Cisco Secure Firewall ASA Compatibility
This document lists the Secure Firewall ASA software and hardware compatibility and requirements.
ASA and ASDM Compatibility Per Model
This section lists ASA and ASDM compatibility per model.
Note |
For guidance on security issues on the ASA, and which releases contain fixes for each issue, see the ASA Security Advisories. |
ASA 9.22
Releases in bold are the recommended versions.
Note |
|
ASA |
ASDM |
ASA Model | |||||||
---|---|---|---|---|---|---|---|---|---|
ASA Virtual |
Firepower 1010 Firepower 1010E 1120 1140 1150 |
Secure Firewall 1210CE Secure Firewall 1210CP Secure Firewall 1220CX |
Secure Firewall 3105 3110 3120 3130 3140 |
Firepower 4112 4115 4125 4145 |
Secure Firewall 4215 Secure Firewall 4225 Secure Firewall 4245 |
Firepower 9300 |
ISA 3000 |
||
9.22(1.1) |
7.22(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
ASA 9.20 and 9.19
Releases in bold are the recommended versions.
Note |
|
ASA |
ASDM |
ASA Model | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
ASA Virtual |
Firepower 1010 1120 1140 1150 |
Firepower 1010E |
Firepower 2110 2120 2130 2140 |
Secure Firewall 3105 3110 3120 3130 3140 |
Firepower 4112 4115 4125 4145 |
Secure Firewall 4215 Secure Firewall 4225 Secure Firewall 4245 |
Firepower 9300 |
ISA 3000 |
||
9.20(3) |
7.20(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.20(2) |
7.20(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.20(1) |
7.20(1) |
— |
— |
— |
— |
— |
— |
YES |
— |
— |
9.19(1) |
7.19(1) |
YES |
YES |
— |
YES |
YES |
YES |
— |
YES |
YES |
ASA 9.18 to 9.17
Releases in bold are the recommended versions.
Note |
|
ASA |
ASDM |
ASA Model | |||||||
---|---|---|---|---|---|---|---|---|---|
ASA Virtual |
Firepower 1010 1120 1140 1150 |
Firepower 1010E |
Firepower 2110 2120 2130 2140 |
Secure Firewall 3110 3120 3130 3140 |
Firepower 4110 4112 4115 4120 4125 4140 4145 4150 |
Firepower 9300 |
ISA 3000 |
||
9.18(4) |
7.19(1)95 |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.18(3) |
7.18(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.18(2.218) |
7.18(2.1) |
— |
— |
YES |
— |
— |
— |
— |
— |
9.18(2) |
7.18(1.152) |
YES |
YES |
— |
YES |
YES |
YES |
YES |
YES |
9.18(1) |
7.18(1) |
YES |
YES |
— |
YES |
YES |
YES |
YES |
YES |
9.17(1.13) |
7.18(1.152) |
YES |
YES |
— |
YES |
YES |
YES |
YES |
YES |
9.17(1) |
7.17(1.155) |
YES |
YES |
— |
YES |
YES |
YES |
YES |
YES |
ASA 9.16 to 9.15
Releases in bold are the recommended versions.
Note |
|
ASA |
ASDM |
ASA Model |
||||||
---|---|---|---|---|---|---|---|---|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASAv |
Firepower 1010 1120 1140 1150 |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4112 4115 4120 4125 4140 4145 4150 |
Firepower 9300 |
ISA 3000 |
||
9.16(4) |
7.18(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.16(3.19) |
7.18(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.16(3) |
7.16(1.150) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.16(2) |
7.16(1.150) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.16(1) |
7.16(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.15(1) |
7.15(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
ASA 9.14 to 9.13
Releases in bold are the recommended versions.
Note |
|
ASA |
ASDM |
ASA Model |
|||||||
---|---|---|---|---|---|---|---|---|---|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASA 5525-X 5545-X 5555-X |
ASAv |
Firepower 1010 1120 1140 1150 |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4112 4115 4120 4125 4140 4145 4150 |
Firepower 9300 |
ISA 3000 |
||
9.14(4.14) |
7.18(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.14(4) |
7.14(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.14(3) |
7.14(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.14(2) |
7.14(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.14(1.30) |
7.14(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.14(1.6) |
7.14(1.48) |
— |
— |
YES (+ASAv100) |
— |
— |
— |
— |
— |
9.14(1) |
7.14(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.13(1) |
7.13(1) |
YES |
YES |
YES |
YES |
YES |
YES (except 4112) |
YES |
YES |
ASA 9.12 to 9.5
Releases in bold are the recommended versions.
