Cisco Cisco Firepower Management Center 2000 Release Notes
Firepower System Release Notes
Known Issues
34
The following CLI commands are not currently available in debug mode on ASA with Firepower Threat Defense
devices:
devices:
debug code-sign
,
debug group
,
debug ppp
,
debug vpnlb
,
setup
,
packet-tracer
. (CSCux68021)
The change-password command on the diagnostic CLI does not change the password when in enable mode.
As a workaround use the
As a workaround use the
configure user password <username>
config command on the management CLI to
change the password. (CSCux69340)
In some cases, if you export an intrusion policy as a part of an access control policy from one domain and
attempt to import that access control policy to a different domain and if the replace option is selected for the
intrusion policy then importing the policy fails. As a workaround, recreate the access control policy in the
secondary domain instead of importing the policy. (CSCux70595, CSCux70756)
attempt to import that access control policy to a different domain and if the replace option is selected for the
intrusion policy then importing the policy fails. As a workaround, recreate the access control policy in the
secondary domain instead of importing the policy. (CSCux70595, CSCux70756)
In some cases, if you create a port object on the Object Management page (Objects > Object Management)
in a subdomain, the system incorrectly displays the port object in the global domain audit log instead of both
the global domain and subdomain audit log. (CSCux71554)
in a subdomain, the system incorrectly displays the port object in the global domain audit log instead of both
the global domain and subdomain audit log. (CSCux71554)
In some cases, if you delete an IP address from a domain blacklist, the system does not mark policies as
out-of-date. As a workaround, manually redeploy policies if you delete an IP address from a domain blacklist.
(CSCux76582)
out-of-date. As a workaround, manually redeploy policies if you delete an IP address from a domain blacklist.
(CSCux76582)
In some cases, if you apply a country filter in the context Explorer page (Analysis > Context Explorer) or select
a geolocation in the context explorer via the Dashboards page (Overview > Dashboards), the system
generates a new window that does not include geolocation data when it should. (CSCux76616, CSCux76624)
a geolocation in the context explorer via the Dashboards page (Overview > Dashboards), the system
generates a new window that does not include geolocation data when it should. (CSCux76616, CSCux76624)
In some cases, if you create a new network object using the create object icon (
+
) from the network selector
in the Standard Access List Entry page (Object > Object Management > Access List > Standard Access List
> Standard Access List Entry), the system doesn’t generate a network object creation pop-up window when
the same approach is followed the next time before refreshing the page. (CSCux79141)
> Standard Access List Entry), the system doesn’t generate a network object creation pop-up window when
the same approach is followed the next time before refreshing the page. (CSCux79141)
If you configure BGP Neighbor routing settings and set the Min hold time field or the Hold time field in the
Timers tab of the Device Management page (Devices > Device Management) with the integers between 0-2,
the system generates a Hold time/Mind hold time must be 0 or greater than 2 error. As a workaround, use
integers between 3-65535 for the Min hold time field and the Hold time field. (CSCux79162)
Timers tab of the Device Management page (Devices > Device Management) with the integers between 0-2,
the system generates a Hold time/Mind hold time must be 0 or greater than 2 error. As a workaround, use
integers between 3-65535 for the Min hold time field and the Hold time field. (CSCux79162)
In some cases, if you deploy an open shortest path first (OSPF) network and enable Routing Information
Protocol (RIP) in the virtual router tab of the Device Management page (Devices > Device Management), and
add a redistribution process in the Redistribution section of the OSPF tab, then disable the OSPF and RIP
configuration and deploy, the system does not delete the old configuration and deployment fails.
(CSCux79309)
Protocol (RIP) in the virtual router tab of the Device Management page (Devices > Device Management), and
add a redistribution process in the Redistribution section of the OSPF tab, then disable the OSPF and RIP
configuration and deploy, the system does not delete the old configuration and deployment fails.
(CSCux79309)
In some cases, if you create an access control policy for the first time on a system running Version 6.0.0.1,
the system generates a global whitelist and global black list in Security Intelligence for subdomains but not in
global domains. (CSCux81907)
the system generates a global whitelist and global black list in Security Intelligence for subdomains but not in
global domains. (CSCux81907)
In some cases, if a registered device detects malware, the system incorrectly names all events as
Malware
in
the File Name column of the Network File Trajectory page (Analysis > Files > Network File Trajectory).
(CSCux82011)
(CSCux82011)
If you update your system from Version 6.0.0 to Version 6.0.0.1 and immediately deploy an access control
policy, the system may experience issues. (CSCux83689)
policy, the system may experience issues. (CSCux83689)
You are unable to log into the Firepower Management Center interface during the upgrade process from
Version 6.0.0. to Version 6.0.0.1. (CSCux85221)
Version 6.0.0. to Version 6.0.0.1. (CSCux85221)
In some cases, if you create a correlation rule and select an event type from the Rule Management page
(Policies > Correlation > Rule Management), then click Add condition and select Security group from the
drop-down menu, the system does not allow you to use a security group in a correlation rule. (CSCux85257)
(Policies > Correlation > Rule Management), then click Add condition and select Security group from the
drop-down menu, the system does not allow you to use a security group in a correlation rule. (CSCux85257)
In some cases, if you view the network trajectory of a malware event generated by a policy located in a
subdomain, the system does not generate the Detection Name field when it should. (CSCux85345,
CSCux85925)
subdomain, the system does not generate the Detection Name field when it should. (CSCux85345,
CSCux85925)