Cisco Firepower Compatibility Guide

This guide provides Cisco Firepower software and hardware compatibility, including operating system and hosting environment requirements.

Additional Resources

Table 1. Additional Resources

Description

Resources

Sustaining bulletins provide support timelines for the Cisco Next Generation Firewall product line, including management platforms and operating systems.

Cisco NGFW Product Line Software Release and Sustaining Bulletin

Compatibility guides provide detailed compatibility information for supported hardware models and software versions, including bundled components and integrated products.

Cisco Firepower Compatibility Guide

Cisco ASA Compatibility

Cisco Firepower 4100/9300 FXOS Compatibility

Release notes provide critical and release-specific information, including upgrade warnings and behavior changes. Release notes also contain quicklinks to upgrade and installation instructions.

Cisco Firepower Release Notes

Cisco ASA Release Notes

Cisco Firepower 4100/9300 FXOS Release Notes

New Feature guides provide information on new and deprecated features by release.

Cisco Firepower Device Manager New Features by Release

Cisco ASA New Features by Release

Documentation roadmaps provide links to currently available and legacy documentation. Try the roadmaps if what you are looking for is not listed above.

Navigating the Cisco Firepower Documentation

Navigating the Cisco ASA Series Documentation

Navigating the Cisco FXOS Documentation

Terminology and Branding

Table 2. General Terminology
Description Version 6.x Version 5.4.x

Product line

Firepower

Firepower System

FireSIGHT System

Table 3. Management Terminology
Description Version 6.x Version 5.4.x

Remote management platform for multiple devices and device types

Management Center

Firepower Management Center (FMC)

Defense Center

FireSIGHT Defense Center

FireSIGHT Management Center

Local management of ASA FirePOWER modules

ASDM

ASDM

Local management of Firepower Threat Defense

Firepower Device Manager (FDM)

Model number formats for physical Firepower Management Centers

FMC xxxx

MC xxxx

FS xxxx

DC xxxx

Table 4. Device Terminology
Description Version 6.x Version 5.4.x

Physical device running NGFW software

Firepower Threat Defense (FTD)

Virtual device running NGFW software

Firepower Threat Defense Virtual (FTDv)

NGIPS software for ASA devices

ASA FirePOWER module

ASA FirePOWER module

ASA device running an ASA FirePOWER module

ASA with FirePOWER Services

ASA with FirePOWER Services

7000 or 8000 series device running NGIPS or AMP software

7000/8000 series

7000/8000 series

Series 3

Virtual device running NGIPS software

NGIPSv

virtual managed device

Legacy Firepower device running NGIPS software

Series 2

Legacy X-Series device running NGIPS software

Cisco NGIPS for Blue Coat X-Series

Model number formats for physical device platforms

Firepower xxxx

ASA xxxx

AMP xxxx

3Dxxxx

ASA xxxx

AMP xxxx

Firepower Devices

About Firepower Devices

Cisco Firepower devices monitor network traffic and decide whether to allow or block specific traffic based on a defined set of security rules. Depending on platform, Firepower devices can have different software and management methods.

Table 5. Device Software

Software

Firepower Version

Implementation

Firepower Threat Defense (FTD)

Version 6.0.1+ with FMC

Version 6.1.0+ with FDM

Version 6.4.0+ with FDM + CDO

Physical or virtual device.

NGIPS: Firepower (classic/legacy)

Any

Physical or virtual device.

NGIPS: ASA FirePOWER

Any

A separately installed module on an ASA device. Traffic is sent to the module after ASA firewall policies are applied.

You cannot use an FMC to manage ASA firewall functions.

Table 6. Device Management

Manager

Capability

Details

Firepower Management Center

Multiple devices running FTD, NGIPS, or both.

An FMC must run the same or newer version as its managed devices.

For more information, see Firepower Management Center-Device Compatibility.

Cisco Defense Orchestrator (CDO)

Multiple FTD devices.

FTD devices support CDO concurrently with local FDM management.

Although some configurations still require FDM, CDO allows you to establish and maintain consistent security policies across multiple FTD devices without using an FMC.

Requires Version 6.4.0+.

Firepower Device Manager (FDM)

One FTD device.

FDM is built into FTD. There is no concept of manager-device compatibility in this type of deployment.

Introduced with Version 6.1.0 on limited platforms. As of Version 6.6.0, FDM is supported for all FTD platforms.

ASDM

One ASA FirePOWER module.

Newer versions of ASDM can manage newer ASA FirePOWER modules.

For more information, see ASA 5500-X Series and ISA 3000 with FirePOWER Services.

Device Platform Summary (Software, Managers, Versions)

These tables list Firepower device platforms, and summarize the software versions and management methods they support. For more information on manager-device compatibility and remote vs local management capabilities, see About Firepower Management Centers and About Firepower Devices.


Tip

Not all versions, especially patches, apply to all devices. Even if we list support for a version-plus, it is possible that not all later versions are supported. A quick way to tell if a version is supported is that its upgrade/installation packages are posted on the Cisco Support & Download site. If the site is "missing" an upgrade or installation package, that version is not supported. You can also check the release notes and End-of-Life Announcements. If you feel a version is missing in error, contact Cisco TAC.


Note these tables list device software versions, not manager versions. Even if an older device has reached EOL and you can no longer upgrade, you can still manage that device with a newer FMC, up to a few versions ahead. Similarly, newer versions of ASDM can manage older ASA FirePOWER modules. Similarly, newer versions of ASDM can manage older ASA FirePOWER modules.

