Cisco Firepower Compatibility Guide Introduction This guide lists Cisco Firepower software and hardware compatibility and requirements. • Terminology and Branding, on page 1—By Firepower System version. • Device Platforms by Management Method and Version, on page 3—Summarizes manager-device compatibility and explains Version 5.x sequences. • Device Platforms, on page 5—Available implementations and alternate management capabilities depend on device platform and Firepower System version. • Firepower Management Centers, on page 11—Can manage all device implementations. • Integrated Product Compatibility, on page 12—By Firepower System version. • Additional Resources, on page 13—Release and product information. Caution Versions 5.3.1.2 and Version 5.4.0.1 of the Firepower System are no longer supported on any platform. Terminology and Branding General Terminology Description Version 6.x Version 5.4.x Version 5.3.1.x Version 5.3.0.x Company name Cisco Cisco Cisco Sourcefire Product line Firepower System FireSIGHT System FireSIGHT System Sourcefire 3D System Configuration guide Firepower Management Center Configuration Guide FireSIGHT System User Guide FireSIGHT System User Guide Sourcefire 3D System User Guide Release notes Firepower System Release Notes FireSIGHT System Release Notes FireSIGHT System Release Notes Sourcefire 3D System Release Notes Cisco Firepower Compatibility Guide 1 Introduction Management Terminology Management Terminology Description Version 6.x Version 5.4.x Version 5.3.1.x Version 5.3.0.x Management platform for all devices Firepower Management Center FireSIGHT Management Center FireSIGHT Defense Center Defense Center Management Center FireSIGHT Defense Center Defense Center Defense Center — — — — — DCxxxx DCxxxx DCxxxx Version 5.4.x Version 5.3.1.x Version 5.3.0.x Next-Generation Firewall (NGFW) Firepower Threat software for ASA, Firepower, and Defense virtual devices — — — Next Generation IPS (NGIPS) software for ASA devices ASA FirePOWER module ASA FirePOWER module ASA FirePOWER module — ASA device running an ASA FirePOWER module ASA with ASA with ASA with — FirePOWER Services FirePOWER Services FirePOWER Services Local management of ASA FirePOWER modules ASDM Local management of Firepower Threat Defense Firepower Device Manager ASDM (5.4.1 +) (6.1 +) Model number format for physical MCxxxx Firepower Management Centers FSxxxx Device Terminology Description Version 6.x 7000 or 8000 Series device running 7000 or 8000 Series NGIPS software 7000 or 8000 Series 7000 or 8000 Series 7000 or 8000 Series Series 3 Series 3 Series 3 Virtual device running NGIPS software virtual managed device virtual managed device virtual managed device Series 2 Series 2 Series 2 NGIPSv Legacy Firepower device running — NGIPS software Cisco Firepower Compatibility Guide 2 (5.4.0.x only) Introduction Device Platforms by Management Method and Version Description Version 6.x Version 5.4.x Version 5.3.1.x Legacy X-Series device running NGIPS software — Cisco NGIPS for Blue Cisco NGIPS for Blue FireSIGHT Software Coat X-Series Coat X-Series for X-Series (5.4.0.x only) Model number formats for physical ASAxxxx device platforms AMPxxxx Firepower xxxx Version 5.3.0.x Sourcefire Software for X-Series ASAxxxx ASAxxxx AMPxxxx 3Dxxxx 3Dxxxx 3Dxxxx Device Platforms by Management Method and Version