Cisco’s Next Generation Firewall Product Line Software Release and Sustaining Bulletin
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Released: December 4, 2019
Updated: February 21, 2025
Note: This product bulletin describes the support timelines for the following Cisco Next Generation Firewall Product Line (Secure Firewall Product Line) software: Cisco Firepower Threat Defense (FTD), Firepower Management Center (FMC), Firepower Device Manager (FDM), Secure Firewall, Secure Firewall Management Center and Adaptive Security Appliance (ASA) releases after 7.7 or ASA 9.23. Version 10.0 for Secure Firewall/9.24.1 for ASA is planned for 2H25. For information about earlier releases, see Support Timelines for Earlier Releases.
This product bulletin describes the support timeline and support guidelines for Cisco Secure Firewall Product Line software on the supported security appliances, as described in the Secure Firewall Compatibility Guides:
● Firepower Compatibility Guide
Cisco Secure Firewall Product Line Software Release Delivery
Release Number Versioning Scheme
The examples in these guidelines use the W.X.Y.Z format for release version numbers, for example 10.0.0.12 (Figure 1).
Cisco Secure Firewall Software release numbering: W.X.Y.Z format
Major Versions will be specified by the first two digits and include a series of Minor Releases. Each Major Version will start with an Initial Minor Release (W.0) and then follow up with a Final Minor Release 9 months later (W.5). After Final Minor Release, we will deliver Maintenance Releases for 33 Months and then Vulnerability releases for 24 Months.
| W |
X |
Y |
Z |
| This indicates the Major Version. 10, 11, 12 |
For Cisco Secure Firewall, this indicates the Minor Release. 0 will be the initial Minor Release and 5 will be the final Minor Release. |
Indicates the Maintenance Release These releases address defects and vulnerabilities |
Indicates the Vulnerability Release These releases address critical defects and vulnerabilities. |
ASA will continue with Version 9.X.Y.Z
For example. FTD 10.0 will be 9.24.1 for ASA. 10.5 will be 9.25.1. MRs and Interims will continue to be delivered in the same cadence that ASA has been delivering. With new MRs incrementing the 3rd digit.
Customers adopting 9.24.x will ultimately need to upgrade to 9.25.x to continue getting quality and vulnerability updates.
FTD and ASA Version Mapping
Table 1. Cisco Secure Firewall release numbering breakdown
| FTD |
ASA |
| 10.0 |
9.24.1 |
| 10.5 |
9.25.1 |
| 11.0 |
11.0 |
| 11.5 |
11.5 |
Software Support Lifecycle guidelines
The Cisco Secure Firewall Product Line Software Support Lifecycle guidelines have pre-set time intervals for each of the lifecycle milestones. These time intervals are based on the support model of the affected Cisco Secure Firewall Product Line software version. Table 2 summarizes the Support Lifecycle milestones for these software releases.
Table 2. Cisco Secure Firewall product line Software Support Lifecycle milestones by release
| Milestone |
Definition |
Timing |
| CCO |
When Software is released and posted to the Cisco Support Site |
Begins Software Release lifetime |
| Minor Release |
A Major Version can have multiple Minor Releases. This release lifecycle plans for 2. 0 would be the Initial Minor Release and 5 would be the final Minor Release. |
Final Minor Release occurs 9 months after the Initial Minor Release |
| External Announcement Date (EA) |
The date when the end-of-sale and end-of-life milestones for a Cisco product and/or service are communicated to the general public. |
36 Months after Initial Minor Release |
| End-of-Sale (EoS) Date** |
The last date to order the product through Cisco point-of-sale mechanisms. |
Six (6) months after the External Announcement (EA) for all releases Before EoS, all planned sustaining releases will be Maintenance Releases, after EoS, all planned releases will be Vulnerability Releases. |
| End of SW Maintenance (EoSW) Release Date |
The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software. |
24 Months after EoS |
| Last Date of Support (LDoS) |
The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete. |
24 Months after EoS |
Software release and support milestones
The primary milestones that define the software feature release lifecycle and the support durations are shown in Figure 2 below.
Note: These support periods are minimums.
Cisco Secure Firewall product line software lifecycle
Every Major Version will have the same release lifecycle and every Major Version will be submitted for Government Certification with the Final minor release.
