System Requirements

This document includes the system requirements for Version 7.0.

• FMC Platforms, on page 1

• Device Platforms, on page 2

• Device Management, on page 5

FMC Platforms

The FMC provides a centralized firewall management console. For device compatibility with the FMC, see

Device Management, on page 5. For general compatibility information, see the Cisco Secure Firewall

Management Center Compatibility Guide.

FMC Hardware

Version 7.0 supports the following FMC hardware:

• Firepower Management Center 1600, 2600, 4600

• Firepower Management Center 1000, 2500, 4500

You should also keep the BIOS and RAID controller firmware up to date; see the Cisco Secure Firewall Threat

Defense/Firepower Hotfix Release Notes.

FMCv

Version 7.0 supports FMCv deployments in both public and private clouds.

With the FMCv, you can purchase a license to manage 2, 10, or 25 devices. Some platforms support 300

devices. Note that two-device licenses do not support FMC high availability. For full details on supported

instances, see the Cisco Secure Firewall Management Center Virtual Getting Started Guide.

Table 1: Version 7.0 FMCv Platforms

High AvailabilityDevices ManagedPlatform

3002, 10, 25

Public Cloud

System Requirements

High AvailabilityDevices ManagedPlatform

3002, 10, 25

——YES

Amazon Web Services (AWS)

——YESGoogle Cloud Platform (GCP)

——YESMicrosoft Azure

——YESOracle Cloud Infrastructure (OCI)

Private Cloud

YES—YES

Cisco HyperFlex

——YESKernel-based virtual machine (KVM)

——YESNutanix Enterprise Cloud

——YESOpenStack

YESYESYESVMware vSphere/VMware ESXi 6.5, 6.7,

or 7.0

Cloud-delivered Firewall Management Center

The Cisco cloud-delivered Firewall Management Center is delivered via the Cisco Defense Orchestrator

(CDO) platform, which unites management across multiple Cisco security solutions. We take care of feature

updates. Note that a customer-deployed management center is often referred to as on-prem, even for virtual

platforms.

At the time this document was published, the cloud-delivered Firewall Management Center could manage

devices running threat defense . For up-to-date compatibility information, see the Cisco Cloud-Delivered

Firewall Management Center Release Notes.

Device Platforms

Firepower devices monitor network traffic and decide whether to allow or block specific traffic based on a

defined set of security rules. For details on device management methods, see Device Management, on page

5. For general compatibility information, see the Cisco Secure Firewall Threat Defense Compatibility Guide

or the Cisco Firepower Classic Device Compatibility Guide.

FTD Hardware

Version 7.0 FTD hardware comes in a range of throughputs, scalability capabilities, and form factors.

System Requirements

Device Platforms

Table 2: Version 7.0 FTD Hardware

NotesFDM CompatibilityFMC CompatibilityPlatform

FDM + CDOFDM OnlyCloud

Delivered

Customer

Deployed

—YESYESYES

Requires

Version

7.0.3+

YESFirepower 1010, 1120,

1140, 1150

—YESYESYES

Requires

Version

7.0.3+

YESFirepower 2110, 2120,

2130, 2140

Requires FXOS

2.10.1.159 or later build.

We recommend the latest

firmware. See the Cisco

Firepower 4100/9300

FXOS Firmware Upgrade

Guide.

YESYESYES

Requires

Version

7.0.3+

YESFirepower 4110, 4120,

4140, 4150

Firepower 4112, 4115,

4125, 4145

Firepower 9300: SM-24,

SM-36, SM-44 modules

Firepower 9300: SM-40,

SM-48, SM-56 modules

ASA 5508-X and 5516-X

devices may require a

ROMMON update. See

the Cisco Secure Firewall

ASA and Secure Firewall

Threat Defense Reimage

Guide.

YESYESYES

Requires

Version

7.0.3+

YESASA 5508-X, 5516-X

May require a ROMMON

update. See the Cisco

Secure Firewall ASA and

Secure Firewall Threat

Defense Reimage Guide.

YESYESYES

Requires

Version

7.0.3+

YESISA 3000

FTDv

Version 7.0 FTDv implementations support performance-tiered Smart Software Licensing, based on throughput

requirements and remote access VPN session limits. Options run from FTDv5 (100 Mbps/50 sessions) to

FTDv100 (16 Gbps/10,000 sessions). For more information on supported instances, throughputs, and other

hosting requirements, see the appropriate Getting Started Guide.

