We are announcing the deprecation of the cisco.asa Ansible Collection as of December 2024, which will reach its official end-of-life in December 2026.
Impact:
No new features or enhancements will be added to the cisco.asa collection.
Limited Maintenance:
Only critical bug fixes and security vulnerabilities will be addressed. No guarantees of compatibility with ansible-core versions >2.17 will be provided.
Community Maintenance:
Post-deprecation, the maintenance of cisco.asa collection will be transferred to the community for best-effort maintenance.
Why?
Cisco has deprecated ASA (Adaptive Security Appliance) in favor of its next-generation Firepower solutions. Firepower delivers enhanced capabilities, integrating advanced threat detection and firewall functionalities.
For more details, please refer to the official Cisco ASA deprecation announcement.
I have found the various discussions about the deprecation notice, but I believe there may be a misunderstanding in the advisory that Cisco published regarding EoS/EoL dates given.
The advisory at Cisco EoL Advisory for 9.8(x) is notifying customers that Cisco plans to remove support and software maintenance on Cisco ASA code version 9.8, not the Cisco ASA itself.
Cisco ASA is now called Cisco Secure Firewall ASA and is still supported from my understanding. ASA version 9.20 and 9.22 are released with the recommended release sitting at 9.20 at this time.
If this decision is made to move this to community support so that engineering time can be spent on other platforms then I understand. I wanted to be sure to note that the advisory the decision was based upon is for the software deprecation, not the platform as a whole. I operate a sizeable amount of ASA devices and will need to plan accordingly going forward regarding forward compatibility.
Cross-posting from github issue 508 to reach the forum audience.
Is it possible to reverse this decision? Cisco is still developing, shipping, and supporting Cisco ASA software in all their recent Firewall hardware as well as Virtual cloud-based ASA software. Example of continued support: Cisco Secure Firewall 4200 Series is a very recent hardware firewall platform supporting ASA software including version 9.22.x first released in September 2024.
The ASA software is still used by Cisco customers including myself in part because of the text-based configuration files and ease of automation with the Ansible Cisco ASA collection.
Has the collection been abandoned by its former maintainers? This Ansible cisco.asa Deprecation announcement references the Cisco EOL announcement for ASA 9.8.x software release train only. Cisco announces EOL for Old software release trains to help customers plan to migrate to newer software such as the latest ASA 9.22.x mentioned in my comments above. Cisco also reserves the latest ASA software release trains for their latest hardware to push customers to migrate off of older hardware - see the release notes for 9.22.x linked above which shows which hardware platforms are not compatible with 9.22.x.
Hi @mistertom thanks for posting! I see it’s the first time you are contributing in the forum, so welcome!
For someone arriving late at this conversation (or refreshing it after a very long time), it is not clear to me which decision you are referring to here - the original post mentions decisions made by Cisco. If the statements are incorrect, they seem to be from the comment by @dheckman-lus , then I consider the matter clarified.
IANAL but I believe Cisco is free to relinquish the maintenance of that collection as they see fit. Is that decision you are talking about?
My current deployment is RHEL/CentOS compatible 9.x which has ansible-core 2.14.x. Being <= 2.17.x I think the deprecation plans may not impact my deployment. This software development moves so fast. I initially was concerned I needed immediate plans to move away from dependencies on the collection, but it looks like I may have some years before RHEL/CentOS are shipping with ansible-core greater than 2.17.
Yes, the concerning thing here is the link to Cisco ASA 9.8 software end of patches announcement for an old ASA software release-train. Cisco Secure Firewall ASA software is still actively supported as you mentioned with latest 9.22 release being first available in September 2024 (no end of life announced).