Note |
|
ASA |
ASDM |
ASA Model |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
ASA 5506-X 5506H-X 5506W-X 5508-X 5516-X |
ASA 5512-X 5515-X 5525-X 5545-X 5555-X |
ASA 5585-X |
ASAv |
ASASM |
Firepower 2110 2120 2130 2140 |
Firepower 4110 4120 4140 4150 |
Firepower 4115 4125 4145 |
Firepower 9300 |
ISA 3000 |
||
9.12(4.50) |
7.18(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.12(4) |
7.12(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.12(3) |
7.12(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.12(2) |
7.12(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.12(1) |
7.12(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
9.10(1) |
7.10(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.9(2) |
7.9(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.9(1) |
7.9(1) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.8(4.45) |
7.18(1.152) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.8(4) |
7.8(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.8(3) |
7.8(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.8(2) |
7.8(2) |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
— |
YES |
YES |
9.8(1.200) |
No support |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
9.8(1) |
7.8(1) |
YES |
YES |
YES |
YES (+ASAv50) |
YES |
— |
YES |
— |
YES |
YES |
9.7(1.4) |
7.7(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
9.6(4) |
7.9(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
9.6(3.1) |
7.7(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
9.6(2) |
7.6(2) |
YES |
YES |
YES |
YES |
YES |
— |
YES |
— |
YES |
YES |
9.6(1) |
7.6(1) |
YES |
YES |
YES |
YES |
YES |
— |
YES (except 4150) |
— |
YES |
YES |
9.5(3.9) |
7.6(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
YES |
9.5(2.200) |
7.5(2.153) |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
9.5(2.2) |
7.5(2) |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
9.5(2.1) |
7.5(2) |
— |
— |
— |
— |
— |
— |
— |
— |
YES |
— |
9.5(2) |
7.5(2) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
YES |
9.5(1.200) |
7.5(1) |
— |
— |
— |
YES |
— |
— |
— |
— |
— |
— |
9.5(1.5) |
7.5(1.112) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
9.5(1) |
7.5(1) |
YES |
YES |
YES |
YES |
YES |
— |
— |
— |
— |
— |
ASA and VPN Compatibility
For ASA and VPN compatibility, see Supported VPN Platforms, Cisco ASA 5500 Series.
Firepower 4100/9300 Compatibility with ASA and Threat Defense
For the Firepower 4100/9300, you must maintain compatibility between FXOS and all ASA and threat defense logical devices. Upgrade FXOS before you upgrade the sofware. The bold versions the the following table are specially-qualified (enhanced testing) companion releases. Use these combinations whenever possible.
Note that for other device models, the FXOS compatibility work is done for you. In most cases, upgrading the software automatically upgrades FXOS. For the Secure Firewall 3100/4200 in multi-instance mode, the management center guides you through upgrading FXOS and then threat defense.
To upgrade:
-
FXOS: From FXOS 2.2.2 and later, you can upgrade directly to any higher version. When upgrading from versions earlier than 2.2.2, you need to upgrade to each intermediate version. Note that you cannot upgrade FXOS to a version that does not support your current logical device version. You will need to upgrade in steps: upgrade FXOS to the highest version that supports your current logical device; then upgrade your logical device to the highest version supported with that FXOS version. For example, if you want to upgrade from FXOS 2.2/ASA 9.8 to FXOS 2.13/ASA 9.19, you would have to perform the following upgrades:
-
FXOS 2.2→FXOS 2.11 (the highest version that supports 9.8)
-
ASA 9.8→ASA 9.17 (the highest version supported by 2.11)
-
FXOS 2.11→FXOS 2.13
-
ASA 9.17→ASA 9.19
-
-
Threat Defense: Interim upgrades may be required for threat defense, in addition to the FXOS requirements above. For the exact upgrade path, refer to the management center upgrade guide for your version.