Note: The above figure only shows Threat Defense Release expectations. ASA will continue to release sustaining/maintenance releases at the same frequency they have been. Interims every 6-8 weeks. Maintenance Releases every 5-7 months. In the Vulnerability phase, it will just be interims.
Feature Phase: 9 Months. Initial Minor Release (W.0) and Final Minor Release (W.5) are planned 9 Months apart. Between these releases a Maintenance Release will be released based on the initial Minor Release. These will be the same for both ASA and Threat Defense.
Maintenance Phase: 33 Months - Maintenace Releases (MR) : Quality fixes and PSIRT Fixes every 6 Months on the W.5 releases. We will also provide 1-2 Vulnerability releases on the W.0 Minor Release.
Vulnerability Phase: Vulnerability (PSIRT) Release 24 Months Starts with EoS and provides PSIRT and Critical defect fixes also every 6 months. ASA will only be delivering Interims in this period.
Throughout the software maintenance cycle, representatives from Cisco TAC and Cisco Engineering evaluate the priority of bug fixes and determine which ones should be included in each Maintenance or Vulnerability release. Cisco aims to provide Vulnerability updates on a semiannual basis for supported software releases. Due to the ever-changing vulnerability landscape, updates may need to be provided more frequently. Cisco encourages Cisco Secure Firewall Product Line software customers to include maintenance releases and patches in their software maintenance plan to avoid possible operational effects from known software bugs.
Customers are encouraged to migrate to the current Minor Release when the release becomes available with appropriate features for the applications, as shown in Figure 2.
Initial Minor Release Support
If customers wish to stay on the initial Minor Release after the final Minor Release is released, 1 Vulnerability Release will be planned on the initial Minor Release. If the final Minor Release doesn’t achieve suggested release by the next Vulnerability delivery date (6 months later) we will provide one additional Vulnerability release on the initial Minor Release. ASA MRs and Interims against the initial minor release (9.24.1, 11.0, 12.0, etc) will follow the same scheme as Threat Defense.
Sustaining Support
For Threat Defense, Maintenance and Vulnerability releases will all be fully upgradeable starting with 10.5. This has always been true for ASA.
For the upgrade path of a Major Version, customers may have unique requirements, and they are encouraged to work with local Cisco customer representatives to find the optimal release for their network.
Suggested Release (“The Star”) is managed within CCO. It is used to indicate when a Major Version has achieved suggested status. This indicates that the Major Version is well-adopted and has no critical defects or security vulnerabilities. Once a Major Version achieves the star, all subsequent MRs and PSIRT releases will automatically inherit the Suggested Release attribute.
Cisco notifies customers of the lifecycle and major milestones of a particular release by the following methods:
● Compatibility Guide: When a feature release is introduced, Cisco updates the product Compatibility Guide on Cisco.com with compatibility information for that particular feature release. When announced, this document is updated with the end-of-sale, end-of-software maintenance, and end-of-life dates for that release:
◦ Firepower Compatibility Guide
● External Announcement: Cisco issues an official End-of-Sale bulletin for the software release, which includes all End-of-Sale milestones affected including end of maintenance and last date of support. External announcements for all Cisco products are listed here: https://www.cisco.com/c/en/us/products/eos-eol-listing.html
All of these documents are intended to provide advanced notification to Cisco Secure Firewall Product Line software customers of the pending End-of-Sale and End-of-Life milestones.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of resources, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, refer to: http://www.cisco.com/go/services.
Support timelines for earlier releases
The following links provide information about the support timelines for releases prior to Cisco FTD/FPS/FMC 6.4 and ASA 9.12:
● Firepower versions for 7000/8000 Series: https://www.cisco.com/c/en/us/products/security/firepower-8000-series-appliances/eos-eol-notice-listing.html
● All other Firepower Appliances: https://www.cisco.com/c/en/us/products/security/firepower-ngfw/eos-eol-notice-listing.html
● ASA Appliances: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/eos-eol-notice-listing.html
● FXOS for FPR-4K/9K Series: https://www.cisco.com/c/en/us/products/security/firepower-9000-series/eos-eol-notice-listing.html
For more information about the Cisco FTD and ASA product line visit the following page: https://www.cisco.com/c/en/us/products/security/firewalls/index.html
or contact your local Cisco account manager.
For information about Cisco service and support programs and benefits, visit: https://www.cisco.com/c/en/us/services/technical/software-support.html