Cisco Secure Firewall ASA Compatibility
This document lists the Secure Firewall ASA software and hardware compatibility and requirements.
ASA and ASDM Compatibility Per Model
This section lists ASA and ASDM compatibility per model.
 Note |
For guidance on security issues on the ASA, and which releases contain fixes for each issue, see the ASA Security Advisories. |
ASA 9.18 to 9.17
Releases in bold are the recommended versions.
Note |
ASA 9.16(x) was the final version for the ASA 5506-X, 5506H-X, 5506W-X, 5508-X, and 5516-X. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.17(1) can manage an ASA 5516-X on ASA 9.10(1). |
|
ASA |
ASDM |
ASA Model | ||||||
|---|---|---|---|---|---|---|---|---|
|
ASA Virtual |
Firepower 1010 1120 1140 1150 |
Firepower 2110 2120 2130 2140 |
Secure Firewall 3110 3120 3130 3140 |
Firepower 4110 4112 4115 4120 4125 4140 4145 4150 |
Firepower 9300 |
ISA 3000 |
||
|
9.18(1) |
7.18(1.150) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.18(1) |
7.18(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.17(1) |
7.17(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
ASA 9.16 to 9.15
Releases in bold are the recommended versions.
Note |
ASA 9.16(x) was the final version for the ASA 5506-X, 5506H-X, 5506W-X, 5508-X, and 5516-X. ASA 9.14(x) was the final version for the ASA 5525-X, 5545-X, and 5555-X. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.15(1) can manage an ASA 5516-X on ASA 9.10(1). |
|
ASA |
ASDM |
ASA Model |
||||||
|---|---|---|---|---|---|---|---|---|
|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASAv |
Firepower 1010 1120 1140 1150 |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4112 4115 4120 4125 4140 4145 4150 |
Firepower 9300 |
ISA 3000 |
||
|
9.16(3) |
7.16(1.150) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.16(2) |
7.16(1.150) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.16(1) |
7.16(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.15(1) |
7.15(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
ASA 9.14 to 9.13
Releases in bold are the recommended versions.
Note |
ASA 9.14(x) was the final version for the ASA 5525-X, 5545-X, and 5555-X. ASA 9.12(x) was the final version for the ASA 5512-X, 5515-X, 5585-X, and ASASM. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.13(1) can manage an ASA 5516-X on ASA 9.10(1). ASDM 7.13(1) and ASDM 7.14(1) did not support ASA 5512-X, 5515-X, 5585-X, and ASASM; you must upgrade to ASDM 7.13(1.101) or 7.14(1.48) to restore ASDM support. |
|
ASA |
ASDM |
ASA Model |
|||||||
|---|---|---|---|---|---|---|---|---|---|
|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASA 5525-X 5545-X 5555-X |
ASAv |
Firepower 1010 1120 1140 1150 |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4112 4115 4120 4125 4140 4145 4150 |
Firepower 9300 |
ISA 3000 |
||
|
9.14(4.6) |
7.17(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.14(4) |
7.17(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.14(3) |
7.16(1.150) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.14(2) |
7.14(1.48) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.14(1.30) |
7.14(1.48) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.14(1.6) |
7.14(1.48) |
— |
— |
YES (+ASAv100) |
— |
— |
— |
— |
— |
|
9.14(1) |
7.14(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.13(1) |
7.13(1) |
YES |
YES |
YES |
YES |
YES |
YES (except 4112) |
YES |
YES |
ASA 9.12 to 9.5
Releases in bold are the recommended versions.
Note |
ASA 9.12(x) was the final version for the ASA 5512-X, 5515-X, 5585-X, and ASASM. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.12(1) can manage an ASA 5515-X on ASA 9.10(1). |
|
ASA |
ASDM |
ASA Model |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASA 5512-X 5515-X 5525-X 5545-X 5555-X |
ASA 5585-X |
ASAv |
ASASM |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4120 4140 4150 |
Firepower 4115 4125 4145 |
Firepower 9300 |
ISA 3000 |
||
|
9.12(4) |
7.13(1.101) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.12(3) |
7.12(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.12(2) |
7.12(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.12(1) |
7.12(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
9.10(1) |
7.10(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
|
9.9(2) |
7.9(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
|
9.9(1) |
7.9(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
|
9.8(4) |
7.12(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
|
9.8(3) |
7.9(2.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
|
9.8(2) |
7.8(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
|
9.8(1.200) |
No support |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
|
9.8(1) |
7.8(1) |
YES |
YES |
YES |
YES (+ASAv50) |
