License Requirements for Site-to-Site VPN

License Requirements for Policy-Based and Route-Based VPN

With the Essentials license, you can set up policy-based and route-based VPNs on your Firewall Threat Defense devices.

Depending on whether export-controlled functionality is enabled in your Smart License account, Cloud-Delivered Firewall Management Center determines whether to allow or block the usage of strong crypto on devices. To verify if export-controlled functionality is enabled for your Smart License account, choose Administration > Licenses > Smart Licenses.

Note	If you use an evaluation license, or if you have not enabled the export-controlled functionality, you cannot use strong encryption for your VPN connections.

License Requirements for Deploying a SASE Tunnel on Umbrella

To deploy SASE tunnels on Umbrella from Cloud-Delivered Firewall Management Center, you must enable your Smart License account with the export-controlled functionality. If this functionality is not enabled, you can only create a SASE topology, you cannot deploy tunnels on Umbrella.

Licenses for automatic tunnel between Secure Accessand Firewall Threat Defense devices

Cloud-Delivered Firewall Management Center Essentials (formerly Base) license must allow export-controlled functionality. Choose Administration > Licenses > Smart Licenses to verify this in Cloud-Delivered Firewall Management Center.

Note

Evaluation license does not support this feature.
Cisco Secure Access Essentials subscription license must be available.