Cisco Firepower Compatibility Guide

This guide provides Cisco Firepower software and hardware compatibility, including operating system and hosting environment requirements.

Additional Resources

Terminology and Branding

Table 1. General Terminology
Description Version 6.x Version 5.4.x

Product line

Firepower

Firepower System

FireSIGHT System

Table 2. Management Terminology
Description Version 6.x Version 5.4.x

Remote management platform for multiple devices and device types

Management Center

Firepower Management Center (FMC)

Defense Center

FireSIGHT Defense Center

FireSIGHT Management Center

Local management of ASA FirePOWER modules

ASDM

ASDM

Local management of Firepower Threat Defense

Firepower Device Manager (FDM)

Model number formats for physical Firepower Management Centers

FMC xxxx

MC xxxx

FS xxxx

DC xxxx

Table 3. Device Terminology
Description Version 6.x Version 5.4.x

Physical device running NGFW software

Firepower Threat Defense (FTD)

Virtual device running NGFW software

Firepower Threat Defense Virtual (FTDv)

NGIPS software for ASA devices

ASA FirePOWER module

ASA FirePOWER module

ASA device running an ASA FirePOWER module

ASA with FirePOWER Services

ASA with FirePOWER Services

7000 or 8000 series device running NGIPS or AMP software

7000/8000 series

7000/8000 series

Series 3

Virtual device running NGIPS software

NGIPSv

virtual managed device

Legacy Firepower device running NGIPS software

Series 2

Legacy X-Series device running NGIPS software

Cisco NGIPS for Blue Coat X-Series

Model number formats for physical device platforms

Firepower xxxx

ASA xxxx

AMP xxxx

3Dxxxx

ASA xxxx

AMP xxxx

Firepower Devices

About Firepower Device

A Firepower device can run either Firepower Threat Defense or NGIPS software. Note that you can deploy some ASA models as either FTD or NGIPS (ASA FirePOWER).
Table 4. Device Software Types
Device Software Firepower Version Implementation

Firepower Threat Defense

Version 6.0.1+ with FMC

Version 6.1.0+ with FDM

Version 6.4.0+ with CDO + FDM

Physical or virtual device.

NGIPS: Firepower (classic/legacy)

Any

Physical or virtual device.

NGIPS: ASA FirePOWER

Any

A separately installed module on an ASA device. Traffic is sent to the module after ASA firewall policies are applied.

You cannot use an FMC to manage ASA firewall functions.

You can manage a Firepower device either locally (FDM/ASDM) or remotely (FMC). You can use only one management method for a device at a time.

Table 5. Device Management Methods
To Manage... Use... Compatibility

Multiple devices running FTD, NGIPS, or both.

Firepower Management Center

The FMC must be running at least the same major version as its devices.

For more information, see About Firepower Management Centers.

One FTD device

Firepower Device Manager (Version 6.1.0+)

FDM is built into Firepower Threat Defense. There is no concept of manager-device compatibility in this type of deployment.

One ASA FirePOWER module

ASDM

Newer versions of ASDM can manage newer ASA FirePOWER modules.

For more information, see ASA 5500-X Series and ISA 3000 with FirePOWER Services.

Device Platform Summary (Software, Managers, Versions)

These tables list Firepower device platforms, and summarize the software versions and management methods they support:

  • Remote management: All Firepower devices support remote management with a Firepower Management Center (FMC). Note that even if a device has reached end-of-support according to the tables below, you can still manage that device with a newer FMC. For example, a Version 6.6.0 FMC can manage devices running as far back as Version 6.2.3.

  • Local management: Most Firepower devices — especially newer models and versions — support local, single-device management (FDM/ASDM).

For more information on manager-device compatibility and remote vs local management capabilities, see About Firepower Management Centers and About Firepower Devices.


Tip

Not all versions, especially patches, apply to all devices. Even if we list support for a version-plus, it is possible that not all later versions are supported. A quick way to tell if a version is supported is that its upgrade/installation packages are posted on the Cisco Support & Download site. If the site is "missing" an upgrade or installation package, that version is not supported. You can also check the release notes and End-of-Life Announcements. If you feel a version is missing in error, contact Cisco TAC.


