Cisco Secure Firewall Management Center Compatibility Guide

This guide provides software and hardware compatibility for the Cisco Secure Firewall Management Center. For related compatibility guides, see Additional Resources.


Note


Not all software versions, especially patches, apply to all platforms. A quick way to tell if a version is supported is that its upgrade/installation packages are posted on the Cisco Support & Download site. If the site is "missing" an upgrade or installation package, that version is not supported. You can also check the release notes and End-of-Life Announcements. If you feel a version is missing in error, contact Cisco TAC.


Management Center Hardware

The Version 7.0+ management center virtual uses the FXOS operating system. Upgrading the management center virtual software automatically upgrades FXOS. For information on bundled FXOS versions, see Bundled Components.

Table 1. Management Center Hardware Compatibility

Management Center

Secure Firewall Management Center

Firepower Management Center

Defense Center

1700

2700

4700

1600

2600

4600

1000

2500

4500

2000

4000

750

1500

3500

500

1000

3000

7.4

YES

YES

7.3

YES

7.2

YES

7.1

YES

7.0

YES

YES

6.7

YES

YES

6.6

YES

YES

YES

6.5

YES

YES

YES

6.4

YES

YES

YES

YES

6.3

YES

YES

YES

YES

6.2.3

YES

YES

YES

6.2.2

YES

YES

YES

6.2.1

YES

YES

YES

6.2.0

YES

YES

YES

6.1

YES

YES

6.0.1

YES

YES

6.0.0

YES

YES

5.4 *

YES

YES

YES

* Use 5.4.1.x Defense Centers to manage 5.4.x devices.

BIOS and Firmware for Management Center Hardware

We provide updates for BIOS and RAID controller firmware on management center hardware. If your management center does not meet the requirements, apply the appropriate hotfix. If your management center model and version are not listed and you think you need to update, contact Cisco TAC.

Table 2. BIOS and Firmware Minimum Requirements

Platform

Version

Hotfix

BIOS

RAID Controller Firmware

CIMC Firmware

FMC 1600, 2600, 4600

6.6 to 7.3

6.4

BIOS Update Hotfix EN

C220M5.4.2.3b.0

51.10.0-3612

4.2(3b)

FMC 1000, 2500, 4500

6.6 to 7.0

6.4

BIOS Update Hotfix EN

C220M5.4.2.3b.0

51.10.0-3612

4.2(3b)

6.2.3

BIOS Update Hotfix EL

C220M4.4.1.2c.0

24.12.1-0456

4.1(2g)

FMC 2000, 4000

6.6

6.4

6.2.3

BIOS Update Hotfix EI

C220M3.3.0.4e.0

23.33.1-0060

3.0(4s)

FMC 750, 1500, 3500

6.4

6.2.3

BIOS Update Hotfix EI

C220M3.3.0.4e.0

23.33.1-0060

3.0(4s)

Hotfixing is the only way to update the BIOS and RAID controller firmware. Upgrading the software does not accomplish this task, nor does reimaging to a later version. If the management center is already up to date, the hotfix has no effect.


Tip


These hotfixes also update the CIMC firmware; for resolved issues see Release Notes for Cisco UCS Rack Server Software. Note that in general, we do not support changing configurations on the management center using CIMC. However, to enable logging of invalid CIMC usernames, apply the latest hotfix, then follow the instructions in the Viewing Faults and Logs chapter in the Cisco UCS C-Series Servers Integrated Management Controller CLI Configuration Guide, Version 4.0 or later.


Use the regular upgrade process to apply hotfixes. For hotfix release notes, which include quicklinks to the Cisco Support & Download site, see the Cisco Secure Firewall Threat Defense/Firepower Hotfix Release Notes.


Note


The management center web interface may display these hotfixes with a version that is different from (usually later than) the current software version. This is expected behavior and the hotfixes are safe to apply.


Determining BIOS and Firmware Versions

To determine the current versions on the management center, run these commands from the Linux shell/expert mode:

  • BIOS: sudo dmidecode -t bios -q

  • RAID controller firmware (FMC 4500): sudo MegaCLI -AdpAllInfo -aALL | grep "FW Package"

  • RAID controller firmware (all other models): sudo storcli /c0 show | grep "FW Package"

Management Center Virtual

With the management center virtual, you can purchase licenses that enable you to manage 2, 10, 25, or 300 devices. For full details on supported instances, see the Cisco Secure Firewall Management Center Virtual Getting Started Guide.

The Version 7.0+ management center virtual uses the FXOS operating system. Upgrading the management center virtual software automatically upgrades FXOS. For information on bundled FXOS versions, see Bundled Components.

Management Center Virtual: Public Cloud

Table 3. Management Center Virtual 300 Compatibility: Public Cloud

Management Center 300

Amazon Web Services (AWS)

Oracle Cloud Infrastructure (OCI)

7.1+

YES

YES

Table 4. Management Center Virtual 2, 10, 25 Compatibility: Public Cloud

Management Center 2, 10, 25

Amazon Web Services (AWS)

Microsoft Azure (Azure)

Google Cloud Platform (GCP)

Oracle Cloud Infrastructure (OCI)

