Cisco Cisco Firepower Management Center 2000
30
FireSIGHT System Release Notes
Known Issues
Resolved an issue where, if the Defense Center sent a file to the cloud to perform a dynamic analysis in a sandbox
environment and the cloud was not available within 50 minutes, the file’s status remained Sent for Analysis instead
of a timed out status. (142309/CSCze93757)
environment and the cloud was not available within 50 minutes, the file’s status remained Sent for Analysis instead
of a timed out status. (142309/CSCze93757)
Resolved an issue where, if the Defense Center incorrectly assigned an invalid serial header, the Defense Center
failed to send events to the eStreamer client. (143201/CSCze93686)
failed to send events to the eStreamer client. (143201/CSCze93686)
Resolved an issue where, if you clicked on an application in the Denied Connections by Application dashboard
widget, the system did not properly constrain the resulting event view to blocked connections.
(143376/CSCze93645)
widget, the system did not properly constrain the resulting event view to blocked connections.
(143376/CSCze93645)
Resolved an issue where, if you generated a report in CSV format only, report section queries would ignore the option
to inherit the time window. (143403/CSCze94376)
to inherit the time window. (143403/CSCze94376)
Resolved an issue where the Modbus preprocessor failed to generate events after the system missed or dropped a
packet. (142450/CSCze95921)
packet. (142450/CSCze95921)
Resolved an issue where, if you created an access control policy that referenced an SSL policy set to decrypt traffic,
policy apply failed. (144518/CSCze94864)
policy apply failed. (144518/CSCze94864)
Resolved an issue where, if you created an intrusion policy or network analysis policy and added a shared layer to
it, then exported and imported the new policy the system generated a Back-end failed for import error and did not
import the policy. (144905/CSCze96093)
it, then exported and imported the new policy the system generated a Back-end failed for import error and did not
import the policy. (144905/CSCze96093)
Known Issues
The following known issues are reported in Version 5.4.0.4 and version 5.4.1.3:
If you apply an access control policy containing a user group to an ASA device with Firepower Services (ASA5506-X,
ASA5506H-X, ASA5506W-X, ASA5508-X, ASA5516-X), the system does not detect traffic matching the applied
policy. As a workaround, apply an access control policy containing a single user instead of a user group.
(144428/CSCze95542)
ASA5506H-X, ASA5506W-X, ASA5508-X, ASA5516-X), the system does not detect traffic matching the applied
policy. As a workaround, apply an access control policy containing a single user instead of a user group.
(144428/CSCze95542)
If you log into your system as a user other than the admin user and edit the base layer of your applied intrusion policy,
the system marks the policy updated by admin when it should not. (CSCur79437)
the system marks the policy updated by admin when it should not. (CSCur79437)
In some cases, if you change the selected time zone in the Time Zone Preference tab on the User Preferences page
(Admin > User Preferences > Time Zone Preference), the system may not incorporate daylight savings time and
may display the wrong time. (CSCur92028)
(Admin > User Preferences > Time Zone Preference), the system may not incorporate daylight savings time and
may display the wrong time. (CSCur92028)
Syslog messages do not populate information for the following fields: HTTP Referrer, User Agent, and Referenced
Host. (CSCus18179)
Host. (CSCus18179)
In some cases, if you add an Cisco IOS Null Route instance to your Cisco IOS remediation and enable your password
to log into the router, the device does not enable the password and the remediation fails. As a workaround, do not
select to enable the password. (CSCus45769)
to log into the router, the device does not enable the password and the remediation fails. As a workaround, do not
select to enable the password. (CSCus45769)
If you apply an access control policy referencing Security Intelligence (SI) objects and policy apply fails, reapply you
access control policy. If you are still unable to apply policy, contact Support. (CSCus50470)
access control policy. If you are still unable to apply policy, contact Support. (CSCus50470)
In some cases, if you set up a scan instance for a Nmap module, the Remote Operating System Detection may
incorrectly identify the version of detected operating system. As a workaround, refer to the Host Script Output for
the correct OS.(CSCut23654)
incorrectly identify the version of detected operating system. As a workaround, refer to the Host Script Output for
the correct OS.(CSCut23654)
If you break a cluster of devices containing a NAT policy with the Remove the interface configurations on <device
name> option selected, then policy apply on the secondary device fails after breaking the cluster. As a workaround,
de-select Remove the interface configurations on <device name> when separating the clustered devices.
(CSCut98774)
name> option selected, then policy apply on the secondary device fails after breaking the cluster. As a workaround,
de-select Remove the interface configurations on <device name> when separating the clustered devices.
(CSCut98774)