Table 7. Firepower Threat Defense Platforms by Manager and Version

FTD Device Platform

Device Versions: FMC-Managed

Device Versions: FDM-Managed

Device Versions: CDO-Managed

Firepower 1010, 1120, 1140

6.4.0+

6.4.0+

6.4.0+

Firepower 1150

6.5.0+

6.5.0+

6.5.0+

Firepower 2110, 2120, 2130, 2140

6.2.1+

6.2.1+

6.4.0+

Firepower 4110, 4120, 4140

6.0.1+

6.5.0+

6.5.0+

Firepower 4150

6.1.0+

6.5.0+

6.5.0+

Firepower 4115, 4125, 4145

6.4.0+

6.5.0+

6.5.0+

Firepower 4112

6.6.0+

6.6.0+

6.6.0+

Firepower 9300: SM-24, SM-36, SM-44

6.0.1+

6.5.0+

6.5.0+

Firepower 9300: SM-40, SM-48, SM-56

6.4.0+

6.5.0+

6.5.0+

ISA 3000

6.2.3+

6.2.3+

6.4.0+

ASA 5506-X, 5506H-X, 5506W-X

6.0.1 to 6.2.3

6.1.0 to 6.2.3

ASA 5508-X, 5516-X

6.0.1+

6.1.0+

6.4.0+

ASA 5512-X

6.0.1 to 6.2.3

6.1.0 to 6.2.3

ASA 5515-X

6.0.1 to 6.4.0

6.1.0 to 6.4.0

6.4.0

ASA 5525-X, 5545-X, 5555-X

6.0.1 to 6.6.x

6.1.0 to 6.6.x

6.4.0+

FTDv for AWS

6.0.1+

6.6.0+

6.6.0+

FTDv for Azure

6.2.0+

6.5.0+

6.5.0+

FTDv for GCP

6.7.0+

6.7.0+

6.7.0+

FTDv for KVM

6.1.0+

6.2.3+

6.4.0+

FTDv for OCI

6.7.0+

6.7.0+

6.7.0+

FTDv for VMware

6.0.1+

6.2.2+

6.4.0+

Table 8. NGIPS/ASA FirePOWER Platforms by Manager and Version

NGIPS Device Platform

Device Versions: FMC-Managed

Device Versions: ASDM-Managed

ISA 3000

6.3.0+

5.4.1

6.3.0+

5.4.1

ASA 5506-X, 5506H-X, 5506W-X

5.4.1 to 6.2.3

5.4.1 to 6.2.3

ASA 5508-X, 5516-X

5.4.1+

5.4.1+

ASA 5525-X, 5545-X, 5555-X

5.3.1 to 6.6.x

6.0.0 to 6.6.x

ASA 5512-X

5.3.1 to 6.2.3

6.0.0 to 6.2.3

ASA 5515-X

5.3.1 to 6.4.0

6.0.0 to 6.4.0

ASA 5585-X-SSP-10, -20, -40, -60

5.3.1 to 6.4.0

6.0.0 to 6.4.0

NGIPSv for VMware

5.3.0+

Firepower 8120, 8130, 8140

Firepower 8250, 8260, 8270, 8290

Firepower 8350, 8360, 8370, 8390

AMP 8050

5.3.0 to 6.4.0

AMP 8150, 8350, 8360, 8370, 8390

5.4.0 to 6.4.0

Firepower 7010, 7020, 7030

Firepower 7110, 7115 7120, 7125

AMP 7150

5.3.0 to 6.4.0

Firepower 7050

5.4.0 to 6.4.0

3D500,1000, 2000

3D2100, 2500, 3500, 4500, 6500

3D9900

5.3.0 to 5.4.0

Cisco NGIPS for Blue Coat X-Series

5.3.0 to 5.4.0

Firepower 1000/2100 Series with FTD

Firepower 1000 and Firepower 2100 series devices use the FXOS operating system. Upgrading Firepower Threat Defense automatically upgrades FXOS. For information on the FXOS version bundled with each Firepower version, see Bundled Components.

These devices can also run ASA instead of FTD. For more information, see Cisco ASA Compatibility.

Table 9. Firepower 1000/2100 Series Compatibility

Firepower Version

Firepower 2110

Firepower 2120

Firepower 2130

Firepower 2140

Firepower 1010

Firepower 1120

Firepower 1140

Firepower 1150

6.7.x

YES

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

6.3.0

YES

6.2.3

YES

6.2.2

YES

6.2.1

YES

Firepower 4100/9300 with FTD

For the Firepower 9300 chassis, major Firepower versions have a specially qualified and recommended companion FXOS version, listed below in bold. Use these combinations whenever possible, because we perform enhanced testing for them.

These devices can also run ASA instead of FTD. With ASA 9.12+ and FTD 6.4.0+, you can run both ASA and FTD on separate modules in the same Firepower 9300 chassis. For more information, see Cisco Firepower 4100/9300 FXOS Compatibility .

To resolve issues, you may need to upgrade FXOS to the latest build. To help you decide, see the Cisco Firepower 4100/9300 FXOS Release Notes.


Note

To perform flow offload in the following major version sequences, you must be running a specific combination of Firepower and FXOS:

  • Version 6.2.2.x: Version 6.2.2.2+ on FXOS 2.3.1.130+

  • Version 6.2.0.x: Version 6.2.0.3+ on either FXOS 2.2.1.x or FXOS 2.2.2, builds 17-86


Table 10. Firepower 4100/9300 Compatibility

Firepower Version

FXOS Version

Firepower 9300

Firepower 4100 Series

SM-26

SM-36

SM-44

SM-40

SM-48

SM-56

4110

4120

4140

4150

4112

4115

4125

4145

6.7.x

2.9.1.131+

YES

YES

YES

YES

YES

YES

6.6.x

2.8.1.105+

2.9.1.131+

YES

YES

YES

YES

YES

YES

6.5.0

2.7.1.92+

2.8.1.105+

2.9.1.131+

YES

YES

YES

YES

YES

6.4.0

2.6.1.157+

2.7.1.92+

2.8.1.105+

2.9.1.131+

YES

YES

YES

YES

YES

6.3.0

2.4.1.214+

2.6.1.157+

2.7.1.92+

2.8.1.105+

2.9.1.131+

YES

YES

YES

6.2.3

2.3.1.73+

2.4.1.214+

2.6.1.157+

2.7.1.92+

2.8.1.105+

Note 

Firepower 6.2.3.16+ requires FXOS 2.3.1.157+.

YES

YES

YES

6.2.2

2.2.2.x

2.3.1.73+

2.4.1.214+

2.6.1.157+

2.7.1.92+

YES

YES

YES

6.2.1

6.2.0

2.1.1.x, 2.2.1.x, 2.2.2.x

2.3.1.73+

2.4.1.214+

2.6.1.157+

YES

YES

YES

6.1.0

2.0.1.x

2.1.1.x

2.3.1.73+

YES

YES

YES

6.0.1

1.1.4.x

2.0.1.x

YES

YES

Firepower Threat Defense Virtual

These tables list Firepower compatibility and virtual hosting environment requirements for FTDv.

