Software Lifecycle Support Statement - Next Generation Firewall (NGFW)
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This software lifecycle support statement describes the support timelines for the following Cisco Next Generation Firewall Product Line (NGFW Product Line) software: Cisco Firepower Threat Defense (FTD), FirePOWER Services (FPS), Firepower Management Center (FMC), Firepower Device Manager (FDM), and Adaptive Security Appliance (ASA) releases starting from FTD 6.4, and ASA 9.12 onwards. For information about earlier releases, see Support Timelines for Earlier Releases.
This software lifecycle support statement describes the release and support timeline for Cisco NGFW Product Line software on the supported security appliances, as described in the NGFW Compatibility Guides:
● Firepower Compatibility Guide
Cisco NGFW Product Line software follows a time-based release model that delivers two releases each year. This approach enables Cisco to introduce stable and feature rich software releases in a reliable and predictable cadence.
Cisco NGFW Product Line Software Release Delivery
The Cisco NGFW Product Line Software Release Train provides two feature releases per year, approximately six months apart. This release cadence will be repeated every year, starting with FTD 6.4 and ASA 9.12 software releases
The releases use the following numbering scheme, as represented in Table 1:
● The Long Term Release (LTR) ships in the first half of the calendar year. An LTR is designated by an even number in the second digit of the series x.even, where x = major series and “even” represents a yearly increment for that series. This release is recommended for customers who desire longer support durations.
● The Extra Long Term Release (XLTR) is an LTR that has been chosen for government certification. An LTR is not shipped in a year when an XLTR is shipped. Like an LTR, an XLTR ships in the first half of the calendar year. An XLTR is designated by an even number in the second digit of the series x.even, where x = major series and “even” represents a yearly increment for that series. This release is recommended for customers who desire longer support durations in government certified vehicles.
● The Short Term Release (STR), which ships in the second half of the calendar year, is designated by an odd number in the second digit of the series x.odd, where x = major series, “odd” represents a yearly increment for that series. This release is recommended for customers who are looking for the latest set of feature releases.
Table 1. Release numbering scheme
|
|
Release Number |
Cadence |
| Long Term Release (LTR)
Extra Long Term Release (XLTR) |
X.even.
Example; FTD 6.4 and ASA 9.12 (XLTR) FTD 7.0*and ASA 9.16 (XLTR) |
First half of calendar year (12 months cycle) |
| Short Term Release (STR) |
X.odd.
Examples; FTD 6.5, ASA 9.13 (STR) FTD 6.7 and ASA 9.15 (STR) |
Second half of calendar year (12 months cycle) |
Release Number Versioning Scheme
The examples in these guidelines use the W.X.Y.Z format for release version numbers, for example 6.6.1.2 (Figure 1).
Cisco NGFW/ASA Software release numbering: W.X.Y.Z format
Cisco NGFW/ASA Software releases (W.X.Y.Z) are signified by a change to any of the four digits. In general, a change to W would indicate a larger change compared to a change in X, and similarly for the Y and Z digit as follows;
Feature releases are delivered for one or more of the following reasons:
Likely to cause a change to W:
● Introduce significant changes throughout the software, including infrastructure or architectural changes.
Likely to cause a change to X:
● New functions, features, and enhancements.
Likely to cause a change to Y:
● General bug and security related fixes
Likely to cause a change in Z:
● On-demand updates limited to critical fixes with time urgency.
● Hotfixes addressing specific customers’ issues
Software Support Lifecycle Guidelines
The Cisco NGFW Product Line Software Support Lifecycle guidelines have pre-set time intervals for each of the lifecycle milestones. These time intervals are based on the support model of the affected Cisco NGFW Product Line software version. Table 2 summarizes the Support Lifecycle milestones for these software releases.