7.4

YES

YES

YES

YES

7.3

YES

YES

YES

YES

7.2

YES

YES

YES

YES

7.1

YES

YES

YES

YES

7.0

YES

YES

YES

YES

6.7

YES

YES

YES

YES

6.6

YES

YES

6.5

YES

YES

6.4

YES

YES

6.3

YES

6.2.3

YES

6.2.2

YES

6.2.1

YES

6.2.0

YES

6.1

YES

6.0.1

YES

Management Center Virtual: On-Prem/Private Cloud

Table 5. Management Center Virtual 300 Compatibility: On-Prem/Private Cloud

Management Center 300

VMware vSphere/VMware ESXi

Kernel-Based Virtual Machine (KVM)

7.4

YES

VMware 6.5, 6.7, 7.0

YES

7.3

YES

VMware 6.5, 6.7, 7.0

YES

7.2

YES

VMware 6.5, 6.7, 7.0

7.1

YES

VMware 6.5, 6.7, 7.0

7.0

YES

VMware 6.5, 6.7, 7.0

6.7

YES

VMware 6.0, 6.5, 6.7

6.6

YES

VMware 6.0, 6.5, 6.7

6.5

YES

VMware 6.0, 6.5, 6.7

Table 6. Management Center Virtual 2, 10, 25 Compatibility: On-Prem/Private Cloud

Management Center 2, 10 25

VMware vSphere/VMware ESXi

Cisco HyperFlex (HyperFlex)

Microsoft Hyper-V (Hyper-V)

Kernel-Based Virtual Machine (KVM)

Nutanix Enterprise Cloud (Nutanix)

OpenStack

7.4

YES

VMware 6.5, 6.7, 7.0

YES

YES

YES

YES

YES

7.3

YES

VMware 6.5, 6.7, 7.0

YES

YES

YES

YES

7.2

YES

VMware 6.5, 6.7, 7.0

YES

YES

YES

YES

7.1

YES

VMware 6.5, 6.7, 7.0

YES

YES

YES

YES

7.0

YES

VMware 6.5, 6.7, 7.0

YES

YES

YES

YES

6.7

YES

VMware 6.0, 6.5, 6.7

YES

6.6

YES

VMware 6.0, 6.5, 6.7

YES

6.5

YES

VMware 6.0, 6.5, 6.7

YES

6.4

YES

VMware 6.0, 6.5

YES

6.3

YES

VMware 6.0, 6.5

YES

6.2.3

YES

VMware 5.5, 6.0, 6.5

YES

6.2.2

YES

VMware 5.5, 6.0

YES

6.2.1

YES

VMware 5.5, 6.0

YES

6.2.0

YES

VMware 5.5, 6.0

YES

6.1

YES

VMware 5.5, 6.0

YES

6.0.1

YES

VMware 5.1, 5.5

6.0.0

YES

VMware 5.1, 5.5

5.4 *

YES

VMware 5.0, 5.1, 5.5

* Use 5.4.1.x Defense Centers to manage 5.4.x devices.

Management Center High Availability

Management Center Hardware

All currently supported hardware management centers support high availability.

Management Center Virtual

Table 7. Management Center Virtual: High Availability Support

Platform

High Availability

Public Cloud

Amazon Web Services (AWS)

7.1+

Google Cloud Platform (GCP)

Microsoft Azure

7.3+

Oracle Cloud Infrastructure (OCI)

7.1+

On-Prem/Private Cloud

Cisco HyperFlex

7.0+

Kernel-based virtual machine (KVM)

7.3+

Microsoft Hyper-V

7.4+

Nutanix Enterprise Cloud

OpenStack

VMware vSphere/VMware ESXi

6.7+

Cloud-delivered Firewall Management Center

The cloud-delivered Firewall Management Center does not support high availability.

Device Management

Customer-Deployed Management Center

All devices support remote management with a customer-deployed management center, which must run the same or newer version as its managed devices. This means:

  • You can manage older devices with a newer management center, usually a few major versions back. However, we recommend you always update your entire deployment. New features and resolved issues often require the latest release on both the management center and its managed devices.

  • You cannot upgrade a device past the management center. Even for maintenance (third-digit) releases, you must upgrade the management center first.

Note that in most cases you can upgrade an older device directly to the management center's major or maintenance version. However, sometimes you can manage an older device that you cannot directly upgrade, even though the target version is supported on the device. And rarely, there are issues with specific management center-device combinations. For release-specific requirements, see the release notes.

Table 8. Customer-Deployed Management Center-Device Compatibility

Management Center Version

Oldest Device Version You Can Manage

7.4

7.0

7.3

6.7

7.2

6.6

7.1

6.5

7.0

6.4

6.7

6.3

6.6

6.2.3

6.5

6.2.3

6.4

6.1

6.3

6.1

6.2.3

6.1

6.2.2

6.1

6.2.1

6.1

6.2

6.1

6.1

5.4.0.2/5.4.1.1

6.0.1

5.4.0.2/5.4.1.1

6.0

5.4.0.2/5.4.1.1

5.4.1

5.4.1 for ASA FirePOWER on the ASA-5506-X series, ASA5508-X, and ASA5516-X.

5.3.1 for ASA FirePOWER on the ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, ASA5555-X, and ASA-5585-X series.

5.3.0 for Firepower 7000/8000 series and legacy devices.

Cloud-delivered Firewall Management Center

The cloud-delivered Firewall Management Center can manage threat defense devices running:

  • Version 7.2+

  • Version 7.0.3 and later maintenance releases

The cloud-delivered Firewall Management Center cannot manage threat defense devices running Version 7.1, or Classic devices running any version. You cannot upgrade a cloud-managed device from Version 7.0.x to Version 7.1 unless you unregister and disable cloud management. We recommend you upgrade directly to Version 7.2+.

You can add a cloud-managed device to a Version 7.2+ customer-deployed management center for event logging and analytics purposes only. Or, you can send security events to the Cisco cloud with Security Analytics and Logging (SaaS).

Bundled Components

These tables list the versions of various components bundled with the management center. Use this information to identify open or resolved bugs in bundled components that may affect your deployment.

Note that sometimes we release updated builds for select releases. If bundled components change from build to build, we list the components in the latest build. (In most cases, only the latest build is available for download.) For details on new builds and the issues they resolve, see the release notes for your version.

Operating System

The Version 7.0+ management center uses the FXOS operating system.

Table 9.

Threat Defense

FXOS

7.4.1

2.14.1.131

7.4.0

2.14.0.475

7.3.1.1

2.13.0.1022

7.3.1

2.13.0.1022

7.3.0

2.13.0.198

7.2.5.1

2.12.0.530

7.2.5

2.12.0.519

7.2.4.1

2.12.0.519

7.2.4

2.12.0.499

7.2.3.1

2.12.0.1030

7.2.3

2.12.0.1030

7.2.2

2.12.0.1104

7.2.1

2.12.0.442

7.2.0.1

2.12.0.31

7.2.0

2.12.0.31

7.1.0.3

2.11.1.191

7.1.0.2

2.11.1.1300

7.1.0.1

2.11.1.154

7.1.0

2.11.1.154

7.0.6.1

2.10.1.1614

7.0.6

2.10.1.1603

7.0.5.1

7.0.5

2.10.1.1400

7.0.4

2.10.1.208

7.0.3

2.10.1.1200

7.0.2.1

2.10.1.192

7.0.2

2.10.1.192

7.0.1.1

2.10.1.175

7.0.1

2.10.1.175

7.0.0.1

2.10.1.159

7.0.0

2.10.1.159

Snort

Snort is the main inspection engine. Snort 3 requires threat defense.

Table 10.