Table 11. FTDv for VMware Compatibility

Firepower Version

VMware vSphere/VMware ESXi

6.7

6.5

6.0

5.5

5.1

6.7.x

YES

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

6.3.0

YES

YES

6.2.3

YES

YES

YES

6.2.2

YES

YES

6.2.1

6.2.0

YES

YES

6.1.0

YES

YES

6.0.1

YES

YES

Table 12. FTDv Compatibility: Other Hypervisors

Firepower Version

Amazon Web Services (AWS)

Microsoft Azure

Oracle Cloud Infrastructure (OCI)

Google Cloud Platform (GCP)

Kernel-Based Virtual Machine (KVM)

6.7.x

YES

YES

YES

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

YES

6.3.0

YES

YES

YES

6.2.3

YES

YES

YES

6.2.2

YES

YES

YES

6.2.1

6.2.0

YES

YES

YES

6.1.0

YES

YES

6.0.1

YES

ASA 5500-X Series and ISA 3000 with FTD

ASA 5500-X series and ISA 3000 devices use the ASA operating system. Upgrading Firepower Threat Defense automatically upgrades ASA. For information on the ASA version bundled with each Firepower version, see Bundled Components.

Table 13. ASA 5500-X Series and ISA 3000 Compatibility

Firepower Version

ASA 5508-X

ASA 5516-X

ISA 3000

ASA 5525-X

ASA 5545-X

ASA 5555-X

ASA 5515-X

ASA 5506-X

ASA 5506H-X

ASA 5506W-X

ASA 5512-X

6.7.x

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

YES

YES

6.3.0

YES

YES

YES

YES

6.2.3

YES

YES

YES

YES

YES

6.2.2

YES

YES

YES

YES

6.2.1

6.2.0

YES

YES

YES

YES

6.1.0

YES

YES

YES

YES

6.0.1

YES

YES

YES

YES

ASA 5500-X Series and ISA 3000 with FirePOWER Services

The ASA FirePOWER module runs on the separately upgraded ASA operating system. There is wide compatibility between ASA and ASA FirePOWER versions. However, upgrading allows you to take advantage of new features and resolved issues.For example, the Firepower captive portal feature requires at least ASA FirePOWER Version 6.0.0 and ASA 9.5(2).

Compatibility Table

The following table shows the ASA, ASDM, and ASA FirePOWER support. If you are using an FMC to manage ASA FirePOWER, you can ignore the ASDM requirements.

Note that:

  • ASA 9.14(x)/ASDM 7.14(x)/FirePOWER 6.6.0/6.6.x is the final version for the ASA 5525-X, 5545-X, and 5555-X.

  • ASA 9.12(x)/ASDM 7.12(x)/FirePOWER 6.4.0 is the final version for the ASA 5515-X and 5585-X.

  • ASA 9.9(x)/ASDM 7.9(2)/FirePOWER 6.2.3 is the final version for the ASA 5506-X series and 5512-X.

ASDM versions are backwards compatible with all previous ASA versions, unless otherwise stated. For example, ASDM 7.13(1) can manage an ASA 5516-X on ASA 9.10(1). ASDM 7.13(1) and ASDM 7.14(1) did not support ASA 5512-X, 5515-X, 5585-X, and ASASM; you must upgrade to ASDM 7.13(1.101) or 7.14(1.48) to restore ASDM support.

Table 14. ASA and ASA FirePOWER Compatibility

ASA FirePOWER Version

ASDM Version (for local mgmt)

ASA Version

ASA Model

5506-X Series

5508-X

5516-X

5512-X

5515-X

5525-X

5545-X

5555-X

5585-X (See below for SSP notes)

ISA 3000

6.7.x

ASDM 7.15(1)

ASA 9.15(x)

ASA 9.14(x)

ASA 9.13(x)

ASA 9.12(x)

ASA 9.10(x)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3)

YES

YES

6.6.x

ASDM 7.14(1)

ASA 9.15(x) (No 5525-X, 5545-X, 5555-X)

ASA 9.14(x)

ASA 9.13(x)

ASA 9.12(x)

ASA 9.10(x)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3)

YES

YES

YES

6.5.0

ASDM 7.13(1)

ASA 9.15(x) (No 5525-X, 5545-X, 5555-X)

ASA 9.14(x)

ASA 9.13(x)

ASA 9.12(x)

ASA 9.10(x)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3)

YES

YES

YES

6.4.0

ASDM 7.12(1)

ASA 9.15(x) (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5515-X, 5585-X)

ASA 9.13(x) (No 5515-X, 5585-X)

ASA 9.12(x)

ASA 9.10(x)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3)

YES

YES

YES

YES

YES

6.3.0

ASDM 7.10(1)

ASA 9.15(x) (No 5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5515-X, 5585-X)

ASA 9.13(x) (No 5515-X, 5585-X)

ASA 9.12(x)

ASA 9.10(x)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3)

YES

YES

YES

YES

YES

6.2.3

ASDM 7.9(2)

ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.12(x) (No 5506-X, 5512-X)

ASA 9.10(x) (No 5506-X, 5512-X)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3) (No 5506-X)

YES

YES

YES

YES

YES

YES

6.2.2

ASDM 7.8(2)

ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.12(x) (No 5506-X, 5512-X)

ASA 9.10(x) (No 5506-X, 5512-X)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3) (No 5506-X)

YES

YES

YES

YES

YES

YES

6.2.0

ASDM 7.7(1)

ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.12(x) (No 5506-X, 5512-X)

ASA 9.10(x) (No 5506-X, 5512-X)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3) (No 5506-X)

YES

YES

YES

YES

YES

YES

6.1.0

ASDM 7.6(2)

ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.13(x) (No 5506-X, 5512-X, 5515-X, 5585-X)

ASA 9.12(x) (No 5506-X, 5512-X)

ASA 9.10(x) (No 5506-X, 5512-X)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3) (No 5506-X)

YES

YES

YES

YES

YES

YES

6.0.1

ASDM 7.6(1) (no ASA 9.4(x) support with ASDM; only FMC)

ASA 9.6(x)

ASA 9.5(1.5), 9.5(2), 9.5(3)

ASA 9.4(x)

Due to CSCuv91730, we recommend that you upgrade to 9.4(2) and later.

YES

YES

YES

YES

YES

YES

6.0.0

ASDM 7.5(1.112) (no ASA 9.4(x) support with ASDM; only FMC)

ASA 9.6(x)

ASA 9.5(1.5), 9.5(2), 9.5(3)

ASA 9.4(x)

Due to CSCuv91730, we recommend that you upgrade to 9.4(2) and later.

