Cisco Permanent Reservation License or Cisco PLR License ( New type of Cisco License ) is counted as a secure way to register all product instances in classified network or highly secure environment where an outbound connection is not allowed. While Cisco smart licensing needs periodic connection between devices and Cisco smart license manager (CSSM or SSMS), Cisco PLR licenses provide offline, permanent and full feature license. Cisco has considered these licenses as its Secure product lines. Currently, customers can register PLR license on the following products:
Cisco Secure Firewall (formerly Cisco Firepower):The Cisco Firepower Series Designed for branches, large campus and data centers. These appliances can quickly inspect encrypted web traffic, gain visibility across applications, detect and block network intrusions, deploy scalable VPNs, and integrated protection against DDoS attacks. These appliances also can integrate with Cisco Firewall Threat Defense (FTD) image, which is a unified software image combining Cisco ASA and Cisco Firepower, feature into one hardware and software complete system. The Cisco PLR license should be applied on the FDM or FMC Web-UI in order to register and activate the secure firepower device. after activating PLR license, all features including threat defense, malware, IPS, URL, AMP etc., will be enabled without any time limitation, also unlimited AnyConnect session will be available on firepower device. ( More information about Cisco Firepower PLR License )
Cisco Secure Firewall Device Management (formerly FDM):Cisco Firepower Device manager can be applied through network when you have a single firewall that needs to be managed via graphical console. It contains workflows, diagrams and default configuration options. Cisco FDM is natively available on Cisco Firepower and free to use. Applying a PLR license on FDM, can only register your single Firewall being managed by Cisco Firepower Device Manager.
Cisco Secure Firewall Management Center (formerly FMC):Cisco FMC is an administrative Service to manage multiple Cisco fire powers in same network. The Cisco FMC provides unified management of Cisco firepower with FTD software for port and protocol control, application control, IPS, URL filtering, and malware protection functions. When applying a single Cisco PLR license on Cisco FMC, there will be no need to purchase separate license for each firepower devices. Basically one FMC can support up to 25 firepower devices with only one PLR license. However, we don’t recommend you to add more than 3 Firepowers on one FMC server. ( Learn how to activate Cisco FMC PLR License )
Using Cisco PLR license the virtual FMC, can manage 2, 10 or 25 devices. If you need to manage more than 25 then you will need to upgrade to a physical FMC appliance or FMC300.
Cisco Identity Service Engine (ISE):The Cisco ISE is a next-generation identity and access control policy platform that provides a single policy plan across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA). Cisco ISE also supports PLR license which can enable all its premium features permanently for an unlimited network devices and end clients. Cisco ISE usually use two separate PAN for redundancy and high availability and each PAN requires separate PLR License. ( Learn how to activate Cisco ISE PLR License)
Cisco Secure Network Analytics (formerly StealthWatch):Using enterprise telemetry StealthWatch brings deeper visibility for all the cloud endpoint, data center and branch connections on the network. This visibility led to smarter segmentation policies that could be easily enforced shortly after StealthWatch discovered something suspicious. Cisco StealthWatch PLR license can ultimately enable full capabilities in an offline method leveraging the secure networks to avoid any unnecessary inbound or outbound connections for the device registration. (Learn how to activate Cisco StealthWatch PLR License )