Cisco Firepower 4100/9300 FXOS Compatibility
This document lists software and hardware compatibility information for the Firepower eXtensible Operating System (FXOS), Cisco Firepower 9300 and Cisco Firepower 4100 series security appliances, and supported logical devices.
Software and Hardware Compatibility
The following table lists the supported FXOS versions and security appliance models.
 Note |
Firepower 1000 and Firepower 2100 series appliances utilize FXOS only as an underlying operating system that is included in the ASA and threat defense unified image bundles. Refer to the ASA Compatibility and Threat Defense Compatibility guides for information about Firepower 1000/2100 series compatibility. |
|
FXOS Release |
Security Appliance Model |
||||||||
|---|---|---|---|---|---|---|---|---|---|
|
9300 |
4110 |
4112 |
4115 |
4120 |
4125 |
4140 |
4145 |
4150 |
|
| 1.1.1 | YES | NO | NO | NO | NO | NO | NO | NO | NO |
| 1.1.2 | YES | NO | NO | NO | NO | NO | NO | NO | NO |
| 1.1.3 | YES | NO |
NO |
NO | NO | NO | NO | NO | NO |
| 1.1.4 | YES | YES |
NO |
NO | YES | NO | YES | NO | NO |
| 2.0.1 | YES | YES |
NO |
NO | YES | NO | YES | NO | YES
Note: Requires ASA 9.6(2) or FTD 6.1 |
| 2.1.1 | YES | YES |
NO |
NO | YES | NO | YES | NO | YES |
| 2.2.1 | YES | YES |
NO |
NO | YES | NO | YES | NO | YES |
| 2.2.2 | YES | YES |
NO |
NO | YES | NO | YES | NO | YES |
| 2.3.1 | YES | YES |
NO |
NO | YES | NO | YES | NO | YES |
| 2.4.1 | YES | YES |
NO |
NO | YES | NO | YES | NO | YES |
| 2.6.1 | YES | YES |
NO |
YES
Note: Requires ASA 9.12(1) or FTD 6.4 or later |
YES | YES
Note: Requires ASA 9.12(1) or FTD 6.4 or later |
YES | YES
Note: Requires ASA 9.12(1) or FTD 6.4 or later |
YES |
|
2.7.1 |
YES |
YES |
NO |
YES |
YES |
YES |
YES |
YES |
YES |
|
2.8.1 |
YES |
YES |
YES Note: Requires ASA 9.14(1) or FTD 6.6 or later |
YES |
YES |
YES |
YES |
YES |
YES |
|
2.9.1 |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
2.10.1 |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
2.11.1 |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
|
2.12.0 |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Firepower 4100/9300 Compatibility with ASA and Threat Defense
The following table lists compatibility between the ASA or threat defense applications with the Firepower 4100/9300.
The FXOS versions with (EoL) appended have reached their end of life (EoL), or end of support.
Note |
The bold versions listed below are specially-qualified companion releases. You should use these software combinations whenever possible because Cisco performs enhanced testing for these combinations. |
Note |
Firepower 1000/2100 appliances utilize FXOS only as an underlying operating system that is included in the ASA and threat defense unified image bundles. |
|
FXOS Version |
Model |
ASA Version |
Threat Defense Version |
||||||
|---|---|---|---|---|---|---|---|---|---|
|
2.12(0.31)+
|
Firepower 4112 |
9.18(x) (recommended) 9.17(x) 9.16(x) 9.15(1) 9.14(x) |
7.2.0 (recommended) 7.1.0 7.0.0 6.7.0 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.18(x) (recommended) 9.17(x) 9.16(x) 9.15(1) 9.14(x) 9.13(1) 9.12(x) |
7.2.0 (recommended) 7.1.0 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.18(x) (recommended) 9.17(x) 9.16(x) 9.15(1) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
7.2.0 (recommended) 7.1.0 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.11(1.154)+
|
Firepower 4112 |
9.17(x) (recommended) 9.16(x) 9.15(1) 9.14(x) |
7.1.0 (recommended) 7.0.0 6.7.0 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.17(x) (recommended) 9.16(x) 9.15(1) 9.14(x) 9.13(1) 9.12(x) |
7.1.0 (recommended) 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.17(x) (recommended) 9.16(x) 9.15(1) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
7.1.0 (recommended) 7.0.0 6.7.0 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.10(1.159)+
|
Firepower 4112 |
9.16(x) (recommended) 9.15(1) 9.14(x) |
7.0.0 (recommended) 6.7.0 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.16(x) (recommended) 9.15(1) 9.14(x) 9.13(1) 9.12(x) |