Table 6. Firepower Threat Defense Platforms by Manager and Version
FTD Device Platform Device Versions: FMC-Managed Device Versions: FDM-Managed

Firepower 1010, 1120, 1140

6.4.0+

6.4.0+

Firepower 1150

6.5.0+

6.5.0+

Firepower 2110, 2120, 2130, 2140

6.2.1+

6.2.1+

Firepower 4110, 4120, 4140

6.0.1+

6.5.0+

Firepower 4150

6.1.0+

6.5.0+

Firepower 4115, 4125, 4145

6.4.0+

6.5.0+

Firepower 4112

6.6.0+

6.6.0+

Firepower 9300: SM-24, SM-36, SM-44

6.0.1+

6.5.0+

Firepower 9300: SM-40, SM-48, SM-56

6.4.0+

6.5.0+

ISA 3000

6.2.3+

6.2.3+

ASA 5506-X, 5506H-X, 5506W-X

6.0.1 to 6.2.3

6.1.0 to 6.2.3

ASA 5508-X, 5516-X

6.0.1+

6.1.0+

ASA 5512-X

6.0.1 to 6.2.3

6.1.0 to 6.2.3

ASA 5515-X

6.0.1 to 6.4.0

6.1.0 to 6.4.0

ASA 5525-X, 5545-X, 5555-X

6.0.1+

6.1.0+

FTDv on VMware

6.0.1+

6.2.2+

FTDv on AWS

6.0.1+

6.6.0+

FTDv on KVM

6.1.0+

6.2.3+

FTDv on Azure

6.2.0+

6.5.0+

Table 7. NGIPS/ASA FirePOWER Platforms by Manager and Version
NGIPS Device Platform Device Versions: FMC-Managed Device Versions: ASDM-Managed

ISA 3000

6.3.0+

5.4.1

6.3.0+

5.4.1

ASA 5506-X, 5506H-X, 5506W-X

5.4.1 to 6.2.3

5.4.1 to 6.2.3

ASA 5508-X, 5516-X

5.4.1+

5.4.1+

ASA 5525-X, 5545-X, 5555-X

5.3.1+

6.0.0+

ASA 5512-X

5.3.1 to 6.2.3

6.0.0 to 6.2.3

ASA 5515-X

5.3.1 to 6.4.0

6.0.0 to 6.4.0

ASA 5585-X-SSP-10, -20, -40, -60

5.3.1 to 6.4.0

6.0.0 to 6.4.0

NGIPSv on VMware

5.3.0+

Firepower 8120, 8130, 8140

Firepower 8250, 8260, 8270, 8290

Firepower 8350, 8360, 8370, 8390

AMP 8050

5.3.0 to 6.4.0

AMP 8150, 8350, 8360, 8370, 8390

5.4.0 to 6.4.0

Firepower 7010, 7020, 7030

Firepower 7110, 7115 7120, 7125

AMP 7150

5.3.0 to 6.4.0

Firepower 7050

5.4.0 to 6.4.0

3D500,1000, 2000

3D2100, 2500, 3500, 4500, 6500

3D9900

5.3.0 to 5.4.0

Cisco NGIPS for Blue Coat X-Series

5.3.0 to 5.4.0

Firepower 1000/2100 Series with FTD

Firepower 1000 and Firepower 2100 series devices use the FXOS operating system. Upgrading Firepower Threat Defense automatically upgrades FXOS. For information on the FXOS version bundled with each Firepower version, see Bundled Components.

These devices can also run ASA instead of FTD. For more information, see Cisco ASA Compatibility.

Table 8. Firepower 1000/2100 Series Compatibility

Firepower Version

Firepower 2110

Firepower 2120

Firepower 2130

Firepower 2140

Firepower 1010

Firepower 1120

Firepower 1140

Firepower 1150

6.6.0

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

6.4.0

Yes

Yes

6.3.0

Yes

6.2.3

Yes

6.2.2

Yes

6.2.1

Yes

Firepower 4100/9300 with FTD

For the Firepower 4100/9300 chassis, major Firepower versions have a specially qualified and recommended companion FXOS version, listed below in bold. Use these combinations whenever possible, because we perform enhanced testing for them.

These devices can also run ASA instead of FTD. With ASA 9.12+ and FTD 6.4+, you can run both ASA and FTD on separate modules in the same Firepower 9300 chassis. For more information, see Cisco Firepower 4100/9300 FXOS Compatibility.


Note

To perform flow offload in the following major version sequences, you must be running a specific combination of Firepower and FXOS:

  • Version 6.2.2.x: Version 6.2.2.2+ on FXOS 2.3.1.130+

  • Version 6.2.0.x: Version 6.2.0.3+ on either FXOS 2.2.1.x or FXOS 2.2.2, builds 17-86