YES

YES

YES

YES

YES

YES

5.4.1.7+

ASDM 7.5(1.112) (no ASA 9.4(x) support with ASDM; only FMC)

ASA 9.15(x) (No 5506-X, 5512-X,5515-X, 5525-X, 5545-X, 5555-X, 5585-X)

ASA 9.14(x) (No 5506-X)

ASA 9.13(x) (No 5506-X)

ASA 9.12(x) (No 5506-X)

ASA 9.10(x) (No 5506-X)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(2), 9.5(3)

ASA 9.4(x)

ASA 9.4(1.225) (ISA 3000 only)

ASA 9.3(2), 9.3(3) (no 5508-X or 5516-X)

Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later.

YES

YES

YES

5.4.1

ASDM 7.3(3)

ASA 9.15(x) (No 5506-X)

ASA 9.14(x) (No 5506-X)

ASA 9.13(x) (No 5506-X)

ASA 9.12(x) (No 5506-X)

ASA 9.10(x) (No 5506-X)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(1.5), 9.5(2), 9.5(3)

ASA 9.4(x)

ASA 9.3(2), 9.3(3) (5506-X only)

Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later.

YES

YES

5.4.0.2+

ASA 9.14(x) (No 5512-X, 5515-X, 5585-X)

ASA 9.13(x) (No 5512-X, 5515-X, 5585-X)

ASA 9.12(x)

ASA 9.10(x)

ASA 9.9(x)

ASA 9.8(x)

ASA 9.7(x)

ASA 9.6(x)

ASA 9.5(1.5), 9.5(2), 9.5(3)

ASA 9.4(x)

ASA 9.3(2), 9.3(3)

Due to CSCuv91730, we recommend that you upgrade to 9.3(3.8) or 9.4(2) and later.

YES

YES

YES

YES

5.4.0.1

ASA 9.2(2.4), 9.2(3), 9.2(4)

Due to CSCuv91730, we recommend that you upgrade to 9.2(4.5) and later.

YES

YES

YES

YES

5.3.1

ASA 9.2(2.4), 9.2(3), 9.2(4)

Due to CSCuv91730, we recommend that you upgrade to 9.2(4.5) and later.

YES

YES

YES

YES

ASA 5585-X SSP Compatibility

Same level SSPs

ASA FirePOWER SSP -10, -20, -40, and -60

Requirements: Install in slot 1, with matching-level ASA SSP in slot 0

Mixed level SSPs

Support for the following combinations starts with version 5.4.0.1.

  • ASA SSP-10/ASA FirePOWER SSP-40

  • ASA SSP-20/ASA FirePOWER SSP-60

  • ASA SSP-40/ASA FirePOWER SSP-60

Requirements: ASA SSP in slot 0, ASA FirePOWER SSP in slot 1


Note

For the SSP40/60 combination, you might see an error message that this combination is not supported. You can ignore the message.


Firepower 7000/8000 Series and Legacy Devices

This table lists Firepower compatibility with 7000/8000 series devices, AMP models, and legacy device platforms.

Table 15. Firepower 7000/8000 Series Compatibility

Firepower Version

7000/8000 Series (Includes AMP)

Series 2 (Legacy)

Cisco NGIPS for Blue Coat X-Series (Legacy)

6.4.0

YES

6.3.0

YES

6.2.3

YES

6.2.2

YES

6.2.1

6.2.0

YES

6.1.0

YES

6.0.0

YES

5.4.0

YES

YES

5.4.0 and 5.4.0.2 - 5.4.0.5 only

Requires XOS 9.7.2.x or 10.x

NGIPSv

This table lists Firepower compatibility and virtual hosting environment requirements for NGIPSv (virtual NGIPS devices running on VMware).

Table 16. NGIPSv Compatibility

Firepower Version

VMware vSphere/VMware ESXi

VMware vCloud Director

6.7

6.5

6.0

5.5

5.1

5.0

5.1

6.7.x

YES

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

6.3.0

YES

YES

6.2.3

YES

YES

YES

6.2.2

YES

YES

6.2.1

6.2.0

YES

YES

6.1.0

YES

YES

6.0.1

YES

YES

6.0.0

YES

YES

5.4.0

YES

YES

YES

YES

Firepower Management Centers

Firepower Management Center-Device Compatibility

A Firepower Management Center must run the same or newer version as its managed devices. This means:

  • You can manage older devices with a newer FMC, usually a few major versions back.

    For example, a Version 6.7.0 FMC can manage a Version 6.3.0 device.

Below, we list FMC versions and the devices they can manage. Find your current version in the first column, then read across to determine which devices you can manage. Remember, within a major version, the FMC must be running the same or newer maintenance (third-digit) release as its managed devices.

Table 17. FMC Management Capability: Version 6.2.3 through 6.7.x

FMC Version

Can Manage: Device Version

6.7.x

6.6.x

6.5.0

6.4.0

6.3.0

6.2.3

6.2.2

6.2.1

6.2.0

6.1.0

6.7.x

YES

YES

YES

YES

YES

6.6.x

YES

YES

YES

YES

YES

6.5.0

YES

YES

YES

YES

6.4.0

YES

YES

YES

YES

YES

YES

YES

6.3.0

YES

YES

YES

YES

YES

YES

6.2.3

YES

YES

YES

YES

YES

Table 18. FMC Management Capability: Version 5.4.0 through 6.2.2

FMC Version

Can Manage: Device Version

6.2.2

6.2.1

6.2.0

6.1.0

6.0.1

6.0.0

5.4.1

5.4.0

6.2.2

YES

YES

YES

YES

6.2.1

YES

YES

YES

6.2.0

YES

YES

6.1.0

YES

YES

YES

YES *

YES *

6.0.1

YES

YES

YES *

YES *

6.0.0

YES

YES *

YES *

5.4.1

YES

YES

5.4.0

YES

* A device must be running at least Version 5.4.0.2/5.4.1.1 to be managed by a Version 6.0, 6.0.1, or 6.1 FMC.

Firepower Management Centers: Physical

Table 19. Firepower Management Center Compatibility

Firepower Version

FMC 1600

FMC 2600

FMC 4600

FMC 1000

FMC 2500

FMC 4500

FMC 2000

FMC 4000

FMC 750

FMC 1500

FMC 3500

DC 500

DC 1000

DC 3000

6.7.x

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

YES

YES

6.3.0

YES

YES

YES

YES

6.2.3

YES

YES

YES

6.2.2

YES

YES

YES

6.2.1

YES

YES

YES

6.2.0

YES

YES

YES

6.1.0

YES

YES

6.0.1

YES

YES

6.0.0

YES

YES

5.4.1

YES

YES

YES

5.4.0 *

YES

YES

YES

* 5.4.0 only. Use 5.4.1.x Defense Centers to manage 5.4.x devices.