7.0.0 (recommended) 6.7.0 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.16(x) (recommended) 9.15(1) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
7.0.0 (recommended) 6.7.0 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.9(1.131)+
|
Firepower 4112 |
9.15(1) (recommended) 9.14(x) |
6.7.0 (recommended) 6.6.x |
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.15(1) (recommended) 9.14(x) 9.13(1) 9.12(x) |
6.7.0 (recommended) 6.6.x 6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.15(1) (recommended) 9.14(x) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) |
6.7.0 (recommended) 6.6.x 6.5.0 6.4.0 6.3.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.8(1.105)+
|
Firepower 4112 |
9.14(x) |
6.6.x
|
||||||
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.14(x) (recommended) 9.13(1) 9.12(x)
|
6.6.x (recommended)
6.5.0 6.4.0 |
|||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.14(x) (recommended) 9.13(x) 9.12(x) 9.10(x) 9.9(x) 9.8(x) 9.6(4) |
6.6.x (recommended)
6.5.0 6.4.0 6.3.0 6.2.3 6.2.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.7(1.92)+ |
Firepower 4145 Firepower 4125 Firepower 4115 |
9.13(1) (recommended) 9.12(x)
|
6.5.0 (recommended) 6.4.0 |
||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.13(1) (recommended) 9.12(x) 9.10(1) 9.9(x) 9.8(x) 9.6(4) |
6.5.0 (recommended) 6.4.0 6.3.0 6.2.3 6.2.2 6.2.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.6(1.157)+
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.12(x)
|
6.4.0 | ||||||
|
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.12(x) (recommended) 9.10(1) 9.9(x) 9.8(x) 9.6(4)
|
6.4.0 (recommended) 6.3.0 6.2.3 6.2.2 6.2.0 6.1.0 |
|||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.6(1.131) |
Firepower 9300 SM-48 Firepower 9300 SM-40 |
9.12(x) |
Not supported |
||||||
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.12(x) (recommended) 9.10(1) 9.9(x) 9.8(x) 9.6(4)
|
||||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.4(1.214)+
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.10(1) (recommended) 9.9(x) 9.8(x) 9.6(3), 9.6(4)
|
6.3.0 (recommended) 6.2.3 6.2.2 6.2.0 6.1.0 |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.4(1.101) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.10(1) (recommended) 9.9(x) 9.8(x) 9.6(3), 9.6(4)
|
Not supported |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.3(1.73)+ |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.9(x) (recommended) 9.8(x) 9.7(x) 9.6(3), 9.6(4)
|
6.2.3 (recommended)
6.2.2 6.2.0 6.1.0
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.3(1.66) 2.3(1.58) 2.3(1.56)
|
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.9(x) (recommended) 9.8(x) 9.7(x) 9.6(3), 9.6(4)
|
6.2.2 (recommended) 6.2.2 6.2.0 6.1.0
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.2(2) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8(x) (recommended) |
6.2.2 (recommended) 6.2.0
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.2(1) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8(1) (recommended) 9.7(x)
|
6.2.0 (recommended)
|
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.1(1) (EoL) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.7(x) (recommended) 9.6(2), 9.6(3), 9.6(4) |
6.2.0 (recommended) 6.1.0 |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
2.0(1) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.6(2), 9.6(3), 9.6(4) (recommended) 9.6(1) |
6.1.0 (recommended) 6.0.1 |
||||||
|
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||||
|
1.1(4) |
Firepower 4140 Firepower 4120 Firepower 4110 |
9.6(1) |
6.0.1 (recommended) |
||||||
|
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.6(1) (recommended) 9.5(2), 9.5(3) |
||||||||
|
1.1(3) |
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.5(2), 9.5(3) (recommended) 9.4(2) |
Not supported |
||||||
|
1.1(2) |
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.4(2) (recommended) 9.4(1) |
Not supported |
||||||
|
1.1(1) (EoL) |
Firepower 9300 SM-36 Firepower 9300 SM-24 |
9.4(1) (recommended) |
Not supported |
Radware DefensePro Compatibility
The following table lists the supported Radware DefensePro version for each security appliance and associated logical device.