YES |
— |
YES |
— |
YES |
YES |
|
9.7(1.4) |
7.7(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
|
9.6(4) |
7.9(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
|
9.6(3.1) |
7.7(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
|
9.6(2) |
7.6(2) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
|
9.6(1) |
7.6(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES (except 4150) |
— |
YES |
YES |
|
9.5(3.9) |
7.6(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
YES |
|
9.5(2.200) |
7.5(2.153) |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
|
9.5(2.2) |
7.5(2) |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.5(2.1) |
7.5(2) |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.5(2) |
7.5(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
YES |
|
9.5(1.200) |
7.5(1) |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
|
9.5(1.5) |
7.5(1.112) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
|
9.5(1) |
7.5(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
ASA 9.4 to 9.3
Note |
ASA 9.2(x) was the final version for the ASA 5505. Later ASDM versions continue to support the ASA 5505. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.6(2) can manage an ASA 5516-X on ASA 9.3(3). |
|
ASA |
ASDM |
ASA Model |
||||||
|---|---|---|---|---|---|---|---|---|
|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASA 5512-X 5515-X 5525-X 5545-X 5555-X |
ASA 5585-X |
ASAv |
ASASM |
Firepower 9300 |
ISA 3000 |
||
|
9.4(4.5) |
7.6(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
|
9.4(3) |
7.6(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
|
9.4(2.146) |
7.5(1.112) |
— |
— |
— |
— |
— |
YES |
— |
|
9.4(2.145) |
7.5(1.112) |
— |
— |
— |
— |
— |
YES |
— |
|
9.4(2) |
7.5(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
|
9.4(1.225) |
7.5(1) |
— |
— |
— |
— |
— |
— |
YES |
|
9.4(1.200) |
7.4(2) |
— |
— |
— |
YES |
— |
— |
— |
|
9.4(1.152) |
7.4(3) |
— |
— |
— |
— |
— |
YES |
— |
|
9.4(1) |
7.4(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
|
9.3(3.8) |
7.4(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
|
9.3(3) |
7.4(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
|
9.3(2.200) |
7.3(2) |
— |
— |
— |
YES |
— |
— |
— |
|
9.3(2) |
7.3(3) |
YES (5506-X only) |
YES |
YES |
YES |
YES |
— |
— |
|
7.3(2) |
YES (5506-X only) |
YES |
YES |
YES |
YES |
— |
— |
|
|
9.3(1) |
7.3(1) |
— |
YES |
YES |
YES |
YES |
— |
— |
ASA 9.2 to 9.1
Note |
ASA 9.2(x) was the final version for the ASA 5505. Later ASDM versions continue to support the ASA 5505. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.4(3) can manage an ASA 5505 on ASA 9.1(1). |
|
ASA |
ASDM |
ASA Model | ||||
|---|---|---|---|---|---|---|
|
ASA 5505 |
ASA 5512-X 5515-X 5525-X 5545-X 5555-X |
ASA 5585-X |
ASAv |
ASASM |
||
|
9.2(4.5) |
7.4(3) |
YES |
YES |
YES |
YES |
YES |
|
9.2(4) |
7.4(3) |
YES |
YES |
YES |
YES |
YES |
|
9.2(3) |
7.3(1.101) |
YES |
YES |
YES |
YES |
YES |
|
9.2(2.4) |
7.2(2) |
YES |
YES |
YES |
YES |
YES |
|
9.2(1) |
7.2(1) |
YES |
YES |
YES |
YES |
YES |
|
9.1(7.4) |
7.5(2) |
YES |
YES |
YES |
— |
YES |
|
9.1(6) |
7.1(7) |
YES |
YES |
YES |
— |
YES |
|
9.1(5) |
7.1(6) |
YES |
YES |
YES |
— |
YES |
|
9.1(4) |
7.1(5) |
YES |
YES |
YES |
— |
YES |
|
9.1(3) |
7.1(4) |
YES |
YES |
YES |
— |
YES |
|
9.1(2) |
7.1(3) |
YES |
YES |
YES |
— |
YES |
|
9.1(1) |
7.1(1) |
YES |
YES |
YES |
— |
YES |
ASA 9.0 to 8.4
Note |
ASA 8.7(x)/ASDM 6.7(x) was the final version for the ASA 1000V. ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.1(4) can manage an ASA 5525-X on ASA 9.0(1). See the following exceptions:
|
|
ASA |
ASDM |
ASA Model |
||||
|---|---|---|---|---|---|---|
|
ASA 5505 |
ASA 5512-X 5515-X 5525-X 5545-X 5555-X |
ASA 5585-X |
ASASM |
ASA 1000V |
||
|
9.0(4) |
7.1(4) |
YES |
YES |
YES |
YES |
— |
|
9.0(3) |
7.1(3) |
YES |
YES |
YES |
YES |
— |
|
9.0(2) |
7.1(2) |
YES |
YES |
YES |
YES |
— |
|
9.0(1) |
7.0(1) |
YES |
YES |
YES |
YES |
— |
|
8.7(1.1) |
6.7(1) |
— |
— |
— |
— |
YES |
|
8.6(1) |
6.6(1) |
— |
YES |
— |
— |
— |
|
8.5(1) |
6.5(1) |
— |
— |
— |
YES |
— |
|
8.4(7) |
7.1(3) |
YES |
— |
YES |
— |
— |
|
8.4(6) |
7.1(2.102) |
YES |
— |
YES |
— |
— |
|
8.4(5) |
7.0(2) |
YES |
— |
YES |
— |
— |
|
8.4(4.1) |
6.4(9) |
YES |
— |
YES |
— |
— |
|
8.4(3) |
6.4(7) |
YES |
— |
YES |
— |
— |
|
8.4(2) |
6.4(5) |
YES |
— |
YES |
— |
— |
|
8.4(1) |
6.4(1) |
YES |
— |
YES |
— |
— |
ASA and VPN Compatibility
For ASA and VPN compatibility, see Supported VPN Platforms, Cisco ASA 5500 Series.
Firepower 4100/9300 Compatibility with ASA and Threat Defense
The following table lists compatibility between the ASA or threat defense applications with the Firepower 4100/9300.
The FXOS versions with (EoL) appended have reached their end of life (EoL), or end of support.