-
ASA: ASA lets you upgrade directly from your current version to any higher version, noting the FXOS requirements above.
Note |
FXOS 2.8(1.125)+ and later versions do not support ASA 9.14(1) or 9.14(1.10) for ASA SNMP polls and traps; you must use 9.14(1.15)+. Other releases, such as 9.13 or 9.12, are not affected. |
FXOS Version |
Model |
ASA Version |
Threat Defense Version |
||||
---|---|---|---|---|---|---|---|
2.16 |
Firepower 4112 |
9.22 (recommended) 9.20 9.19 9.18 9.17 |
7.6 (recommended) 7.4 7.3 7.2 7.1 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.22 (recommended) 9.20 9.19 9.18 9.17 |
7.6 (recommended) 7.4 7.3 7.2 7.1 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
2.14(1) |
Firepower 4112 |
9.20 (recommended) 9.19 9.18 9.17 9.16 9.14 |
7.4 (recommended) 7.3 7.2 7.1 7.0 6.6 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.20 (recommended) 9.19 9.18 9.17 9.16 9.14 |
7.4 (recommended) 7.3 7.2 7.1 7.0 6.6 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
2.13 |
Firepower 4112 |
9.19 (recommended) 9.18 9.17 9.16 9.14 |
7.3 (recommended) 7.2 7.1 7.0 6.6 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.19 (recommended) 9.18 9.17 9.16 9.14 |
7.3 (recommended) 7.2 7.1 7.0 6.6 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
2.12 |
Firepower 4112 |
9.18 (recommended) 9.17 9.16 9.14 |
7.2 (recommended) 7.1 7.0 6.6 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.18 (recommended) 9.17 9.16 9.14 9.12 |
7.2 (recommended) 7.1 7.0 6.6 6.4 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.18 (recommended) 9.17 9.16 9.14 9.12 |
7.2 (recommended) 7.1 7.0 6.6 6.4 |
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.11 |
Firepower 4112 |
9.17 (recommended) 9.16 9.14 |
7.1 (recommended) 7.0 6.6 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.17 (recommended) 9.16 9.14 9.12 |
7.1 (recommended) 7.0 6.6 6.4 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.17 (recommended) 9.16 9.14 9.12 9.8 |
7.1 (recommended) 7.0 6.6 6.4 |
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.10
|
Firepower 4112 |
9.16 (recommended) 9.14 |
7.0 (recommended) 6.6 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.16 (recommended) 9.14 9.12 |
7.0 (recommended) 6.6 6.4 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.16 (recommended) 9.14 9.12 9.8 |
7.0 (recommended) 6.6 6.4 |
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.9 |
Firepower 4112 |
9.14 |
6.6 |
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.14 9.12 |
6.6 6.4 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.14 9.12 9.8 |
6.6 6.4 |
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.8 |
Firepower 4112 |
9.14 |
6.6
|
||||
Firepower 4145 Firepower 4125 Firepower 4115 |
9.14 (recommended) 9.12
|
6.6 (recommended)
6.4 |
|||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.14 (recommended) 9.12 9.8 |
6.6 (recommended)
6.4 6.2.3 |
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.6(1.157)
|
Firepower 4145 Firepower 4125 Firepower 4115 |
9.12
|
6.4 |
||||
Firepower 9300 SM-56 Firepower 9300 SM-48 Firepower 9300 SM-40 |
|||||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.12 (recommended) 9.8 |
6.4 (recommended) 6.2.3 |
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.6(1.131) |
Firepower 9300 SM-48 Firepower 9300 SM-40 |
9.12 |
Not supported |
||||
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.12 (recommended) 9.8 |
||||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.3(1.73) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8
|
6.2.3 (recommended)
|
||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.3(1.66) 2.3(1.58) |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8
|
|||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
|||||||
2.2 |
Firepower 4150 Firepower 4140 Firepower 4120 Firepower 4110 |
9.8 |
Threat Defense versions are EoL |
||||
Firepower 9300 SM-44 Firepower 9300 SM-36 Firepower 9300 SM-24 |
Firepower 1000/2100 and Secure Firewall 3100/4200 ASA and FXOS Bundle Versions
Firepower 1000/2100 and Secure Firewall 3100/4200 platforms utilize FXOS as an underlying operating system that is included in the ASA unified image bundles. The following table lists the ASA and FXOS versions in each released bundle.