| FXOS Version | ASA | Threat Defense | Radware DefensePro | Security Appliance Models |
|---|---|---|---|---|
| 1.1(4) | 9.6(1) | not supported | 1.1(2.32-3) | 9300 |
| 2.0(1) |
9.6(1) 9.6(2) 9.6(3) 9.6(4) |
not supported | 8.10.01.16-5 |
Firepower 9300 Firepower 4120 Firepower 4140 Firepower 4150 |
| 2.1(1) |
9.6(2) 9.6(3) 9.6(4) 9.7(1) |
not supported | 8.10.01.16-5 |
Firepower 9300 Firepower 4120 Firepower 4140 Firepower 4150 |
| 2.2(1) |
9.7(1) 9.8(1) |
6.2.0 | 8.10.01.17-2 |
Firepower 9300 Firepower 4110 (Firepower Threat Defense only) Firepower 4120 Firepower 4140 Firepower 4150 |
| 2.2(2) |
9.8(1) 9.8(2) 9.8(3) |
6.2.0 6.2.2 |
8.10.01.17-2 |
Firepower 9300 Firepower 4110 (Firepower Threat Defense only) Firepower 4120 Firepower 4140 Firepower 4150 |
| 2.3(1) |
9.9(1) 9.9(2) |
6.2.2 6.2.3 |
8.13.01.09-2 |
Firepower 9300 Firepower 4110 (Firepower Threat Defense only) Firepower 4120 Firepower 4140 Firepower 4150 |
| 2.4(1) |
9.9(2) 9.10(1) |
6.2.3 6.3 |
8.13.01.09-2 |
Firepower 9300 Firepower 4110 Firepower 4120 Firepower 4140 Firepower 4150 |
| 2.6(1) |
9.12(1) 9.10(1) |
6.4.0 6.3.0 |
8.13.01.09-3 |
Firepower 9300 Firepower 4110 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
|
2.7(1) |
9.13(1) |
6.5 |
8.13.01.09-3 |
Firepower 9300 Firepower 4110 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
|
2.8.1 |
9.14(1) |
6.6.0 |
8.13.01.09-3 8.22.2 |
Firepower 9300 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
|
2.9.1 |
9.15(1) |
6.7.0 |
8.13.01.09-3 8.22.2 |
Firepower 9300 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
|
2.10.1 |
9.16(1) |
7.0 |
8.13.01.09-3 8.22.2 |
Firepower 9300 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
|
2.11.1 |
9.17(1) |
7.1 |
8.13.01.09-3 8.22.2 |
Firepower 9300 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
|
2.12.0 |
9.18(1) |
7.2 |
8.13.01.09-3 8.22.2 |
Firepower 9300 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 |
Network Module Support
The following table lists supported single-wide and double-wide network modules on the Firepower 9300 and Firepower 4100 security appliances.
Note |
|
| Network Module | Firepower 9300 | Firepower 4100 series |
|---|---|---|
| Firepower 8-port 10G Network Module single-wide | FPR9K-NM-8X10G | FPR4K-NM-8X10G |
| Firepower 4-port 40G Network Module single-wide | FPR9K-NM-4X40G | FPR4K-NM-4X40G |
| Firepower 2-port 100G Network Module double-wide | FPR9K-DNM-2X100G
(FXOS 1.1.4 and later) Note: Requires firmware package 1.0.10 or later |
Not supported |
| Firepower 6-port 1G SX Network Module single-wide, FTW | Not supported | FPR4K-NM-6X1SX-F
(FXOS 2.0.1 and later) |
| Firepower 6-port 10G SR Network Module single-wide, FTW | FPR9K-NM-6X10SR-F
(FXOS 2.0.1 and later) |
FPR4K-NM-6X10SR-F
(FXOS 2.0.1 and later) |
| Firepower 6-port 10G LR Network Module single-wide, FTW | FPR9K-NM-6X10LR-F
(FXOS 2.0.1 and later) |
FPR4K-NM-6X10LR-F
(FXOS 2.0.1 and later) |
| Firepower 2-port 40G SR Network Module single-wide, FTW | FPR9K-NM-2X40G-F
(FXOS 2.0.1 and later) |
FPR4K-NM-2X40G-F
(FXOS 2.0.1 and later) |
| Firepower 8-port 1G Network Module single-wide, FTW | Not supported | FPR-NM-8X1G-F
(FXOS 2.1.1 and later; Firepower Threat Defense 6.2 and later) |
| Firepower 2-port 100G Network Module single-wide | FPR9K-NM-2X100G
(FXOS 2.4.1 and later) |
Not supported |
| Firepower 4-port 100G Network Module single-wide | FPR9K-NM-4X100G
(FXOS 2.4.1 and later) |
Not supported |
Power Supply Support
The following table lists supported power supply modules on the Firepower 9300 and 4100 security appliances.