Note |
The bold versions listed below are specially-qualified companion releases. You should use these software combinations whenever possible because Cisco performs enhanced testing for these combinations. |
Note |
Firepower 1000/2100 and Secure Firewall 3100 appliances utilize FXOS only as an underlying operating system that is included in the ASA and threat defense unified image bundles. |
|
FXOS Version |
Model |
ASA Version |
Threat Defense Version |
||||||
|---|---|---|---|---|---|---|---|---|---|
|
2.12(0.31)+
|
Firepower 4112 |
9.18(x) (recommended) 9.17(x) 9.16(x) 9.15(1) 9.14(x) |
7.2.0 (recommended) 7.1.0 7.0.0 6.7.0 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.18(x) (recommended) 9.17(x) 9.16(x) 9.15(1) 9.14(x) 9.13(1) 9.12(x) |
7.2.0 (recommended) 7.1.0 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.18(x) (recommended) 9.17(x) 9.16(x) 9.15(1) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
7.2.0 (recommended) 7.1.0 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.11(1.154)+
|
Firepower 4112 |
9.17(x) (recommended) 9.16(x) 9.15(1) 9.14(x) |
7.1.0 (recommended) 7.0.0 6.7.0 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.17(x) (recommended) 9.16(x) 9.15(1) 9.14(x) 9.13(1) 9.12(x) |
7.1.0 (recommended) 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.17(x) (recommended) 9.16(x) 9.15(1) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
7.1.0 (recommended) 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.10(1.159)+
|
Firepower 4112 |
9.16(x) (recommended) 9.15(1) 9.14(x) |
7.0.0 (recommended) 6.7.0 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.16(x) (recommended) 9.15(1) 9.14(x) 9.13(1) 9.12(x) |
7.0.0 (recommended) 6.7.0 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.16(x) (recommended) 9.15(1) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
7.0.0 (recommended) 6.7.0 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.9(1.131)+
|
Firepower 4112 |
9.15(1) (recommended) 9.14(x) |
6.7.0 (recommended) 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.15(1) (recommended) 9.14(x) 9.13(1) 9.12(x) |
6.7.0 (recommended) 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.15(1) (recommended) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
6.7.0 (recommended) 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.8(1.105)+
|
Firepower 4112 |
9.14(x) |
6.6.x
|
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.14(x) (recommended) 9.13(1) 9.12(x)
|
6.6.x (recommended)
6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.14(x) (recommended) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.6(4) |
6.6.x (recommended)
6.5.0 6.4.0 6.3.0 6.2.3 6.2.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.7(1.92)+ |
Firepower 4145 Firepower 4125 Firepower 4115 |
9.13(1) (recommended) 9.12(x)
|
6.5.0 (recommended) 6.4.0 |
||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.13(1) (recommended) 9.12(x) 9.10(1) 9.9(x) 9.8(x) 9.6(4) |
6.5.0 (recommended) 6.4.0 6.3.0 6.2.3 6.2.2 6.2.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.6(1.157)+
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.12(x)
|
6.4.0 | ||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.12(x) (recommended) 9.10(1) 9.9(x) 9.8(x) 9.6(4)
|
6.4.0 (recommended) 6.3.0 6.2.3 6.2.2 6.2.0 6.1.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.6(1.131) |
Firepower 9300 SM-48 Firepower 9300 SM-40 |
9.12(x) |
Not supported |
||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.12(x) (recommended) 9.10(1) 9.9(x) 9.8(x) 9.6(4)
|
||||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.4(1.214)+
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.10(1) (recommended) 9.9(x) 9.8(x) 9.6(3), 9.6(4)
|
6.3.0 (recommended) 6.2.3 6.2.2 6.2.0 6.1.0 |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.4(1.101) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.10(1) (recommended) 9.9(x) 9.8(x) 9.6(3), 9.6(4)
|
Not supported |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.3(1.73)+ |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.9(x) (recommended) 9.8(x) 9.7(x) 9.6(3), 9.6(4)
|
6.2.3 (recommended)
6.2.2 6.2.0 6.1.0
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.3(1.66) 2.3(1.58) 2.3(1.56)
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.9(x) (recommended) 9.8(x) 9.7(x) 9.6(3), 9.6(4)
|
6.2.2 (recommended) 6.2.2 6.2.0 6.1.0
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.2(2) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8(x) (recommended) |
6.2.2 (recommended) 6.2.0
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.2(1) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8(1) (recommended) 9.7(x)
|
6.2.0 (recommended)
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.1(1) (EoL) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.7(x) (recommended) 9.6(2), 9.6(3), 9.6(4) |
6.2.0 (recommended) 6.1.0 |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.0(1) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.6(2), 9.6(3), 9.6(4) (recommended) 9.6(1) |
6.1.0 (recommended) 6.0.1 |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
1.1(4) |
Firepower 4140 Firepower 4120 Firepower 4110 |
9.6(1) |
6.0.1 (recommended) |
||||||
|
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.6(1) (recommended) 9.5(2), 9.5(3) |
||||||||
|
1.1(3) |
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.5(2), 9.5(3) (recommended) 9.4(2) |
Not supported |
||||||
|
1.1(2) |
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.4(2) (recommended) 9.4(1) |
Not supported |
||||||
|
1.1(1) (EoL) |
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.4(1) (recommended) |
Not supported |
Firepower 1000/2100 and Secure Firewall 3100 ASA and FXOS Bundle Versions
Firepower 1000/2100 and Secure Firewall 3100 platforms utilize FXOS as an underlying operating system that is included in the ASA unified image bundles. The following table lists the ASA and FXOS versions in each released bundle.
Note |
You cannot install ASA or FXOS separately; you must install them both as part of the bundle. |
|
ASA Bundle Version |
FXOS Version |
|---|---|
|
9.18(1) |
2.12(0.31) |
|
9.17(1) |
2.11(1.154) |
|
9.16(3) |
2.10(1.189) |
|
9.16(2) |
2.10(1.162) |
|
9.16(1) |
2.10(1.159) |
|
9.15(1) |
2.9(1.131) |
|
9.14(3) |
2.8(1.157) |
|
9.14(2) |
2.8(1.134) |
|
9.14(1.30) |
2.8(1.129) |
|
9.14(1) |
2.8(1.105) |
|
9.13(1) |
2.7(1.107) |
|
9.12(4) |
2.6(1.198) |
|
9.12(3) |
2.6(1.156) |
|
9.12(2) |
2.6(1.141) |
|
9.12(1) |
2.6(1.113) |
|
9.10(1) |
2.4(1.92) |
|
9.9(2) |
2.3(1.77) |
|
9.9(1) |
2.3(1.54) |
|
9.8(4) |
2.2(2.119) |
|
9.8(3) |
2.2(2.90) |
|
9.8(2) |
2.2(2.52) |
ASA Virtual Hypervisor Compatibility
You can deploy the ASA virtual on the following hypervisors.
|
Hypervisor |
Version and Details |
ASA Virtual OS |
|||
|---|---|---|---|---|---|
| Alibaba Cloud |
ASA 9.18(x) and later Alibaba Cloud supports the ASAv5, ASAv10 and ASAv30 models on the following instance types:
|
ASA 9.18(x) |
|||
|
Amazon Web Services |
ASA 9.17(x) and later Amazon Web Services supports the following instance types:
ASA 9.14(x) and later Amazon Web Services supports the following instance types:
ASA 9.13(x) and later
ASA 9.12(x) and earlier Amazon Web Services supports the ASAv10 and ASAv30 models on the following instance types:
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(1.200), 9.4(2), 9.4(3), 9.4(4) |
|||
|
Kernel-based Virtual Machine (KVM) |
ASA 9.14(x)
ASA 9.13(x)
ASA 9.8(x)
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(2.200), 9.3(3) |
|||
|
Microsoft Azure |
ASA 9.17(x) and later Microsoft Azure supports the following instance types:
ASA 9.15(x) and later Microsoft Azure supports the following instance types:
ASA 9.13(x) and later
ASA 9.12(x) and earlier Microsoft Azure supports the ASAv5, ASAv10, and ASAv30 models on the following instance types:
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(2), 9.6(3), 9.6(4) ASA 9.5(2.200), 9.5(3) |
|||
|
Google Cloud Platform (GCP) |
Google Cloud Platform (GCP) supports the ASA Virtual on the following GCP machine types:
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) |
|||
|
OpenStack |
OpenStack supports the ASA Virtual:
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) |
|||
|
Oracle Cloud Infrastructure (OCI) |
Oracle Cloud Infrastructure (OCI) supports the ASA Virtual on the following OCI shape types:
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) |
|||
|
VMware vSphere |
7.0:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) |
|||
|
6.0, 6.5, 6.7:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
ASA 9.14(x)
ASA 9.13(x) and later
ASA 9.8(x)
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(x) ASA 9.2(x) |
||||
|
5.x:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
|
ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) (ASAv50 support added) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(1.200), 9.4(2), 9.4(3), 9.4(4) |
||||
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) (ASAv100 support added) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) (ASAv50 support added) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(1.200), 9.4(2), 9.4(3), 9.4(4) |
||||
|
Microsoft Hyper-V |
The Microsoft Hyper-V hypervisor supports the ASAv5, ASAv10, and ASAv30 models.
ASA 9.13(x) and later
|
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(1.200), 9.5(2), 9.5(3) |
Cisco Defense Orchestrator (CDO) Compatibility with the ASA
CDO can manage all platforms running ASA 8.4 and later (see ASA and ASDM Compatibility Per Model), except for the ASA Services Module (ASASM), which is not supported by CDO.
CDO can onboard an ASA running ASA 8.3 but cannot deploy changes to it or manage it in any other way. Support is "read-only."
CDO does not support management of the ASA FirePOWER module, which runs a different operating system from ASA. You can still use the ASA FirePOWER module in your system, but you need to manage it separately with Firepower Management Center or ASDM.
There may be a CDO feature that does not support all versions of ASA, such as ASA upgrades from pre-9.12 versions. In those cases, the CDO documentation will list any version exceptions with the prerequisites for that feature.
ASA Services Module, IOS, and Switch Compatibility
The following table shows the switch hardware and software compatibility.