Table 9. Firepower 4100/9300 Compatibility

Firepower Version

FXOS Version

Firepower 9300

Firepower 4100 Series

SM-26

SM-36

SM-44

SM-40

SM-48

SM-56

4110

4120

4140

4150

4112

4115

4125

4145

6.6.0

2.8.1.105+

YES

YES

YES

YES

YES

YES

6.5.0

2.7.1.92+

2.8.1.105+

YES

YES

YES

YES

YES

6.4.0

2.6.1.157+

2.7.1.92+

2.8.1.105+

YES

YES

YES

YES

YES

6.3.0

2.4.1.214+

2.6.1.157+

2.7.1.92+

2.8.1.105+

YES

YES

YES

6.2.3

2.3.1.73+

2.4.1.214+

2.6.1.157+

2.7.1.92+

2.8.1.105+

YES

YES

YES

6.2.2

2.2.2.x

2.3.1.73+

2.4.1.214+

2.6.1.157+

2.7.1.92+

YES

YES

YES

6.2.1

6.2.0

2.1.1.x, 2.2.1.x, 2.2.2.x

2.3.1.73+

2.4.1.214+

2.6.1.157+

YES

YES

YES

6.1.0

2.0.1.x

2.1.1.x

2.3.1.73+

YES

YES

YES

6.0.1

1.1.4.x

2.0.1.x

YES

YES

Firepower Threat Defense Virtual

This table lists Firepower compatibility and virtual hosting environment requirements for FTDv.

Table 10. Firepower Threat Defense Virtual Compatibility

Firepower Version

VMware vSphere/VMware ESXi

Amazon Web Services (AWS)

Kernel-Based Virtual Machine (KVM)

Microsoft Azure

6.7

6.5

6.0

5.5

5.1

6.6.0

Yes

Yes

Yes

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

Yes

Yes

Yes

6.4.0

Yes

Yes

Yes

Yes

Yes

6.3.0

Yes

Yes

Yes

Yes

Yes

6.2.3

Yes

Yes

Yes

Yes

Yes

Yes

6.2.2

Yes

Yes

Yes

Yes

Yes

6.2.1

6.2.0

Yes

Yes

Yes

Yes

Yes

6.1.0

Yes

Yes

Yes

Yes

6.0.1

Yes

Yes

Yes

ASA 5500-X Series and ISA 3000 with FTD

ASA 5500-X series and ISA 3000 devices use the ASA operating system. Upgrading Firepower Threat Defense automatically upgrades ASA. For information on the ASA version bundled with each Firepower version, see Bundled Components.

Table 11. ASA 5500-X Series and ISA 3000 Compatibility

Firepower Version

ASA 5508-X

ASA 5516-X

ISA 3000

ASA 5525-X

ASA 5545-X

ASA 5555-X

ASA 5515-X

ASA 5506-X

ASA 5506H-X

ASA 5506W-X

ASA 5512-X

6.6.0

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

6.4.0

Yes

Yes

Yes

Yes

6.3.0

Yes

Yes

Yes

Yes

6.2.3

Yes

Yes

Yes

Yes

Yes

6.2.2

Yes

Yes

Yes

Yes

6.2.1

6.2.0

Yes

Yes

Yes

Yes

6.1.0

Yes

Yes

Yes

Yes

6.0.1

Yes

Yes

Yes

Yes

ASA 5500-X Series and ISA 3000 with FirePOWER Services

The ASA FirePOWER module runs on the separately upgraded ASA operating system. There is wide compatibility between ASA and ASA FirePOWER versions. However, even if an ASA upgrade is not strictly required, resolving issues may require an upgrade to the latest supported version.


Note

If you are running Firepower 5.4.0 through 6.0.1, due to CSCuc91730, we recommend you upgrade to ASA 9.2(4.5)+, 9.3(3.8)+, 9.4(2)+, or later major version.


This table lists ASA FirePOWER compatibility with ASA device models, ASA OS versions, and ASDM. If you are using an FMC to manage your ASA FirePOWER modules, you can ignore the ASDM requirements. Note that the Firepower captive portal feature requires at least ASA FirePOWER Version 6.0.0 on ASA 9.5(2).

Table 12. ASA with FirePOWER Services Compatibility

Firepower Version

Min. ASDM Version

ASA Model and Supported ASA Versions

ISA 3000

5508-X

5516-X

5525-X

5545-X

5555-X

5515-X

5585-X

5512-X

5506-X

5506H-X

5506W-X

6.6.0

7.14(1)

9.5(2)+

9.5(2)+

9.5(2)+

6.5.0

7.13(1)

9.5(2)+

9.5(2)+

9.5(2)+

6.4.0

7.12(1)

9.5(2)+

9.5(2)+

9.5(2)+

9.5(2) to 9.12(x)

6.3.0

7.10(1)

9.5(2)+

9.5(2)+

9.5(2)+

9.5(2) to 9.12(x)

6.2.3

7.9(2)

9.5(2)+

9.5(2)+

9.5(2) to 9.12(x)

9.5(2) to 9.9(x)

9.6(x) to 9.9(x)

6.2.2

7.8(2)

9.5(2)+

9.5(2)+

9.5(2) to 9.12(x)

9.5(2) to 9.9(x)

9.6(x) to 9.9(x)

6.2.0

7.7(1)

9.5(2)+

9.5(2)+

9.5(2) to 9.12(x)