Management Center

Snort 2

Snort 3

7.4.1

2.9.22-1009

3.1.53.100-56

7.4.0

2.9.22-181

3.1.53.1-40

7.3.1.1

2.9.21-1109

3.1.36.101-2

7.3.1

2.9.21-1000

3.1.36.100-2

7.3.0

2.9.21-105

3.1.36.1-101

7.2.5.1

2.9.20-5100

3.1.21.501-26

7.2.5

2.9.20-5002

3.1.21.500-21

7.2.4.1

2.9.20-4103

3.1.21.401-6

7.2.4

2.9.20-4004

3.1.21.400-24

7.2.3.1

2.9.20-3100

3.1.21.100-7

7.2.3

2.9.20-3010

3.1.21.100-7

7.2.2

2.9.20-2001

3.1.21.100-7

7.2.1

2.9.20-1000

3.1.21.100-7

7.2.0.1

2.9.20-108

3.1.21.1-126

7.2.0

2.9.20-107

3.1.21.1-126

7.1.0.3

2.9.19-3000

3.1.7.3-210

7.1.0.2

2.9.19-2000

3.1.7.2-200

7.1.0.1

2.9.19-1013

3.1.7.2-200

7.1.0

2.9.19-92

3.1.7.1-108

7.0.6.1

2.9.18-6008

3.1.0.600-20

7.0.6

2.9.18-6008

3.1.0.600-20

7.0.5.1

2.9.18-5100

7.0.5

2.9.18-5002

3.1.0.500-7

7.0.4

2.9.18-4002

3.1.0.400-12

7.0.3

2.9.18-3005

3.1.0.300-3

7.0.2.1

2.9.18-2101

3.1.0.200-16

7.0.2

2.9.18-2022

3.1.0.200-16

7.0.1.1

2.9.18-1026

3.1.0.100-11

7.0.1

2.9.18-1026

3.1.0.100-11

7.0.0.1

2.9.18-1001

3.1.0.1-174

7.0.0

2.9.18-174

3.1.0.1-174

6.7.0.3

2.9.17-3014

6.7.0.2

2.9.17-2003

6.7.0.1

2.9.17-1006

6.7.0

2.9.17-200

6.6.7.1

2.9.16-7100

6.6.7

2.9.16-7017

6.6.5.2

2.9.16-5204

6.6.5.1

2.9.16-5107

6.6.5

2.9.16-5034

6.6.4

2.9.16-4022

6.6.3

2.9.16-3033

6.6.1

2.9.16-1025

6.6.0.1

2.9.16-140

6.6.0

2.9.16-140

6.5.0.5

2.9.15-15510

6.5.0.4

2.9.15-15201

6.5.0.3

2.9.15-15201

6.5.0.2

2.9.15-15101

6.5.0.1

2.9.15-15101

6.5.0

2.9.15-7

6.4.0.17

2.9.14-27005

6.4.0.16

2.9.14-26002

6.4.0.15

2.9.14-25006

6.4.0.14

2.9.14-24000

6.4.0.13

2.9.14-19008

6.4.0.12

2.9.14-18011

6.4.0.11

2.9.14-17005

6.4.0.10

2.9.14-16023

6.4.0.9

2.9.14-15906

6.4.0.8

2.9.14-15707

6.4.0.7

2.9.14-15605

6.4.0.6

2.9.14-15605

6.4.0.5

2.9.14-15507

6.4.0.4

2.9.12-15301

6.4.0.3

2.9.14-15301

6.4.0.2

2.9.14-15209

6.4.0.1

2.9.14-15100

6.4.0

2.9.14-15003

6.3.0.5

2.9.13-15503

6.3.0.4

2.9.13-15409

6.3.0.3

2.9.13-15307

6.3.0.2

2.9.13-15211

6.3.0.1

2.9.13-15101

6.3.0

2.9.13-15013

6.2.3.18

2.9.12-1813

6.2.3.17

2.9.12-1605

6.2.3.16

2.9.12-1605

6.2.3.15

2.9.12-1513

6.2.3.14

2.9.12-1401

6.2.3.13

2.9.12-1306

6.2.3.12

2.9.12-1207

6.2.3.11

2.9.12-1102

6.2.3.10

2.9.12-902

6.2.3.9

2.9.12-806

6.2.3.8

2.9.12-804

6.2.3.7

2.9.12-704

6.2.3.6

2.9.12-607

6.2.3.5

2.9.12-506

6.2.3.4

2.9.12-383

6.2.3.3

2.9.12-325

6.2.3.2

2.9.12-270

6.2.3.1

2.9.12-204

6.2.3

2.9.12-136

6.2.2.5

2.9.11-430

6.2.2.4

2.9.11-371

6.2.2.3

2.9.11-303

6.2.2.2

2.9.11-273

6.2.2.1

2.9.11-207

6.2.2

2.9.11-125

6.2.1

2.9.11-101

6.2.0.6

2.9.10-301

6.2.0.5

2.9.10-255

6.2.0.4

2.9.10-205

6.2.0.3

2.9.10-160

6.2.0.2

2.9.10-126

6.2.0.1

2.9.10-98

6.2.0

2.9.10-42

6.1.0.7

2.9.9-312

6.1.0.6

2.9.9-258

6.1.0.5

2.9.9-225

6.1.0.4

2.9.9-191

6.1.0.3

2.9.9-159

6.1.0.2

2.9.9-125

6.1.0.1

2.9.9-92

6.1.0

2.9.9-330

6.0.1.4

2.9.8-490

6.0.1.3

2.9.8-461

6.0.1.2

2.9.8-426

6.0.1.1

2.9.8-383

6.0.1

2.9.8-224

6.0.0.1

2.9.8-235

6.0.0

2.9.8-229

System Databases

The vulnerability database (VDB) is a database of known vulnerabilities to which hosts may be susceptible, as well as fingerprints for operating systems, clients, and applications. The system uses the VDB to help determine whether a particular host increases your risk of compromise.

The geolocation database (GeoDB) is a database that you can leverage to view and filter traffic based on geographical location.

Table 11.

Management Center

VDB

GeoDB

7.4.1 through 7.4.x

4.5.0-376

2022-07-04-101

7.4.0

4.5.0-365

2022-07-04-101

7.3.0 through 7.3.x

4.5.0-358

2022-07-04-101

7.2.0 through 7.2.x

4.5.0-353

2022-05-11-103

7.1.0

4.5.0-346

2020-04-28-002

6.7.0 through 7.0.x

4.5.0-338

2020-04-28-002

6.6.1 through 6.6.x

4.5.0-336

2019-06-03-002

6.6.0

4.5.0-328

2019-06-03-002

6.5.0

4.5.0-309

2019-06-03-002

6.4.0

4.5.0-309

2018-07-09-002

6.3.0

4.5.0-299

2018-07-09-002

6.2.3

4.5.0-290

2017-12-12-002

6.0.0 through 6.2.2

4.5.0-271

2015-10-12-001

Integrated Products

The Cisco products listed below may have other compatibility requirements, for example, they may need to run on specific hardware, or on a specific operating system. For that information, see the documentation for the appropriate product.


Note


Whenever possible, we recommend you use the latest (newest) compatible version of each integrated product. This ensures that you have the latest features, bug fixes, and security patches.


Identity Services and User Control

Note that with:

  • Cisco ISE and ISE-PIC: We list the versions of ISE and ISE-PIC for which we provide enhanced compatibility testing, although other combinations may work.

  • Cisco Firepower User Agent: Version 6.6 is the last management center release to support the user agent software as an identity source; this blocks upgrade to Version 6.7+.

  • Cisco TS Agent: Versions 1.0 and 1.1 are no longer available.

Table 12. Integrated Products: Identity Services/User Control

Management Center/Threat Defense

Cisco Identity Services Engine (ISE)

Cisco Firepower User Agent

Cisco Terminal Services (TS) Agent

ISE

ISE-PIC

Supported with...

Management center

Device manager

Management center

Device manager

Management center only

Management center only

Cloud-delivered management center (no version)

