Cisco Firepower Classic Device Compatibility Guide
This guide provides software and hardware compatibility for Classic and legacy Firepower devices. For related compatibility guides, see Additional Resources.
 Note |
Not all software versions, especially patches, apply to all platforms. A quick way to tell if a version is supported is that its upgrade/installation packages are posted on the Cisco Support & Download site. If the site is "missing" an upgrade or installation package, that version is not supported. You can also check the release notes and End-of-Life Announcements. If you feel a version is missing in error, contact Cisco TAC. |
Additional Resources
|
Description |
Resources |
|---|---|
|
Sustaining bulletins provide support timelines for the Cisco Next Generation Firewall product line, including management platforms and operating systems. |
Cisco NGFW Product Line Software Release and Sustaining Bulletin |
|
Compatibility guides provide detailed compatibility information for supported hardware models and software versions, including bundled components and integrated products. |
|
|
Release notes provide critical and release-specific information, including upgrade warnings and behavior changes. Release notes also contain quicklinks to upgrade and installation instructions. |
|
|
New Feature guides provide information on new and deprecated features by release. |
Cisco Secure Firewall Management Center New Features by Release |
|
Documentation roadmaps provide links to currently available and legacy documentation. Try the roadmaps if what you are looking for is not listed above. |
Navigating the Cisco Secure Firewall Threat Defense Documentation Navigating the Cisco Secure Firewall ASA Series Documentation |
ASA 5500-X Series and ISA 3000 with FirePOWER Services
The ASA FirePOWER module runs on the separately upgraded ASA operating system. There is wide compatibility between ASA and ASA FirePOWER versions. However, upgrading allows you to take advantage of new features and resolved issues. For example, the Firepower captive portal feature requires at least ASA FirePOWER Version 6.0.0 and ASA 9.5(2).
Version 7.0.0 is the last major release that supports ASA FirePOWER.
The following table shows the ASA, ASDM, and ASA FirePOWER support. If you are using an FMC to manage ASA FirePOWER, you can ignore the ASDM requirements.
Note that:
-
ASA 9.14/ASDM 7.14/Firepower 6.6 is the final version for the ASA FirePOWER module on the ASA 5525-X, 5545-X, and 5555-X.
-
ASA 9.12/ASDM 7.12/Firepower 6.4.0 is the final version for the ASA FirePOWER module on the ASA 5515-X and 5585-X.
-
ASA 9.9/ASDM 7.9(2)/Firepower 6.2.3 is the final version for the ASA FirePOWER module on the ASA 5506-X series and 5512-X.
Note |
|
|
ASA FirePOWER Version |
ASDM Version (for local mgmt) |
ASA Version |
ASA Model |
||||||
|---|---|---|---|---|---|---|---|---|---|
|
5506-X Series |
5508-X 5516-X |
5512-X |
5515-X |
5525-X 5545-X 5555-X |
5585-X |
ISA 3000 |
|||
|
7.0 |
ASDM 7.16 |
ASA 9.5(2) through 9.16 |
— |
YES |
— |
— |
— |
— |
YES |
|
6.7 |
ASDM 7.15 or later |
ASA 9.5(2) through 9.16 |
— |
YES |
— |
— |
— |
— |
YES |
|
6.6 |
ASDM 7.14 or later |
ASA 9.15, 9.16 (No 5525-X, 5545-X, 5555-X) ASA 9.5(2) through 9.14 |
— |
YES |
— |
— |
YES |
— |
YES |
|
6.5.0 |
ASDM 7.13 or later |
ASA 9.15, 9.16 (No 5525-X, 5545-X, 5555-X) ASA 9.5(2) through 9.14 |
— |
YES |
— |
— |
YES |
— |
YES |
|
6.4.0 |
ASDM 7.12 or later |
ASA 9.15, 9.16 (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.13, 9.14 (No 5515-X, 5585-X) ASA 9.5(2) through 9.12 |
— |
YES |
— |
YES |
YES |
YES |
YES |
|
6.3.0 |
ASDM 7.10 or later |
ASA 9.15, 9.16 (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.13, 9.14 (No 5515-X, 5585-X) ASA 9.5(2) through 9.12 |
— |
YES |
— |
YES |
YES |
YES |
YES |
|
6.2.3 |
ASDM 7.9(2) or later |
ASA 9.15, 9.16 (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.13, 9.14 (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.10, 9.12 (No 5506-X, 5512-X) ASA 9.6 through 9.9 ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.2.2 |
ASDM 7.8(2) or later |
ASA 9.15, 9.16 (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.13, 9.14 (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.10, 9.12 (No 5506-X, 5512-X) ASA 9.6 through 9.9 ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.2.0 |
ASDM 7.7 or later |
ASA 9.15, 9.16 (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.13, 9.14 (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.10, 9.12 (No 5506-X, 5512-X) ASA 9.6 through 9.9 ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.1.0 |
ASDM 7.6(2) or later |
ASA 9.15, 9.16 (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.13, 9.14 (No 5506-X, 5512-X, 5515-X, 5585-X) ASA 9.10, 9.12 (No 5506-X, 5512-X) ASA 9.6 through 9.9 ASA 9.5(2), 9.5(3) (No 5506-X) |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.0.1 |
ASDM 7.6 or later (no ASA 9.4 support with ASDM; only FMC) |
ASA 9.6 ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4 Due to CSCuv91730, we recommend that you upgrade to 9.4(2) and later. |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
6.0.0 |
ASDM 7.5(1.112) or later (no ASA 9.4 support with ASDM; only FMC) |
ASA 9.6 ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4 Due to CSCuv91730, we recommend that you upgrade to 9.4(2) and later. |
YES |
YES |
YES |
YES |
YES |
YES |
— |
|
5.4.1.7 |
ASDM 7.5(1.112) or later (no ASA 9.4 support with ASDM; only FMC) |
ASA 9.15, 9.16 (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X) ASA 9.10 through 9.14 (No 5506-X) ASA 9.5(2) through 9.9 ASA 9.4 ASA 9.4(1.225) (ISA 3000 only) ASA 9.3(2), 9.3(3) (no 5508-X or 5516-X) Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later. |
YES |
YES |
— |
— |
— |
— |
YES |
|
5.4.1 |
ASDM 7.3(3) or later |
ASA 9.10 through 9.16 (No 5506-X) ASA 9.6 through 9.9 ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4 ASA 9.3(2), 9.3(3) (5506-X only) Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later. |
YES |
YES |
— |
— |
— |
— |
— |
|
5.4.0.2 |
— |
ASA 9.13, 9.14 (No 5512-X, 5515-X, 5585-X) ASA 9.6 through 9.12 ASA 9.5(1.5), 9.5(2), 9.5(3) ASA 9.4 ASA 9.3(2), 9.3(3) Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later. |
— |
— |
YES |
YES |
YES |
YES |
— |
|
5.4.0.1 |
— |
ASA 9.2(2.4), 9.2(3), 9.2(4) Due to CSCuv91730, we recommend that you upgrade to 9.2(4.5) and later. |
— |
— |
YES |
YES |
YES |
YES |
— |
|
5.3.1 |
— |
ASA 9.2(2.4), 9.2(3), 9.2(4) Due to CSCuv91730, we recommend that you upgrade to 9.2(4.5) and later. |
— |
— |
YES |
YES |
YES |
YES |
— |
Firepower 7000/8000 Series and Legacy Devices
This table lists compatibility with 7000/8000 series devices, AMP models, and legacy device platforms. Version 6.4.0 is the last major release that supports Firepower 7000/8000 series devices.
|
Device Version |
7000/8000 Series (Includes AMP) |
Series 2 (Legacy) |
Cisco NGIPS for Blue Coat X-Series (Legacy) |
|---|---|---|---|
|
6.4 |
YES |
— |
— |
|
6.3 |
YES |
— |
— |
|
6.2.3 |
YES |
— |
— |
|
6.2.2 |
YES |
— |
— |
|
6.2.1 |
— |
— |
— |
|
6.2.0 |
YES |
— |
— |
|
6.1.0 |
YES |
— |
— |
|
6.0.0 |
YES |
— |
— |
|
5.4. |
YES |
YES |
5.4.0 and 5.4.0.2 - 5.4.0.5 only Requires XOS 9.7.2.x or 10.x |
NGIPSv
Version 7.0 is the last major version supported for NGIPSv (virtual NGIPS devices running on VMware).
|
Device Version |
VMware vSphere/VMware ESXi |
VMware vCloud Director |
||||||
|---|---|---|---|---|---|---|---|---|
|
7.0 |
6.7 |
6.5 |
6.0 |
5.5 |
5.1 |
5.0 |
5.1 |
|
|
7.0 |
YES |
YES |
YES |
— |
— |
— |
— |
— |
|
6.7 |
— |
YES |
YES |
YES |
— |
— |
— |
— |
|
6.6 |
— |
YES |
YES |
YES |
— |
— |
— |
— |
|
6.5 |
— |
YES |
YES |
YES |
— |
— |
— |
— |
|
6.4 |
— |
— |
YES |
YES |
— |
— |
— |
— |
|
6.3 |
— |
— |
YES |
YES |
— |
— |
— |
— |
|
6.2.3 |
— |
— |
YES |
YES |
YES |
— |
— |
— |
|
6.2.2 |
— |
— |
— |
YES |
YES |
— |
— |
— |
|
6.2.1 |
— |
— |
— |
— |
— |
— |
— |
— |
|
6.2.0 |
— |
— |
— |
YES |
YES |
— |
— |
— |
|
6.1 |
— |
— |
— |
YES |
YES |
— |
— |
— |
|
6.0.1 |
— |
— |
— |
— |
YES |
YES |
— |
— |
|
6.0.0 |
— |
— |
— |
— |
YES |
YES |
— |
— |
|
5.4 |
— |
— |
— |
— |
YES |
YES |
YES |
YES |
Classic Device Management
These tables list the supported devices and management methods for Classic devices, by version.
The FMC can remotely manage multiple Firepower devices, including ASA FirePOWER modules (but not ASA firewall functions). The FMC must run the same or newer version as its managed devices.
Use ASDM to manage one ASA FirePOWER module. ASA FirePOWER is a separately installed module on an ASA device. Traffic is sent to the module after ASA firewall policies are applied. Newer versions of ASDM can manage newer ASA FirePOWER modules.
|
Device Platform |
Device Versions: FMC-Managed |
Device Versions: ASDM-Managed |
|---|---|---|
|
ISA 3000 |
6.3 to 7.0 5.4.1 |
6.3 to 7.0 5.4.1 |
|
ASA 5506-X, 5506H-X, 5506W-X |
5.4.1 to 6.2.3 |
5.4.1 to 6.2.3 |
|
ASA 5508-X, 5516-X |
5.4.1 to 7.0 |
5.4.1 to 7.0 |
|
ASA 5525-X, 5545-X, 5555-X |
5.3.1 to 6.6 |
6.0 to 6.6 |
|
ASA 5512-X |
5.3.1 to 6.2.3 |
6.0 to 6.2.3 |
|
ASA 5515-X |
5.3.1 to 6.4 |
6.0 to 6.4 |
|
ASA 5585-X-SSP-10, -20, -40, -60 |
5.3.1 to 6.4 |
6.0 to 6.4 |
|
Device Platform |
Device Versions: FMC-Managed |
|---|---|
|
NGIPSv for VMware |
5.3 to 7.0 |
|
Device Platform |
Device Versions: FMC-Managed |
|---|---|
|
Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP 8050 |
5.3 to 6.4 |
|
AMP 8150, 8350, 8360, 8370, 8390 |
5.4 to 6.4 |
|
Firepower 7010, 7020, 7030 Firepower 7110, 7115 7120, 7125 AMP 7150 |
5.3 to 6.4 |
|
Firepower 7050 |
5.4 to 6.4 |
|
3D500,1000, 2000 3D2100, 2500, 3500, 4500, 6500 3D9900 |
5.3 to 5.4 |
|
Device Platform |
Device Versions: FMC-Managed |
|---|---|
|
Cisco NGIPS for Blue Coat X-Series |
5.3 to 5.4 |
About Firepower Version 5.4 Release Sequences
Version 5.4 sequences support different NGIPS appliance models and device management methods.
|
Device Version |
Supported Devices |
Management Methods |
|---|---|---|
|
5.4.1 |
ASA FirePOWER:
|
You can manage Version 5.4.1 devices with a Version 5.4.1 Defense Center. ASDM is also supported. |
|
5.4.0 |
7000/8000 series, NGIPSv, and legacy devices ASA FirePOWER:
|
There are no patches for Version 5.4.0
Defense Centers. We recommend you use a Version
5.4.1 Defense Center to manage Version 5.4.0
devices.
ASDM is not supported in Version 5.4.0. |
Note that Version 5.4.0.2/5.4.1.1 is the minimum for direct upgrade to Version 6.0.0. It is also the minimum device version that can be managed by Version 6.0.0, 6.0.1, and 6.1.0 Defense Centers/FMCs.
Parallel Release Sequences
Version 5.4.x releases are in parallel, starting with Version 5.4.0.1/5.4.1.0. For each pair, the Version 5.4.0.x release uses a last digit that is one more than the last digit of its parallel Version 5.4.1.x release:
-
5.4.0.1 (no longer supported) and 5.4.1.0
-
5.4.0.2 and 5.4.1.1
-
5.4.0.3 and 5.4.1.2
-
… and so on
End-of-Life Announcements
The following tables provide end-of-life details. Dates that have passed are in bold.
Snort
If you are still using the Snort 2 inspection engine with threat defense, switch to Snort 3 now for improved detection and performance. It is available starting in threat defense Version 6.7+ (with device manager) and Version 7.0+ (with management center). Snort 2 will be deprecated in a future release. You will eventually be unable to upgrade Snort 2 devices.
In management center deployments, upgrading to threat defense Version 7.2+ also upgrades eligible Snort 2 devices to Snort 3. For devices that are ineligible because they use custom intrusion or network analysis policies, manually upgrade Snort. See Migrate from Snort 2 to Snort 3 in the Firepower Management Center Snort 3 Configuration Guide.
In device manager deployments, manually upgrade Snort. See Intrusion Policies in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager.
Software
These major software versions have reached end of sale and/or end of support. Versions that have reached end of support are removed from the Cisco Support & Download site.
|
Version |
End of Sale |
End of Updates |
End of Support |
Announcement |
|---|---|---|---|---|
|
6.7 |
2021-07-09 |
2022-07-09 |
2024-07-31 |
|
|
6.6 |
2022-03-02 |
2023-03-02 |
2025-03-31 |
|
|
6.5 |
2020-06-22 |
2021-06-22 |
2023-06-30 |
|
|
6.4 |
2023-02-27 |
2024-02-27 |
2026-02-28 |
|
|
6.3 |
2020-04-30 |
2021-04-30 |
2023-04-30 |
|
|
6.2.3 |
2022-02-04 |
2023-02-04 |
2025-02-28 |
|
|
6.2.2 |
2020-04-30 |
2021-04-30 |
2023-04-30 |
|
|
6.2.1 |
2019-03-05 |
2020-03-04 |
2022-03-31 |
|
|
6.2 |
2019-03-05 |
2020-03-04 |
2022-03-31 |
|
|
6.1 |
2019-11-22 |
2021-05-22 |
2023-05-31 |
|
|
6.0.1 |
2017-11-10 |
2018-11-10 |
2020-11-30 |
|
|
6.0.0 |
2017-11-10 |
2018-11-10 |
2020-11-30 |
|
|
5.4 |
2017-11-10 |
2018-11-10 |
2020-11-30 |
|
|
5.3 |
2016-01-29 |
2016-07-30 |
2018-07-31 |
These software versions on still-supported branches have been removed from the Cisco Support & Download site.
Note |
In Version 6.2.3+, uninstalling a patch (fourth-digit release) results in an appliance running the version you upgraded from. This means that you can end up running a deprecated version simply by uninstalling a later patch. Unless otherwise stated, do not remain at a deprecated version. Instead, we recommend you upgrade. If upgrade is impossible, uninstall the deprecated patch. |
|
Version |
Date Removed |
Related Bugs and Additional Details |
|---|---|---|
|
6.4.0.6 |
2019-12-19 |
CSCvr52109: FTD may not match correct Access Control rule following a deploy to multiple devices |
|
6.2.3.8 |
2019-01-07 |
CSCvn82378: Traffic through ASA/FTD might stop passing upon upgrading FMC to 6.2.3.8-51 |
|
5.4.0.1 |
2015 |
— |
|
5.3.1.2 |
2015 |
— |
Hardware and Virtual Platforms
These platforms have reached end of sale and/or end of support.
|
Platform |
Last Device Version |
Last Mgmt. Center to Manage |
End of Sale |
End of Support |
Announcement |
|---|---|---|---|---|---|
|
ASA 5508-X, 5516-X |
7.0 |
7.4 |
2021-08-02 |
2026-08-31 |
|
|
ASA 5525-X, 5545-X, 5555-X |
6.6 |
7.2 |
2020-09-04 |
2025-09-30 |
|
|
Firepower 8120, 8130, 8140 |
6.4 |
7.0 |
2017-12-15 |
2022-12-31 |
End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8100 Series Appliances |
|
Firepower 7010, 7020, 7030 |
6.4 |
7.0 |
2017-12-15 |
2022-12-31 |
|
|
AMP 8050, 8150 |
6.4 |
7.0 |
2017-12-15 |
2022-12-31 |
End-of-Sale and End-of-Life Announcement for the Cisco AMP for Networks 8150 and 8050 |
|
ASA 5515-X |
6.4 |
7.0 |
2017-08-25 |
2022-08-31 |
End-of-Sale and End-of-Life Announcement for the Cisco ASA 5512-X and ASA 5515-X |
|
ASA 5585-X-SSP-10, -20, -40, -60 |
6.4 |
7.0 |
2017-08-25 |
2022-08-31 |
|
|
Firepower 8250, 8260, 8270, 8290 |
6.4 |
7.0 |
2015-10-03 |
2020-10-31 |
End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8200 Series Appliances |
|
ASA 5506-X, 5506H-X, 5506W-X |
6.2.3 |
6.6 |
2021-08-02 |
2026-08-31 |
|
|
2021-07-31 |
2022-07-31 |
||||
|
2020-05-05 |
2022-07-31 |
||||
|
2018-09-30 |
2022-07-31 |
||||
|
ASA 5512-X |
6.2.3 |
6.6 |
2017-08-25 |
2022-08-31 |
End-of-Sale and End-of-Life Announcement for the Cisco ASA 5512-X and ASA 5515-X |
|
3D500,1000, 2000 |
5.4 |
6.1 |
2013-06-12 |
2016-12-12 |
— |
|
3D9900 |
5.4 |
6.1 |
2011-10-17 |
2015-04-17 |
— |
|
3D2100, 2500, 3500, 4500, 6500 |
5.4 |
6.1 |
2012-04-09 |
2015-10-09 |
— |
|
Platform |
Last Version |
Last Mgmt. Center to Manage |
End of Sale |
End of Support |
Announcement |
|---|---|---|---|---|---|
|
FMCv with Classic licenses |
7.4 |
— |
2023-04-19 |
2025-04-30 |
|
|
NGIPSv for VMware |
7.0 |
7.4 |
2024-07-26 |
2027-01-31 |
End-of-Sale and End-of-Life Announcement for the Cisco NGIPSv for VMware - 3Y Subscriptions |
|
2022-01-31 |
2027-01-31 |
End-of-Sale and End-of-Life Announcement for the Cisco NGIPSv for VMware |
Feedback