Specific manager-device compatibility depends on the version of both the manager and device. However, many features depend on the version of the system running on the device. Even if a Firepower Management Center is running the latest version, your deployment may not support all the features of that version until you update managed devices. The following table summarizes the versions of the Firepower System supported on each device platform, depending on implementation and manager. The table lists the earliest supported version "+" for devices that have not reached end of life (EOL) or end of support. For example, an ASA5506-X supports: • Version 5.4.1 + of the ASA FirePOWER module, managed by ASDM • Version 5.4.1 + of the ASA FirePOWER module, managed by a Firepower Management Center • Version 6.0.1 + of Firepower Threat Defense, managed by a Firepower Management Center • Version 6.1 + of Firepower Threat Defense, managed by Firepower Device Manager Note Not all versions of the Firepower System, especially patches, apply to all platforms. In particular, Version 5.x sequences of the Firepower System support different device platforms and implementations. Even if this table lists support for a version-plus, it is possible that not all later versions are supported. For detailed information, see the device-specific sections in this guide. Table 1: Device Platforms by Management Method and Version Manager Firepower Management Center/Defense Center ASDM Device Firepower Software (NGIPS) Firepower Threat Defense ASA FirePOWER ASA FirePOWER Firepower Threat Defense Cisco NGIPS for Blue Coat X-Series 5.3.0.x — — — Firepower Device Manager — 5.4.0.x Cisco Firepower Compatibility Guide 3 Introduction Device Platforms by Management Method and Version Manager Firepower Management Center/Defense Center ASDM Firepower Device Manager Device Firepower Software (NGIPS) Firepower Threat Defense ASA FirePOWER ASA FirePOWER Firepower Threat Defense 3D500, 3D1000, 3D2000 5.3.0.x — — — — 3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL) 5.4.0.x 5.3 + — — — — 5.4 + — — — — 5.3 + — — — — Virtual: VMware 5.3 + 6.0.1 + — — — Virtual: AWS — 6.0.1 + — — — Virtual: KVM — 6.1 + — — — Virtual: Azure — 6.2 + — — — ASA5506-X, 06H-X, 06W-X, 08-X, 16-X — 6.0.1 + 5.4.1 + 5.4.1 + 6.1 + ISA3000 — — 5.4.1.7 + (5.4.1.x sequence only) 5.4.1.7 + (5.4.1.x sequence only) — ASA5512-X, 15-X, 25-X, 45-X, 55-X — 6.0.1 + 5.3.1 + 6.0 + 6.1 + ASA5585-X-SSP-10, -20, -40, -60 — — 5.3.1 + 6.0 + — Firepower 9300 — 6.0.1 + — — — — 6.1 + — — — 3D9900 (EOL) Firepower 7010, 7020, 7030 Firepower 7110, 7115 7120, 7125 AMP7150 Firepower 7050 AMP8150, 8350 Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP8050 Firepower 4110, 4120, 4140 Firepower 4150 Cisco Firepower Compatibility Guide 4 Introduction Understanding Version 5.x Release Sequences Manager Firepower Management Center/Defense Center ASDM Device Firepower Software (NGIPS) Firepower Threat Defense ASA FirePOWER ASA FirePOWER Firepower Threat Defense Firepower 2110, 2120, 2130, 2140 — 6.2.1 + — — Firepower Device Manager 6.2.1 + Understanding Version 5.x Release Sequences Version 5.x sequences of the Firepower System support different device platforms and implementations, as follows: • 5.3.0.x—7000 Series, 8000 Series, NGIPSv, and legacy devices • 5.3.1.x—ASA FirePOWER module