3.3

3.2

3.1 patch 2+

3.0 patch 6+

2.7 patch 2+

3.2

3.1

2.7 patch 2+

1.4

7.4

3.3

3.2

3.1 patch 2+

3.0 patch 6+

3.2

3.1

1.4

7.3

3.2

3.1

3.0

2.7 patch 2+

3.2

3.1

2.7 patch 2+

1.4

1.3

7.2

3.2

3.1

3.0

2.7 patch 2+

3.2

3.1

2.7 patch 2+

1.4

1.3

7.1

3.2

3.1

3.0

2.7 patch 2+

3.2

3.1

2.7 patch 2+

1.4

1.3

7.0

3.2

3.1

3.0

2.7 patch 2+

2.6 patch 6+

3.2

3.1

2.7 patch 2+

2.6 patch 6+

1.4

1.3

6.7

3.0

2.7 patch 2+

2.6 patch 6+

2.7 patch 2+

2.6 patch 6+

1.4

1.3

6.6

3.0

2.7, any patch

2.6, any patch

2.4

2.7, any patch

2.6, any patch

2.4

2.5

2.4

1.4

1.3

1.2

6.5

2.6

2.4

2.6

2.4

2.5

2.4

1.4

1.3

1.2

1.1

6.4

2.4

2.3 patch 2

2.3

2.4

2.2 patch 1

2.5

2.4

2.3, no ASA FirePOWER

1.4

1.3

1.2

1.1

6.3

2.4

2.3 patch 2

2.3

2.4

2.2 patch 1

2.4

2.4

2.3, no ASA FirePOWER

1.2

1.1

6.2.3

2.3 patch 2

2.3

2.2 patch 5

2.2 patch 1

2.2

2.2 patch 1

2.4

2.3

1.2

1.1

6.2.2

2.3

2.2 patch 1

2.2

2.1

2.2 patch 1

2.3

1.2

1.1

1.0

6.2.1

2.1

2.0.1

2.0

2.2 patch 1

2.3

1.1

1.0

6.2.0

2.1

2.0.1

2.0

1.3

2.3

6.1

2.1

2.0.1

2.0

1.3

2.3

6.0.1

1.3

2.3

5.x

2.2

Cisco Secure Dynamic Attributes Connector

The Cisco Secure Dynamic Attributes Connector is a lightweight application that quickly and seamlessly updates firewall policies on the management center based on cloud/virtual workload changes. For more information, see one of:

Table 13. Integrated Products: Cisco Secure Dynamic Attributes Connector

Management Center

Cisco Secure Dynamic Attributes Connector

On-Prem

Cloud-delivered (with CDO)

Cloud-delivered management center (no version)

2.2

2.0

YES

7.1+

2.2

2.0

1.1

YES

7.0

2.2

2.0

1.1

The Cisco Secure Dynamic Attributes Connector allows you to use service tags and categories from various cloud service platforms in security rules, as listed in the following table.

Table 14. List of supported connectors by Cisco Secure Dynamic Attributes Connector version and platform

CSDAC version/platform

AWS

Azure

Azure Service Tags

Generic text

GitHub

Google Cloud

Microsoft Office 365

vCenter

Webex

Zoom

Version 1.1 (on-premises)

Yes

Yes

Yes

No

No

No

Yes

Yes

No

No

Version 2.0 (on-premises)

Yes

Yes

Yes

No

No

Yes

Yes

Yes

No

No

Version 2.2 (on-premises)

Yes

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Version 2.3 (on-premises)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cloud-delivered (Cisco Defense Orchestrator)

Yes

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Secure Firewall Management Center 7.4.1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Threat Detection

Cisco Security Analytics and Logging (On Premises) requires the Security Analytics and Logging On Prem app for the Stealthwatch Management Console (SMC). For information on Stealthwatch Enterprise (SWE) requirements for the SMC, see Cisco Security Analytics and Logging On Premises: Firepower Event Integration Guide.

Table 15. Integrated Products: Threat Detection

Management Center/Threat Defense

Cisco SecureX

Cisco Security Analytics and Logging (SaaS)

Cisco Security Analytics and Logging (On Prem)

Cisco Secure Malware Analytics

Cisco Security Packet Analyzer

Supported with...

Management center

Device manager

Management center

Device manager

Management center only

Management center only

Management center only

6.5+

YES

YES

YES

YES

6.4

YES

YES

YES

YES

YES

6.3

YES

YES

6.1 through 6.2.3

YES

Threat Defense Remote Access VPN

Remote access virtual private network (RA VPN) allows individual users to connect to your network from a remote location using a computer or supported mobile device. Keep in mind that newer threat defense features can require newer versions of the client.

For more information, see the Cisco Secure Client/AnyConnect Secure Mobility Client configuration guides.

Table 16. Integrated Products: Threat Defense RA VPN

Threat Defense

Cisco Secure Client/Cisco AnyConnect Secure Mobility Client

6.2.2+

4.0+

End-of-Life Announcements

The following tables provide end-of-life details. Dates that have passed are in bold.

Software

These major software versions have reached end of sale and/or end of support. Versions that have reached end of support are removed from the Cisco Support & Download site.

Table 17. Software EOL Announcements

Version

End of Sale

End of Support

Announcement

7.1

2023-12-22

2025-12-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 7.1.(x), Firepower Management Center (FMC) 7.1.(x), Adaptive Security Appliance(ASA) 9.17.(x) and Firepower eXtensible Operating System (FXOS) 2.11.(x)

6.7

2021-07-09

2024-07-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.7, Firepower Management Center (FMC) 6.7 and Firepower eXtensible Operating System (FXOS) 2.9(x)

6.6

2022-03-02

2025-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD/FTDv) 6.6(x), Firepower Management Center (FMC/FMCv) 6.6(x) and Firepower eXtensible Operating System (FXOS) 2.8(x)

6.5

2020-06-22

2023-06-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.5(x), Firepower Management Center (FMC) 6.5(x) and Firepower eXtensible Operating System (FXOS) 2.7(x)

6.4

2023-02-27

2026-02-28

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.4(X), Firepower Management Center (FMC) 6.4(X) and Firepower eXtensible Operating System (FXOS) 2.6(x)