System Requirements

Device Platforms

Table 3: Version 7.0 FTDv Platforms

FDM CompatibilityFMC CompatibilityDevice Platform

FDM + CDOFDM OnlyCloud DeliveredCustomer Deployed

Public Cloud

YESYESYES

Requires Version

7.0.3+

YES

Amazon Web Services

(AWS)

YESYESYES

Requires Version

7.0.3+

YESMicrosoft Azure

——YES

Requires Version

7.0.3+

YESGoogle Cloud Platform

(GCP)

——YES

Requires Version

7.0.3+

YESOracle Cloud

Infrastructure (OCI)

Private Cloud

YESYESYES

Requires Version

7.0.3+

YES

Cisco Hyperflex

YESYESYES

Requires Version

7.0.3+

YESKernel-based virtual

machine (KVM)

YESYESYES

Requires Version

7.0.3+

YESNutanix Enterprise Cloud

——YES

Requires Version

7.0.3+

YESOpenStack

YESYESYES

Requires Version

7.0.3+

YESVMware

vSphere/VMware ESXi

6.5, 6.7, or 7.0

Firepower Classic: ASA FirePOWER, NGIPSv

Firepower Classic devices run NGIPS software on the following platforms:

System Requirements

Device Platforms

• ASA devices can run NGIPS software as a separate application (the ASA FirePOWER module). Traffic

is sent to the module after ASA firewall policies are applied. Although there is wide compatibility between

ASA and ASA FirePOWER versions, upgrading allows you to take advantage of new features and

resolved issues.

• NGIPSv runs the software in virtualized environments.

Table 4: Version 7.0 NGIPS Platforms

NotesASDM

Compatibility

FMC Compatibility

(Customer

Deployed)

Device Platform

Requires ASA 9.5(2) to 9.16(x).

May require a ROMMON update. See

the Cisco Secure Firewall ASA and

Secure Firewall Threat Defense Reimage

Guide.

Requires ASDM

7.16(1).

YESASA 5508-X, 5516-X

Requires ASA 9.5(2) to 9.16(x).

May require a ROMMON update. See

the Cisco Secure Firewall ASA and

Secure Firewall Threat Defense Reimage

Guide.

Requires ASDM

7.16(1).

YESISA 3000

Requires VMware vSphere/VMware

ESXi 6.5, 6.7, or 7.0.

For supported instances, throughputs,

and other hosting requirements, see the

Cisco Firepower NGIPSv Quick Start

Guide for VMware.

—YESNGIPSv

Device Management

Depending on device model and version, we support the following management methods.

On-Prem FMC

All devices support remote management with an on-prem FMC, which must run the same or newer version

as its managed devices. This means:

• You can manage older devices with a newer FMC, usually a few major versions back. However, we

recommend you always update your entire deployment. New features and resolved issues often require

the latest release on both the FMC and its managed devices.

• You cannot upgrade a device past the FMC. Even for maintenance (third-digit) releases, you must upgrade

the FMC first.

System Requirements

Device Management

Note that in most cases you can upgrade an older device directly to the FMC's major or maintenance version.

However, sometimes you can manage an older device that you cannot directly upgrade, even though the target

version is supported on the device. For release-specific requirements, see Minimum Version to Upgrade.

Table 5: On-Prem FMC-Device Compatibility

Oldest Device Version You Can ManageFMC Version

7.07.4

6.77.3

6.67.2

6.57.1

6.47.0

6.36.7

6.2.36.6

6.2.36.5

6.16.4

6.16.3

6.16.2.3

6.16.2.2

6.16.2.1

6.16.2

5.4.0.2/5.4.1.16.1

5.4.0.2/5.4.1.16.0.1

5.4.0.2/5.4.1.16.0

5.4.1 for ASA FirePOWER on the ASA-5506-X series, ASA5508-X,

and ASA5516-X.

5.3.1 for ASA FirePOWER on the ASA5512-X, ASA5515-X,

ASA5525-X, ASA5545-X, ASA5555-X, and ASA-5585-X series.

5.3.0 for Firepower 7000/8000 series and legacy devices.

5.4.1

Cloud-delivered Firewall Management Center

For threat defense compatibility with cloud-delivered Firewall Management Center, see the Cisco Secure

Firewall Threat Defense Compatibility Guide.

System Requirements

Device Management

FDM

You can use FDM to locally manage a single FTD device.

Optionally, add Cisco Defense Orchestrator (CDO) to remotely manage multiple FTD devices, as an alternative

to the FMC. Although some configurations still require FDM, CDO allows you to establish and maintain

consistent security policies across your FTD deployment.

ASDM

You can use ASDM to locally manage a single ASA FirePOWER module, which is a separate application on

an ASA device. Traffic is sent to the module after ASA firewall policies are applied. Newer versions of ASDM

can manage newer ASA FirePOWER modules.

System Requirements

Device Management

System Requirements

Device Management