| Power Supply | Firepower Model | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 9300 | 4110 | 4112 | 4115 | 4120 | 4125 | 4140 | 4145 | 4150 | |||
| AC | YES | YES | YES | YES | YES | YES | YES | YES | YES | ||
| DC | YES | YES | YES | YES | YES | YES | YES | YES | YES | ||
| HVDC | YES
|
NO | NO | NO | NO | NO | NO | NO | NO | ||
Note: For more detailed information about the power supply modules in the 4100 series security appliances, see “Power Supply Modules” in the Cisco Firepower 4100 Series Hardware Installation Guide (http://www.cisco.com/c/en/us/td/docs/security/firepower/4100/hw/guide/b_install_guide_4100.html). For more detailed information about the power supply modules in your 9300 security appliance, see “Power Supply Modules” in the Cisco Firepower 9300 Hardware Installation Guide ( http://www.cisco.com/c/en/us/td/docs/security/firepower/9300/hw/guide/b_install_guide_9300.html).
Security Module Compatibility
Prior to 2.6, all security modules in the Firepower 9300 have to match.
In 2.6 and later, you can mix different types of security modules with the following caveats:
-
Clustering is not supported on mixed modules in 2.6 and 2.7. However, in 2.8 and later, you can use mixed modules when using multi-instance clustering (a cluster with one container instance on each module). Native clustering still requires all the modules to be the same type.
-
High Availability is only supported between same-type modules; but the two chassis can include mixed modules. For example, each chassis has an SM-36, SM-40, and SM-44. You can create HA pairs between the SM-36 modules, between the SM-40 modules, and between the SM-44 modules.
The following table lists supported security modules on the Firepower 9300.
| Security Module and Product ID | Description | FXOS Version |
|---|---|---|
|
SM-24 (FPR9K-SM-24) |
24-physical core security module with two SSDs (NEBS-compliant) |
1.1.1 and later |
|
SM-36 (FPR9K-SM-36) |
36-physical core security module with two SSDs |
1.1.1 and later |
|
SM-40 (FPR9K-SM-40) |
40-physical core security module with two SSDs |
2.6.1 and later Note: Requires ASA 9.12(1) or FTD 6.4 and later |
|
SM-44 (FPR9K-SM-44) |
44-physical core security module with two SSDs |
2.0.1 and later Note: Requires ASA 9.6(2) or FTD 6.1 and later |
|
SM-48 (FPR9K-SM-48) |
48-physical core security module with two SSDs |
2.6.1 and later Note: Requires ASA 9.12(1) or FTD 6.4 and later |
|
SM-56 (FPR9K-SM-56) |
56-physical core security module with two SSDs |
2.6.1 and later Note: Requires ASA 9.12(2) or FTD 6.4 and later |
ASA and Threat Defense Clustering External Hardware Support
Clustering will work with both Cisco and non-Cisco switches from other major switching vendors with no known interoperability issues if they comply with the following requirements and recommendations.
Switch Requirements
-
All third party switches must be compliant to the IEEE standard (802.3ad) Link Aggregation Control Protocol.
-
EtherChannel bundling must be completed within 45 seconds when connected to Firepower devices and 33 seconds when connected to ASA devices.
-
On the cluster control link, the switch must provide fully unimpeded unicast and broadcast connectivity at Layer 2 between all cluster members.
-
On the cluster control link, the switch must not impose any limitations on IP addressing or the packet format above Layer 2 headers.
-
On the cluster control link, the switch interfaces must support jumbo frames and be configurable for an MTU above 1600.
Switch Recommendations
-
The switch should provide uniform traffic distribution over the EtherChannel's individual links.
-
The switch should have an EtherChannel load-balancing algorithm that provides traffic symmetry.
-
The EtherChannel load balance hash algorithm should be configurable using the 5-tuple, 4-tuple, or 2-tuple to calculate the hash.
Note |
For the Firepower 9300 cluster, intra-chassis clustering can operate with any switch because Firepower 9300-to-switch connections use standard interface types. |
Note |
Some switches, such as the Nexus series, do not support LACP rate fast when performing in-service software upgrades (ISSUs), so we do not recommend using ISSUs with clustering. |
Additional Resources
See the following additional resources:
Feedback