6.3

2020-04-30

2023-04-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.2, 6.3(x), Firepower eXtensible Operating System (FXOS) 2.4.1 and Firepower Management Center (FMC) 6.2.2 and 6.3(x)

6.2.3

2022-02-04

2025-02-28

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.3, Firepower Management Center (FMC) 6.2.3 and Firepower eXtensible Operating System (FXOS) 2.2(x)

6.2.2

2020-04-30

2023-04-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense (FTD) 6.2.2, 6.3(x), Firepower eXtensible Operating System (FXOS) 2.4.1 and Firepower Management Center (FMC) 6.2.2 and 6.3(x)

6.2.1

2019-03-05

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.2.0 and 6.2.1

6.2

2019-03-05

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.2.0 and 6.2.1

6.1

2019-11-22

2023-05-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Threat Defense versions 6.1, NGIPSv and NGFWv versions 6.1, Firepower Management Center 6.1 and Firepower eXtensible Operating System (FXOS) 2.0(x)

6.0.1

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

6.0.0

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

5.4

2017-11-10

2020-11-30

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Software Releases 5.4, 6.0 and 6.0.1 and Firepower Management Center Software Releases 5.4, 6.0 and 6.0.1

5.3

2016-01-29

2018-07-31

End-of-Sale and End-of-Life Announcement for the Cisco FirePOWER Software v5.3 and v5.3.1 and FireSIGHT Management Center Software v5.3 and v5.3.1

These software versions have been removed from the Cisco Support & Download site.


Note


In Version 6.2.3+, uninstalling a patch (fourth-digit release) results in an appliance running the version you upgraded from. This means that you can end up running a deprecated version simply by uninstalling a later patch. Unless otherwise stated, do not remain at a deprecated version. Instead, we recommend you upgrade. If upgrade is impossible, uninstall the deprecated patch.


Table 18. Software Removed Versions

Version

Date Removed

Related Bugs and Additional Details

6.5.0.3

2020-03-02: devices

2020-02-04: FMC

CSCvs86257: FMC Upgrade is failing at 800_post/1025_vrf_policy_upgrade.pl

This is an upgrade bug. If you are already running this version it is safe to continue.

6.5.0.1

2019-12-19

CSCvr52109: FTD may not match correct Access Control rule following a deploy to multiple devices

6.4.0.6

2019-12-19

CSCvr52109: FTD may not match correct Access Control rule following a deploy to multiple devices

6.2.3.8

2019-01-07

CSCvn82378: Traffic through ASA/FTD might stop passing upon upgrading FMC to 6.2.3.8-51

6.2.1

2017-11-17

This version is replaced by Version 6.2.2, which offers the same functionality and supports the full set of platforms.

5.4.0.1

2015

5.3.1.2

2015

These integrated products are deprecated.

Table 19. Deprecated Integrated Products

Product

Details

Cisco Firepower User Agent

Version 6.6 is the last release to support the Cisco Firepower User Agent software as an identity source. You cannot upgrade an FMC with user agent configurations to Version 6.7+. You should switch to Cisco Identity Services Engine/Passive Identity Connector (ISE/ISE-PIC). This will also allow you to take advantage of features that are not available with the user agent. To convert your license, contact Sales.

For more information, see the End-of-Life and End-of-Support for the Cisco Firepower User Agent announcement and the Firepower User Identity: Migrating from User Agent to Identity Services Engine TechNote.

Cisco Terminal Services (TS) Agent

Cisco TS Agent Versions 1.0 and 1.1 have been removed from the Cisco Support & Download site. If you are using either of these versions, we recommend you upgrade.

Cisco Security Packet Analyzer

Cisco Security Packet Analyzer is compatibile with Versions 6.3 and 6.4 only.

Hardware

These platforms have reached end of sale and/or end of support.

Table 20. Management Center Hardware EOL Announcements

Platform

Last Version

End of Sale

End of Support

Announcement

FMC 1000, 2500, 4500

7.0

2019-07-12

2024-07-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center Platforms- FMC 1000, FMC 2500, FMC 4500

FMC 4000

6.6

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 4000

FMC 2000

6.6

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 2000

FMC 750

6.4

2017-03-31

2022-03-31

End-of-Sale and End-of-Life Announcement for the Cisco Firepower Management Center 750

FMC 1500

6.4

2015-09-18

2020-09-30

End-of-Sale and End-of-Life Announcement for the Cisco FireSIGHT Management Center 1500 Products

FMC 3500

6.4.

2015-08-31

2020-08-31

End-of-Sale and End-of-Life Announcement for the Cisco FireSIGHT Management Center 3500

FMC 500, 1000, 3000

5.4

Sales ended

Support ended

Suggested Release

Suggested Release: Version 7.2.5.x

To take advantage of new features and resolved issues, we recommend you upgrade all eligible appliances to at least the suggested release, including the latest patch. On the Cisco Support & Download site, the suggested release is marked with a gold star. In Version 7.4.1+, the management center notifies you when a new suggested release is available, and indicates suggested releases on its product upgrades page.

Suggested Releases for Older Appliances

If an appliance is too old to run the suggested release and you do not plan to refresh the hardware right now, choose a major version then patch as far as possible. Some major versions are designated long-term or extra long-term, so consider one of those. For an explanation of these terms, see Cisco NGFW Product Line Software Release and Sustaining Bulletin.

If you are interested in a hardware refresh, contact your Cisco representative or partner contact.

