Skip to main content

 

 

Cisco Defense Orchestrator

Software and Hardware Supported by CDO

The CDO documentation describes software and devices it supports. It does not point out software and devices that CDO does not support. If we do not explicitly claim support for a software version or a device type, then we do not support it.

ASA Support Specifics

CDO can manage all platforms running ASA 8.4 and later (see ASA and ASDM Compatibility Per Model), including ASAv instances, except for the ASA Services Module (ASASM), which is not supported by CDO.

CDO can onboard an ASA running ASA 8.3 but cannot deploy changes to it or manage it in any other way. Support is "read-only."

There may be a CDO feature that does not support all versions of ASA, such as ASA upgrades from pre-9.12 versions. In those cases, the CDO documentation will list any version exceptions with the prerequisites for that feature.

CDO does not support management of the ASA FirePOWER module, which runs a different operating system from ASA. You can still use the ASA FirePOWER module in your system, but you need to manage it separately with Firepower Management Center or ASDM.

We recommend you upgrade the ASA 5508-X and 5516-X to the latest ROMMON image; see the instructions in the Cisco ASA and Firepower Threat Defense Reimage Guide. Otherwise, use the following ASA software versions:

  • ASA 9.6(x) through 9.15(x)
  • ASA 9.5(2), 9.5(3)

Firepower Threat Defense Support Specifics

Firepower Threat Defense (FTD) is Cisco's next generation firewall software image. It strives to combine the best of the next generation firewall services and the ASA platform. It can be installed on a number of different ASA and Firepower hardware devices or virtual machines.

Note: All CDO FTD PIDs are orderable in CCW, including for the Firepower 1000 series and FTDv. The PIDs are platform specific, but common for ASA and FTD. Please consult our ordering guide in Salesconnect for more details.

To review the features we support in this initial release, review Managing FTD with Cisco Defense Orchestrator. See Onboard FTD Devices for a full discussion of onboarding prerequisites and requirements.

Note: CDO support for Snort 3 is coming soon.

See the Cisco Firepower Compatibility Guide for explanations of which Cisco hardware supports which versions of Firepower software.

See Guidelines and Limitations for Firepower Interface Configuration for more information about managing Firepower device interfaces using CDO.

CDO does not support the ASA FirePOWER services module.

See the table below for CDO-specific support: 

FTD Devices Firepower Software Support  Notes

ASA 5508-X, 5516-X, 5525-X, 5545-X, 5555-X, ISA 3000

6.4.0+

These devices are branded with "ASA" but they can be reformatted and Firepower Threat Defense can be installed on them. 

ASA 5515-X 6.4.0+ Firepower Version 6.5.0 and later does not support this device type. This device has been submitted for End-Of-Life; click here for more information. 
FTDv on VMware

6.4.0+

VMware vShpere/VMware ESXi versions 6.0, 6.5

FTDv on VMware 6.6.0+ VMware vShpere/VMware ESXi versions 6.0, 6.5, 6.7
FTD on KVM 6.4.0+  
FTDv on Microsoft Azure 6.5.0+  
FTDv on AWS 6.6.0+  

Firepower 1000 Series

(1010)

(1120, 1140, 1150)

 

6.5.0+ 

6.4.0+ 

 
Firepower 2100 Series (2110, 2120, 2130, 2140) 6.4.0+  
Firepower 4112 6.6.0+ FXOS 2.8.1.105+
Firepower 4100 Series (4110, 4115, 4120, 4125, 4140, 4145, 4150) 6.5.0+

FXOS 2.7.1.92+

To resolve issues, you may need to upgrade FXOS to the latest build. To help you decide, see the Cisco FXOS Release Notes, 2.7(1).

Note: You cannot upgrade these devices through CDO. You must upgrade the device through FDM. 

Firepower 9300 Series (SM-26,  SM-36, SM-40, SM-44, SM-48, SM-56) 6.5.0+

Firepower Management Center Support Specifics

Firepower Management Center (FMC) is Cisco's multi-FTD management appliance. 

See the Cisco Firepower Compatibility Guide for explanations of which Cisco hardware supports which versions of Firepower software.

Note that CDO partially supports FMC functionality. To review the features we support in this initial release, review Managing FMC with Cisco Defense Orchestrator. See Onboard an FMC for a full discussion of onboarding prerequisites and requirements.

Note: An FMC can manage older FTD devices, usually a few major versions back. For example, a Version 6.6.0 FMC can manage a Version 6.4.0 device.  

Physical FMC Devices Firepower Software Support 

FMC 1600, FMC 2600, FMC 4600

6.4.0+

FMC 1000, FMC 2500, FMC 4500

6.4.0+

FMC 2000, FMC 4000

6.4.0+

FMC 750, FMC 1500, FMC 3500

6.4.0

 

Virtual FMC Version

VMware vSphere/VMware ESXi

Version 6.0

6.4.0+

Version 6.5

6.4.0+
Version 6.7 6.5.0+

Note: Support for FMCv 300 on VMware begins in Version 6.5.0.

Cloud Device Support Specifics

The following table describes software and device type support for cloud-based devices. Read the affiliated links for more information about onboarding and feature functionality for the device types in the table below: 

Devices Types Notes

Meraki Security Appliance

  • MX Series
  • Meraki Templates

Meraki MX devices and the Meraki dashboard receive regular software updates through the Meraki cloud.

CDO works with the latest version of the Meraki dashboard to manage layer 3 network rules enforced by Meraki MX devices. See Managing Meraki MX with Cisco Defense Orchestrator for more information. 

You must register an MX device to, or create a template in, the Meraki dashboard before onboarding it to CDO. 

Amazon Web Services VPC

AWS VPC receive updates through the AWS console. See Managing AWS with Cisco Defense Orchestrator for more information.

You must launch an AWS VPC in the AWS console before onboarding it to CDO. 

Switching and Routing Support Specifics

The following table describes software and device type support for devices specific to switching and routing. Read the affiliated links for more information about onboarding and feature functionality for the device types in the table below: 

Devices Types Notes

Cisco IOS 

Onboard and managed Cisco IOS devices. See Managing Cisco IOS with Cisco Defense Orchestrator for more information. 

Browser Support

CDO supports the latest version of these browsers:

  • Google Chrome
  • Mozilla Firefox