Note |
You cannot install ASA or FXOS separately; you must install them both as part of the bundle. |
ASA Bundle Version |
FXOS Version |
---|---|
9.22(1) |
2.16(0.128) |
9.20(3) |
2.14(2.106) |
9.20(2) |
2.14(1.131) |
9.20(1) (Secure Firewall 4200 only) |
2.14(0.11) |
9.19(1) |
2.13(0.198) |
9.18(3) |
2.12(0.468) |
9.18(2) |
2.12(0.438) |
9.18(1) |
2.12(0.31) |
9.17(1) |
2.11(1.154) |
9.16(3) |
2.10(1.189) |
9.16(2) |
2.10(1.162) |
9.16(1) |
2.10(1.159) |
9.15(1) |
2.9(1.131) |
9.14(3) |
2.8(1.157) |
9.14(2) |
2.8(1.134) |
9.14(1.30) |
2.8(1.129) |
9.14(1) |
2.8(1.105) |
9.13(1) |
2.7(1.107) |
9.12(4) |
2.6(1.198) |
9.12(3) |
2.6(1.156) |
9.12(2) |
2.6(1.141) |
9.12(1) |
2.6(1.113) |
9.10(1) |
2.4(1.92) |
9.9(2) |
2.3(1.77) |
9.9(1) |
2.3(1.54) |
9.8(4) |
2.2(2.119) |
9.8(3) |
2.2(2.90) |
9.8(2) |
2.2(2.52) |
ASA Virtual Hypervisor Compatibility
You can deploy the ASA virtual on the following hypervisors.
Note |
ASA virtual deployment on a platform using nested or multi-level hypervisor is not supported. |
Hypervisor |
Version and Details |
ASA Virtual OS |
|||
---|---|---|---|---|---|
Amazon Web Services |
ASA 9.17 and later Amazon Web Services supports the following instance types:
ASA 9.14 and later Amazon Web Services supports the following instance types:
ASA 9.13 and later
ASA 9.12 and earlier Amazon Web Services supports the ASAv10 and ASAv30 models on the following instance types:
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 ASA 9.14 ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 ASA 9.7 ASA 9.6 ASA 9.5 ASA 9.4(1.200), 9.4(2), 9.4(3), 9.4(4) |
|||
Kernel-based Virtual Machine (KVM) |
ASA 9.14
ASA 9.13
ASA 9.8
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 ASA 9.14 ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 ASA 9.7 ASA 9.6 ASA 9.5 ASA 9.4 ASA 9.3(2.200), 9.3(3) |
|||
Microsoft Azure |
ASA 9.17 and later Microsoft Azure supports the following instance types:
ASA 9.15 and later Microsoft Azure supports the following instance types:
ASA 9.13 and later
ASA 9.12 and earlier Microsoft Azure supports the ASAv5, ASAv10, and ASAv30 models on the following instance types:
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 ASA 9.14 ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 ASA 9.7 ASA 9.6(2), 9.6(3), 9.6(4) ASA 9.5(2.200), 9.5(3) |
|||
Google Cloud Platform (GCP) |
Google Cloud Platform (GCP) supports the ASA Virtual on the following GCP machine types:
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 |
|||
OpenStack |
OpenStack supports the ASA Virtual:
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 |
|||
Oracle Cloud Infrastructure (OCI) |
Oracle Cloud Infrastructure (OCI) supports the ASA Virtual on the following OCI shape types:
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 |
|||
VMware vSphere |
8.0:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
|
ASA 9.22 ASA 9.20 |
|||
7.0:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 |
||||
6.0, 6.5, 6.7:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
ASA 9.14
ASA 9.13 and later
ASA 9.8
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 ASA 9.14 (ASAv100 support added) ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 (ASAv50 support added) ASA 9.7 ASA 9.6 ASA 9.5 ASA 9.4 ASA 9.3 ASA 9.2 |
||||
5.x:
See the VMware documentation for more information about vSphere and hardware requirements: http://www.vmware.com/support/pubs/
|
ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 ASA 9.7 ASA 9.6 ASA 9.5 ASA 9.4(1.200), 9.4(2), 9.4(3), 9.4(4) |
||||
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 ASA 9.14 (ASAv100 support added) ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 (ASAv50 support added) ASA 9.7 ASA 9.6 ASA 9.5 ASA 9.4(1.200), 9.4(2), 9.4(3), 9.4(4) |
||||
Microsoft Hyper-V |
The Microsoft Hyper-V hypervisor supports the ASAv5, ASAv10, and ASAv30 models.
