• ASA devices can run NGIPS software as a separate application (the ASA FirePOWER module). Traffic
is sent to the module after ASA firewall policies are applied. Although there is wide compatibility between
ASA and ASA FirePOWER versions, upgrading allows you to take advantage of new features and
resolved issues.
• NGIPSv runs the software in virtualized environments.
Table 4: Version 7.0 NGIPS Platforms
NotesASDM
Compatibility
FMC Compatibility
(Customer
Deployed)
Device Platform
Requires ASA 9.5(2) to 9.16(x).
May require a ROMMON update. See
the Cisco Secure Firewall ASA and
Secure Firewall Threat Defense Reimage
Guide.
Requires ASDM
7.16(1).
YESASA 5508-X, 5516-X
Requires ASA 9.5(2) to 9.16(x).
May require a ROMMON update. See
the Cisco Secure Firewall ASA and
Secure Firewall Threat Defense Reimage
Guide.
Requires ASDM
7.16(1).
YESISA 3000
Requires VMware vSphere/VMware
ESXi 6.5, 6.7, or 7.0.
For supported instances, throughputs,
and other hosting requirements, see the
Cisco Firepower NGIPSv Quick Start
Guide for VMware.
—YESNGIPSv
Device Management
Depending on device model and version, we support the following management methods.
On-Prem FMC
All devices support remote management with an on-prem FMC, which must run the same or newer version
as its managed devices. This means:
• You can manage older devices with a newer FMC, usually a few major versions back. However, we
recommend you always update your entire deployment. New features and resolved issues often require
the latest release on both the FMC and its managed devices.
• You cannot upgrade a device past the FMC. Even for maintenance (third-digit) releases, you must upgrade
the FMC first.
System Requirements
5
System Requirements
Device Management