9.5(2) to 9.9(x)

9.6(x) to 9.9(x)

6.1.0

7.6(2)

9.5(2)+

9.5(2)+

9.5(2) to 9.12(x)

9.5(2) to 9.9(x)

9.6(x) to 9.9(x)

6.0.1

7.6(1)

req. ASA 9.5(1.5)+

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

6.0.0

7.5(1.112)

req. ASA 9.5(1.5)+

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

9.5(1.5) to 9.6(x)

9.4(x)

5.4.1

7.5(1.112)

9.5(1.5)+

9.4(1.225)+

9.5(1.5)+

9.4(x)

9.5(1.5) to 9.9(x)

9.3(2) to 9.4(x)

7.4(1)

9.5(1.5)+

9.4(x)

9.5(1.5) to 9.9(x)

9.3(2) to 9.4(x)

7.3(3)

9.5(1.5) to 9.9(x)

9.3(2) to 9.4(x)

5.4.0.2+

9.5(1.5)+

9.3(2) to 9.4(x)

9.5(1.5) to 9.12(x)

9.3(2) to 9.4(x)

9.5(1.5) to 9.9(x)

9.3(2) to 9.4(x)

5.4.0 only

9.2(2.4), 9.2(3), 9.2(4)

9.2(2.4), 9.2(3), 9.2(4)

9.2(2.4), 9.2(3), 9.2(4)

Firepower 7000/8000 Series and Legacy Devices

This table lists Firepower compatibility with 7000/8000 series devices, AMP models, and legacy device platforms.

Table 13. Firepower 7000/8000 Series Compatibility

Firepower Version

7000/8000 Series (Includes AMP)

Series 2 (Legacy)

Cisco NGIPS for Blue Coat X-Series (Legacy)

6.4.0

Yes

6.3.0

Yes

6.2.3

Yes

6.2.2

Yes

6.2.1

6.2.0

Yes

6.1.0

Yes

6.0.0

Yes

5.4.0

Yes

Yes

5.4.0 and 5.4.0.2 - 5.4.0.5 only

Requires XOS 9.7.2.x or 10.x

NGIPSv

This table lists Firepower compatibility and virtual hosting environment requirements for NGIPSv (virtual NGIPS devices running on VMware).

Table 14. NGIPSv Compatibility

Firepower Version

VMware vSphere/VMware ESXi

VMware vCloud Director

6.7

6.5

6.0

5.5

5.1

5.0

5.1

6.6.0

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

6.4.0

Yes

Yes

6.3.0

Yes

Yes

6.2.3

Yes

Yes

Yes

6.2.2

Yes

Yes

6.2.1

6.2.0

Yes

Yes

6.1.0

Yes

Yes

6.0.1

Yes

Yes

6.0.0

Yes

Yes

5.4.0

Yes

Yes

Yes

Yes

Firepower Management Centers

About Firepower Management Centers

With an FMC, you can manage devices running:

  • The same major version as the FMC, including patches.

    Although you can manage a patched device with an unpatched FMC, new features and resolved issues often require the latest patch on both the FMC and its managed devices. We strongly recommend that you patch your entire deployment.
  • Some older major versions and patches to those major versions.

    Although you can manage an older device with a newer FMC, you cannot fully take advantage of new features and bug fixes until you upgrade both.

This table lists major FMC versions, and the major versions of devices they can manage. Find your current major version in the first column, then read across to determine which devices you can manage.

Table 15. FMC-Device Version Compatibility
FMC Version Can Manage: Device Version
6.6.0 6.5.0 6.4.0 6.3.0 6.2.3 6.2.2 6.2.1 6.2.0 6.1.0 6.0.1 6.0.0 5.4.1 5.4.0
6.6.0

Yes

Yes

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

Yes

6.4.0

Yes

Yes

Yes

Yes

Yes

Yes

Yes

6.3.0

Yes

Yes

Yes

Yes

Yes

Yes

6.2.3

Yes

Yes

Yes

Yes

Yes

6.2.2

Yes

Yes

Yes

Yes

6.2.1

Yes

Yes

Yes

6.2.0

Yes

Yes

6.1.0

Yes

Yes

Yes

Yes*

Yes*

6.0.1

Yes

Yes

Yes*

Yes*

6.0.0

Yes

Yes*

Yes*

5.4.1

Yes

Yes

5.4.0

Yes

* A device must be running at least Version 5.4.0.2/5.4.1.1 to be managed by a Version 6.0, 6.0.1, or 6.1 FMC.