Release Dates

Table 21. Version 7.4 Dates

Version

Build

Date

Platforms

7.4.1

172

2023-12-13

All

7.4.0

81

2023-09-07

Management center

Secure Firewall 4200 series

Table 22. Version 7.3 Dates

Version

Build

Date

Platforms

7.3.1.1

83

2023-08-24

All

7.3.1

19

2023-03-14

All

7.3.0

69

2022-11-29

All

Table 23. Version 7.2 Dates

Version

Build

Date

Platforms

7.2.5.1

29

2023-11-14

All

7.2.5

208

2023-07-27

All

7.2.4.1

43

2023-07-27

All

7.2.4

169

2023-05-10

Management center

165

2023-05-03

Devices

7.2.3.1

13

2023-04-18

Management center

7.2.3

77

2023-02-27

All

7.2.2

54

2022-11-29

All

7.2.1

40

2022-10-03

All

7.2.0.1

12

2022-08-10

All

7.2.0

82

2022-06-06

All

Table 24. Version 7.1 Dates

Version

Build

Date

Platforms

7.1.0.3

108

2022-03-15

All

7.1.0.2

28

2022-08-03

FMC/FMCv

Secure Firewall 3100 series

7.1.0.1

28

2022-02-24

FMC/FMCv

All devices except Secure Firewall 3100 series

7.1.0

90

2021-12-01

All

Table 25. Version 7.0 Dates

Version

Build

Date

Platforms

7.0.6.1

36

2023-11-13

All

7.0.6

236

2023-07-18

All

7.0.5.1

5

2023-04-26

NGIPSv

For devices with security certifications compliance enabled (CC/UCAPL mode). Use with a Version 7.0.5 FMC.

7.0.5

72

2022-11-17

All

7.0.4

55

2022-08-10

All

7.0.3

37

2022-06-30

All

7.0.2.1

10

2022-06-27

All

7.0.2

88

2022-05-05

All

7.0.1.1

11

2022-02-17

All

7.0.1

84

2021-10-07

All

7.0.0.1

15

2021-07-15

All

7.0.0

94

2021-05-26

All

Table 26. Version 6.7 Dates

Version

Build

Date

Platforms

6.7.0.3

105

2022-02-17

All

6.7.0.2

24

2021-05-11

All

6.7.0.1

13

2021-03-24

All

6.7.0

65

2020-11-02

All

Table 27. Version 6.6 Dates

Version

Build

Date

Platforms

6.6.7.1

42

2023-01-26

All

6.6.7

223

2022-07-14

All

6.6.5.2

14

2022-03-24

All

6.6.5.1

15

2021-12-06

All

6.6.5

81

2021-08-03

All

6.6.4

64

2021-04-29

Firepower 1000 series

59

2021-04-26

FMC/FMCv

All devices except Firepower 1000 series

6.6.3

80

2020-03-11

All

6.6.1

91

2020-09-20

All

90

2020-09-08

6.6.0.1

7

2020-07-22

All

6.6.0

90

2020-05-08

Firepower 4112

2020-04-06

FMC/FMCv

All devices except Firepower 4112

Table 28. Version 6.5 Dates

Version

Build

Date

Platforms: Upgrade

Platforms: Reimage

6.5.0.5

95

2021-02-09

All

6.5.0.4

57

2020-03-02

All

6.5.0.3

30

2020-02-03

No longer available.

6.5.0.2

57

2019-12-19

All

6.5.0.1

35

2019-11-20

No longer available.

6.5.0

123

2020-02-03

FMC/FMCv

FMC/FMCv

120

2019-10-08

115

2019-09-26

All devices

All devices

Table 29. Version 6.4 Dates

Version

Build

Date

Platforms

6.4.0.17

26

2023-09-28

All

6.4.0.16

50

2022-11-21

All

6.4.0.15

26

2022-05-31

All

6.4.0.14

67

2022-02-18

All

6.4.0.13

57

2021-12-02

All

6.4.0.12

112

2021-05-12

All

6.4.0.11

11

2021-01-11

All

6.4.0.10

95

2020-10-21

All

6.4.0.9

62

2020-05-26

All

6.4.0.8

28

2020-01-29

All

6.4.0.7

53

2019-12-19

All

6.4.0.6

28

2019-10-16

No longer available.