Note |
ASA 9.12(x)/ASDM 7.12(x) was the final version for the ASASM. |
|
ASA OS |
Switch Hardware |
Supervisor Engine or Route Switch Processor |
Cisco IOS Release |
|---|---|---|---|
|
9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.7(x) 9.6(x) 9.5(x) 9.4(x) 9.3(x) 9.2(x) 9.1(x) 9.0(x) |
Cisco 7604, 7609-S, 7613-S |
SUP 2T with MSFC5 & PFC4 (VS-S2T-10G) SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL) |
15.1(1)SY+ |
|
9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.7(x) 9.6(x) 9.5(x) 9.4(x) 9.3(x) 9.2(x) 9.1(x) 9.0(x) |
Cisco 7606-S, 7609-S |
RSP 720 with 10GE ports, MSFC4 & PFC-3C (RSP720-3C-10GE) RSP 720 with 10GE ports, MSFC4 & PFC-3CXL (RSP720-3CXL-10GE) RSP 720 with 2GE ports, MSFC4 & PFC-3C (RSP720-3C-GE) RSP 720 with 2GE ports, MSFC4 & PFC-3CXL (RSP720-3CXL-GE) SUP 720 with MSFC3 & PFC3B (WS-SUP720-3B) SUP 720 with MSFC3 & PFC3BXL (WS-SUP720-3BXL) |
15.2(4)S2+ |
|
9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.7(x) 9.6(x) 9.5(x) 9.4(x) 9.3(x) 9.2(x) 9.1(x) 9.0(x) 8.5(1.7)+ |
Catalyst 6500-E |
SUP 2T with MSFC5 & PFC4 (VS-S2T-10G) SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL) |
15.0(1)SY1+ |
|
9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.7(x) 9.6(x) 9.5(x) 9.4(x) 9.3(x) 9.2(x) 9.1(x) 9.0(x) 8.5(1.7)+ |
Catalyst 6500-E |
SUP 720-10GE with MSFC3 & PFC3C (VS-S720-10G-3C) SUP 720-10GE with MSFC3 & PFC3CXL (VS-S720-10G-3CXL) SUP 720 with MSFC3 & PFC3B (WS-SUP720-3B) SUP 720 with MSFC3 & PFC3BXL (WS-SUP720-3BXL) |
12.2(33)SXJ2+ (Originally-supported Cisco IOS Version 12.2(33)SXJ1 has a caveat (CSCts88817) that can cause the ASASM to reload under certain circumstances. Therefore, we recommend using Version 12.2(33)SXJ2 or later.) |
|
9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.7(x) 9.6(x) 9.5(x) 9.4(x) 9.3(x) 9.2(x) 9.1(x) 9.0(x) 8.5(x) |
Catalyst 6800 series |
SUP 2T with MSFC5 & PFC4 (VS-S2T-10G) SUP 2T with MSFC5 & PFC4XL (VS-S2T-10G-XL) |
15.1(2)SY1+ |
ASA REST API Compatibility
The following table lists ASA REST API and ASA compatibility.
Note |
The ASA 5506-X series does not support the REST API if you are running the FirePOWER module Version 6.0 or later. Disable the ASA REST API using the no rest-api agent command. |
|
ASA |
ASA REST API |
ASA Model |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASA 5512-X 5515-X |
ASA 5525-X 5545-X 5555-X |
ASA 5585-X |
ASAv |
ASASM |
Firepower 1010 1120 1140 1150 |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4120 4140 4150 |
Firepower 4112 4115 4125 4145 |
Firepower 9300 |
ISA 3000 |
||
|
9.16(x) |
7.16(x) |
YES |
— |
— |
— |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.15(x) |
7.15(x) |
YES |
— |
— |
— |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.14(x) |
7.14(x) |
YES |
— |
YES |
— |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.13(x) |
7.13(x) The version changed with this release to match the ASDM number. |
YES |
— |
YES |
— |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.12(x) |
1.3(2.346) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.10(x) |
1.3(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.9(x) |
1.3(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.8(x) |
1.3(2) |
YES |
YES |
YES |
YES |
YES (+ASAv50) |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.7(1.4) |
1.3(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.6(4) |
1.3(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.6(3.1) |
1.3(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.6(2) |
1.3(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES |
— |
YES |
YES |
|
9.6(1) |
1.3(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
YES (except 4150) |
— |
YES |
YES |
|
9.5(3.9) |
1.2(2.200) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
YES |
|
9.5(2.200) |
1.2(2.200) |
— |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.5(2.2) |
1.2(2) |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.5(2.1) |
1.2(2) |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.5(2) |
1.2(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
YES |
|
9.5(1.200) |
1.2(1) |
— |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.5(1.5) |
1.2(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.5(1) |
1.2(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.4(3) |
1.2(1) 1.1(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.4(2.146) |
1.1(2) |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.4(2.145) |
1.1(2) |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.4(2) |
1.2(1) 1.1(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.4(1.225) |
1.2(1) |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
|
9.4(1.200) |
1.2(1) 1.1(1) |
— |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.4(1.152) |
1.1(2) |
— |
— |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
|
9.4(1) |
1.2(1) 1.1(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.3(2.200) |
1.2(1)+ 1.1(1) 1.0(1) |
— |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
— |
|
9.3(2) |
1.2(1) 1.1(1) 1.0(1) |
YES (ASA 5506-X only) |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
— |
— |
Smart Licensing Agent Version per ASA Release
The following Smart Agent versions are used in ASA software for communication with the Smart Licensing server.
|
ASA Version |
Smart Agent Version |
|---|---|
|
9.14 |
4.9.3 |
|
9.13 |
4.9.3 |
|
9.12 |
4.3.6 |
|
9.10 |
4.3.6 |
|
9.9 |
1.6.14_rel/129 |
ASA 5506W-X Wireless Access Point Software Compatibility
The ASA 5506W-X includes a Cisco Aironet 702i wireless access point integrated into the ASA. The access point includes an autonomous Cisco IOS image, which enables individual device management. You can install the lightweightimage if you want to add the ASA 5506W-X to a Cisco Unified Wireless Network and use a wireless LAN controller. See the Converting Autonomous Access Points to Lightweight Mode chapter in the Cisco Wireless Control Configuration Guide for more information about using the lightweight image in unified mode.
