New Features in Cloud-Delivered Firewall Management Center 2026

May 29, 2026

Table 1. Features in Version 20260506

Feature

Supported Threat Defense Version

Details

Administration

Device Backup Enhancements: Improved Usability and Scalability

Any

The device backup process has been reengineered with an intuitive user interface, delivering enhanced usability and optimized system performance.

Key improvements:

  • Advanced Search: Locate devices efficiently by filtering results based on device type and device groups.

  • Unified Backup Notifications: Monitor backup progress through a consolidated dashboard. View aggregate counts for successful, running, and failed backups, or drill down into individual device tracking for large-scale operations. This update also includes node-level progress monitoring for cluster devices.

  • Node-Level Restore: Download backups for specific nodes within a cluster for restoration, providing greater granularity and control.

  • Streamlined Device Actions: Execute bulk operations efficiently by selecting devices, clusters, or groups through a simplified checkbox interface.

  • Downloadable Reports: Export job-level backup progress reports to facilitate troubleshooting and expedite collaboration with Cisco TAC.

Enhanced Performance

7.4.7 and upcoming releases

Optimizes backup performance to significantly reduce processing time for high-volume devices.

Device Management

Maximum Firewall Threat Defense Devices Supported

Any

Cloud-Delivered Firewall Management Center supports up to 2,000 Firewall Threat Defense devices per deployment. This total can include a combination of standalone devices, devices in high-availability pairs, and devices that are cluster nodes.

Policy Management

NAT Templates

Any

NAT templates provide predefined NAT configurations for common use cases, helping administrators quickly create NAT rules with minimal manual input. NAT templates are useful when configuring standard outbound internet access or publishing internal resources to external networks.

  • The internet access template creates a dynamic Auto NAT rule that translates traffic from internal hosts to the destination interface IP address.

  • The internal resource access template creates a static Auto NAT rule that maps an internal resource to a translated address so that the resource is reachable from an external network.

New/modified pages: Policies > Network Policies > NAT

Open issues

Table 2. Open issues in Cloud-Delivered Firewall Management Center Version 20260213

Identifier

Headline

CSCwo13425

Bulk download 400K SXP mappings from ISE takes 80 minutes on FMC4800 with 1500 FTD setup

Resolved issues

This table lists the resolved security issues in this specific software release.

Table 3. Resolved security issues in Cloud-Delivered Firewall Management Center Version 20260506

Identifier

Headline

CSCwt25941

Multiple command injections in Remote::SF::Troubleshootingtool (only targets FTD)

CSCwt25947

Command injection in Remote::SF::Troubleshootingtool::deviceDeleteLogFiles (only targets FTD)

This table lists the resolved functional issues in this specific software release.

Table 4. Resolved functional issues in Cloud-Delivered Firewall Management Center Version 20260506

Identifier

Headline

CSCwo65977

Security Zones show "No Data" when attempting to edit ACP policies rules in FMC GUI post 7.7 upgrade - Indexing issue

CSCws92132

SASE: Restrict the tunnel ID field to 30 characters and custom IKE identity string

CSCws82979

Dynamic object not being updated in FMC when ADI has problems with ADI.conf

CSCws99933

Unable to Access the Access Control Policy.
CSCwt29200

FTD OOM due to hundreds of concurrent SF::DataService::Client::ProcessManifest calls invoking exec_perl.pl processes
CSCwt34022

Scheduled Task (schedule) for device backup has removed the unregistered device from its list for FTD HA device

CSCwt60089

Prometheus snapshot failing on cdFMC due to too many open files.
CSCwb83546

Default External Browser Package needs to be updated

CSCws94688

DAP Records fetch group policies displayed by their UUID instead of names (policies beyond the first 25 listed alphabetically due to the limit of 25 set when grouppolicies called in DAP)

CSCwt34828

The chassis actual status is Offline, but it shown as healthy in the new UI
CSCwt35794

Admin with RO Object Permissions unable to add Static Route for named interfaces

April 24, 2026

Table 5. Features in Version 20260315

Feature

Supported Threat Defense

Details

Model migration

Migrate Firepower 1100 Series to Secure Firewall 1200 Series

7.3.x and later

Migrate Firepower 1100 Series (1120, 1140, 1150) to:

  • Secure Firewall 1200 Series (1210CE, 1210CP, 1210CX) (7.6 and later)

  • Secure Firewall 1200 Series (1230, 1240, 1250) (7.7.x and later)

For more information on the migration paths, refer to Supported Devices for Migration.

Migrate Firepower 2100 Series to Secure Firewall 1200 Series

7.4.x and later

Migrate Firepower 2100 Series (2110, 2120, 2130, 2140) to:

  • Secure Firewall 1200 Series (1210CE, 1210CP, 1210CX) (7.6 and later)

  • Secure Firewall 1200 Series (1230, 1240, 1250) (7.7.x and later)

For more information on the migration paths, refer to Supported Devices for Migration.

Usability

Device Management page enhancements

Any

A redesigned user interface has been launched for the Device Management page, offering better usability and enhanced performance.

Key improvements include:

  • Advanced Search: Find devices more easily using multiple device-related criteria for more precise results.

  • Device Status Banner: Quickly view the number of devices in Normal, Error, and Offline states, displayed with a color-coded legend for easy identification.

  • Performance Enhancements: Enjoy faster page loading time and pagination that supports up to 1,000 devices per page.

  • Streamlined Device Actions: Perform device actions and bulk operations more efficiently through an intuitive side panel.

  • Centralized Troubleshooting: Access diagnostic tools such as Packet Tracer and Packet Capture from a single, convenient troubleshooting panel.

Note

 

This enhanced interface is currently in a preliminary phase. You can switch back to the legacy UI to access any features that are not yet available in the new interface.

Updated screens: Go to Devices > Device Management and enable the New Device Management UI toggle button.

February 19, 2026

Table 6. Features in Version 20260122

Feature

Minimum Threat Defense

Details

Device Management

Secure traffic using Cisco Secure Access and Firewall Threat Defense devices

Any

Cisco Secure Access is a cloud-based security service edge (SSE) solution that protects users from internet threats and enables secure access to the internet, SaaS applications, and private resources from any location. Secure Firewall seamlessly integrates with Secure Access for securing your traffic. Cloud-Delivered Firewall Management Center simplifies and automates the IPsec IKEv2 tunnel configuration from Firewall Threat Defense devices to Secure Access using the new SASE wizard. For more information, see Secure traffic using Cisco Secure Access and Firewall Threat Defense devices.