System Requirements

This document includes the system requirements for Version 7.1.

FTD Platforms

Firepower devices monitor network traffic and decide whether to allow or block specific traffic based on a defined set of security rules. For details on device management methods, see FTD Management. For general compatibility information, see the Cisco Secure Firewall Threat Defense Compatibility Guide.

FTD Hardware

Version 7.1 FTD hardware comes in a range of throughputs, scalability capabilities, and form factors.

Table 1. Version 7.1 FTD Hardware

Platform

FMC Compatibility

FDM Compatibility

Notes

Customer Deployed

Cloud Delivered

FDM Only

FDM + CDO

Firepower 1010, 1120, 1140, 1150

YES

YES

YES

Firepower 2110, 2120, 2130, 2140

YES

YES

YES

Secure Firewall3110, 3120, 3130, 3140

YES

YES

YES

The Version 7.1.0 release does not include online help for these devices. For FDM, see the documentation posted on Cisco.com.

Firepower 4110, 4120, 4140, 4150

Firepower 4112, 4115, 4125, 4145

Firepower 9300: SM-24, SM-36, SM-44 modules

Firepower 9300: SM-40, SM-48, SM-56 modules

YES

YES

YES

Requires FXOS 2.11.1.154 or later build.

We recommend the latest firmware. See the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide.

ISA 3000

YES

YES

YES

May require a ROMMON update. See the Cisco Secure Firewall ASA and Secure Firewall Threat Defense Reimage Guide.

FTDv

Version 7.1 FTDv implementations support performance-tiered Smart Software Licensing, based on throughput requirements and remote access VPN session limits. Options run from FTDv5 (100 Mbps/50 sessions) to FTDv100 (16 Gbps/10,000 sessions). For more information on supported instances, throughputs, and other hosting requirements, see the appropriate Getting Started Guide.

Table 2. Version 7.1 FTDv Platforms

Device Platform

FMC Compatibility

FDM Compatibility

Customer Deployed

Cloud Delivered

FDM Only

FDM + CDO

Public Cloud

Amazon Web Services (AWS)

YES

YES

YES

Microsoft Azure

YES

YES

YES

Google Cloud Platform (GCP)

YES

Oracle Cloud Infrastructure (OCI)

YES

On-Prem/Private Cloud

Cisco Hyperflex

YES

YES

YES

Kernel-based virtual machine (KVM)

YES

YES

YES

Nutanix Enterprise Cloud

YES

YES

YES

OpenStack

YES

VMware vSphere/VMware ESXi 6.5, 6.7, or 7.0

YES

YES

YES

FTD Management

Depending on device model and version, we support the following management methods.

You can use FDM to locally manage a single FTD device.

Optionally, add Cisco Defense Orchestrator (CDO) to remotely manage multiple FTD devices, as an alternative to the FMC. Although some configurations still require FDM, CDO allows you to establish and maintain consistent security policies across your FTD deployment.

Browser Requirements

Browsers

We test with the latest versions of these popular browsers, running on currently supported versions of macOS and Microsoft Windows:

  • Google Chrome

  • Mozilla Firefox

  • Microsoft Edge (Windows only)

If you encounter issues with any other browser, or are running an operating system that has reached end of life, we ask that you switch or upgrade. If you continue to encounter issues, contact Cisco TAC.


Note

We do not perform extensive testing with Apple Safari, nor do we extensively test Microsoft Edge with FMC walkthroughs. However, Cisco TAC welcomes feedback on issues you encounter.

Browser Settings and Extensions

Regardless of browser, you must make sure JavaScript, cookies, and TLS v1.2 remain enabled. If you are using Microsoft Edge, do not enable IE mode.

Note that some browser extensions can prevent you from saving values in fields like the certificate and key in PKI objects. These extensions include, but are not limited to, Grammarly and Whatfix Editor. This happens because these extensions insert characters (such as HTML) in the fields, which causes the system to see them invalid. We recommend you disable these extensions while you’re logged into our products.

Screen Resolution

Interface

Minimum Resolution

FDM

1024 x 768

Firepower Chassis Manager for the Firepower 4100/9300

1024 x 768

Securing Communications

When you first log in, the system uses a self-signed digital certificate to secure web communications. Your browser should display an untrusted authority warning, but also should allow you to add the certificate to the trust store. Although this will allow you to continue, we do recommend that you replace the self-signed certificate with a certificate signed by a globally known or internally trusted certificate authority (CA).

To begin replacing the self-signed certificate, click Device, then the System Settings > Management Access link, then the Management Web Server tab.

For detailed procedures, see the online help or the configuration guide.


Note

If you do not replace the self-signed certificate:

  • Google Chrome does not cache static content, such as images, CSS, or JavaScript. Especially in low bandwidth environments, this can extend page load times.

  • Mozilla Firefox can stop trusting the self-signed certificate when the browser updates. If this happens, you can refresh Firefox, keeping in mind that you will lose some settings; see Mozilla's Refresh Firefox support page.

Browsing from a Monitored Network

Many browsers use Transport Layer Security (TLS) v1.3 by default. If you are using an SSL policy to handle encrypted traffic, and people in your monitored network use browsers with TLS v1.3 enabled, websites that support TLS v1.3 may fail to load. For more information, see the software advisory titled: Failures loading websites using TLS 1.3 with SSL inspection enabled.