ASA 9.13 and later
|
ASA 9.20 ASA 9.19 ASA 9.18 ASA 9.17 ASA 9.16 ASA 9.15 ASA 9.14 ASA 9.13 ASA 9.12 ASA 9.10 ASA 9.9 ASA 9.8 ASA 9.7 ASA 9.6 ASA 9.5(1.200), 9.5(2), 9.5(3) |
Cisco Defense Orchestrator (CDO) Compatibility with the ASA
CDO can manage all platforms running ASA 8.4 and later (see ASA and ASDM Compatibility Per Model), except for the ASA Services Module (ASASM), which is not supported by CDO.
CDO can onboard an ASA running ASA 8.3 but cannot deploy changes to it or manage it in any other way. Support is "read-only."
CDO does not support management of the ASA FirePOWER module, which runs a different operating system from ASA. You can still use the ASA FirePOWER module in your system, but you need to manage it separately with Firepower Management Center or ASDM.
There may be a CDO feature that does not support all versions of ASA, such as ASA upgrades from pre-9.12 versions. In those cases, the CDO documentation will list any version exceptions with the prerequisites for that feature.
ASA REST API Compatibility
This section lists ASA REST API and ASA compatibility.
Note |
The REST API is not supported on newer hardware models and is no longer being developed. We recommend that you instead use the ASA HTTP interface for automation. See Cisco Secure Firewall ASA HTTP Interface for Automation. |
The ASA REST API is supported only on the following models starting with 9.3(2) and ending with 9.16:
-
ASA Virtual
-
Firepower 9300
-
ISA 3000
-
Firepower 4110, 4120, 4140, 4150
-
ASA 5585-X
-
ASA 5525-X, 5545-X, 5555-X
-
ASA 5512-X, 5515-X
-
ASA 5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X
Note
The ASA 5506-X series does not support the REST API if you are running the FirePOWER module Version 6.0 or later. Disable the ASA REST API using the no rest-api agent command.
Secure Firewall 3100 Network Module Compatibility
Modules Supported |
Model |
ASA OS |
||
---|---|---|---|---|
2-port 100-Gb QSFP+ network module (FPR3K-XNM-2X100G) |
|
9.20(2) and later |
||
|
|
9.18(2) and later
|
||
|
|
9.18(2) and later
|
||
|
|
9.17 and later |
||
4-port 40-Gb QSFP+ network module (FPR3K-XNM-4X40G) |
|
9.17 and later |
Secure Firewall 4200 Network Module Compatibility
Modules Supported |
Model |
ASA OS |
||
---|---|---|---|---|
4-port 200G QSFP+ network module (FPR4K-XNM-4X200G) |
|
9.20 and later |
||
|
|
9.20 and later
|
Firepower 2100 Network Module Compatibility
Note |
If a network module is listed for multiple Firepower models, and the part number only differs in the model number (FPRXK-NM-module), then that module is compatible with the other Firepower models. For example, the FPR9K-NM-6X10SR-F module is compatible on the Firepower 2100 (FPR2K-NM-6X10SR-F) and Firepower 4100 (FPR4K-NM-6X10SR-F). See the FXOS compatibility guide for information about Firepower 4100 and 9300 network modules. |
Modules Supported |
Model |
ASA OS |
||
---|---|---|---|---|
|
Firepower 2130 Firepower 2140 |
ASA 9.10 and later
|
||
Firepower 8-port 1G Network Module single-wide (FPR2K-NM-8X1G) |
Firepower 2130 Firepower 2140 |
ASA 9.10 and later |
||
Firepower 8-port 10G Network Module single-wide (FPR2K-NM-8X10G) |
Firepower 2130 Firepower 2140 |
ASA 9.9 and later ASA 9.8(2), 9.8(3) |
ASA and Threat Defense Clustering External Hardware Support
Clustering will work with both Cisco and non-Cisco switches from other major switching vendors with no known interoperability issues if they comply with the following requirements and recommendations. Clustering is compatible with technologies such as vPC (Nexus), VSS (Catalyst), and StackWise & StackWise Virtual (Catalyst).
