Cisco’s Next Generation Firewall Product Line Software Release and Sustaining Bulletin

Bulletin

Available Languages

Download Options

  • PDF
    (379.3 KB)
    View with Adobe Reader on a variety of devices
Updated:May 26, 2025

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (379.3 KB)
    View with Adobe Reader on a variety of devices
Updated:May 26, 2025
 

 

Released: December 4, 2019

Updated: February 21, 2025

Note: This product bulletin describes the support timelines for the following Cisco Next Generation Firewall Product Line (Secure Firewall Product Line) software: Cisco Firepower Threat Defense (FTD), Firepower Management Center (FMC), Firepower Device Manager (FDM), Secure Firewall, Secure Firewall Management Center and Adaptive Security Appliance (ASA) releases after 7.7 or ASA 9.23. Version 10.0 for Secure Firewall/9.24.1 for ASA is planned for 2H25. For information about earlier releases, see Support Timelines for Earlier Releases.

Introduction

This product bulletin describes the support timeline and support guidelines for Cisco Secure Firewall Product Line software on the supported security appliances, as described in the Secure Firewall Compatibility Guides:

      Firepower Compatibility Guide

      ASA Compatibility Guide

      FXOS Compatibility

Cisco Secure Firewall Product Line Software Release Delivery

Release Number Versioning Scheme

The examples in these guidelines use the W.X.Y.Z format for release version numbers, for example 10.0.0.12 (Figure 1).

Cisco Secure Firewall Software release numbering: W.X.Y.Z format

Figure 1.            

Cisco Secure Firewall Software release numbering: W.X.Y.Z format

Major Versions will be specified by the first two digits and include a series of Minor Releases. Each Major Version will start with an Initial Minor Release (W.0) and then follow up with a Final Minor Release 9 months later (W.5). After Final Minor Release, we will deliver Maintenance Releases for 33 Months and then Vulnerability releases for 24 Months.

W

X

Y

Z

This indicates the Major Version. 10, 11, 12

For Cisco Secure Firewall, this indicates the Minor Release. 0 will be the initial Minor Release and 5 will be the final Minor Release.

Indicates the Maintenance Release

These releases address defects and vulnerabilities

Indicates the Vulnerability Release

These releases address critical defects and vulnerabilities.

ASA will continue with Version 9.X.Y.Z

For example. FTD 10.0 will be 9.24.1 for ASA. 10.5 will be 9.25.1. MRs and Interims will continue to be delivered in the same cadence that ASA has been delivering. With new MRs incrementing the 3rd digit.

Customers adopting 9.24.x will ultimately need to upgrade to 9.25.x to continue getting quality and vulnerability updates.

FTD and ASA Version Mapping

Table 1.        Cisco Secure Firewall release numbering breakdown

FTD

ASA

10.0

9.24.1

10.5

9.25.1

11.0

11.0

11.5

11.5

Software Support Lifecycle guidelines

The Cisco Secure Firewall Product Line Software Support Lifecycle guidelines have pre-set time intervals for each of the lifecycle milestones. These time intervals are based on the support model of the affected Cisco Secure Firewall Product Line software version. Table 2 summarizes the Support Lifecycle milestones for these software releases.

Table 2.        Cisco Secure Firewall product line Software Support Lifecycle milestones by release

Milestone

Definition

Timing

CCO

When Software is released and posted to the Cisco Support Site

Begins Software Release lifetime

Minor Release

A Major Version can have multiple Minor Releases. This release lifecycle plans for 2. 0 would be the Initial Minor Release and 5 would be the final Minor Release.

Final Minor Release occurs 9 months after the Initial Minor Release

External Announcement Date (EA)

The date when the end-of-sale and end-of-life milestones for a Cisco product and/or service are communicated to the general public.

36 Months after Initial Minor Release

End-of-Sale (EoS) Date**

The last date to order the product through Cisco point-of-sale mechanisms.

Six (6) months after the External Announcement (EA) for all releases

Before EoS, all planned sustaining releases will be Maintenance Releases, after EoS, all planned releases will be Vulnerability Releases.

End of SW Maintenance (EoSW) Release Date

The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.

24 Months after EoS

Last Date of Support (LDoS)

The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete.

24 Months after EoS

EOS ** --The product is no longer for sale as default on an appliance after this date. Product will be available for download from Cisco.com until the Last Date of Support.

Software release and support milestones

The primary milestones that define the software feature release lifecycle and the support durations are shown in Figure 2 below.

Note: These support periods are minimums.

Cisco Secure Firewall product line software lifecycle

Figure 2.            