running on select ASA platforms (managed by a Defense Center) • 5.4.0.x—All platforms supported by 5.3.0.x and 5.3.1.x • 5.4.1.x—ASA FirePOWER module on a different set of ASA platforms (managed by a Defense Center or ASDM) Firepower Threat Defense is not supported in Version 5.x. Version 5.4.0.x and Version 5.4.1.x Parallel Release Sequences The Version 5.4.0.x and Version 5.4.1.x sequences of the Firepower System are released in parallel, starting with Version 5.4.0.1 paired with Version 5.4.1.0. For each pair, the Version 5.4.0.x release uses a last digit that is one more than the last digit of its parallel Version 5.4.1.x release. Parallel releases are: • 5.4.0.1 (no longer supported) and 5.4.1.0 • 5.4.0.2 and 5.4.1.1 • 5.4.0.3 and 5.4.1.2 • … and so on Also, although there is a Version 5.4 Defense Center release, the Version 5.4.0.x sequence is designed for devices, not the Defense Center. You should use a Version 5.4.1.x Defense Center to manage Version 5.4.0.x and Version 5.4.1.x devices. For example, you might use a Version 5.4.1.8 Defense Center to manage a Version 5.4.0.9 8000 Series device, and Version 5.4.1.8 of the ASA FirePOWER module installed on an ASA5506-X. Device Platforms You can deploy the following implementations of the Firepower System on a traffic-handling device, depending on device platform and Firepower System version: Cisco Firepower Compatibility Guide 5 Introduction Firepower Threat Defense Devices • Firepower Threat Defense Devices, on page 6—Next-Generation Firewall (NGFW) software for ASA, Firepower, and virtual devices • ASA FirePOWER Devices, on page 7—Next Generation IPS (NGIPS) software for ASA devices • Firepower 7000/8000 Series and Legacy Devices, on page 10—Next Generation IPS (NGIPS) software for 7000 Series, 8000 Series, virtual, and legacy devices These implementations have different capabilities. Management options depend on device platform, implementation, and Firepower System version. Firepower Threat Defense Devices The following tables list Firepower Threat Defense compatibility with various device platforms. They also include FXOS requirements for select platforms, and compatible hosting environments for virtual implementations. You can manage any listed version of Firepower Threat Defense with a corresponding version of the Firepower Management Center. Some Firepower Threat Defense devices, depending on model and version, also support local management by Firepower Device Manager. Firepower Threat Defense on ASA Devices Firepower System Version ASA5506-X ASA5506H-X ASA5506W-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X 6.0.1.x Yes Yes 6.1.x.x Yes Yes 6.2.0.x Yes Yes 6.2.1 — — Firepower Threat Defense on FXOS-Based Devices Firepower System Version Firepower 9300 Firepower 4110 Firepower 4120 Firepower 4140 Firepower 4150 Firepower 2110 Firepower 2120 Firepower 2130 Firepower 2140 6.0.1.x FXOS 1.1.4.x — — FXOS 2.0.1.x — FXOS 2.0.1.x (except 6.0.1.1) 6.1.x.x FXOS 2.0.1.x Cisco Firepower Compatibility Guide 6 Introduction ASA FirePOWER Devices Firepower System Version Firepower 9300 Firepower 4110 Firepower 4120 Firepower 4140 Firepower 4150 Firepower 2110 Firepower 2120 Firepower 2130 Firepower 2140 6.2.0.x FXOS 2.1.1.x FXOS 2.1.1.x — FXOS 2.2.1.x FXOS 2.2.1.x — — 6.2.1 FXOS 2.2.1.x Firepower Threat Defense Virtual Firepower System