Table 2. Cisco NGFW product line Software Support Lifecycle milestones by release
| Milestone |
Definition |
Timing |
| First-Customer-Ship (FCS) |
The date which the Product Line software release is made available to Cisco customers. |
Begins Software Release lifetime |
| External Announcement Date (EA) |
The date when the end-of-sale and end-of-life milestones for a Cisco product and/or service are communicated to the general public. |
At FCS for STRs Eighteen (18) months after FCS for LTRs Thirty three (33) months after FCS for XLTRs |
| End-of-Sale (EoS) Date** |
The last date to order the product through Cisco point-of-sale mechanisms.
|
Six (6) months after the External Announcement (EA) for all releases |
| End of SW Maintenance (EoSW) Release Date |
The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software. |
Eighteen (18) months after FCS for STRs Thirty six (36) months after FCS for LTRs Fifty one (51) months after FCS for XLTRs |
| Last Date of Support |
The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete. |
Two (2) years after End-of-Sale (EoS) date for all releases. |
The Cisco FTD 6.4 and ASA 9.12 Releases are the first XLTRs that will adhere to the guidelines presented here, as shown in Figure 2.
Cisco NGFW product line Software Release sustaining plan
Software Release and Support Milestones
The primary milestones that define the software feature release lifecycle for an STR, LTR and XLTR and the support durations are shown in Figure 3 below.
Cisco NGFW product line software lifecycle for STRs, LTRs, and XLTRs (Not to Scale)
During the last six (6) months of the software maintenance phase for an STR and 12 months for an LTR and XLTR, the primary focus will be on End of Vulnerability Support (EoVS) (PSIRT fixes).
Cisco communicates fixes for current software trains for individual bugs through the bug search tool and provides additional communication for PSIRT announcements with the respective releases fixing those security vulnerabilities. Customers might be required to perform an upgrade to a recent release train to benefit from fixes
Throughout the software maintenance cycle, representatives from Cisco TAC and Cisco Engineering evaluate the priority of bug fixes and determine which ones should be included in each maintenance release. Cisco encourages Cisco NGFW Product Line software customers to include maintenance releases in their software maintenance plan to avoid possible operational effects from known software bugs.
Following the End of Sale (EoS) milestone for all releases, for a two (2) year period, TAC will provide phone support to customers and guide them through the process of migrating to recommended releases which provide stability and longevity of the application software.
Customers are encouraged to migrate to the current LTR, XLTR, or STR when the release becomes available with appropriate features for the applications, as shown in Figure 3.
Maintenance releases are cumulative for the feature release they support. At the time it is published, the latest maintenance release includes all critical fixes published since the feature release was introduced. Cisco may recommend a release that provides the best stability and quality to customers at the time. Cisco also encourages all Cisco software customers to actively migrate to the latest maintenance release at their earliest convenience. If a bug is encountered which has been fixed in a maintenance release, Cisco's support policy is to recommend an upgrade to the latest available maintenance release.
For the upgrade path of a feature release, customers may have unique requirements, and they are encouraged to work with local Cisco customer representatives to find the optimal release for their network.
Cisco notifies customers of the lifecycle and major milestones of a particular release by the following methods:
● Compatibility Guide: When a feature release is introduced, Cisco updates the product Compatibility Guide on Cisco.com with compatibility information for that particular feature release. When announced, this document is updated with the end-of-sale, end-of-software maintenance, and end-of-life dates for that release:
◦ Firepower Compatibility Guide
● External Announcement: Cisco issues an official End-of-Sale bulletin for the software release, which includes all End-of-Sale milestones affected including end of maintenance and last date of support. External announcements for all Cisco products are listed here: https://www.cisco.com/c/en/us/products/eos-eol-listing.html
All of these documents are intended to provide advanced notification to Cisco NGFW Product Line software customers of the pending End-of-Sale and End-of-Life milestones.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of resources, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, refer to: http://www.cisco.com/go/services.
Support Timelines for Earlier Releases
The following links provide information about the support timelines for releases prior to Cisco FTD/FPS/FMC 6.4 and ASA 9.12:
● Firepower versions for 7000/8000 Series: https://www.cisco.com/c/en/us/products/security/firepower-8000-series-appliances/eos-eol-notice-listing.html
● All other Firepower Appliances: https://www.cisco.com/c/en/us/products/security/firepower-ngfw/eos-eol-notice-listing.html
● ASA Appliances: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/eos-eol-notice-listing.html
● FXOS for FPR-4K/9K Series: https://www.cisco.com/c/en/us/products/security/firepower-9000-series/eos-eol-notice-listing.html
For more information about the Cisco FTD and ASA product line visit the following page: https://www.cisco.com/site/us/en/products/security/firewalls/index.html
or contact your local Cisco account manager.
For information about Cisco service and support programs and benefits, visit: https://www.cisco.com/c/en/us/services/technical/software-support.html