Cisco Secure Firewall product line software lifecycle

Every Major Version will have the same release lifecycle and every Major Version will be submitted for Government Certification with the Final minor release.

Note: The above figure only shows Threat Defense Release expectations. ASA will continue to release sustaining/maintenance releases at the same frequency they have been. Interims every 6-8 weeks. Maintenance Releases every 5-7 months. In the Vulnerability phase, it will just be interims.

Feature Phase: 9 Months. Initial Minor Release (W.0) and Final Minor Release (W.5) are planned 9 Months apart. Between these releases a Maintenance Release will be released based on the initial Minor Release. These will be the same for both ASA and Threat Defense.

Maintenance Phase: 33 Months - Maintenace Releases (MR) : Quality fixes and PSIRT Fixes every 6 Months on the W.5 releases. We will also provide 1-2 Vulnerability releases on the W.0 Minor Release.

Vulnerability Phase: Vulnerability (PSIRT) Release 24 Months Starts with EoS and provides PSIRT and Critical defect fixes also every 6 months. ASA will only be delivering Interims in this period.

Throughout the software maintenance cycle, representatives from Cisco TAC and Cisco Engineering evaluate the priority of bug fixes and determine which ones should be included in each Maintenance or Vulnerability release. Cisco aims to provide Vulnerability updates on a semiannual basis for supported software releases. Due to the ever-changing vulnerability landscape, updates may need to be provided more frequently. Cisco encourages Cisco Secure Firewall Product Line software customers to include maintenance releases and patches in their software maintenance plan to avoid possible operational effects from known software bugs.

Upgrade paths

Customers are encouraged to migrate to the current Minor Release when the release becomes available with appropriate features for the applications, as shown in Figure 2.

Initial Minor Release Support

If customers wish to stay on the initial Minor Release after the final Minor Release is released, 1 Vulnerability Release will be planned on the initial Minor Release. If the final Minor Release doesn’t achieve suggested release by the next Vulnerability delivery date (6 months later) we will provide one additional Vulnerability release on the initial Minor Release. ASA MRs and Interims against the initial minor release (9.24.1, 11.0, 12.0, etc) will follow the same scheme as Threat Defense.

Sustaining Support

For Threat Defense, Maintenance and Vulnerability releases will all be fully upgradeable starting with 10.5. This has always been true for ASA.

For the upgrade path of a Major Version, customers may have unique requirements, and they are encouraged to work with local Cisco customer representatives to find the optimal release for their network.

Suggested Release Management

Suggested Release (“The Star”) is managed within CCO. It is used to indicate when a Major Version has achieved suggested status. This indicates that the Major Version is well-adopted and has no critical defects or security vulnerabilities. Once a Major Version achieves the star, all subsequent MRs and PSIRT releases will automatically inherit the Suggested Release attribute.

Customer notifications

Cisco notifies customers of the lifecycle and major milestones of a particular release by the following methods:

      Compatibility Guide: When a feature release is introduced, Cisco updates the product Compatibility Guide on Cisco.com with compatibility information for that particular feature release. When announced, this document is updated with the end-of-sale, end-of-software maintenance, and end-of-life dates for that release:

    Firepower Compatibility Guide

    ASA Compatibility Guide

    FXOS Compatibility

      External Announcement: Cisco issues an official End-of-Sale bulletin for the software release, which includes all End-of-Sale milestones affected including end of maintenance and last date of support. External announcements for all Cisco products are listed here: https://www.cisco.com/c/en/us/products/eos-eol-listing.html

All of these documents are intended to provide advanced notification to Cisco Secure Firewall Product Line software customers of the pending End-of-Sale and End-of-Life milestones.

Cisco Services

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of resources, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, refer to: http://www.cisco.com/go/services.

Support timelines for earlier releases

The following links provide information about the support timelines for releases prior to Cisco FTD/FPS/FMC 6.4 and ASA 9.12:

      Firepower versions for 7000/8000 Series: https://www.cisco.com/c/en/us/products/security/firepower-8000-series-appliances/eos-eol-notice-listing.html

      All other Firepower Appliances: https://www.cisco.com/c/en/us/products/security/firepower-ngfw/eos-eol-notice-listing.html

      ASA Appliances: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/eos-eol-notice-listing.html

      FXOS for FPR-4K/9K Series: https://www.cisco.com/c/en/us/products/security/firepower-9000-series/eos-eol-notice-listing.html

For more information

For more information about the Cisco FTD and ASA product line visit the following page: https://www.cisco.com/c/en/us/products/security/firewalls/index.html

or contact your local Cisco account manager.

For information about Cisco service and support programs and benefits, visit: https://www.cisco.com/c/en/us/services/technical/software-support.html

 

 

 

Learn more