Firepower Management Centers: Physical

Table 16. Firepower Management Center Compatibility

Firepower Version

FMC 1600

FMC 2600

FMC 4600

FMC 1000

FMC 2500

FMC 4500

FMC 2000

FMC 4000

FMC 750

FMC 1500

FMC 3500

DC 500

DC 1000

DC 3000

6.6.0

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

6.4.0

Yes

Yes

Yes

Yes

6.3.0

Yes

Yes

Yes

Yes

6.2.3

Yes

Yes

Yes

6.2.2

Yes

Yes

Yes

6.2.1

Yes

Yes

Yes

6.2.0

Yes

Yes

Yes

6.1.0

Yes

Yes

6.0.1

Yes

Yes

6.0.0

Yes

Yes

5.4.1

Yes

Yes

Yes

5.4.0

5.4.0 only; use 5.4.1.x Defense Centers to manage 5.4.x devices.

Yes

Yes

Yes

Firepower Management Centers: Virtual

These tables lists Firepower compatibility and virtual hosting environment requirements for FMCv. Note that support for FMCv 300 on VMware begins in Version 6.5.0.

Table 17. Firepower Management Center Virtual Compatibility: Version 6.0+
Firepower Version VMware vSphere/VMware ESXi Amazon Web Services (AWS) Kernel-Based Virtual Machine (KVM) Microsoft Azure
6.7 6.5 6.0 5.5 5.1

6.6.0

Yes

Yes

Yes

Yes

Yes

Yes

6.5.0

Yes

Yes

Yes

Yes

Yes

Yes

6.4.0

Yes

Yes

Yes

Yes

Yes

6.3.0

Yes

Yes

Yes

Yes

6.2.3

Yes

Yes

Yes

Yes

Yes

6.2.2

Yes

Yes

Yes

Yes

6.2.1

Yes

Yes

Yes

Yes

6.2.0

Yes

Yes

Yes

Yes

6.1.0

Yes

Yes

Yes

Yes

6.0.1

Yes

Yes

Yes

6.0.0

Yes

Yes

Table 18. FireSIGHT Defense Center Virtual Compatibility: Version 5.4
Firepower Version VMware vSphere/VMware ESXi VMware vCloud Director
5.5 5.1 5.0 5.1

5.4.1

Yes

Yes

Yes

Yes

5.4.0

5.4.0 only; use 5.4.1.x Defense Centers to manage 5.4.x devices.

Yes

Yes

Yes

Yes

BIOS and Firmware for FMCs

We provide updates for BIOS and RAID controller firmware. If your FMC does not meet the requirements listed in the following table, apply the appropriate hotfix. If your FMC is not listed, the factory defaults meet the minimum requirements.

Table 19. BIOS and Firmware Minimum Requirements

Platform

Firepower Version

BIOS

RAID Controller Firmware

Hotfix

FMC 1000, 2500, 4500

6.2.3+

C220M4.4.0.2d.0

24.12.1-0433

BIOS Update Hotfix CJ

FMC 2000, 4000

6.2.3+

C220M3.2.0.8.0

23.33.0-0049

BIOS Update Hotfix CJ

Hotfixing is the only way to update the BIOS and RAID controller firmware. Upgrading the Firepower software does not accomplish this task, nor does reimaging to a later version. Note that hotfixing also updates the CIMC firmware. Although we do not support changing configurations on the FMC using CIMC, if you have concerns, apply the hotfix. If the FMC is already up to date, the hotfix has no effect.

Use the regular upgrade process to apply hotfixes. For hotfix release notes, which include quicklinks to the Cisco Support & Download site, see the Cisco Firepower Hotfix Release Notes.


Note

Regardless of the FMC's current Firepower version, the FMC web interface lists the hotfix as Hotfix CJ Version 6.7.0. This is expected behavior and the hotfix is safe to apply.


Determining BIOS and Firmware Versions

To determine the current versions on an FMC, run these commands from the Linux shell/expert mode:

  • BIOS: sudo dmidecode -t bios -q

  • RAID controller firmware (FMC 4500): sudo MegaCLI -AdpAllInfo -aALL | grep "FW Package"

  • RAID controller firmware (all other models): sudo storcli /c0 show | grep "FW Package"

About Firepower Version 5.4 Release Sequences

Firepower Version 5.4 sequences support different appliance models and device management methods. Firepower Threat Defense is not supported in Version 5.4.

Table 20. Platform Support for Version 5.4 Release Sequences
Firepower Version Supported Devices

Management Methods

5.4.1

ASA FirePOWER:

  • ASA 5506-X series, 5508-X, 5516-X

  • ISA 3000 (5.4.1.7+)

You can manage Version 5.4.1 devices with a Version 5.4.1 Defense Center.

ASDM is also supported.

5.4.0

7000/8000 series, NGIPSv, and legacy devices

ASA FirePOWER:

  • ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X

  • ASA 5585-X series

There are no patches for Version 5.4.0 Defense Centers. We recommend you use a Version 5.4.1 Defense Center to manage Version 5.4.0 devices.