Version VMware vSphere/VMware ESXi Amazon Web Services Kernel-Based Virtual (AWS) Machine (KVM) Microsoft Azure 5.1 5.5 6.0 EC2/VPC — Standard D3 6.0.1.x Yes Yes — Yes — — 6.1.x.x — Yes Yes Yes Yes — 6.2.0.x — Yes Yes Yes Yes Yes 6.2.1 — — — — — — ASA FirePOWER Devices The following tables list ASA FirePOWER module compatibility with ASA devices and their associated ASA OS requirements. For ASA FirePOWER modules that support ASDM management, the tables also list compatibile ASDM versions. You can manage any listed version of the ASA FirePOWER module with a corresponding version of the Firepower Management Center/Defense Center. Note ASA OS versions marked with a plus sign (+) include later releases in that major release sequence, but not in the next major release sequence. For example, 9.5(2) + includes 9.5(3) but not 9.6(1). Cisco Firepower Compatibility Guide 7 Introduction ASA FirePOWER Devices ASA5506-X Series, ASA5508-X, ASA5516-X Firepower System Version ASA OS ASDM Management 5.4.1.x 9.3(3.8) + (5506-X only) 7.3(3) + (5506-X only) 9.4(2) + 7.4(1) + 9.5(1.5) + 9.6(1) + 9.7(1.4) + 9.8(1) + 6.0.0.x 9.4(2) + (no ASDM management or captive portal) 7.5(1.112) + 9.5(1.5) + (captive portal in 9.5(2) +) 9.6(1) + 6.0.1.x 9.4(2) + (no ASDM management or captive portal) 7.6(1) + 9.5(1.5) + (captive portal in 9.5(2) +) 9.6(1) + 6.1.x.x 9.5(2) + (5508-X and 5516-X only) 7.6(2) + 9.6(1) + 9.7(1.4) + 9.8(1) + 6.2.0.x 9.5(2) + (5508-X and 5516-X only) 7.7(1) + 9.6(1) + 9.7(1.4) + 9.8(1) + — 6.2.1 — ASA5585-X Series, ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, ASA5555-X Firepower System Version ASA OS ASDM Management 5.3.1.x 9.2(4.5) + — 5.4 9.2(4.5) + — Cisco Firepower Compatibility Guide 8 Introduction ASA FirePOWER Devices Firepower System Version ASA OS ASDM Management 5.4.0.2 + 9.3(3.8) + — (5.4.0.x sequence) 9.4(2) + 9.5(1.5) + 9.6(1) + 9.7(1.4) + 9.8(1) + 6.0.0.x 9.4(2) + (no ASDM management or captive portal) 7.5(1.112) + 9.5(1.5) + (captive portal in 9.5(2) +) 9.6(1) + 6.0.1.x 9.4(2) + (no ASDM management or captive portal) 7.6(1) + 9.5(1.5) + (captive portal in 9.5(2) +) 9.6(1) + 6.1.x.x 9.5(2) + 7.6(2) + 9.6(1) + 9.7(1.4) + 9.8(1) + 6.2.0.x 9.5(2) + 7.7(1) + 9.6(1) + 9.7(1.4) + 9.8(1) + 6.2.1 — — ISA3000 Firepower System Version ASA OS ASDM Management 5.4.1.7 + (5.4.1.x sequence only) 9.4(1.225) 7.5(1.112) and later 9.5(2) + 9.6(1) + Cisco Firepower Compatibility Guide 9 Introduction Firepower 7000/8000 Series and Legacy Devices Firepower 7000/8000 Series and Legacy Devices The following tables list Firepower Software compatibility with 7000 Series, 8000 Series, NGIPS virtual, and legacy device platforms. They also list compatibile hosting environments for virtual implementations, and XOS requirements for Cisco NGIPS for Blue Coat X-Series. You can manage any listed version of the Firepower Software with a corresponding version of the Firepower Management Center. 7000/8000 Series and Legacy Devices Firepower System Version 7000 and 8000 Series, including AMP Series 2 5.3.0.x Yes Yes except 3D7050, AMP8150, AMP8350 5.4.0.x Yes Yes 6.0.x.x Yes — 6.1.x.x Yes — 6.2.0.x Yes — 6.2.1 — — NGIPSv (Virtual Managed Devices) Firepower System Version VMware vCloud Director VMware vSphere/VMware ESXi 5.1 5.0 5.1 5.5 6.0 5.3.0.x Yes Yes Yes — — 5.4.0.x Yes Yes Yes Yes — 5.4.1.x Yes Yes Yes Yes — 6.0.0.x — — Yes Yes — 6.0.1.x — — Yes Yes — 6.1.x.x — — — Yes Yes 6.2.0.x — — — Yes Yes 6.2.1 — — — — — Cisco Firepower Compatibility Guide 10 Introduction Firepower Management Centers Cisco NGIPS for Blue Coat X-Series Firepower System Version XOS Version 5.3.0.x 9.7.2.x except 5.3.0.8 10.x 5.4.0.x 9.7.2.x 10.x Firepower Management Centers The following tables list Firepower System compatibility with Firepower Management Centers/Defense Centers. They also include compatible hosting environments for virtual implementations. You can manage any Firepower System device with a corresponding version of the Firepower Management Center. Usually, these versions do not have to be identical. However, there are restrictions. For detailed information, see the release notes. Firepower Management Centers: Physical Firepower System Version DC500 (EOL) DC1000 (EOL) DC3000 (EOL) MC750 MC1500 MC3500 MC2000 MC4000 MC1000 MC2500 MC4500 5.3.0.x Yes Yes — — Yes Yes — — Yes Yes Yes — 5.4.1.x Yes Yes Yes — 6.0.0.x — Yes Yes — 6.0.1.x — Yes Yes — 6.1.x.x — Yes Yes — except 5.3.0.4 - 5.3.0.8 5.3.1.x except 5.3.1.4 - 5.3.1.7 5.4 5.4.0 only; use 5.4.1.x Defense Centers to manage 5.4.x devices Cisco Firepower Compatibility Guide 11 Introduction Firepower Management Centers: Virtual Firepower System Version DC500 (EOL) DC1000 (EOL) DC3000 (EOL) MC750 MC1500 MC3500 MC2000 MC4000 MC1000 MC2500 MC4500 6.2.0.x — Yes Yes Yes 6.2.1 — Yes Yes Yes Firepower Management Centers: Virtual Firepower System Version VMware vCloud Director VMware vSphere/VMware ESXi Amazon Web Services (AWS) Kernel-Based Virtual Machine (KVM) 5.1 5.0 5.1 5.5 6.0 EC2/VPC — Yes Yes Yes — — — — Yes Yes Yes — — — — Yes Yes Yes Yes — — — 5.4.1.x Yes Yes Yes Yes — — — 6.0.0.x — — Yes Yes — — — 6.0.1.x — — Yes Yes — Yes — 6.1.x.x — — — Yes Yes Yes Yes 6.2.0.x — — — Yes Yes Yes Yes 6.2.1 — — — Yes Yes Yes Yes 5.3.0.x except 5.3.0.4 - 5.3.0.8 5.3.1.x except 5.3.1 5.4 5.4.0 only; use 5.4.1.x Defense Centers to manage 5.4.x devices Integrated Product Compatibility The following table lists the products that you can integrate with the Firepower System. Cisco Firepower Compatibility Guide 12 Introduction Additional Resources Firepower System Cisco Firepower Cisco AMP Threat Cisco Terminal Version System User Agent Grid Services (TS) Agent Cisco AnyConnect Cisco Identity Services Secure Mobility Engine (ISE) Client ISE ISE-PIC 5.3.x 2.2 + — — — — — 5.4.x 2.2 + — — — — — 6.0.x.x 2.3 + 1.4.2 + — — 1.3 — 6.1.x.x 2.3 + 1.4.2 + — — 1.3 — 2.0 and 2.0.1 2.1 6.2.0.x 2.3 + 1.4.2 + 1.0 — 1.3 — 2.0 and 2.0.1 2.1 6.2.1 2.3 + 2.1.4 + 1.0 4.0 + 2.0 and 2.0.1 2.2 2.1 Additional Resources • Cisco Firepower System Documentation Roadmap—http://www.cisco.com/c/en/us/td/docs/security/ firesight/roadmap/firesight-roadmap.html • Cisco Firepower System Release Notes—http://www.cisco.com/c/en/us/support/security/defense-center/ products-release-notes-list.html • Cisco ASA Compatibility Guide—http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/ asamatrx.html • Cisco FXOS Compatibility Guide—http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/ compatibility/fxos-compatibility.html Cisco Firepower Compatibility Guide 13 Introduction Additional Resources Cisco Firepower Compatibility Guide 14 © 2017 Cisco Systems, Inc. All rights reserved.
© Copyright 2025 Paperzz