Cisco Cisco Firepower Management Center 2000 Release Notes
Firepower System Release Notes
Known Issues
35
In some cases, if you create an access control policy containing a DNS policy with a sinkhole object and enable
connection logging on an ASA Firepower managed by ASDM, the system does not generate the follow on
event triggered by the sinkhole server in the Security Intelligence Events page (Analysis > Connections >
Security Intelligence Events). (CSCux86766)
connection logging on an ASA Firepower managed by ASDM, the system does not generate the follow on
event triggered by the sinkhole server in the Security Intelligence Events page (Analysis > Connections >
Security Intelligence Events). (CSCux86766)
In some cases, if you create an access control policy containing a file policy and two identical access control
rules, then change one of the access control rule's default action and enable Log files under the File Events
option in the Logging tab, the system generates an erroneous Selecting this action will reset the intrusion
Policy and File Policy to "None". Are you sure you want to continue? warning. Selecting Yes generates a
Select at least one destination for connection Events to be logged to. error and removes the file policy from
the access control policy. (CSCux86868)
rules, then change one of the access control rule's default action and enable Log files under the File Events
option in the Logging tab, the system generates an erroneous Selecting this action will reset the intrusion
Policy and File Policy to "None". Are you sure you want to continue? warning. Selecting Yes generates a
Select at least one destination for connection Events to be logged to. error and removes the file policy from
the access control policy. (CSCux86868)
In some cases, if a user connecting to the Firepower Management Center using an IPv4 address and a user
connecting to the Firepower Management Center using IPv6 address modify the same access control policy
residing in a leaf domain, the Inspection tab of an access control rule included in the policy may become
inaccessible when you try to edit the rule. (CSCux87615)
connecting to the Firepower Management Center using IPv6 address modify the same access control policy
residing in a leaf domain, the Inspection tab of an access control rule included in the policy may become
inaccessible when you try to edit the rule. (CSCux87615)
In some cases, if you right click the Product Updates tab on the Updates page (Configuration >
ASA FirePOWER Configuration > Updates) and Open in a new window on a Cisco ASA Firepower module
managed by ASDM, the page does not load. (CSCux89860)
ASA FirePOWER Configuration > Updates) and Open in a new window on a Cisco ASA Firepower module
managed by ASDM, the page does not load. (CSCux89860)
In some cases, if you create a network object group and a URL object group and add URL or IP entries to both
object groups, then create an access control policy containing the two object groups in a DNS policy or a
security intelligence blacklist/whitelist and deploy, the system does not reflect the URL and IP entries within
the Network and URL object groups. As a workaround, manually create an object group and add individual
objects to the group, then reference the object group in an access control policy and redeploy. (CSCux89941)
object groups, then create an access control policy containing the two object groups in a DNS policy or a
security intelligence blacklist/whitelist and deploy, the system does not reflect the URL and IP entries within
the Network and URL object groups. As a workaround, manually create an object group and add individual
objects to the group, then reference the object group in an access control policy and redeploy. (CSCux89941)
In some cases, if you attempt to filter the connection events view by the Context column in the Real Time
Eventing page (Monitoring > ASA FirePOWER Monitoring > Real Time Eventing) of on a Cisco ASA Firepower
managed by ASDM, the system does not generate any results when it should. (CSCux90148)
Eventing page (Monitoring > ASA FirePOWER Monitoring > Real Time Eventing) of on a Cisco ASA Firepower
managed by ASDM, the system does not generate any results when it should. (CSCux90148)
If you edit the search editor on the Report Templates page (Overview > Reporting > Report Templates) with
invalid characters and save, the system does not display a warning and saves the invalid search configuration
when it should not. (CSCux91428)
invalid characters and save, the system does not display a warning and saves the invalid search configuration
when it should not. (CSCux91428)
In some cases, if you click Report Designer on the Summary Dashboard page (Overview > Summary
Dashboard) and generate a report after naming it, the generated report may not include all the custom
analysis sections from the dashboard when it should. (CSCux91497)
Dashboard) and generate a report after naming it, the generated report may not include all the custom
analysis sections from the dashboard when it should. (CSCux91497)
In some cases, if you create a RADIUS authenticated user profile, then backup and restore the Firepower
Management Center, the system does not allow the RADIUS authenticated user to log in. As a workaround,
log in with a different user and reapply the RADIUS authenticated user profile, then log in with your RADIUS
authenticated user. (CSCux92967)
Management Center, the system does not allow the RADIUS authenticated user to log in. As a workaround,
log in with a different user and reapply the RADIUS authenticated user profile, then log in with your RADIUS
authenticated user. (CSCux92967)
The following known issue were reported in previous releases:
You may experience latency if you use Firefox version 38.0.1 to view your Firepower Management Center's
interface. As a workaround, use Firefox 41 or later or use a different web browser. (CSCuv11830)
interface. As a workaround, use Firefox 41 or later or use a different web browser. (CSCuv11830)
In some cases, if you create an access control policy when registering a device on a subdomain, the system
creates the access control policy in the global domain instead of the subdomain when it should not.
(CSCut56951)
creates the access control policy in the global domain instead of the subdomain when it should not.
(CSCut56951)
In some cases, if you edit the default network access policy in the advanced tab of the Access Control page
(
(
Policies > Access Control
), the system incorrectly displays the default network access policy as an intrusion
policy on the deployment dialog window. (CSCuv48221)
Online help does not open if you click the help icon on the Select Comparison page (
ASA FirePOWER Configuration
> Policies > Files > Compare Policies
) of an ASA FirePOWER module managed via ASDM. (CSCuw21863)