ASDM is not supported in Version 5.4.0.

Note that Version 5.4.0.2/5.4.1.1 is the minimum for direct upgrade to Version 6.0.0. It is also the minimum device version that can be managed by Version 6.0.0, 6.0.1, and 6.1.0 Defense Centers/FMCs.

Parallel Release Sequences

Firepower 5.4.x versions are released in parallel, starting with Version 5.4.0.1/5.4.1.0. For each pair, the Version 5.4.0.x release uses a last digit that is one more than the last digit of its parallel Version 5.4.1.x release:

  • 5.4.0.1 (no longer supported) and 5.4.1.0

  • 5.4.0.2 and 5.4.1.1

  • 5.4.0.3 and 5.4.1.2

  • … and so on

Bundled Components

This table lists the versions of various components bundled with Firepower releases. Use this information to identify open or resolved caveats in bundled components that may affect your Firepower deployment.

Table 21. Bundled Components
Firepower ASA (ASA 5500-X Series with FTD) FXOS (Firepower 1000/2100 Series with FTD) Snort GeoDB VDB

6.6.0

9.14(1.1)

2.8.1.105

2.9.16-140

2019-06-03-002

4.5.0-328

6.5.0.4

9.13(1.5)

2.7.1.117

2.9.15-15201

6.5.0.3 *

9.13(1.4)

2.7.1.117

2.9.15-15201

6.5.0.2

9.13(1.151)

2.7.1.115

2.9.15-15101

6.5.0.1 *

9.13(1.2)

2.7.1.115

2.9.15-15101

6.5.0

9.13(1)

2.7.1.107

2.9.15-7

2019-06-03-002

4.5.0-309

6.4.0.9

9.12(2.33)

2.6.1.201

2.9.14-15906

6.4.0.8

9.12(2.18)

2.6.1.166

2.9.14-15707

6.4.0.7

9.12(2.151)

2.6.1.156

2.9.14-15605

6.4.0.6 *

9.12(2.12)

2.6.1.156

2.9.14-15605

6.4.0.5

9.12(2.4)

2.6.1.144

2.9.14-15507

6.4.0.4

9.12(2.4)

2.6.1.144

2.9.12-15301

6.4.0.3

9.12(1.12)

2.6.1.133

2.9.14-15301

6.4.0.2

9.12(1.10)

2.6.1.133

2.9.14-15209

6.4.0.1

9.12(1.7)

2.6.1.133

2.9.14-15100

6.4.0

9.12(1.6)

2.6.1.133

2.9.14-15003

2018-07-09-002

4.5.0-309

6.3.0.5

9.10(1.31)

2.4.1.255

2.9.13-15503

6.3.0.4

9.10(1.28)

2.4.1.248

2.9.13-15409

6.3.0.3

9.10(1.18)

2.4.1.237

2.9.13-15307

6.3.0.2

9.10(1.12)

2.4.1.237

2.9.13-15211

6.3.0.1

9.10(1.8)

2.4.1.222

2.9.13-15101

6.3.0

9.10(1.3)

2.4.1.216

2.9.13-15013

2018-07-09-002

4.5.0-299

6.2.3.15

9.9(2.60)

2.3.1.167

2.9.12-1513

6.2.3.14

9.9(2.55)

2.3.1.151

2.9.12-1401

6.2.3.13

9.9(2.51)

2.3.1.144

2.9.12-1306

6.2.3.12

9.9(2.48)

2.3.1.144

2.9.12-1207

6.2.3.11

9.9(2.43)

2.3.1.132

2.9.12-1102

6.2.3.10

9.9(2.41)

2.3.1.131

2.9.12-902

6.2.3.9

9.9(2.37)

2.3.1.122

2.9.12-806

6.2.3.8 *

9.9(2.37)

2.3.1.122

2.9.12-804

6.2.3.7

9.9(2.32)

2.3.1.118

2.9.12-704

6.2.3.6

9.9(2.26)

2.3.1.115

2.9.12-607

6.2.3.5

9.9(2.245)

2.3.1.108

2.9.12-506

6.2.3.4

9.9(2.15)

2.3.1.108

2.9.12-383

6.2.3.3

9.9(2.13)

2.3.1.104

2.9.12-325

6.2.3.2

9.9(2.8)

2.3.1.85

2.9.12-270

6.2.3.1

9.9(2.4)

2.3.1.84

2.9.12-204

6.2.3

9.9(2)

2.3.1.84

2.9.12-136

2017-12-12-002

4.5.0-290

6.2.2.5

9.8(2.44)

2.2.2.107

2.9.11-430

6.2.2.4

9.8(2.36)

2.2.2.86

2.9.11-371

6.2.2.3

9.8(2.30)

