Cisco Cisco Firepower Management Center 4000
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Version 5.2.0.7
Sourcefire 3D System Release Notes
34
Known Issues
•
If you configure an Nmap scan and specify a device in the Remote Device
Name field, the system runs the scan from the device even if you are using a
remediation where Scan from reporting device is disabled. (125608)
•
In some cases after importing a new intrusion rule update, the number of
imported rules in the intrusion policy may not match the number of rules in
the import log. (125900)
•
In some cases, the system may not log connection events for IPv6-in-IPv4
traffic if the access control policy contains an access control rule with
connection event logging enabled and any of the following ports selected:
IP 0
,
IP-ENCAP 4
,
IPv6 41
,
IPv6-ROUTE 43
,
IPv6-FRAG 44
,
GRE 47
,
ESP
50
, or
IPv6-OPTS 60
. (126117, 126746)
•
In some cases, if you configure a syslog alert response to send connection
events to the syslog, the system may omit data from the Initiator Country,
Responder Country, Client Version, Application Risk, Business Relevance,
Intrusion Events, Files, TCP Flags, NetBIOS Domain, Initiator Packets, Responder
Packets, Initiator Bytes, or Responder Bytes fields. (127682)
•
If you configure a traffic profile and a correlation rule to trigger on traffic
spikes at or above two standard deviations, the system may not generate a
correlation event. (128107)
•
In rare cases, the 3D8120, 3D8130, 3D8140, and 3D8250 may experience
system issues that require you to reboot the appliance. (128689)
•
If you disable ldap protocol detection in your network discovery policy, the
Defense Center stops logging user agent login data. (128741)
•
In some cases, if you schedule an automatic LDAP user data retrieval, you
cannot perform on-demand user data retrieval and download. (128962)
•
In rare cases, automatic application bypass (AAB) activates during network
discovery policy apply. (129230)
•
Critical Issue
After completing an event-only backup, the backup process
enters an unrecoverable state. Do not attempt an event-only backup. As a
workaround, back up both configurations and events. (129231)
•
In some cases, if you view reviewed intrusion events and drill down to the
packet view, there are no visible events and the reviewed constraint is
removed. (129257)
•
In rare cases, installing Version 5.2 or later on a 3D6500 managed device
may cause system issues. (129561)
•
In some cases, the system incorrectly identifies SMTP and generates a
connection event with missing application information if the SMTP server
responds with a connection error. (130085)
•
In rare cases, the system may generate critical health alert emails
containing indecipherable messages. (130518)
•
In some cases, the system may incorrectly sort values in the Type column or
omit names from the Security Zones column on the security zones page in
the object manager. (130569, 130631, 130632)