Cisco Cisco Firepower Management Center 2000
8
FireSIGHT System Release Notes
Documentation Updates
The TCP stream preprocessor now has enhanced protocol-awareness for SMTP, POP3, and IMAP.
The system now provides enhanced detection of information in application traffic, including detection of application data in DNS
traffic and detection of users in additional protocols.
traffic and detection of users in additional protocols.
You can now configure LDAP authentication to use Common Access Cards (CACs) to associate the card with a user name so a user
can log directly into the system using the card.
can log directly into the system using the card.
The system now offers enhanced GPRS Tunneling Protocol (GTP) support.
Documentation Updates
You can download all updated documentation from the Support site. In Version 5.4.0.6 and Version 5.4.1.5, the following documents were
updated to reflect the addition of new features and changed functionality and to address reported documentation issues:
updated to reflect the addition of new features and changed functionality and to address reported documentation issues:
FireSIGHT System Online Help
FireSIGHT System Online Help (SEU)
FireSIGHT System User Guide
FireSIGHT System Installation Guide
The documentation updated for Version 5.4.0.6 and Version 5.4.1.5.contains the following errors:
The FireSIGHT System User Guide incorrectly states that Cisco does not recommend enabling more than one non-SFRP IP
address on a clustered Series 3 device’s routed or hybrid interface where one SFRP IP address is already configured. The
system does not perform NAT if clustered Series 3 devices experience failover while in standby mode. The system does perform
NAT if clustered Series 3 devices experience failover while in standby mode.
address on a clustered Series 3 device’s routed or hybrid interface where one SFRP IP address is already configured. The
system does not perform NAT if clustered Series 3 devices experience failover while in standby mode. The system does perform
NAT if clustered Series 3 devices experience failover while in standby mode.
The FireSIGHT System User Guide incorrectly states that you can use Lights-Out Management (LOM) on the default (eth0)
management interface on a Serial Over LAN (SOL) connection to remotely monitor or manage Series 3 appliances. Using the
same IP address for LOM and for a SOL connection to your Series 3 device is not currently supported.
management interface on a Serial Over LAN (SOL) connection to remotely monitor or manage Series 3 appliances. Using the
same IP address for LOM and for a SOL connection to your Series 3 device is not currently supported.
The FireSIGHT System User Guide does not reflect that, on devices with limited memory, the number of intrusion policies may not be
paired with more than one variable set. In the case where you can apply an access control policy that references only one intrusion
policy, verify every reference to the intrusion policy is paired with the same variable set. Pairing an intrusion policy with different
variable sets results in memory usage.
paired with more than one variable set. In the case where you can apply an access control policy that references only one intrusion
policy, verify every reference to the intrusion policy is paired with the same variable set. Pairing an intrusion policy with different
variable sets results in memory usage.
The FireSIGHT System Virtual Installation Guide incorrect states the following about logging in to a virtual device at the VMware
console using admin as the username and the new admin account password specified in the deployment setup wizard: If you did not
change the password using the wizard or you are deploying with a ESXi OVF template, use Cisco as the password. The
documentation should state that if you did not change the password using the wizard or you are deploying with an ESXi OVF template,
use Sourcefire as the password. (CSCut77002)
console using admin as the username and the new admin account password specified in the deployment setup wizard: If you did not
change the password using the wizard or you are deploying with a ESXi OVF template, use Cisco as the password. The
documentation should state that if you did not change the password using the wizard or you are deploying with an ESXi OVF template,
use Sourcefire as the password. (CSCut77002)
The FireSIGHT System User Guide does not relfect that:
When using URL Filtering with Do not retry URL cache miss lookup disabled to allow URL retry, the system delays packets for
URLs that have not been previously seen by the firewall while the URL category and reputation are determined so URL filtering rules
can be resolved. Until the lookup of the URL category and reputation is completed, or the lookup request times out, in inline, routed,
or transparent deployments the packet will be held at the firewall. If a two second time limit is reached without the category and
reputation determination completing, the URL category Uncategorized is used with no reputation, and rule evaluation proceeds. URL
category determination can introduce up to two seconds of delay in packet delivery, depending on local network conditions. If such
delay is not acceptable, URL retry should not be allowed. Note that without URL retry, URL filtering may not be effective until such
time as URL category and reputation determination completes for each URL. Until that time, packets that would have been filtered
based on the URL’s category or reputation will be filtered based on the Uncategorized category. To disable URL retry, check the Do
not retry URL cache miss lookup option in the General advanced settings of the access control policy (Policies > Access Control >
edit policy > Advanced > edit General Settings). Note that this option is disabled and URL retry is allowed by default.
URLs that have not been previously seen by the firewall while the URL category and reputation are determined so URL filtering rules
can be resolved. Until the lookup of the URL category and reputation is completed, or the lookup request times out, in inline, routed,
or transparent deployments the packet will be held at the firewall. If a two second time limit is reached without the category and
reputation determination completing, the URL category Uncategorized is used with no reputation, and rule evaluation proceeds. URL
category determination can introduce up to two seconds of delay in packet delivery, depending on local network conditions. If such
delay is not acceptable, URL retry should not be allowed. Note that without URL retry, URL filtering may not be effective until such
time as URL category and reputation determination completes for each URL. Until that time, packets that would have been filtered
based on the URL’s category or reputation will be filtered based on the Uncategorized category. To disable URL retry, check the Do
not retry URL cache miss lookup option in the General advanced settings of the access control policy (Policies > Access Control >
edit policy > Advanced > edit General Settings). Note that this option is disabled and URL retry is allowed by default.