The deprecated features/configurations need to be changed and verified before proceeding with the FMC upgrade to v7.0.0. Deprecated features include,
1. Diffie-Hellman groups: 2, 5, and 24.
2. Group 5 continues to be supported in FMC deployments for IKEv1, but we recommend you change to a stronger option.
3. Encryption algorithms for users who satisfy export controls for strong encryption: DES, 3DES, AES-GMAC, AES-GMAC-192, AES-GMAC-256. DES continues to be supported (and is the only option) for users who do not satisfy export controls.
4. The NULL "encryption algorithm" (authentication without encryption, for testing purposes) continues to be supported in FMC deployments for both IKEv1 and IKEv2 IPsec proposals. However, it is no longer supported in IKEv2 policies.
5. Hash algorithms: MD5.
6. Before you upgrade, use the object manager to update your PKI certificate enrollments with stronger options: Objects > PKI > Cert Enrollment. Otherwise, although the upgrade preserves your current settings, VPN connections through the device will fail. To continue managing older FTD devices only (Version 6.4–6.7.x) with these weaker options, select the new Enable Weak-Crypto option for each device on the Devices > Certificates page.

Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/relnotes/firepower-release-notes-670/m_features_functionality.html#id_110361 
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/relnotes/firepower-release-notes-700/features.html#Cisco_Generic_Topic.dita_37583bb6-5134-486c-ae8c-84983303d9fa 

You must change any policies that use the deprecated algorithms prior to upgrading.

As noted in the 6.7 release notes:

"If you are still using these features in IKE proposals or IPsec policies, change and verify your VPN configuration before you upgrade"