Switch Requirements
-
All third party switches must be compliant to the IEEE standard (802.3ad) Link Aggregation Control Protocol.
-
EtherChannel bundling must be completed within 45 seconds when connected to Firepower devices and 33 seconds when connected to ASA devices.
-
On the cluster control link, the switch must provide fully unimpeded unicast and broadcast connectivity at Layer 2 between all cluster members.
-
On the cluster control link, the switch must not impose any limitations on IP addressing or the packet format above Layer 2 headers.
-
On the cluster control link, the switch interfaces must support jumbo frames and be configurable for an MTU above 1600.
Switch Recommendations
-
The switch should provide uniform traffic distribution over the EtherChannel's individual links.
-
The switch should have an EtherChannel load-balancing algorithm that provides traffic symmetry.
-
The EtherChannel load balance hash algorithm should be configurable using the 5-tuple, 4-tuple, or 2-tuple to calculate the hash.
Note |
For the Firepower 9300 cluster, intra-chassis clustering can operate with any switch because Firepower 9300-to-switch connections use standard interface types. |
Note |
Some switches, such as the Nexus series, do not support LACP rate fast when performing in-service software upgrades (ISSUs), so we do not recommend using ISSUs with clustering. |
ASA and Cisco Application Policy Infrastructure Controller (APIC) Compatibility
The platforms supported include:
-
ASA 5525-X, 5545-X, and 5555-X (8.6(x)—9.14(x))
-
ASA 5512-X, 5515-X (8.6(x)—9.12(x))
-
ASA 5585-X (8.4(x)—9.12(x))
-
ASAv (9.2(x) and newer)
-
Firepower 4100 and 9300 (9.6(x) and newer)
-
Firepower 2100 (9.8(x) and newer)
The following table lists the supported ASA device packages, ASA versions, and APIC versions.
ASA Device Package Version |
Integration Model |
APIC Version |
ASA Version |
---|---|---|---|
1.3(12.4) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*)—5.0(2*) |
8.4(x)—9.16(x) |
1.3(12.3) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*)—4.1(1*) |
8.4(x)—9.12(x) |
1.3(11.22) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*)—4.0(1*) |
8.4(x)—9.10(x) |
1.3(10.24) |
Cloud Orchestrator Policy Orchestration Fabric Insertion |
3.1(1*) |
8.4(x)—9.8(x) |
1.2(12.3) |
Policy Orchestration Fabric Insertion |
3.0(2*) and older |
8.4(x)—9.16(x) |
1.2(12.2) |
Policy Orchestration Fabric Insertion |
3.0(2*) and older |
8.4(x)—9.12(x) |
1.2(11.16) |
Policy Orchestration Fabric Insertion |
3.0(2*) and older |
8.4(x)—9.10(1) |
1.2(10.26) |
Policy Orchestration Fabric Insertion |
3.0(2*) |
8.4(x)—9.8(x) |
1.2(9.18) |
Policy Orchestration Fabric Insertion |
3.0(1*) |
8.4(x)—9.8(x) |
1.2(8.9) |
Policy Orchestration Fabric Insertion |
2.2(2*) |
8.4(x)—9.7(x) |
1.2(7.x) |
Policy Orchestration Fabric Insertion |
2.1(1*) |
8.4(x)—9.6(2) |
1.2(6.15) |
Policy Orchestration |
2.0(1*) |
8.4(x)—9.5(2) |
1.2(5.21) |
Policy Orchestration |
1.3(1*) |
8.4(x)—9.5(1) |
1.2(5.5) |
Policy Orchestration |
1.2(2*) |
8.4(x)—9.4(x) |
Note |
We do not recommend using any ASA device package older than 2016. |
Note |
Policy Orchestration = Service Policy Mode = Fully Managed Mode. |
Note |
Fabric Insertion = Customized ASA device package for L2-3 automation only. |
End-of-Life Announcements
See the following pages for ASA software and hardware End-of-Life announcements:
Additional Resources
See the following additional resources: