Skip to main content

 

 

Cisco Defense Orchestrator

Software and Hardware Supported by CDO

This article describes the software and hardware versions that CDO supports.

Device Support Summary

Device Version Notes
ASA 8.4 + 

See the Cisco ASA Compatibility Matrix for a complete list of supported ASA hardware and software combinations. See ASA Hardware and Software Support Specifics for more information.

ASA FirePOWER module 6.2.3 + 

See the ASA with FirePOWER Services Devices and ASA 5500-x Series with FirePOWER Services sections of the Cisco Firepower Compatibility Guide for a complete list of supported ASA hardware, software, and FirePOWER services module combinations. See ASA FirePOWER Module Support Specifics for more information. 

Firepower Threat Defense We anticipate a CDO beta program for Firepower 6.3 support sometime after the release of that product.

We do not currently support Firepower Threat Defense. However, we are always looking for beta participants and design partners to help us evaluate and grow our product. If you would like to participate in a future beta program for CDO management of Firepower Threat Defense, please contact us.  See Firepower Threat Defense Support Specifics for more information. 

ASA Hardware and Software Support Specifics

See the Cisco ASA Compatibility Matrix for a complete list of supported ASA hardware and software combinations. CDO manages any supported ASA hardware and software combination with these caveats: 

  • CDO can manage an ASA running ASA 8.4 software or greater on whatever hardware it is installed.
  • CDO can onboard an ASA running ASA 8.3 but cannot write changes to it or manage it in any other way. Support is "read-only."

Note: There may be a CDO feature that does not support all versions of ASA, such as ASA Upgrade. In those cases, the documentation will list any version exceptions with the prerequisites for that feature. 

ASA FirePOWER Module Support Specifics

See the ASA with FirePOWER Services Devices and ASA 5500-x Series with FirePOWER Services sections of the Cisco Firepower Compatibility Guide for a complete list of supported ASA hardware, software, and FirePOWER services module combinations. CDO supports FirePOWER services modules beginning with software version 6.2.3. 

The ASA FirePOWER module runs as a separate application from the ASA and supplies next-generation firewall services, including Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP). You can use the module in single or multiple context mode, and in routed or transparent mode. CDO identifies the ASA FirePOWER module as a Firepower-type device. 

The FirePOWER services module is not the same as Firepower Threat Defense next generation firewall.

Firepower Threat Defense Support Specifics

Firepower Threat Defense is Cisco's next generation firewall software image. It strives to combine the best of Sourcefire's next generation firewall services and the ASA platform. It can be installed on a number of different Firepower hardware devices or virtual machines. This is not the same as an ASA FirePOWER module. 

These devices are not currently supported on CDO.

Unsupported Devices 

Typically, we document what we do support and not what we don't support; so, if you don't see an ASA software version or ASA hardware model combination listed in our documentation as supported, we do not support it.

Specifically, however, we also do not support the ASA Service Module (ASASM) at this time.