ASA versions selection

christianstp1 · ‎04-07-2017

Hello,

Just wondering what version of ASA code people are running. I work for a large company that has a lot of diff. 5500 model firewalls and ASAv firewalls and running code all over the place. From 8.x to 9.3 to 9.5 to 9.6 and more. Im trying to finalize a(single) version but just wondering if its possible to have one version for all platforms. Also, if anyone else does this kind of certification process at their company what is your process / procedure to certify?

Thanks!

Marvin Rhoads · ‎04-07-2017

The older 5500 models (5510, 20 etc.) cannot go past 9.1(x). 9.1(7.16) is the latest and is recommended as long as they have the necessary memory upgrades to go beyond 8.2.

https://software.cisco.com/download/release.html?mdfid=279916878&flowid=4374&softwareid=280775065&release=9.1.7%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest

Other than that, we advise our customers to run the Cisco-recommended version for their platforms (unless they require a specific feature that is only avialable on a newer release). Right now that release is ASA 9.4(4.5) - it has a "gold star" on the Cisco download page.

https://software.cisco.com/download/release.html?mdfid=284143129&flowid=31543&softwareid=280775065&release=9.4.4%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest

Most of the "certification" our customers are interested in is passing a third party audit (often for PCI/DSS but also for other legal or regulatory reasons). That's as much (or more) configuration standards than it is what software version they are running.