Series Strong Encryption (3DES/AES)
2000,
Cisco FMC 4K Series Strong Encryption (3DES/AES)
3500, 4000,
Procedure
| Step 1 | Choose .
| ||
| Step 2 | Click Request Export Key to generate an export key.
Disable the export control license by clicking Return Export Key |
What to do next
You can now deploy configurations or policies that use the export-controlled features.
Remember | The new export-controlled licenses and all features enabled by it do not take effect on the FTD devices until the devices are rebooted. Until then, only the features supported by the older license will be active. In High Availability deployments both the FTD devices need to be rebooted simultaneously, to avoid an Active-Active condition. |