Which version of Secure Firewall Threat
Defense will Cloud-Delivered Firewall Management Center stop managing?
Cloud-Delivered Firewall Management Center will stop managing Secure Firewall Threat
Defense Version 7.0.x from October 22, 2025.
Why is this change necessary?
This change is necessary to ensure compatibility and security for our customers' systems. As we upgrade our systems, it is
essential that the latest version of Secure Firewall Threat
Defense devices is supported to maintain reliability and performance.
From October 22, 2025, will I be able to use my existing Secure Firewall Threat
Defense 7.0.x devices?
We will not support the management of Secure Firewall Threat
Defense devices running Version 7.0.x from Cloud-Delivered Firewall Management Center after October 22, 2025. You will not be able to make or deploy changes to Secure Firewall Threat
Defense devices running Version 7.0.x and earlier except to upgrade or unregister.
Your impacted devices will still be visible in Cloud-Delivered Firewall Management Center, but in read-only mode only. New changes cannot be deployed to the devices.
What are the recommended upgrade options?
You are required to upgrade to at least Version 7.2.x. The Cisco-suggested version is 7.4.2.
Can I onboard new Version 7.0.x devices after October 22, 2025?
Yes, you can onboard new Secure Firewall Threat
Defense Version 7.0.x devices even after October 22, 2025, but you will need to upgrade them to either Version 7.2.x or the Cisco-recommended Version
7.4.2 using the Cloud-Delivered Firewall Management Center to ensure normal operation.
What will happen if I don't upgrade?
From October 22, 2025, you will not be able to make or deploy changes to Secure Firewall Threat
Defense devices running Version 7.0.x and earlier, except to upgrade or unregister. Failing to upgrade leaves you vulnerable to compatibility issues, security
issues, and possible downtime. To minimize disruption, you are required to upgrade now.
Can I migrate my existing ASA 5508 and 5516 devices to Cloud-Delivered Firewall Management Center?
We recommend that you do not migrate your existing ASA 5508 and 5516 devices to Cloud-Delivered Firewall Management Center because the last supported Threat Defense version for these ASA devices is 7.0.
In addition, Cisco will stop support for management of Threat Defense Version 7.0.x in Cloud-Delivered Firewall Management Center from October 22, 2025, and the ASA 5508 and 5516 devices cannot be upgraded to Version 7.2.x and later.
Can I manage my device's health in read-only mode after support ends?
After October 22, 2025, you will not be able to deploy device health policy changes, if any, to Secure Firewall Threat Defense
devices running Version 7.0.x and earlier. These devices will continue to operate with the previously configured health policies.
Are there costs associated with upgrade?
There is no cost, unless your hardware must also be upgraded. (The reference to hardware is limited to the Cisco Secure ASA
5508-X and Cisco Secure ASA 5516-X running Secure Firewall Threat
Defense Version 7.0.x). If you have to refresh your hardware, reach out to your Cisco Account Team.
Is there an exception for the customers who are not able to complete the device upgrade before October 22, 2025?
No, there are no exceptions to this requirement.
When will the Cloud-Delivered Firewall Management Center end the support for management of Version 7.2.x?
Cloud-Delivered Firewall Management Center will support the management of Secure Firewall Threat
Defense devices running Version 7.2.x until October 31, 2026.