6.4.0.5

23

2019-09-18

All

6.4.0.4

34

2019-08-21

All

6.4.0.3

29

2019-07-17

All

6.4.0.2

35

2019-07-03

FMC/FMCv

FTD/FTDv, except Firepower 1000 series

34

2019-06-27

2019-06-26

Firepower 7000/8000 series

ASA FirePOWER

NGIPSv

6.4.0.1

17

2019-06-27

FMC 1600, 2600, 4600

2019-06-20

Firepower 4115, 4125, 4145

Firepower 9300 with SM-40, SM-48, and SM-56 modules

2019-05-15

FMC 750, 1000, 1500, 2000, 2500, 3500, 4000, 4500

FMCv

Firepower 2110, 2120, 2130, 2140

Firepower 4110, 4120, 4140, 4150

Firepower 9300 with SM-24, SM-36, and SM-44 modules

ASA 5508-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X

ASA 5585-X-SSP-10, -20, -40, -60

ISA 3000

FTDv

Firepower 7000/8000 series

NGIPSv

6.4.0

113

2020-03-03

FMC/FMCv

102

2019-06-20

Firepower 4115, 4125, 4145

Firepower 9300 with SM-40, SM-48, and SM-56 modules

2019-06-13

Firepower 1010, 1120, 1140

2019-04-24

Firepower 2110, 2120, 2130, 2140

Firepower 4110, 4120, 4140, 4150

Firepower 9300 with SM-24, SM-36, and SM-44 modules

ASA 5508-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X

ASA 5585-X-SSP-10, -20, -40, -60

ISA 3000

FTDv

Firepower 7000/8000 series

NGIPSv

Table 30. Version 6.3 Dates

Version

Build

Date

Platforms: Upgrade

Platforms: Reimage

6.3.0.5

35

2019-11-18

Firepower 7000/8000 series

NGIPSv

34

2019-11-18

FMC/FMCv

All FTD devices

ASA FirePOWER

6.3.0.4

44

2019-08-14

All

6.3.0.3

77

2019-06-27

FMC 1600, 2600, 4600

2019-05-01

FMC 750, 1000, 1500, 2000, 2500, 3500, 4000, 4500

FMCv

All devices

6.3.0.2

67

2019-06-27

FMC 1600, 2600, 4600

2019-03-20

FMC 750, 1000, 1500, 2000, 2500, 3500, 4000, 4500

FMCv

All devices

6.3.0.1

85

2019-06-27

FMC 1600, 2600, 4600

2019-02-18

FMC 750, 1000, 1500, 2000, 2500, 3500, 4000, 4500

FMCv

All devices

6.3.0

85

2019-01-22

Firepower 4100/9300

Firepower 4100/9300

84

2018-12-18

FMC/FMCv

ASA FirePOWER

83

2019-06-27

FMC 1600, 2600, 4600

2018-12-03

All FTD devices except Firepower 4100/9300

Firepower 7000/8000

NGIPSv

FMC 750, 1000, 1500, 2000, 2500, 3500, 4000, 4500

FMCv

All devices except Firepower 4100/9300

Table 31. Version 6.2.3 Dates

Version

Build

Date

Platforms: Upgrade

Platforms: Reimage

6.2.3.18

50

2022-02-16

All

6.2.3.17

30

2021-06-21

All

6.2.3.16

59

2020-07-13

All

6.2.3.15

39

2020-02-05

FTD/FTDv

38

2019-09-18

FMC/FMCv

Firepower 7000/8000

ASA FirePOWER

NGIPSv

6.2.3.14

41

2019-07-03

All

36

2019-06-12

All

6.2.3.13

53

2019-05-16

All

6.2.3.12

80

2019-04-17

All

6.2.3.11

55

2019-03-17

All

53

2019-03-13

6.2.3.10

59

2019-02-07

All

6.2.3.9

54

2019-01-10

All

6.2.3.8

51

2019-01-02

No longer available.

6.2.3.7

51

2018-11-15

All

6.2.3.6

37

2018-10-10

All

6.2.3.5

53

2018-11-06

FTD/FTDv

52

2018-09-12

FMC/FMCv

Firepower 7000/8000

ASA FirePOWER

NGIPSv

6.2.3.4

42

2018-08-13

All

6.2.3.3

76

2018-07-11

All

6.2.3.2

46

2018-06-27

All

42

2018-06-06

6.2.3.1

47

2018-06-28

All

45

2018-06-21

43

2018-05-02

6.2.3

113

2020-06-01

FMC/FMCv

FMC/FMCv

111

2019-11-25

FTDv: AWS, Azure

110

2019-06-14

99

2018-09-07

96

2018-07-26

92

2018-07-05

88

2018-06-11

85

2018-04-09

84

2018-04-09

Firepower 7000/8000 series

NGIPSv

83

2018-04-02

FTD/FTDv

ASA FirePOWER

FTD: Physical platforms

FTDv: VMware, KVM

Firepower 7000/8000

ASA FirePOWER

NGIPSv

79

2018-03-29

Table 32. Version 6.2.2 Dates

Version

Build

Date

Platforms

6.2.2.5

57

2018-11-27

All

6.2.2.4

43

2018-09-21

FTD/FTDv

34

2018-07-09

FMC/FMCv

Firepower 7000/8000

ASA FirePOWER

NGIPSv

32

2018-06-15

6.2.2.3

69

2018-06-19

All

66

2018-04-24

6.2.2.2

109

2018-02-28

All

6.2.2.1

80

2017-12-05

Firepower 2100 series

78

2017-11-20

73

2017-11-06

FMC/FMCv

All devices except Firepower 2100 series

6.2.2

81

2017-09-05

All

Additional Resources

Table 33.

Description

Resources

Sustaining bulletins provide support timelines for the Cisco Next Generation Firewall product line, including management platforms and operating systems.

Cisco NGFW Product Line Software Release and Sustaining Bulletin

Compatibility guides provide detailed compatibility information for supported hardware models and software versions, including bundled components and integrated products.

Cisco Secure Firewall Threat Defense Compatibility Guide

Cisco Firepower Classic Device Compatibility Guide

Release notes provide critical and release-specific information, including upgrade warnings and behavior changes. Release notes also contain quicklinks to upgrade and installation instructions.

Cisco Secure Firewall Threat Defense Release Notes

New Feature guides provide information on new and deprecated features by release.

Cisco Secure Firewall Management Center New Features by Release

Documentation roadmaps provide links to currently available and legacy documentation. Try the roadmaps if what you are looking for is not listed above.

Navigating the Cisco Secure Firewall Threat Defense Documentation