Cisco Cisco Firepower Management Center 2000
8
FireSIGHT System Release Notes
Documentation Updates
—
Total TCP Filtered Packets
—
TCP Timestamp ECR Normalizations
—
Total UDP Filtered Packets
—
TCP Urgent Flag Normalizations
You can now configure the HTTP Referrer and User Agent fields in the Connection Events table view and the
Security Intelligence Events table view when configuring the displayed columns.
Security Intelligence Events table view when configuring the displayed columns.
You can now view warnings associated with the individual rules of your access control policy via the Access Control
Policy page (Policies > Access Control). In the access control policy editor, view a warning by hovering your pointer
over the alert icon next to the rule name and reading the warning in the tooltip text, or by selecting the Show
Warnings button at the top of the page to view the warnings associated with all the rules referenced in your access
control policy.
Policy page (Policies > Access Control). In the access control policy editor, view a warning by hovering your pointer
over the alert icon next to the rule name and reading the warning in the tooltip text, or by selecting the Show
Warnings button at the top of the page to view the warnings associated with all the rules referenced in your access
control policy.
In Version 5.4, inline normalization is automatically enabled when you create a network analysis policy with Inline
Mode enabled. In previous versions, you had to manually enable inline normalization in your inline intrusion policies.
Note that the update from Version 5.3.x to Version 5.4 does not change your inline normalization settings.
Mode enabled. In previous versions, you had to manually enable inline normalization in your inline intrusion policies.
Note that the update from Version 5.3.x to Version 5.4 does not change your inline normalization settings.
You can now add access control rule port conditions that specify unassigned protocol numbers not included in the
Protocol drop-down list.
Protocol drop-down list.
You no longer need a secondary rule to control FTP Data Channel in your access control policy.
The new Decompress SWF File (LZMA), Decompress SWF File (Deflate), and Decompress PDF File (Default)
HTTP Inspect preprocessor options offer enhanced decompression support for PDF and SWF file content.
HTTP Inspect preprocessor options offer enhanced decompression support for PDF and SWF file content.
The TCP stream preprocessor now has enhanced protocol-awareness for SMTP, POP3, and IMAP.
The system now provides enhanced detection of information in application traffic, including detection of application
data in DNS traffic and detection of users in additional protocols.
data in DNS traffic and detection of users in additional protocols.
You can now configure LDAP authentication to use Common Access Cards (CACs) to associate the card with a user
name so a user can log directly into the system using the card.
name so a user can log directly into the system using the card.
The system now offers enhanced GPRS Tunneling Protocol (GTP) support.
Documentation Updates
You can download all updated documentation from the Support site. In Version 5.4.0.2 and Version 5.4.1.1, the following
documents were updated to reflect the addition of new features and changed functionality and to address reported
documentation issues:
documents were updated to reflect the addition of new features and changed functionality and to address reported
documentation issues:
FireSIGHT System Online Help
FireSIGHT System Online Help (SEU)
FireSIGHT System User Guide
FireSIGHT System Installation Guide
FireSIGHT System Virtual Installation Guide
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
FireSIGHT System eStreamer Integration Guide
The documentation updated for Version 5.4.0.2 and Version 5.4.1.1.contains the following errors: