Cisco Cisco Firepower Management Center 2000
4
FireSIGHT System Release Notes
Version 5.3.1.7
Documentation Updates
Tip
Cisco documentation may refer to the Defense Center as the FireSIGHT Management Center. The
Defense Center and the FireSIGHT Management Center are the same appliance.
Defense Center and the FireSIGHT Management Center are the same appliance.
Features Introduced in Previous Versions
Functionality described in previous versions may be superseded by other new functionality or updated
through resolved issues.
through resolved issues.
The following functionality was introduced in Version 5.3.1.3:
•
Version 5.3.1.3 no longer supplies default correlation policies. You must create custom policies and
rules.
rules.
The following features and functionality were introduced in Version 5.3.1.1:
•
You can now configure access control rules with the
GRE 47
port condition.
•
You can now use the Defense Center’s proxy server to communicate with the Cisco Security
Manager (CSM).
Manager (CSM).
•
You can now reapply device configuration after editing the list of security zones of a cluster, stack
or clustered stack of devices from the Object Management page by selecting the apply icon for
device changes on the Device Management page (
or clustered stack of devices from the Object Management page by selecting the apply icon for
device changes on the Device Management page (
Devices > Device Management
).
•
You can now configure registered ASA FirePOWER devices with advanced options on the advanced
tab of the Device Management page (
tab of the Device Management page (
Devices > Devices Management
).
Documentation Updates
The documentation provided for Version 5.3.1.7 contains the following errors:
•
The FireSIGHT System User Guide incorrectly states that
You can use Lights-Out Management
(LOM) on the default (eth0) management interface on a Serial Over LAN (SOL) connection
to remotely monitor or manage Series 3 appliances without logging into the management
interface of the appliance
when you cannot.(CSCuu17674)
•
The FireSIGHT System User Guide incorrectly states the following about devices in a stack:
If a
secondary device fails, the primary device continues to sense traffic, generate
alerts, and send traffic to all secondary devices. On failed secondary devices,
traffic is dropped. A health alert is generated indicating loss of link.
The documentation should specify that, by default, if the secondary device in a stack fails, by
default, inline sets with configurable bypass enabled go into bypass mode on the primary device.
For all other configurations, the system continues to load balance traffic to the failed secondary
device. In either case, a health alert is generated to indicate loss of link. (122708/CSCze88292,
123380/CSCze88692, 138433/CSCze91099)
default, inline sets with configurable bypass enabled go into bypass mode on the primary device.
For all other configurations, the system continues to load balance traffic to the failed secondary
device. In either case, a health alert is generated to indicate loss of link. (122708/CSCze88292,
123380/CSCze88692, 138433/CSCze91099)
•
The FireSIGHT System Online Help does not reflect that:
The original client IP address that was extracted from an X-Forwarded-For (XFF), True-Client-IP,
or custom-defined HTTP header. To display a value for this field, you must enable the HTTP
preprocessor Extract Original Client IP Address option in the network analysis policy. Optionally,
in the same area of the network analysis policy, you can also specify up to six custom client IP
or custom-defined HTTP header. To display a value for this field, you must enable the HTTP
preprocessor Extract Original Client IP Address option in the network analysis policy. Optionally,
in the same area of the network analysis policy, you can also specify up to six custom client IP