Firepower Management Centers: Virtual

These tables lists Firepower compatibility and virtual hosting environment requirements for FMCv. Note that support for FMCv 300 on VMware begins in Version 6.5.0.

Table 20. FMCv/FMCv 300 for VMware Compatibility: Firepower Version 6.2.3 through 6.7.x

Firepower Version

VMware vSphere/VMware ESXi

6.7

6.5

6.0

5.5

5.1

6.7.x

YES

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

6.3.0

YES

YES

6.2.3

YES

YES

YES

Table 21. FMCv for VMware Compatibility: Firepower Version 5.4 through 6.2.2

Firepower Version

VMware vSphere/VMware ESXi

VMware vCloud Director

6.0

5.5

5.1

5.0

6.2.2

YES

YES

6.2.1

YES

YES

6.2.0

YES

YES

6.1.0

YES

YES

6.0.1

YES

YES

6.0.0

YES

YES

5.4.1

YES

YES

YES

YES

5.4.0 *

YES

YES

YES

YES

* 5.4.0 only; use 5.4.1.x Defense Centers to manage 5.4.x devices.

Table 22. FMCv Compatibility: Other Hypervisors

Firepower Version

Amazon Web Services (AWS)

Microsoft Azure (Azure)

Google Cloud Platform (GCP)

Kernel-Based Virtual Machine (KVM)

Oracle Cloud Infrastructure (OCI)

6.7.x

YES

YES

YES

YES

YES

6.6.x

YES

YES

YES

6.5.0

YES

YES

YES

6.4.0

YES

YES

YES

6.3.0

YES

YES

6.2.3

YES

YES

6.2.2

YES

YES

6.2.1

YES

YES

6.2.0

YES

YES

6.1.0

YES

YES

6.0.1

YES

BIOS and Firmware for FMCs

We provide updates for BIOS and RAID controller firmware. If your FMC does not meet the requirements listed in the following table, apply the appropriate hotfix. If your FMC is not listed, the factory defaults meet the minimum requirements.

Table 23. BIOS and Firmware Minimum Requirements

Platform

Firepower Version

BIOS

RAID Controller Firmware

Hotfix

FMC 1600, 2600, 4600

6.3.0+

C220M5.4.1.1c.0

51.10.0-2978

BIOS Update Hotfix EC

FMC 1000, 2500, 4500

6.2.3+

C220M4.4.0.2d.0

24.12.1-0433

BIOS Update Hotfix CJ

FMC 2000, 4000

6.2.3 through 6.6.x

C220M3.2.0.8.0

23.33.0-0049

BIOS Update Hotfix CJ

Hotfixing is the only way to update the BIOS and RAID controller firmware. Upgrading the Firepower software does not accomplish this task, nor does reimaging to a later version. Note that hotfixing also updates the CIMC firmware. Although we do not support changing configurations on the FMC using CIMC, if you have concerns, apply the hotfix. If the FMC is already up to date, the hotfix has no effect.

Use the regular upgrade process to apply hotfixes. For hotfix release notes, which include quicklinks to the Cisco Support & Download site, see the Cisco Firepower Hotfix Release Notes.


Note

The FMC web interface may display BIOS update hotfixes with a version that is different from the FMC's current version; for example, Hotfix EC Version 6.8.0. This is expected behavior and the hotfixes are safe to apply.


Determining BIOS and Firmware Versions

To determine the current versions on an FMC, run these commands from the Linux shell/expert mode:

  • BIOS: sudo dmidecode -t bios -q

  • RAID controller firmware (FMC 4500): sudo MegaCLI -AdpAllInfo -aALL | grep "FW Package"

  • RAID controller firmware (all other models): sudo storcli /c0 show | grep "FW Package"

About Firepower Version 5.4 Release Sequences

Firepower Version 5.4 sequences support different appliance models and device management methods. Firepower Threat Defense is not supported in Version 5.4.

Table 24. Platform Support for Version 5.4 Release Sequences
Firepower Version Supported Devices

Management Methods

5.4.1

ASA FirePOWER:

  • ASA 5506-X series, 5508-X, 5516-X

  • ISA 3000 (5.4.1.7+)

You can manage Version 5.4.1 devices with a Version 5.4.1 Defense Center.

ASDM is also supported.

5.4.0

7000/8000 series, NGIPSv, and legacy devices

ASA FirePOWER:

  • ASA 5512-X, 5515-X, 5525-X, 5545-X, 5555-X

  • ASA 5585-X series

There are no patches for Version 5.4.0 Defense Centers. We recommend you use a Version 5.4.1 Defense Center to manage Version 5.4.0 devices.

ASDM is not supported in Version 5.4.0.

Note that Version 5.4.0.2/5.4.1.1 is the minimum for direct upgrade to Version 6.0.0. It is also the minimum device version that can be managed by Version 6.0.0, 6.0.1, and 6.1.0 Defense Centers/FMCs.

Parallel Release Sequences

Firepower 5.4.x versions are released in parallel, starting with Version 5.4.0.1/5.4.1.0. For each pair, the Version 5.4.0.x release uses a last digit that is one more than the last digit of its parallel Version 5.4.1.x release:

  • 5.4.0.1 (no longer supported) and 5.4.1.0

  • 5.4.0.2 and 5.4.1.1

  • 5.4.0.3 and 5.4.1.2

  • … and so on

Bundled Components

This table lists the versions of various components bundled with Firepower releases. Use this information to identify open or resolved bugs in bundled components that may affect your Firepower deployment.

Firepower releases marked with an asterisk have been completely removed from the Cisco Support & Download site. But sometimes, we release an updated build instead of removing a release. If bundled components change from build to build, this table indicates the components in the latest build. (In most cases, only the latest build is available for download.) For details on new builds and the issues they resolve, see the Cisco Firepower Release Notes for your version.