2.2.2.79

2.9.11-303

6.2.2.2

9.8(2.22)

2.2.2.75

2.9.11-273

6.2.2.1

9.8(2.10)

2.2.2.63

2.9.11-207

6.2.2

9.8(2.3)

2.2.2.52

2.9.11-125

2017-01-17-002

4.5.0-271

6.2.1 *

9.8(1)

2.2.1.49

2.9.11-101

2017-01-17-002

4.5.0-271

6.2.0.6

9.7(1.25)

2.1.1.97

2.9.10-301

6.2.0.5

9.7(1.23)

Not supported

2.9.10-255

6.2.0.4

9.7(1.19)

Not supported

2.9.10-205

6.2.0.3

9.7(1.15)

Not supported

2.9.10-160

6.2.0.2

9.7(1.10)

Not supported

2.9.10-126

6.2.0.1

9.7(1.7)

Not supported

2.9.10-98

6.2.0

9.7(1.4)

Not supported

2.9.10-42

2015-10-12-001

4.5.0-271

6.1.0.7

9.6(4.12)

Not supported

2.9.9-312

6.1.0.6

9.6(3.23)

Not supported

2.9.9-258

6.1.0.5

9.6(2.21)

Not supported

2.9.9-225

6.1.0.4

9.6(2.16)

Not supported

2.9.9-191

6.1.0.3

9.6(2.16)

Not supported

2.9.9-159

6.1.0.2

9.6(2.4)

Not supported

2.9.9-125

6.1.0.1

9.6(2.4)

Not supported

2.9.9-92

6.1.0

9.6(2)

Not supported

2.9.9-330

2015-10-12-001

4.5.0-270

6.0.1.4

9.6(1.19)

Not supported

2.9.8-490

6.0.1.3

9.6(1.12)

Not supported

2.9.8-461

6.0.1.2

9.6(1.11)

Not supported

2.9.8-426

6.0.1.1

9.6(1)

Not supported

2.9.8-383

6.0.1

9.6(1)

Not supported

2.9.8-224

2015-10-12-001

4.5.0-259

6.0.0.1

9.6(1)

Not supported

2.9.8-235

6.0.0

9.6(1)

Not supported

2.9.8-229

2015-10-12-001

4.5.0-252

* Firepower versions marked with an asterisk have been removed from the Cisco Support & Download site. See End-of-Life Announcements.

Integrated Products

This table lists the Cisco products you can integrate with Firepower.

Table 22. Integrated Product Compatibility
Firepower Version Cisco Identity Services Engine (ISE) Cisco Firepower System User Agent Cisco Terminal Services (TS) Agent Cisco AMP Threat Grid Cisco AnyConnect Secure Mobility Client Cisco Defense Orchestrator (CDO) Cisco Threat Response (CTR) Cisco Security Packet Analyzer
ISE ISE-PIC

6.6.0

2.6

2.4

2.6

2.4

2.5

2.4

1.3

1.2

1.1

2.1.4+

4.0+

YES

YES

6.5.0

2.6

2.4

2.6

2.4

2.5

2.4

1.3

1.2

1.1

2.1.4+

4.0+

YES

YES

6.4.0

2.4

2.3 patch 2

2.3

2.4

2.2 patch 1

2.5

2.4

2.3, no ASA FirePOWER

1.3

1.2

1.1

2.1.4+

4.0+

YES

YES

Any

6.3.0

2.4

2.3 patch 2

2.3

2.4

2.2 patch 1

2.4

2.4

2.3, no ASA FirePOWER

1.2

1.1

2.1.4+

4.0+

Any

6.2.3

2.3 patch 2

2.3

2.2 patch 5

2.2 patch 1

2.2

2.2 patch 1

2.4

2.3

1.2

1.1

2.1.4+

4.0+

6.2.2

2.3

2.2 patch 1

2.2

2.1

2.2 patch 1

2.3

1.2

1.1

1.0

2.1.4+

4.0+

6.2.1

2.1

2.0.1

2.0

2.2 patch 1

2.3

1.1

1.0

1.4.2+

4.0+

6.2.0

2.1

2.0.1

2.0

1.3

2.3

1.4.2+

6.1.0

2.1

2.0.1

2.0

1.3

2.3

1.4.2+

6.0.1

1.3

2.3

5.x

2.2

End-of-Life Announcements

The following tables provide end-of-life details for Firepower software and hardware. Dates that have passed are in bold.

Firepower Software

These major Firepower software versions have reached end of sale and/or end of support.

Table 23. Firepower Software EOL Announcements
Version End of Sale End of Support Announcement

6.3.0

2020-04-30

2023-04-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.2, 6.3(x), Firepower eXtensible Operating System (FXOS) 2.4.1 and Firepower Management Center (FMC) 6.2.2 and 6.3(x)

6.2.2

2020-04-30

2023-04-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.2, 6.3(x), Firepower eXtensible Operating System (FXOS) 2.4.1 and Firepower Management Center (FMC) 6.2.2 and 6.3(x)

6.2.1

2019-03-05

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.2.0 and 6.2.1

6.2.0

2019-03-05

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.2.0 and 6.2.1

6.1.0

2019-11-22

2023-05-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.1, NGIPSv and NGFWv versions 6.1, Firepower Management Center 6.1 and Firepower eXtensible Operating System (FXOS) 2.0(x)

6.0.1

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

6.0.0

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

5.4.x

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

5.3.x

2016-01-29

2018-07-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER Software v5.3 and v5.3.1 and FireSIGHT Management Center Software v5.3 and v5.3.1

These Firepower software versions have been removed from the Cisco Support & Download site. If you are running any of them, we usually recommend you upgrade. To determine the correct course of action for your deployment, see the Deprecated Features topic in the appropriate version of the Cisco Firepower Release Notes.

Table 24. Firepower Software Removed Versions

Version

Date Removed

6.5.0.3

2020-03-02 for managed devices

2020-02-04 for the FMC

6.5.0.1

2019-12-19

6.4.0.6

2019-12-19

6.2.3.8

2019-01-07

6.2.1

2017-11-17

5.4.0.1

2015

5.3.1.2

2015

These integrated products are or will be deprecated.

Table 25. Firepower Deprecated Integrated Products

Product

Last Support

Details

User Agent

Version 6.6.0

Version 6.6.0 is the last major Firepower version that supports the Cisco Firepower User Agent software as an identity source. You should switch to Cisco Identity Services Engine/Passive Identity Connector (ISE/ISE-PIC) now. This will also allow you to take advantage of features that are not available with the user agent. To convert your license, contact Sales.

For more information, see the appropriate Cisco Firepower User Agent Configuration Guide on the Cisco Firepower Management Center Configuration Guides page.

Firepower Hardware

These Firepower Management Centers have reached end of sale and/or end of support. The table also lists the last supported Firepower version for each platform.

Table 26. FMC Hardware EOL Announcements

FMC

Last Version

End of Sale

End of Support

Announcement

FMC 1000, 2500, 4500

2019-07-12

2024-02-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center Platforms- FMC 1000, FMC 2500, FMC 4500

FMC 4000

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 4000

FMC 2000

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 2000

FMC 750

6.4.0

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 750

FMC 1500

6.4.0

2015-09-18

2020-09-30

End-of-Sale and End-of-Life Announcement for the Cisco FireSIGHT Management Center 1500 Products

FMC 3500

6.4.0

2015-08-31

2020-08-31

End-of-Sale and End-of-Life Announcement for the Cisco FireSIGHT Management Center 3500

FMC 500, 1000, 3000

5.4.1

Sales ended

Support ended

These Firepower devices have reached end of sale and/or end of support. The table also lists the last supported Firepower version for each platform.

Table 27. Firepower Device Hardware EOL Announcements

Device

Last Version

End of Sale

End of Support

Announcement

Firepower 4120, 4140, 4150

Firepower 9300: SM-24, SM-36, SM-44 modules

2020-08-31

2025-08-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower 4120/40/50 and FPR 9300 SM24/36/44 Series Security Appliances/Modules & 5 YR Subscription

Firepower 8120, 8130, 8140

6.4.0

2017-12-15

2022-12-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8100 Series Appliances

Firepower 7010, 7020, 7030

6.4.0

2017-12-15

2022-12-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER Appliance 7000 Series Appliances (7010, 7020, 7030)

AMP 8050, 8150

6.4.0

2017-12-15

2022-12-31

End-of-Sale and End-of-Life Announcement for the Cisco AMP for Networks 8150 and 8050

ASA 5515-X

6.4.0

2017-08-25

2022-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA 5512-X and ASA 5515-X

ASA 5585-X-SSP-10, -20, -40, -60

6.4.0

2017-08-25

2022-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA 5585-X with FirePOWER Services Modules and Subscriptions

Firepower 8250, 8260, 8270, 8290

6.4.0

2015-10-03

2020-10-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8200 Series Appliances

ASA 5506-X, 5506H-X, 5506W-X

6.2.3

2018-09-30

2021-09-30

End-of-Sale and End-of-Life Announcement for the Cisco ASA5506 Series Security Appliance 5 YR Subscriptions

ASA 5512-X

6.2.3

2017-08-25

2022-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA 5512-X and ASA 5515-X

3D500,1000, 2000

5.4.0

2013-06-12

2016-12-12

3D9900

5.4.0

2011-10-17

2015-04-17

3D2100, 2500, 3500, 4500, 6500

5.4.0

2012-04-09

2015-10-09