Cisco Cisco Firepower Management Center 4000
Version 5.2.0.7
Sourcefire 3D System Release Notes
35
Known Issues
•
In some cases, drilling down in a custom workflow may redirect you to the
incorrect packet view page for an intrusion event. (130620)
•
In some cases, the system restore boot option does not output to the serial
port on managed devices even if you selected Physical Serial Port as the
remote console access option. (130772)
•
In several places, the documentation incorrectly indicates that you can add
IP address ranges to network objects. The Sourcefire 3D System currently
supports adding individual IP addresses or address blocks to network
objects, not ranges. (130821, 130992)
•
In some cases, 3D8250, 3D8260, 3D8270, and 3D8290 managed devices
with 10G or 40G NMSB may experience compatibility issues with 10G
NFTW NetMods. To be compatible with 10G NFTW Netmods, 10G NMSB
must be revision 7 or later and 40G NMSB must be revision 8 or later.
(131189)
•
In rare cases, the table view of servers (Analysis > Hosts > Servers) may
duplicate servers and produce inaccurate server counts. (131329)
•
The eStreamer client omits file policy UUID metadata from type 502
intrusion events. (131362)
•
If you schedule multiple simultaneous reporting tasks when using remote
storage, the system may fail to send all reports to the selected remote
storage location. As a workaround, schedule report generation tasks in
30-minute intervals. (131805)
•
Sourcefire documentation does not reflect that you must disable Spanning
Tree Protocol (STP) on any third-party switching equipment connected to a
device’s management interface before connecting to a Series 3 appliance
using LOM/SOL. (132488)
•
Configuring a proxy server to authenticate with a Message Digest 5 (MD5)
password encryption for malware cloud lookups is not supported. (135279)
•
If Greenwich Mean Time (GMT, also known as UTC) is not your local
timezone, scheduled geolocation database (GeoDB) updates may fail. If
your local timezone is +X number of hours from GMT, schedule GeoDB
updates for
X:00
or later. If your local timezone is -X number of hours from
GMT, schedule GeoDB updates for
(24:00 - X)
or earlier. For example, if
your local timezone is UTC-5, schedule updates before
19:00
local time.
(135756)
•
The documentation incorrectly states the following:
If a secondary
device fails, the primary device continues to sense traffic,
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
The documentation should specify that, if the secondary device in a stack
fails, inline sets with configurable bypass enabled go into bypass mode on
the primary device. For all other configurations, the system continues to
load balance traffic to the failed secondary device. In either case, a health
alert is generated to indicate loss of link. (138269)