Table 25. Bundled Components

Firepower

ASA (ASA 5500-X Series with FTD)

FXOS (Firepower 1000/2100 Series with FTD)

Snort 2

Snort 3

GeoDB

VDB

6.7.0.1

9.15(1.8)

2.9.1.135

2.9.17-1006

3.0.1-4.129

2020-04-28-002

4.5.0-338

6.7.0

9.15(1)

2.9.1.131

2.9.17-200

3.0.1-4.129

2020-04-28-002

4.5.0-338

6.6.3

9.14(2.151)

2.8.1.1146

2.9.16-3033

2019-06-03-002

4.5.0-336

6.6.1

9.14(1.150)

2.8.1.129

2.9.16-1025

2019-06-03-002

4.5.0-336

6.6.0.1

9.14(1.216)

2.8.1.105

2.9.16-140

2019-06-03-002

4.5.0-328

6.6.0

9.14(1.1)

2.8.1.105

2.9.16-140

2019-06-03-002

4.5.0-328

6.5.0.5

9.13(1.18)

2.7.1.129

2.9.15-15510

2019-06-03-002

4.5.0-309

6.5.0.4

9.13(1.5)

2.7.1.117

2.9.15-15201

2019-06-03-002

4.5.0-309

6.5.0.3 *

9.13(1.4)

2.7.1.117

2.9.15-15201

2019-06-03-002

4.5.0-309

6.5.0.2

9.13(1.151)

2.7.1.115

2.9.15-15101

2019-06-03-002

4.5.0-309

6.5.0.1 *

9.13(1.2)

2.7.1.115

2.9.15-15101

2019-06-03-002

4.5.0-309

6.5.0

9.13(1)

2.7.1.107

2.9.15-7

2019-06-03-002

4.5.0-309

6.4.0.11

9.12(2.40)

2.6.1.214

2.9.14-17005

2018-07-09-002

4.5.0-309

6.4.0.10

9.12(2.38)

2.6.1.214

2.9.14-16023

2018-07-09-002

4.5.0-309

6.4.0.9

9.12(2.33)

2.6.1.201

2.9.14-15906

2018-07-09-002

4.5.0-309

6.4.0.8

9.12(2.18)

2.6.1.166

2.9.14-15707

2018-07-09-002

4.5.0-309

6.4.0.7

9.12(2.151)

2.6.1.156

2.9.14-15605

2018-07-09-002

4.5.0-309

6.4.0.6 *

9.12(2.12)

2.6.1.156

2.9.14-15605

2018-07-09-002

4.5.0-309

6.4.0.5

9.12(2.4)

2.6.1.144

2.9.14-15507

2018-07-09-002

4.5.0-309

6.4.0.4

9.12(2.4)

2.6.1.144

2.9.12-15301

2018-07-09-002

4.5.0-309

6.4.0.3

9.12(1.12)

2.6.1.133

2.9.14-15301

2018-07-09-002

4.5.0-309

6.4.0.2

9.12(1.10)

2.6.1.133

2.9.14-15209

2018-07-09-002

4.5.0-309

6.4.0.1

9.12(1.7)

2.6.1.133

2.9.14-15100

2018-07-09-002

4.5.0-309

6.4.0

9.12(1.6)

2.6.1.133

2.9.14-15003

2018-07-09-002

4.5.0-309

6.3.0.5

9.10(1.31)

2.4.1.255

2.9.13-15503

2018-07-09-002

4.5.0-299

6.3.0.4

9.10(1.28)

2.4.1.248

2.9.13-15409

2018-07-09-002

4.5.0-299

6.3.0.3

9.10(1.18)

2.4.1.237

2.9.13-15307

2018-07-09-002

4.5.0-299

6.3.0.2

9.10(1.12)

2.4.1.237

2.9.13-15211

2018-07-09-002

4.5.0-299

6.3.0.1

9.10(1.8)

2.4.1.222

2.9.13-15101

2018-07-09-002

4.5.0-299

6.3.0

9.10(1.3)

2.4.1.216

2.9.13-15013

2018-07-09-002

4.5.0-299

6.2.3.16

9.9(2.74)

2.3.1.180

2.9.12-1605

2017-12-12-002

4.5.0-290

6.2.3.15

9.9(2.60)

2.3.1.167

2.9.12-1513

2017-12-12-002

4.5.0-290

6.2.3.14

9.9(2.55)

2.3.1.151

2.9.12-1401

2017-12-12-002

4.5.0-290

6.2.3.13

9.9(2.51)

2.3.1.144

2.9.12-1306

2017-12-12-002

4.5.0-290

6.2.3.12

9.9(2.48)

2.3.1.144

2.9.12-1207

2017-12-12-002

4.5.0-290

6.2.3.11

9.9(2.43)

2.3.1.132

2.9.12-1102

2017-12-12-002

4.5.0-290

6.2.3.10

9.9(2.41)

2.3.1.131

2.9.12-902

2017-12-12-002

4.5.0-290

6.2.3.9

9.9(2.37)

2.3.1.122

2.9.12-806

2017-12-12-002

4.5.0-290

6.2.3.8 *

9.9(2.37)

2.3.1.122

2.9.12-804

2017-12-12-002

4.5.0-290

6.2.3.7

9.9(2.32)

2.3.1.118

2.9.12-704

2017-12-12-002

4.5.0-290

6.2.3.6

9.9(2.26)

2.3.1.115

2.9.12-607

2017-12-12-002

4.5.0-290

6.2.3.5

9.9(2.245)

2.3.1.108

2.9.12-506

2017-12-12-002

4.5.0-290

6.2.3.4

9.9(2.15)

2.3.1.108

2.9.12-383

2017-12-12-002

4.5.0-290

6.2.3.3

9.9(2.13)

2.3.1.104

2.9.12-325

2017-12-12-002

4.5.0-290

6.2.3.2

9.9(2.8)

2.3.1.85

2.9.12-270

2017-12-12-002

4.5.0-290

6.2.3.1

9.9(2.4)

2.3.1.84

2.9.12-204

2017-12-12-002

4.5.0-290

6.2.3

9.9(2)

2.3.1.84

2.9.12-136

2017-12-12-002

4.5.0-290

6.2.2.5

9.8(2.44)

2.2.2.107

2.9.11-430

2017-01-17-002

4.5.0-271

6.2.2.4

9.8(2.36)

2.2.2.86

2.9.11-371

2017-01-17-002

4.5.0-271

6.2.2.3

9.8(2.30)

2.2.2.79

2.9.11-303

2017-01-17-002

4.5.0-271

6.2.2.2

9.8(2.22)

2.2.2.75

2.9.11-273

2017-01-17-002

4.5.0-271

6.2.2.1

9.8(2.10)

2.2.2.63

2.9.11-207

2017-01-17-002

4.5.0-271

6.2.2

9.8(2.3)

2.2.2.52

2.9.11-125

2017-01-17-002

4.5.0-271

6.2.1 *

9.8(1)

2.2.1.49

2.9.11-101

2017-01-17-002

4.5.0-271

6.2.0.6

9.7(1.25)

2.9.10-301

2015-10-12-001

4.5.0-271

6.2.0.5

9.7(1.23)