The following table shows the supported software for the access point as well as the supported Cisco Wireless LAN Controller software if you convert to unified mode.
|
Built-in Access Point |
Cisco IOS Release |
Cisco Wireless LAN Controller Release |
|---|---|---|
|
Aironet 702i |
15.3(3)JBB+ |
8.1.102.0+ |
ASA and ASA FirePOWER Module Compatibility
Compatibility Table
The following table shows the ASA, ASDM, and ASA FirePOWER support. If you are using an FMC to manage ASA FirePOWER, you can ignore the ASDM requirements.
Note that:
-
ASA 9.16(x)/ASDM 7.16(x)/Firepower 7.0.0/7.0.x is the final version for the ASA FirePOWER module on the ASA 5508-X, 5516-X, and the ISA 3000.
-
ASA 9.14(x)/ASDM 7.14(x)/FirePOWER 6.6.0/6.6.x is the final version for the ASA FirePOWER module on the ASA 5525-X, 5545-X, and 5555-X.
-
ASA 9.12(x)/ASDM 7.12(x)/FirePOWER 6.4.0 is the final version for the ASA FirePOWER module on the ASA 5515-X and 5585-X.
-
ASA 9.9(x)/ASDM 7.9(2)/FirePOWER 6.2.3 is the final version for the ASA FirePOWER module on the ASA 5506-X series and 5512-X.
ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.13(1) can manage an ASA 5516-X on ASA 9.10(1). ASDM 7.13(1) and ASDM 7.14(1) did not support ASA 5512-X, 5515-X, 5585-X, and ASASM; you must upgrade to ASDM 7.13(1.101) or 7.14(1.48) to restore ASDM support.
|
ASA FirePOWER Version |
ASDM Version (for local mgmt) |
ASA Version |
ASA Model |
||||||
|---|---|---|---|---|---|---|---|---|---|
|
5506-X Series |
5508-X 5516-X |
5512-X |
5515-X |
5525-X 5545-X 5555-X |
5585-X (See below for SSP notes) |
ISA 3000 |
|||
|
7.0.x |
ASDM 7.16(1) |
ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) |
— |
YES |
— |
— |
— |
— |
YES |
|
6.7.x |
ASDM 7.15(1) |
ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) |
— |
YES |
— |
— |
— |
— |
YES |
|
6.6.x |
ASDM 7.14(1) |
ASA 9.16(x) (No 5525-X, 5545-X, 5555-X) ASA 9.15(x) (No 5525-X, 5545-X, 5555-X) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) |
— |
YES |
— |
— |
YES |
— |
YES |
|
6.5.0 |
ASDM 7.13(1) |
ASA 9.16(x) (No 5525-X, 5545-X, 5555-X) ASA 9.15(x) (No 5525-X, 5545-X, 5555-X) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) |
— |
YES |
— |
— |
YES |
— |
YES |
|
6.4.0 |
ASDM 7.12(1) |
ASA 9.16(x) (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5515-X, 5585-X) ASA 9.13(x) (No 5515-X, 5585-X) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) |
— |
YES |
— |
YES |
YES |
YES |
YES |
|
6.3.0 |
ASDM 7.10(1) |
ASA 9.16(x) (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5515-X, 5585-X) ASA 9.13(x) (No 5515-X, 5585-X) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) |
— |
YES |
— |
YES |
YES |
YES |
YES |
|
6.2.3 |
ASDM 7.9(2) |
ASA 9.16(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.12(x) (No 5506-X, 5512-X) ASA 9.10(x) (No 5506-X, 5512-X) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.2.2 |
ASDM 7.8(2) |
ASA 9.16(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.12(x) (No 5506-X, 5512-X) ASA 9.10(x) (No 5506-X, 5512-X) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.2.0 |
ASDM 7.7(1) |
ASA 9.16(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.12(x) (No 5506-X, 5512-X) ASA 9.10(x) (No 5506-X, 5512-X) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.1.0 |
ASDM 7.6(2) |
ASA 9.16(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.12(x) (No 5506-X, 5512-X) ASA 9.10(x) (No 5506-X, 5512-X) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.0.1 |
ASDM 7.6(1) (no ASA 9.4(x) support with ASDM; only FMC) |
ASA 9.6(x) ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4(x) Due to CSCuv91730, we recommend that you upgrade to 9.4(2) and later. |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.0.0 |
ASDM 7.5(1.112) (no ASA 9.4(x) support with ASDM; only FMC) |
ASA 9.6(x) ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4(x) Due to CSCuv91730, we recommend that you upgrade to 9.4(2) and later. |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
5.4.1.7+ |
ASDM 7.5(1.112) (no ASA 9.4(x) support with ASDM; only FMC) |
ASA 9.16(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.14(x) (No 5506-X) ASA 9.13(x) (No 5506-X) ASA 9.12(x) (No 5506-X) ASA 9.10(x) (No 5506-X) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(2), 9.5(3) ASA 9.4(x) ASA 9.4(1.225) (ISA 3000 only) ASA 9.3(2), 9.3(3) (no 5508-X or 5516-X) Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later. |
YES |
YES |
— |
— |
— |
— |
YES |
|
5.4.1 |
ASDM 7.3(3) |
ASA 9.16(x) (No 5506-X) ASA 9.15(x) (No 5506-X) ASA 9.14(x) (No 5506-X) ASA 9.13(x) (No 5506-X) ASA 9.12(x) (No 5506-X) ASA 9.10(x) (No 5506-X) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4(x) ASA 9.3(2), 9.3(3) (5506-X only) Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later. |
YES |
YES |
— |
— |
— |
— |
— |
|
5.4.0.2+ |
— |
ASA 9.14(x) (No 5512-X, 5515-X, 5585-X) ASA 9.13(x) (No 5512-X, 5515-X, 5585-X) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4(x) ASA 9.3(2), 9.3(3) Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later. |
— |
— |
YES |
YES |
YES |
YES |
— |
|
5.4.0.1 |
— |
ASA 9.2(2.4), 9.2(3), 9.2(4) Due to CSCuv91730, we recommend that you upgrade to 9.2(4.5) and later. |
— |
— |
YES |
YES |
YES |
YES |
— |
|
5.3.1 |
— |
ASA 9.2(2.4), 9.2(3), 9.2(4) Due to CSCuv91730, we recommend that you upgrade to 9.2(4.5) and later. |
— |
— |
YES |
YES |
YES |
YES |
— |
ASA 5585-X SSP Compatibility
Same level SSPs
ASA FirePOWER SSP -10, -20, -40, and -60
Requirements: Install in slot 1, with matching-level ASA SSP in slot 0
Mixed level SSPs
Support for the following combinations starts with version 5.4.0.1.
