Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
6
Helpful
11
Replies

FMC-ASA-SFR compatibility

Go to solution
rushispace
Level 1
Level 1

‎11-14-2024 02:05 AM

Hello Cisco Community,

I have an ASA 5545-X running with the following versions:

  • ASA Software: 9.14(4)24
  • Firepower Module (SFR): 6.6.7
  • Firepower Management Center (FMC): 7.0.6

I'm planning to upgrade my FMC to version 7.3, but I'm unsure about the compatibility between FMC 7.3 and my current SFR/ASA versions. Could someone please guide me on the following:

  1. Compatibility Matrix for FMC and SFR: What version of the SFR module will be compatible with FMC 7.3?
  2. SFR to ASA Compatibility: If I upgrade the SFR, which ASA versions would still be compatible?

Any advice or a link to the compatibility matrix for FMC, SFR, and ASA versions would be greatly appreciated. I want to ensure a smooth upgrade process without running into version mismatches.

0 Helpful
5 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-14-2024 02:21 AM

@rushispace unfortunately the ASA 5545-X does not support version 6.7, version 6.6.7.2 is the latest version that hardware supports.

https://software.cisco.com/download/home/286271173/type/286277393/release/6.6.7.2

You cannot manage the 5545-X running 6.6 from FMC 7.3

 

View solution in original post

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-14-2024 02:27 AM

@rushispace the FMC won't be able to manage the SFR module on the 5545-X, so it will never be able to connect to the FMC if you upgrade to 7.3

View solution in original post

Go to solution
Aref Alsouqi
VIP
VIP
In response to rushispace

‎11-14-2024 03:06 AM

You don't have to disconnect the SFR module from the ASA to upgrade the FMC. You can still upgrade the FMC to version 7.3 however as @Rob Ingram mentioned you won't be able to manage the current SFR module from the FMC in that case. So the plan in that case would be to upgrade the FMC to version 7.3 and then working on the migration from the ASA to the FTD and finally adding the FTD to the FMC.

View solution in original post

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-21-2024 06:35 AM

@rushispace the SFR configuration would remain after the FMC is upgraded, the FMC will be unable to manage the SFR module.

If you still wish to use the SFR module, you should not contemplate upgrading the FMC, you should replace the hardware with supported hardware such as the 1100, 2100 or 3100 series hardware (depending on your requirements).

View solution in original post

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-21-2024 09:13 AM

@rushispace the SFR module should still work, you could manage the device using ASDM, just not via FMC.

View solution in original post

11 Replies 11

Go to solution
Rob Ingram
VIP
VIP

‎11-14-2024 02:13 AM - edited ‎11-14-2024 02:16 AM

@rushispace unfortunately that won't work, as the oldest FTD (SFR module) version FMC 7.3 can manage is 6.7

RobIngram_0-1731579024530.png

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/management-center-compatibility.html

Ideally you should replace the 5545-X with newer hardware that supports the latest FTD versions.

Go to solution
rushispace
Level 1
Level 1
In response to Rob Ingram

‎11-14-2024 02:18 AM

Hi rob thanks for you responce however we are in the process of migration toward FTD however the compatibility for FMT with FMC it should be 7.3 for PBR migration and as per your responce if i want to go on 7.3 i should want to upgrade sfr to the 6.7 right ?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-14-2024 02:21 AM

@rushispace unfortunately the ASA 5545-X does not support version 6.7, version 6.6.7.2 is the latest version that hardware supports.

https://software.cisco.com/download/home/286271173/type/286277393/release/6.6.7.2

You cannot manage the 5545-X running 6.6 from FMC 7.3

 

0 Helpful

Go to solution
rushispace
Level 1
Level 1
In response to Rob Ingram

‎11-14-2024 02:24 AM

so in that case i need to dissconnect the SFR with my asa to upgrade the FMC to the 7.3 right ?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-14-2024 02:27 AM

@rushispace the FMC won't be able to manage the SFR module on the 5545-X, so it will never be able to connect to the FMC if you upgrade to 7.3

Go to solution
Aref Alsouqi
VIP
VIP
In response to rushispace

‎11-14-2024 03:06 AM

You don't have to disconnect the SFR module from the ASA to upgrade the FMC. You can still upgrade the FMC to version 7.3 however as @Rob Ingram mentioned you won't be able to manage the current SFR module from the FMC in that case. So the plan in that case would be to upgrade the FMC to version 7.3 and then working on the migration from the ASA to the FTD and finally adding the FTD to the FMC.

Go to solution
rushispace
Level 1
Level 1
In response to Aref Alsouqi

‎11-21-2024 06:23 AM

@Aref Alsouqi @Rob Ingram,  If i upgrade my FMC to 7.3 so only i am not able to manage the sfr right ? however the policy or other configuration related to sfr is remain in the ASA or device as it is ? or it will be deleted after the fmc upgradation?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-21-2024 06:35 AM

@rushispace the SFR configuration would remain after the FMC is upgraded, the FMC will be unable to manage the SFR module.

If you still wish to use the SFR module, you should not contemplate upgrading the FMC, you should replace the hardware with supported hardware such as the 1100, 2100 or 3100 series hardware (depending on your requirements).

Go to solution
rushispace
Level 1
Level 1
In response to Rob Ingram

‎11-21-2024 09:01 AM - edited ‎11-21-2024 09:02 AM

@Rob Ingramit means if we upgrade the FMC sfr will remain the same into asa device and it will work flowless as per configuration also (but we are not able to manage) right ?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to rushispace

‎11-21-2024 09:13 AM

@rushispace the SFR module should still work, you could manage the device using ASDM, just not via FMC.

Go to solution
rushispace
Level 1
Level 1
In response to Rob Ingram

‎11-21-2024 09:14 AM

@Rob Ingram, Thanks mate

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card