2.9.10-255

2015-10-12-001

4.5.0-271

6.2.0.4

9.7(1.19)

2.9.10-205

2015-10-12-001

4.5.0-271

6.2.0.3

9.7(1.15)

2.9.10-160

2015-10-12-001

4.5.0-271

6.2.0.2

9.7(1.10)

2.9.10-126

2015-10-12-001

4.5.0-271

6.2.0.1

9.7(1.7)

2.9.10-98

2015-10-12-001

4.5.0-271

6.2.0

9.7(1.4)

2.9.10-42

2015-10-12-001

4.5.0-271

6.1.0.7

9.6(4.12)

2.9.9-312

2015-10-12-001

4.5.0-270

6.1.0.6

9.6(3.23)

2.9.9-258

2015-10-12-001

4.5.0-270

6.1.0.5

9.6(2.21)

2.9.9-225

2015-10-12-001

4.5.0-270

6.1.0.4

9.6(2.16)

2.9.9-191

2015-10-12-001

4.5.0-270

6.1.0.3

9.6(2.16)

2.9.9-159

2015-10-12-001

4.5.0-270

6.1.0.2

9.6(2.4)

2.9.9-125

2015-10-12-001

4.5.0-270

6.1.0.1

9.6(2.4)

2.9.9-92

2015-10-12-001

4.5.0-270

6.1.0

9.6(2)

2.9.9-330

2015-10-12-001

4.5.0-270

6.0.1.4

9.6(1.19)

2.9.8-490

2015-10-12-001

4.5.0-259

6.0.1.3

9.6(1.12)

2.9.8-461

2015-10-12-001

4.5.0-259

6.0.1.2

9.6(1.11)

2.9.8-426

2015-10-12-001

4.5.0-259

6.0.1.1

9.6(1)

2.9.8-383

2015-10-12-001

4.5.0-259

6.0.1

9.6(1)

2.9.8-224

2015-10-12-001

4.5.0-259

6.0.0.1

9.6(1)

2.9.8-235

2015-10-12-001

4.5.0-252

6.0.0

9.6(1)

2.9.8-229

2015-10-12-001

4.5.0-252

Integrated Products

You can integrate the following Cisco products with Firepower.


Note

Whenever possible, we recommend you use the latest (newest) compatible version of each integrated product for your Firepower version. This ensures that you have the latest features, bug fixes, and security patches.


Identity Services and User Control

This table lists the Cisco products you can integrate with Firepower to help you perform user control.

Note that Firepower Version 6.6.0/6.6.x is the last release to support the Cisco Firepower User Agent software as an identity source; this will block upgrade to Version 6.7.0+. Also, Cisco TS Agent Versions 1.0 and 1.1 are no longer available. For more information, see End-of-Life Announcements.

Table 26. Integrated Products: Identity Services/User Control

Firepower Version

Cisco Identity Services Engine (ISE)

Cisco Firepower User Agent

Cisco Terminal Services (TS) Agent

ISE

ISE-PIC

6.7.x

2.6 patch 6+

2.7 patch 2+

2.6 patch 6+

2.7 patch 2+

1.3

6.6.x

2.6

2.4

2.6

2.4

2.5

2.4

1.3

1.2

6.5.0

2.6

2.4

2.6

2.4

2.5

2.4

1.3

1.2

1.1

6.4.0

2.4

2.3 patch 2

2.3

2.4

2.2 patch 1

2.5

2.4

2.3, no ASA FirePOWER

1.3

1.2

1.1

6.3.0

2.4

2.3 patch 2

2.3

2.4

2.2 patch 1

2.4

2.4

2.3, no ASA FirePOWER

1.2

1.1

6.2.3

2.3 patch 2

2.3

2.2 patch 5

2.2 patch 1

2.2

2.2 patch 1

2.4

2.3

1.2

1.1

6.2.2

2.3

2.2 patch 1

2.2

2.1

2.2 patch 1

2.3

1.2

1.1

1.0

6.2.1

2.1

2.0.1

2.0

2.2 patch 1

2.3

1.1

1.0

6.2.0

2.1

2.0.1

2.0

1.3

2.3

6.1.0

2.1

2.0.1

2.0

1.3

2.3

6.0.1

1.3

2.3

5.x

2.2

Advanced Malware Protection (AMP) and Threat Detection/Response

This table lists the Cisco products you can integrate with Firepower, to help you perform malware and threat response.

Note that Cisco Security Analytics and Logging (On Premises) requires the Security Analytics and Logging On Prem app for the Stealthwatch Management Console (SMC). For information on Stealthwatch Enterprise (SWE) requirements for the SMC, see Cisco Security Analytics and Logging On Premises: Firepower Event Integration Guide.

Table 27. Integrated Products: AMP and Threat Response

Firepower Version

Cisco AMP Threat Grid

Cisco SecureX Threat Response

Cisco Security Analytics and Logging (On Premises)

Cisco Security Packet Analyzer

6.7.x

2.1.4+

YES

YES

6.6.x

2.1.4+

YES

YES

6.5.0

2.1.4+

YES

YES

6.4.0

2.1.4+

YES

YES

YES

6.3.0

2.1.4+

YES

6.2.3

2.1.4+

6.2.2

2.1.4+

6.2.1

1.4.2+

6.2.0

1.4.2+

6.1.0

1.4.2+

Firepower Threat Defense Remote Access VPN (FTD RA VPN)

Firepower RA VPN is supported on all Firepower Threat Defense platforms running Version 6.2.2+ with Cisco AnyConnect Secure Mobility Client 4.0+. For more information, see the Cisco AnyConnect Secure Mobility Client configuration guides.

Table 28. Integrated Products: FTD RA VPN

Firepower Version

Cisco AnyConnect Secure Mobility Client

6.2.2+

4.0+

End-of-Life Announcements

The following tables provide end-of-life details for Firepower software and hardware. Dates that have passed are in bold.

Firepower Software

These major Firepower software versions have reached end of sale and/or end of support.

Table 29. Firepower Software EOL Announcements

Version

End of Sale

End of Support

Announcement

6.5.0

2020-06-22

2023-06-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.5(x), Firepower Management Center (FMC) 6.5(x) and Firepower eXtensible Operating System (FXOS) 2.7(x)

6.3.0

2020-04-30

2023-04-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.2, 6.3(x), Firepower eXtensible Operating System (FXOS) 2.4.1 and Firepower Management Center (FMC) 6.2.2 and 6.3(x)

6.2.2

2020-04-30

2023-04-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.2, 6.3(x), Firepower eXtensible Operating System (FXOS) 2.4.1 and Firepower Management Center (FMC) 6.2.2 and 6.3(x)

6.2.1

2019-03-05

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.2.0 and 6.2.1

6.2.0

2019-03-05

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.2.0 and 6.2.1

6.1.0

2019-11-22

2023-05-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.1, NGIPSv and NGFWv versions 6.1, Firepower Management Center 6.1 and Firepower eXtensible Operating System (FXOS) 2.0(x)

6.0.1

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

6.0.0

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

5.4.x

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

5.3.x

2016-01-29

2018-07-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER Software v5.3 and v5.3.1 and FireSIGHT Management Center Software v5.3 and v5.3.1

These Firepower software versions have been removed from the Cisco Support & Download site.


Note

In Version 6.2.3+, uninstalling a Firepower patch (fourth-digit release) results in an appliance running the version you upgraded from. This means that you can end up running a deprecated version simply by uninstalling a later patch. Unless otherwise stated, do not remain at a deprecated version. Instead, we recommend you upgrade. If upgrade is impossible, uninstall the deprecated patch.


Table 30. Firepower Software Removed Versions

Version

Date Removed

Related Bugs and Additional Details

6.5.0.3

2020-03-02 for managed devices

2020-02-04 for the FMC

CSCvs86257: FMC Upgrade is failing at 800_post/1025_vrf_policy_upgrade.pl

This is an upgrade bug. If you are already running this version it is safe to continue.

6.5.0.1

2019-12-19

CSCvr52109: FTD may not match correct Access Control rule following a deploy to multiple devices

6.4.0.6

2019-12-19

CSCvr52109: FTD may not match correct Access Control rule following a deploy to multiple devices

6.2.3.8

2019-01-07

CSCvn82378: Traffic through ASA/FTD might stop passing upon upgrading FMC to 6.2.3.8-51

6.2.1

2017-11-17

This version is replaced by Version 6.2.2, which offers the same functionality and supports the full set of Firepower platforms.

5.4.0.1

2015

5.3.1.2

2015

These integrated products are or will be deprecated.

Table 31. Firepower Deprecated Integrated Products

Product

Details

Cisco Firepower User Agent

Version 6.6.0/6.6.x is the last release to support the Cisco Firepower User Agent software as an identity source. You cannot upgrade an FMC with user agent configurations to Version 6.7.0+. You should switch to Cisco Identity Services Engine/Passive Identity Connector (ISE/ISE-PIC). This will also allow you to take advantage of features that are not available with the user agent. To convert your license, contact Sales.

For more information, see the End-of-Life and End-of-Support for the Cisco Firepower User Agent announcement and the Firepower User Identity: Migrating from User Agent to Identity Services Engine TechNote.

Cisco Terminal Services (TS) Agent

Cisco TS Agent Versions 1.0 and 1.1 have been removed from the Cisco Support & Download site. If you are using either of these versions, we recommend you upgrade.

Cisco Security Packet Analyzer

Cisco Security Packet Analyzer is compatibile with Firepower Versions 6.3 and 6.4 only.

Firepower Hardware

This Firepower hardware has reached end of sale and/or end of support. The tables also list the last supported Firepower version for each platform.

Table 32. Firepower Management Center Hardware EOL Announcements

FMC

Last Version

End of Sale

End of Support

Announcement

FMC 1000, 2500, 4500

2019-07-12

2024-07-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center Platforms- FMC 1000, FMC 2500, FMC 4500

FMC 4000

6.6.x

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 4000

FMC 2000

6.6.x

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 2000

FMC 750

6.4.0

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 750

FMC 1500

6.4.0

2015-09-18

2020-09-30

End-of-Sale and End-of-Life Announcement for the Cisco FireSIGHT Management Center 1500 Products

FMC 3500

6.4.0

2015-08-31

2020-08-31

End-of-Sale and End-of-Life Announcement for the Cisco FireSIGHT Management Center 3500

FMC 500, 1000, 3000

5.4.1

Sales ended

Support ended

Table 33. Firepower Device Hardware EOL Announcements

Device

Last Version

End of Sale

End of Support

Announcement

ASA 5508-X, 5516-X

2021-08-02

2026-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA5508 and ASA5516 Series Security Appliance and 5 YR Subscriptions

ASA 5525-X, 5545-X, 5555-X

6.6.x

2020-09-04

2025-09-30

End-of-Sale and End-of-Life Announcement for the Cisco ASA5525, ASA5545 & ASA5555 Series Security Appliance & 5 YR Subscriptions

Firepower 4120, 4140, 4150

Firepower 9300: SM-24, SM-36, SM-44 modules

2020-08-31

2025-08-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower 4120/40/50 and FPR 9300 SM24/36/44 Series Security Appliances/Modules & 5 YR Subscription

Firepower 8120, 8130, 8140

6.4.0

2017-12-15

2022-12-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8100 Series Appliances

Firepower 7010, 7020, 7030

6.4.0

2017-12-15

2022-12-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER Appliance 7000 Series Appliances (7010, 7020, 7030)

AMP 8050, 8150

6.4.0

2017-12-15

2022-12-31

End-of-Sale and End-of-Life Announcement for the Cisco AMP for Networks 8150 and 8050

ASA 5515-X

6.4.0

2017-08-25

2022-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA 5512-X and ASA 5515-X

ASA 5585-X-SSP-10, -20, -40, -60

6.4.0

2017-08-25

2022-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA 5585-X with FirePOWER Services Modules and Subscriptions

Firepower 8250, 8260, 8270, 8290

6.4.0

2015-10-03

2020-10-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8200 Series Appliances

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER 8200 Series Appliances— 3-Year Subscriptions

ASA 5506-X, 5506H-X, 5506W-X

6.2.3

2021-08-02

2026-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA5506 Series Security Appliance with ASA software

2021-07-31

2022-07-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA5506 Series Security Appliance 1 YR Subscriptions

2020-05-05

2022-07-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA5506 Series Security Appliance 3 YR Subscriptions

2018-09-30

2022-07-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA5506 Series Security Appliance 5 YR Subscriptions

ASA 5512-X

6.2.3

2017-08-25

2022-08-31

End-of-Sale and End-of-Life Announcement for the Cisco ASA 5512-X and ASA 5515-X

3D500,1000, 2000

5.4.0

2013-06-12

2016-12-12

3D9900

5.4.0

2011-10-17

2015-04-17

3D2100, 2500, 3500, 4500, 6500

5.4.0

2012-04-09

2015-10-09