Skip to main content



Cisco Defense Orchestrator

Software and Hardware Supported by CDO

The CDO documentation describes software and devices it supports. It does not point out software and devices that CDO does not support. If we do not explicitly claim support for a software version or a device type, then we do not support it.


Firepower Threat Defense Support Specifics

Firepower Threat Defense (FTD) is Cisco's next generation firewall software image. It strives to combine the best of Sourcefire's next generation firewall services and the ASA platform. It can be installed on a number of different ASA and Firepower hardware devices or virtual machines. This is not the same as an ASA FirePOWER module. 

Note: All CDO FTD PIDs are orderable in CCW, including for the Firepower 1000 series and FTDv. The PIDs are platform specific, but common for ASA and FTD. Please consult our ordering guide in Salesconnect for more details.

To review the features we support in this initial release, review Managing Firepower Threat Defense with Cisco Defense Orchestrator. See Onboard Firepower Threat Defense Devices for a full discussion of onboarding prerequisites and requirements.

See the Cisco Firepower Compatibility Guide for explanations of which Cisco hardware supports which versions of Firepower software.

See Guidelines and Limitations for Firepower Interface Configuration for more information about managing Firepower device interfaces using CDO.

See the table below for CDO-specific support: 

FTD Devices Firepower Software Support  Notes

ASA Firepower (ASA 5508-X, 5516-X, ASA 5525-X, 5545-X, 5555-X, ISA 3000)

6.4+, 6.5+, 6.6


ASA Firepower (ASA 5515-X) 6.4+ Firepower Version 6.5.0 and later does not support this device type. This device has been submitted for End-Of-Life; click here for more information. 


You can use the following OS/Hypervisor verisons:

  • VMware vSphere/VMware ESXi 6.0, 6.5, or 6.7
  • KVM
6.5+, 6.6
  • VMware vSphere/VMware ESXi 6.0, 6.5, or 6.7
  • KVM
  • Microsoft Azure

Firepower 1000 Series


(1120, 1140, 1150)


6.5+, 6.6

6.4+, 6.5+, 6.6

Firepower 2100 Series (2110, 2120, 2130, 2140) 6.4+, 6.5+, 6.6  
Firepower 4100 Series (4110, 4115, 4120, 4125, 4140, 4145, 4150) 6.5+, 6.6


To resolve issues, you may need to upgrade FXOS to the latest build. To help you decide, see the Cisco FXOS Release Notes, 2.7(1).

Note: You cannot upgrade these devices through CDO. You must upgrade the device through FDM. 

Firepower 9300 Series (SM-24,  SM-36, SM-40, SM-44, SM-48, SM-56) 6.5+, 6.6


ASA Support Specifics

We recommend you upgrade the ASA 5508-X and 5516-X to the latest ROMMON image; see the instructions in the Cisco ASA and Firepower Threat Defense Reimage Guide. Otherwise, use the following ASA software versions:

  • ASA 9.5(2), 9.5(3)
  • ASA 9.6(x) through 9.13(x)
  • See the Cisco ASA Compatibility Matrix for a complete list of supported ASA hardware and software combinations. CDO manages any supported ASA hardware and software combination with these caveats: 

  • CDO can manage an ASA running ASA 8.4 software or greater on whatever hardware it is installed.
  • CDO can onboard an ASA running ASA 8.3 but cannot deploy changes to it or manage it in any other way. Support is "read-only."

Note: There may be a CDO feature that does not support all versions of ASA, such as ASA Upgrade. In those cases, the documentation will list any version exceptions with the prerequisites for that feature. 

CDO does not support the ASA Service Module (ASASM) at this time.

Note: ASA 5515-X and ASA 5585-X does not support Firepower Version 6.5+ or later.


ASA Devices ASA Software
ASA Firepower 5505
  • 8.4(x)
  • 9.0(x)
  • 9.1(1) to 9.2(4.5)

If you need more memory for your ASA 5505, see ASA 5505 Memory for more information.

ASA Firepower 5506 Series
(5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X)
  • 9.3(2) for ASA 5506-X only
  • 9.4(1) to 9.4(3)
  • 9.5(2) o 9.(3)
  • 9.6(x) to 9.13(1)
ASA Firepower 5500 Series
(5508-X, 5516-X, 5525-X, 5545-X, 5555-X, ISA 3000)
  • 9.5(2)
  • 9.5(3)
  • 9.6(x) to 9.14(x)


ASA Firepower
(5512-X, 5515-X, 5585-X-SSP-10, 5585-X-20, 5585-X-40, 5585-X-60)
  • 8.6(1) for 5512-X, 5515-X, 5525-X, 5545-X, and 5555-X
  • 9.0(x)
  • 9.5(2)
  • 9.5(3)
  • 9.6(x) to 9.14(x)

Note: ASA 5515-X and ASA 5585-X supports ASA versions 9.5(2) to 9.12(x).

ASA Firepower 1000 Series
(1010, 1120, 1140, 1150)
  • 9.13(x) to 9.14(x)

Note: If you need to upgrade either an 1000 or 2000 Series device, see ASA and ASDM Upgrade Prerequisites for more information. 

ASA Firepower 2000 Series 
(2110, 2120, 2130, 2140)


Cloud Device Support Specifics

The following table describes software and device type support for cloud-based devices. Read the affiliated links for more information about onboarding and feature functionality for the device types in the table below: 

Devices Types Notes

Meraki Security Appliance

  • MX Series
  • Meraki Templates

Meraki MX devices and the Meraki dashboard receive regular software updates through the Meraki cloud.

CDO works with the latest version of the Meraki dashboard to manage layer 3 network rules enforced by Meraki MX devices. See Managing Meraki MX with Cisco Defense Orchestrator for more information. 

You must register an MX device to, or create a template in, the Meraki dashboard before onboarding it to CDO. 

Amazon Web Services VPC

AWS VPC receive updates through the AWS console. See Managing AWS with Cisco Defense Orchestrator for more information.

You must launch an AWS VPC in the AWS console before onboarding it to CDO. 



Switching and Routing Support Specifics

The following table describes software and device type support for devices specific to switching and routing. Read the affiliated links for more information about onboarding and feature functionality for the device types in the table below: 

Devices Types Notes

Cisco IOS 

Onboard and managed Cisco IOS devices. See Managing Cisco IOS with Cisco Defense Orchestrator for more information.