The CDO documentation describes software and devices it supports. It does not point out software and devices that CDO does not support. If we do not explicitly claim support for a software version or a device type, then we do not support it.
Firepower Threat Defense Support Specifics
Firepower Threat Defense (FTD) is Cisco's next generation firewall software image. It strives to combine the best of Sourcefire's next generation firewall services and the ASA platform. It can be installed on a number of different ASA and Firepower hardware devices or virtual machines. This is not the same as an ASA FirePOWER module.
Note: All CDO FTD PIDs are orderable in CCW, including for the Firepower 1000 series and FTDv. The PIDs are platform specific, but common for ASA and FTD. Please consult our ordering guide in Salesconnect for more details.
To review the features we support in this initial release, review Managing Firepower Threat Defense with Cisco Defense Orchestrator. See Onboard Firepower Threat Defense Devices for a full discussion of onboarding prerequisites and requirements.
See the Cisco Firepower Compatibility Guide for explanations of which Cisco hardware supports which versions of Firepower software.
See Guidelines and Limitations for Firepower Interface Configuration for more information about managing Firepower device interfaces using CDO.
See the table below for CDO-specific support:
|FTD Devices||Firepower Software Support||Notes|
ASA Firepower (ASA 5508-X, 5516-X, ASA 5525-X, 5545-X, 5555-X, ISA 3000)
|ASA Firepower (ASA 5515-X)||6.4+||Firepower Version 6.5.0 and later does not support this device type.|
You can use the following OS/Hypervisor verisons:
Firepower 1000 Series
(1120, 1140, 1150)
|Firepower 2100 Series (2110, 2120, 2130, 2140)||6.4+, 6.5+|
|Firepower 4100 Series (4110, 4115, 4120, 4125, 4140, 4145, 4150)||6.5+||
To resolve issues, you may need to upgrade FXOS to the latest build. To help you decide, see the Cisco FXOS Release Notes, 2.7(1).
|Firepower 9300 Series (SM-24, SM-36, SM-40, SM-44, SM-48, SM-56)||6.5+|
ASA Support Specifics
We recommend you upgrade the ASA 5508-X and 5516-X to the latest ROMMON image; see the instructions in the Cisco ASA and Firepower Threat Defense Reimage Guide. Otherwise, use the following ASA software versions:
- ASA 9.5(2), 9.5(3)
- ASA 9.6(x) through 9.13(x)
See the Cisco ASA Compatibility Matrix for a complete list of supported ASA hardware and software combinations. CDO manages any supported ASA hardware and software combination with these caveats:
- CDO can manage an ASA running ASA 8.4 software or greater on whatever hardware it is installed.
- CDO can onboard an ASA running ASA 8.3 but cannot deploy changes to it or manage it in any other way. Support is "read-only."
Note: There ASA Upgrade. In those cases, the documentation will list any version exceptions with the prerequisites for that feature.may be a CDO feature that does not support all versions of ASA, such as
CDO does not support the ASA Service Module (ASASM) at this time.
|ASA Devices||ASA Software||Firepower Software|
|ASA Firepower 5500 Series (ASA 5508-x, ASA 5516-x, ASA 5525-x, ASA 5545-x, ASA 5555-x, ISA 3000)||
|ASA Firepower (ASA 5515-X, ASA 5585-X-SSP-10, ASA 5585-X-20, ASA 5585-X-40, ASA 5585-X-60)||
Note: ASA 5515-X and ASA 5585-X supports ASA versions 9.5(2) to 9.12(x).
ASA 5515-X and ASA 5585-X does not support Firepower Version 6.5+.
|ASA Firepower 1000 Series (1010, 1120, 1140, 1150)||
Note: If you need to upgrade either an 1000 or 2000 Series device, see ASA and ASDM Upgrade Prerequisites for more information.
|ASA Firepower 2000 Series (2110, 2120, 2130, 2140)|
Cloud Device Support Specifics
The following table describes software and device type support for cloud-based devices. Read the affiliated links for more information about onboarding and feature functionality for the device types in the table below:
Meraki Security Appliance
Meraki MX devices and the Meraki dashboard receive regular software updates through the Meraki cloud.
CDO works with the latest version of the Meraki dashboard to manage layer 3 network rules enforced by Meraki MX devices. See Managing Meraki MX with Cisco Defense Orchestrator for more information.
You must register an MX device to, or create a template in, the Meraki dashboard before onboarding it to CDO.
|Amazon Web Services VPC||
AWS VPC receive updates through the AWS console. See Managing AWS with Cisco Defense Orchestrator for more information.
You must launch an AWS VPC in the AWS console before onboarding it to CDO.
Switching and Routing Support Specifics
The following table describes software and device type support for devices specific to switching and routing. Read the affiliated links for more information about onboarding and feature functionality for the device types in the table below:
|Onboard and managed Cisco IOS devices. See Managing Cisco IOS with Cisco Defense Orchestrator for more information.|