Secure Firewall Threat Defense Device Support Specifics
Note | Secure Firewall device manager (FDM) support and functionality is only available upon request. If you do not already have Firewall device manager support enabled on your tenant you cannot manage or deploy to FDM-managed devices. Send a request to the support team to enable this platform. |
The Secure Firewall Threat Defense firewall is Cisco's next generation firewall. It strives to combine the best of the next generation firewall services and the ASA platform. It can be installed on a number of different ASA and Firepower hardware devices or virtual machines.
To review the features we support, review Managing FDM Devices with Cisco Defense Orchestrator. See Onboard FDM-Managed Devices for a full discussion of onboarding prerequisites and requirements.
Note | Snort 3 is available for FDM-managed devices running version 6.7 and later. Please note that you can toggle between Snort 2 and Snort 3 at will, but risk incompatible configurations. For more information about Snort 3, supported devices and software, and any limitations see Upgrade to Snort 3.0. |
Hardware and Software Images Supported by CDO
This table summarizes the supported devices and on-prem (customer-deployed) management methods for threat defense hardware. In cloud-managed deployments, the Cloud-delivered Firewall Management Center can manage threat defense devices running Version 7.0.3 to 7.4.1 (except Version 7.1). To add CDO managment to device manager, you must be running at least threat defense Version 6.4.
|
Device Platform |
Device Versions: With Management Center |
Device Versions: With Device Manager |
|---|---|---|
|
Firepower 1010, 1120, 1140 |
6.4+ |
6.4+ |
|
Firepower 1010E |
7.2.3+ No support in 7.3 |
7.2.3+ No support in 7.3 |
|
Firepower 1150 |
6.5+ |
6.5+ |
|
Firepower 2110, 2120, 2130, 2140 |
6.2.1+ |
6.2.1+ |
|
Secure Firewall 3105 |
7.3.1+ |
7.3.1+ |
|
Secure Firewall 3110, 3120, 3130, 3140 |
7.1+ |
7.1+ |
|
Firepower 4110, 4120, 4140 |
6.0.1 to 7.2 |
6.5 to 7.2 |
|
Firepower 4150 |
6.1 to 7.2 |
6.5 to 7.2 |
|
Firepower 4115, 4125, 4145 |
6.4+ |
6.5+ |
|
Firepower 4112 |
6.6+ |
6.6+ |
|
Secure Firewall 4215, 4225, 4245 |
7.4.0+ |
— |
|
Firepower 9300: SM-24, SM-36, SM-44 |
6.0.1 to 7.2 |
6.5 to 7.2 |
|
Firepower 9300: SM-40, SM-48, SM-56 |
6.4+ |
6.5+ |
|
ISA 3000 |
6.2.3+ |
6.2.3+ |
|
ASA 5506-X, 5506H-X, 5506W-X |
6.0.1 to 6.2.3 |
6.1 to 6.2.3 |
|
ASA 5508-X, 5516-X |
6.0.1 to 7.0 |
6.1 to 7.0 |
|
ASA 5512-X |
6.0.1 to 6.2.3 |
6.1 to 6.2.3 |
|
ASA 5515-X |
6.0.1 to 6.4 |
6.1 to 6.4 |
|
ASA 5525-X, 5545-X, 5555-X |
6.0.1 to 6.6 |
6.1 to 6.6 |
Virtual Machine Platforms and Software Images Supported by CDO
This table summarizes the supported devices and on-prem (customer-deployed) management methods for threat defense virtual. In cloud-managed deployments, the Cloud-delivered Firewall Management Center can manage threat defense devices running Version 7.0.3 to 7.4.1 (except Version 7.1). To add CDO managment to device manager, you must be running at least threat defense Version 6.4.
|
Device Platform |
Device Versions: With Management Center |
Device Versions: With Device Manager |
|---|---|---|
|
Public Cloud |
||
|
AWS |
6.0.1+ |
6.6+ |
|
Azure |
6.2+ |
6.5+ |
|
GCP |
6.7+ |
7.2+ |
|
OCI |
6.7+ |
— |
|
On-Prem/Private Cloud |
||
|
HyperFlex |
7.0+ |
7.0+ |
|
KVM |
6.1+ |
6.2.3+ |
|
Nutanix |
7.0+ |
7.0+ |
|
OpenStack |
7.0+ |
— |
| VMware 7.0 |
7.0+ |
7.0+ |
|
VMware 6.7 |
6.5+ |
6.5+ |
|
VMware 6.5 |
6.2.3+ |
6.2.3+ |
|
VMware 6.0 |
6.0 to 6.7 |
6.2.2 to 6.7 |
ASA FirePOWER Services Module
CDO does not support the ASA FirePOWER services module.