Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
New Features and Functionality
6
Updated Documentation
To access the full documentation for the Firepower System, see the documentation roadmap at
http://www.cisco.com/c/en/us/td/docs/security/firesight/roadmap/firesight-roadmap.html
. In Version 6.0.0.1,
the following documents were updated to reflect the addition of new features and changed functionality and to
address reported documentation issues:
address reported documentation issues:
Firepower Management Center Online Help
ASA FirePOWER Module Online Help
Firepower Management Center Configuration Guide
Firepower NGIPSv for VMware Quick Start Guide
Firepower Management Center Quick Start Guide for VMware
Cisco ASA FirePOWER Services Local Management Configuration Guide
The documentation updated for Version 6.0.0.1 contains the following errors:
The Firepower Management Center Configuration Guide does not reflect that in a multidomain deployment,
when you create a DNS policy, the Descendant Whitelists for DNS rule and Descendant Blacklists for DNS rule
are disabled by default. You can enable each rule by editing them. (CSCuw62140)
when you create a DNS policy, the Descendant Whitelists for DNS rule and Descendant Blacklists for DNS rule
are disabled by default. You can enable each rule by editing them. (CSCuw62140)
The online help incorrectly states that the default intrusion policy instead of the currently deployed access
control policy inspects traffic during policy deployment if you deploy your configuration changes with Inspect
traffic during policy apply enabled and no specific configuration requires a snort restart.
control policy inspects traffic during policy deployment if you deploy your configuration changes with Inspect
traffic during policy apply enabled and no specific configuration requires a snort restart.
The Firepower Management Center Configuration Guide does not reflect that you cannot use a Firepower
Management Center certificate generated using algorithms other than
Management Center certificate generated using algorithms other than
sha1WithRSAEncryption or
sha256WithRSAEncryptionor
generated using a public server key with more than 2048 bits.
The Firepower Management Center Configuration Guide does not reflect that when using URL Filtering with
Retry URL cache miss lookup
enabled to allow URL retry, the system delays packets for URLs that have not been
previously seen by the firewall while the URL category and reputation are determined so URL filtering rules
can be resolved. Until the lookup of the URL category and reputation is completed, or the lookup request times
out, in inline, routed, or transparent deployments the packet will be held at the firewall. If a two second time
limit is reached without the category and reputation determination completing the URL category
can be resolved. Until the lookup of the URL category and reputation is completed, or the lookup request times
out, in inline, routed, or transparent deployments the packet will be held at the firewall. If a two second time
limit is reached without the category and reputation determination completing the URL category
Uncategorized
is used with no reputation, and rule evaluation proceeds. URL category determination can introduce up to two
seconds of delay in packet delivery, depending on local network conditions. If such delay is not acceptable,
URL retry should be disabled. Note that with URL retry disabled, URL filtering may not be effective until such
time as URL category and reputation determination completes for each URL. Until that time, packets that
would have been filtered based on the URL’s category or reputation will be filtered based on the
seconds of delay in packet delivery, depending on local network conditions. If such delay is not acceptable,
URL retry should be disabled. Note that with URL retry disabled, URL filtering may not be effective until such
time as URL category and reputation determination completes for each URL. Until that time, packets that
would have been filtered based on the URL’s category or reputation will be filtered based on the
Uncategorized
category. To disable URL retry, clear the
Retry URL cache miss lookup
option in the General advanced settings of
the access control policy (
Policies > Access Control > Access Control > edit policy > Advanced > edit General Settings
).
Note that this option is enabled and URL retry is allowed by default.
Note:
The online help content may differ from the Firepower Management Center Configuration Guide content.
The Firepower Management Center Configuration Guide content is updated more regularly than the online help.
Features and Functionality Introduced in Previous Versions
Functionality described in previous versions may be superseded by other new functionality or updated through
resolved issues.
resolved issues.
Version 6.0.0
The following features and functionality were updated in Version 6.0.0: