ASA support specifics

Security Cloud Control Firewall Management support for ASA has these constraints:

  • Security Cloud Control Firewall Management can manage all ASA platforms that run currently supported code versions, including ASAv instances.

  • Security Cloud Control Firewall Management does not support ASA Services Module (ASASM).

  • Security Cloud Control Firewall Management does not test end-of-life ASA code versions and does not recommend them for production.

  • Use currently supported ASA code versions for optimal results.

  • ASA 8.3 is not supported with the new policy view.

  • Some Security Cloud Control Firewall Management features might not support all ASA versions. For example, ASA upgrades from pre-9.12 versions can have version exceptions. Feature documentation lists version exceptions in the prerequisites for that feature.

  • Security Cloud Control Firewall Management does not manage the ASA FirePOWER module because the module runs a different operating system from ASA. Manage the ASA FirePOWER module separately with Secure Firewall Management Center or ASDM.

  • End-of-life code and hardware might continue to work with Security Cloud Control. Because end-of-life code and hardware are not part of Security Cloud Control testing, correct operation with end-of-life software and hardware is not guaranteed or assured.

  • ASA versions 8.x, 9.1, and 9.2 do not support TLS 1.2 on the management plane and are considered insecure for ASA software management.

Security Cloud Control Firewall Management can manage all platforms running currently supported code versions, including ASAv instances, except for the ASA Services Module (ASASM), which is not supported by Security Cloud Control.

Note

We do not test end-of-life ASA code versions and do not recommend using them in production. For optimal results, we suggest using the currently supported ASA code versions. Additionally, ASA 8.3 is not supported with the new policy view.

There may be a Security Cloud Control feature that does not support all versions of ASA. In those cases, the Security Cloud Control documentation will list any version exceptions with the prerequisites for that feature.

Security Cloud Control does not manage the ASA FirePOWER module, which runs a different operating system from ASA. You must manage an ASA FirePOWER module separately with Firepower Management Center or ASDM.

Note

EOL code and hardware may continue work with Security Cloud Control, but we cannot assure all functionality of Security Cloud Control with respect to EOL code and hardware, as it is not part of our testing. Security Cloud Control makes no guarantees nor assurances of correct operation with EOL software and hardware. An example of this would be the EOL ASA versions 8.x, 9.1, and 9.2 do not support TLS 1.2 on the management plane and would be considered an insecure way to manage ASA software.

Please defer to the version download page for Cisco "suggested release" or "gold star" versions.

For a full discussion of ASA, ASDM, and hardware compatiblity, see the Cisco Secure Firewall ASA Compatibility guide.