Cisco Cisco Firepower Management Center 2000
12
FireSIGHT System Release Notes
Version 5.3.1
Known Issues
Issues Resolved in Version 5.3.1
•
Resolved an issue where, in some cases, the intrusion event packet view displayed a rule message
that did not match the rule that generated the event. (138208)
that did not match the rule that generated the event. (138208)
•
Resolved an issue where you could not import an intrusion rule that referenced a custom variable.
(138211)
(138211)
•
Resolved an issue where enabling telnet on a Cisco IOS Null Route remediation module and
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506)
configuring the username for the Cisco IOS instance to enable by default on the Cisco IOS router
caused Cisco IOS Null Route remediations to fail on the Defense Center. (139506)
•
Resolved an issue where the system did not prevent you from creating a network variable with an
excluded network value that excluded all (any) networks. (139510)
excluded network value that excluded all (any) networks. (139510)
Known Issues
The following known issues are reported in Version 5.3.1:
•
The system requires additional time to reboot appliances or ASA FirePOWER modules running
Version 5.3 or later due to a database check. If errors are found during the database check, the reboot
requires additional time to repair the database. (135564, 136439)
Version 5.3 or later due to a database check. If errors are found during the database check, the reboot
requires additional time to repair the database. (135564, 136439)
•
You cannot create an access control rule with a
GRE 47
port condition. (140642, 140644, 140646,
140648, 140650)
•
If you delete a managed device from a Defense Center, then add a different device, then reapply an
access control policy with an intrusion policy associated with the default action, the system indicates
that the intrusion policy is out of date on more devices than the Defense Center currently manages.
(140705)
access control policy with an intrusion policy associated with the default action, the system indicates
that the intrusion policy is out of date on more devices than the Defense Center currently manages.
(140705)
•
If you add a device stack to a group of devices and edit the applied access control policy, the system
removes all targeted devices from the policy, prevents you from adding new devices, and corrupts
the policy name. As a workaround, remove device stacks from the device group and target
standalone devices, device stacks, and device groups separately. (140710)
removes all targeted devices from the policy, prevents you from adding new devices, and corrupts
the policy name. As a workaround, remove device stacks from the device group and target
standalone devices, device stacks, and device groups separately. (140710)
•
If you configure both a proxy and single sign-on (SSO) on the Defense Center and the proxy cannot
reach the Cisco Security Manager (CSM) server, SSO attempts timeout and fail. (140897)
reach the Cisco Security Manager (CSM) server, SSO attempts timeout and fail. (140897)
•
In rare cases, applying a single health policy to 100 or more managed devices causes system issues.
As a workaround, reduce the number of managed devices with the health policy applied. (140977)
As a workaround, reduce the number of managed devices with the health policy applied. (140977)
•
If you automatically download a patch update by clicking
Download Updates
on the Product Updates
page (
System > Updates
), your Defense Center may download the incorrect patch. As a workaround,
download patch updates manually by clicking
Upload Update
on the Product Updates page. (141056)
•
You cannot use the web interface of a Defense Center to configure single sign-on (SSO) without first
using the web interface to register an ASA device to the Defense Center. To configure SSO on
Defense Centers in a high availability (HA) pair, Cisco recommends registering an ASA device to
both Defense Centers and configuring SSO from the primary Defense Center. (141150)
using the web interface to register an ASA device to the Defense Center. To configure SSO on
Defense Centers in a high availability (HA) pair, Cisco recommends registering an ASA device to
both Defense Centers and configuring SSO from the primary Defense Center. (141150)
•
In some cases, syslog alerts sent as intrusion event notifications may contain incorrect intrusion rule
classification data. (141213, 141216, 141220)
classification data. (141213, 141216, 141220)
•
If eStreamer retrieves a large number of file events, the system experiences a memory issue.
(141222)
(141222)
•
If you use a network variable as your
Networks
value when configuring adaptive profiles, adaptive
profiles fail. As a workaround, explicitly specify IP addresses or address blocks. (141225)