Cisco Cisco Firepower Management Center 2000
20
FireSIGHT System Release Notes
Resolved Issues
11.
Verify that the appliances in your deployment are successfully communicating and that there are no issues reported
by the health monitor.
by the health monitor.
12.
Reapply device configurations to all managed devices.
Tip:
To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without
making changes.
13.
Reapply access control policies to all managed devices.
Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few
packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
14.
If a patch for Version 5.4.0.4 is available on the Support site, apply the latest patch as described in the FireSIGHT
System Release Notes for that version.
System Release Notes for that version.
You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Resolved Issues
You can track defects resolved in this release using the Cisco Bug Search Tool (
https://tools.cisco.com/bugsearch/
). A
Cisco account is required. To view defects addressed in older versions, refer to the legacy caveat tracking system.
Issues Resolved in Version 5.4.0.4 and version 5.4.1.3:
Security Issue
Addressed a vulnerability issue in Linux, as described in CVE-2011-4131.
Security Issue
Resolved an issue where managed devices experienced microengine failure when processing
corrupted traffic. (CSCuu86214)
Resolved an issue where you could not reapply an intrusion policy (individually or as part of an access control policy
reapply) a total of 4096 or more times to a single managed device was not supported. (134385/CSCze89030)
reapply) a total of 4096 or more times to a single managed device was not supported. (134385/CSCze89030)
Resolved an issue where, if you imported an intrusion policy referenced by another policy as a shared layer or as a
base policy, importing the intrusion policy failed. (144946/CSCze96151)
base policy, importing the intrusion policy failed. (144946/CSCze96151)
Resolved an issue where the system incorrectly listed twice the number of registered targets on the Intrusion Policy
list page. (CSCus08840)
list page. (CSCus08840)
Resolved an issue where you could add old events from the clipboard to a new incident, even though the events in
your clipboard section of the Incidents page appeared empty. (CSCus67128)
your clipboard section of the Incidents page appeared empty. (CSCus67128)
Resolved an issue where, if you edited an access control rule with multiple category conditions and attempted to
remove one of the conditions, the system only removed the first listed category condition. (CSCut25082)
remove one of the conditions, the system only removed the first listed category condition. (CSCut25082)
Resolved an issue where the system reported intrusion rules as inactive if the rule targeted a passive zone on an
8000 Series device and performed the show fastpath-rules CLI command. (CSCut32479)
8000 Series device and performed the show fastpath-rules CLI command. (CSCut32479)
Resolved an issue where configuring a file policy with Inspect Archives enabled caused Snort to stop passing
traffic.(CSCut39253, CSCuu60621)
traffic.(CSCut39253, CSCuu60621)
Improved troubleshooting. (CSCut43542)
Improved Disk manager reliability. (CSCut65740)
Improved correlation rule performance. (CSCut97938)
Resolved an issue where downgrading RPM packet manager (RPM) files starting with Cisco did not correctly reset
the RPM install history. (CSCut98525)
the RPM install history. (CSCut98525)
Resolved an issue where policy apply failed if you reapplied an active access control policy to an ASA FirePOWER
module without editing the policy. (CSCuu14839)
module without editing the policy. (CSCuu14839)