-
ASA SSP-10/ASA FirePOWER SSP-40
-
ASA SSP-20/ASA FirePOWER SSP-60
-
ASA SSP-40/ASA FirePOWER SSP-60
Requirements: ASA SSP in slot 0, ASA FirePOWER SSP in slot 1
Note |
For the SSP40/60 combination, you might see an error message that this combination is not supported. You can ignore the message. |
Secure Firewall 3100 Network Module Compatibility
|
Modules Supported |
Model |
ASA OS |
||
|---|---|---|---|---|
|
|
9.18(x)
|
||
|
|
9.18(x)
|
||
|
|
9.18(x) 9.17(x) |
||
|
4-port 40-Gb QSFP+ network module (FPR3K-XNM-4X40G) |
|
9.18(x) 9.17(x) |
Firepower 2100 Network Module Compatibility
Note |
If a network module is listed for multiple Firepower models, and the part number only differs in the model number (FPRXK-NM-module), then that module is compatible with the other Firepower models. For example, the FPR9K-NM-6X10SR-F module is compatible on the Firepower 2100 (FPR2K-NM-6X10SR-F) and Firepower 4100 (FPR4K-NM-6X10SR-F). See the FXOS compatibility guide for information about Firepower 4100 and 9300 network modules. |
|
Modules Supported |
Model |
ASA OS |
||
|---|---|---|---|---|
|
Firepower 2130 Firepower 2140 |
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x)
|
||
|
Firepower 8-port 1G Network Module single-wide (FPR2K-NM-8X1G) |
Firepower 2130 Firepower 2140 |
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) |
||
|
Firepower 8-port 10G Network Module single-wide (FPR2K-NM-8X10G) |
Firepower 2130 Firepower 2140 |
ASA 9.18(x) ASA 9.17(x) ASA 9.16(x) ASA 9.15(x) ASA 9.14(x) ASA 9.13(x) ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(2), 9.8(3) |
ASA 5585-X SSP and Network Module Compatibility
Note |
ASA 9.12(x)/ASDM 7.12(x) was the final release for the ASA 5585-X. |
|
Modules Supported |
ASA OS |
|---|---|
|
ASA SSP-20 and -60 Requirements: Single ASA SSP in slot 0 |
ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(x) ASA 9.2(x) ASA 9.1(x) ASA 9.0(x) ASA 8.4(x)) ASA 8.2(3), 8.2(4), 8.2(5) |
|
ASA SSP-10 and -40 Requirements: Single ASA SSP in slot 0 |
ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(x) ASA 9.2(x) ASA 9.1(x) ASA 9.0(x) ASA 8.4(x)) ASA 8.2(4), 8.2(5) |
|
Dual ASA SSPs:
Requirements: Matching-level for both SSPs |
ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(x) ASA 9.2(x) ASA 9.1(x) ASA 9.0(x) ASA 8.4(2), 8.4(3), 8.4(4), 8.4(5), 8.4(6), 8.4(7) |
|
Dual ASA SSPs:
Requirements: Matching-level for both SSPs |
ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(x) ASA 9.2(x) ASA 9.1(x) ASA 9.0(x) |
Requirements: Install one or two network modules in slot 1, with ASA SSP in slot 0 |
ASA 9.12(x) ASA 9.10(x) ASA 9.9(x) ASA 9.8(x) ASA 9.7(x) ASA 9.6(x) ASA 9.5(x) ASA 9.4(x) ASA 9.3(x) ASA 9.2(x) ASA 9.1(2), 9.1(3), 9.1(4), 9.1(5), 9.1(6), 9.1(7) ASA 8.4(4.1), 8.4(5), 8.4(6), 8.4(7) |
ASA and Threat Defense Clustering External Hardware Support
Clustering will work with both Cisco and non-Cisco switches from other major switching vendors with no known interoperability issues if they comply with the following requirements and recommendations.
Switch Requirements
-
All third party switches must be compliant to the IEEE standard (802.3ad) Link Aggregation Control Protocol.
-
EtherChannel bundling must be completed within 45 seconds when connected to Firepower devices and 33 seconds when connected to ASA devices.
-
On the cluster control link, the switch must provide fully unimpeded unicast and broadcast connectivity at Layer 2 between all cluster members.
-
On the cluster control link, the switch must not impose any limitations on IP addressing or the packet format above Layer 2 headers.
-
On the cluster control link, the switch interfaces must support jumbo frames and be configurable for an MTU above 1600.
Switch Recommendations
-
The switch should provide uniform traffic distribution over the EtherChannel's individual links.
-
The switch should have an EtherChannel load-balancing algorithm that provides traffic symmetry.
-
The EtherChannel load balance hash algorithm should be configurable using the 5-tuple, 4-tuple, or 2-tuple to calculate the hash.
Note |
For the Firepower 9300 cluster, intra-chassis clustering can operate with any switch because Firepower 9300-to-switch connections use standard interface types. |
Note |
Some switches, such as the Nexus series, do not support LACP rate fast when performing in-service software upgrades (ISSUs), so we do not recommend using ISSUs with clustering. |
ASA and Cisco Application Policy Infrastructure Controller (APIC) Compatibility
The platforms supported include:
-
ASA 5525-X, 5545-X, and 5555-X (8.6(x)—9.14(x))
-
ASA 5512-X, 5515-X (8.6(x)—9.12(x))
-
ASA 5585-X (8.4(x)—9.12(x))
-
ASAv (9.2(x) and newer)
-
Firepower 4100 and 9300 (9.6(x) and newer)
-
Firepower 2100 (9.8(x) and newer)
The following table lists the supported ASA device packages, ASA versions, and APIC versions.
|
ASA Device Package Version |
Integration Model |
APIC Version |
ASA Version |
|---|---|---|---|
|
1.3(12.4) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*)—5.0(2*) |
8.4(x)—9.16(x) |
|
1.3(12.3) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*)—4.1(1*) |
8.4(x)—9.12(x) |
|
1.3(11.22) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*)—4.0(1*) |
8.4(x)—9.10(x) |
|
1.3(10.24) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*) |
8.4(x)—9.8(x) |
|
1.2(12.3) |
Policy Orchestration Fabric Insertion |
3.0(2*) and older |
8.4(x)—9.16(x) |
|
1.2(12.2) |
Policy Orchestration Fabric Insertion |
3.0(2*) and older |
8.4(x)—9.12(x) |
|
1.2(11.16) |
Policy Orchestration Fabric Insertion |
3.0(2*) and older |
8.4(x)—9.10(1) |
|
1.2(10.26) |
Policy Orchestration Fabric Insertion |
3.0(2*) |
8.4(x)—9.8(x) |
|
1.2(9.18) |
Policy Orchestration Fabric Insertion |
3.0(1*) |
8.4(x)—9.8(x) |
|
1.2(8.9) |
Policy Orchestration Fabric Insertion |
2.2(2*) |
8.4(x)—9.7(x) |
|
1.2(7.x) |
Policy Orchestration Fabric Insertion |
2.1(1*) |
8.4(x)—9.6(2) |
|
1.2(6.15) |
Policy Orchestration |
2.0(1*) |
8.4(x)—9.5(2) |
|
1.2(5.21) |
Policy Orchestration |
1.3(1*) |
8.4(x)—9.5(1) |
|
1.2(5.5) |
Policy Orchestration |
1.2(2*) |
8.4(x)—9.4(x) |
Note |
We do not recommend using any ASA device package older than 2016. |
Note |
Policy Orchestration = Service Policy Mode = Fully Managed Mode. |
Note |
Fabric Insertion = Customized ASA device package for L2-3 automation only. |
ASA 5505 Memory
Shipping Memory
The shipping DRAM increased after February 2010; the DRAM requirements for 8.3 and higher match the newer default shipping sizes. The newer default shipping DRAM is the current maximum DRAM you can install in your unit.
See the following shipping memory for the ASA 5505:
-
Internal Flash Memory (Default Shipping)—128 MB
-
Total DRAM (Default Shipping), Before Feb. 2010—256 MB
-
Total DRAM (Default Shipping), After Feb. 2010—512 MB
Memory Requirments
With Version 8.3 through 9.1 only the Unlimited Hosts license and the Security Plus license with failover enabled require 512 MB DRAM; other licenses can use 256 MB. For Version 9.2 and later, all ASA 5505 licenses require 512 MB.
Memory Kits
See the following DRAM memory kits available:
-
512 MB—ASA5505-MEM-512=
Viewing Memory
You can check the size of internal flash and the amount of free flash memory on the ASA by doing the following:
-
ASDM—Choose . The amounts of total and available flash memory appear on the bottom left in the pane.
-
CLI—In Privileged EXEC mode, enter the dir command. The amounts of total and available flash memory appear on the bottom of the output.
Example:
ciscoasa# dir
Directory of disk0:/
43 -rwx 14358528 08:46:02 Feb 19 2007 cdisk.bin
136 -rwx 12456368 10:25:08 Feb 20 2007 asdmfile
58 -rwx 6342320 08:44:54 Feb 19 2007 asdm-600110.bin
61 -rwx 416354 11:50:58 Feb 07 2007 sslclient-win-1.1.3.173.pkg
62 -rwx 23689 08:48:04 Jan 30 2007 asa1_backup.cfg
66 -rwx 425 11:45:52 Dec 05 2006 anyconnect
70 -rwx 774 05:57:48 Nov 22 2006 cvcprofile.xml
71 -rwx 338 15:48:40 Nov 29 2006 tmpAsdmCustomization430406526
72 -rwx 32 09:35:40 Dec 08 2006 LOCAL-CA-SERVER.ser
73 -rwx 2205678 07:19:22 Jan 05 2007 vpn-win32-Release-2.0.0156-k9.pkg
74 -rwx 3380111 11:39:36 Feb 12 2007 securedesktop_asa_3_2_0_56.pkg
62881792 bytes total (3854336 bytes free)
End-of-Life Announcements
See the following pages for ASA software and hardware End-of-Life announcements:
Additional Resources
See the following additional resources:
Feedback