Guest

Preview Tool

Cisco Bug: CSCuq91115 - Cannot add ASA/CX into PRSM if EVAL WSE license is Expired or Deleted

Last Modified

Aug 19, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

9.2(1.4.5) 9.3(1.1.112)

Description (partial)

Symptom:
Can not add a CX module to off box PRSM if the WSE license is expired and/or deleted.

Conditions:
PRSM with two CX modules with AVC and IPS licenses installed and with WSE eval license.

the WSE license is expired and not using any of the WSE features so deleted the WSE license. Have installed permanent AVC and IPS licenses.

Adding the 3rd CX will have issues. 

PRSM will complain about requirement of WSE license. Here is the message:

"This device is using some licensed features, but you do not have sufficient valid, unused, non-evaluation licenses to complete the import. Required missing licenses are: Web Security Essentials license. Please upload licenses to PRSM and try adding the device again."

Issue seems to be that there is a built-in "Default web reputation profile" object which cannot be deleted.  It appears this is used in the "Malware Protection Configuration".

Unless we get a new WSE eval license, can not add another CX to PRSM.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.