Cisco Cisco Firepower Management Center 2000
8
FireSIGHT System Release Notes
Documentation Updates
You can now configure the HTTP Referrer and User Agent fields in the Connection Events table view and the
Security Intelligence Events table view when configuring the displayed columns.
Security Intelligence Events table view when configuring the displayed columns.
You can now view warnings associated with the individual rules of your access control policy via the Access Control
Policy page (Policies > Access Control). In the access control policy editor, view a warning by hovering your pointer
over the alert icon next to the rule name and reading the warning in the tooltip text, or by selecting the Show
Warnings button at the top of the page to view the warnings associated with all the rules referenced in your access
control policy.
Policy page (Policies > Access Control). In the access control policy editor, view a warning by hovering your pointer
over the alert icon next to the rule name and reading the warning in the tooltip text, or by selecting the Show
Warnings button at the top of the page to view the warnings associated with all the rules referenced in your access
control policy.
In Version 5.4, inline normalization is automatically enabled when you create a network analysis policy with Inline
Mode enabled. In previous versions, you had to manually enable inline normalization in your inline intrusion policies.
Note that the update from Version 5.3.x to Version 5.4 does not change your inline normalization settings.
Mode enabled. In previous versions, you had to manually enable inline normalization in your inline intrusion policies.
Note that the update from Version 5.3.x to Version 5.4 does not change your inline normalization settings.
You can now add access control rule port conditions that specify unassigned protocol numbers not included in the
Protocol drop-down list.
Protocol drop-down list.
You no longer need a secondary rule to control FTP Data Channel in your access control policy.
The new Decompress SWF File (LZMA), Decompress SWF File (Deflate), and Decompress PDF File (Default)
HTTP Inspect preprocessor options offer enhanced decompression support for PDF and SWF file content.
HTTP Inspect preprocessor options offer enhanced decompression support for PDF and SWF file content.
The TCP stream preprocessor now has enhanced protocol-awareness for SMTP, POP3, and IMAP.
The system now provides enhanced detection of information in application traffic, including detection of application
data in DNS traffic and detection of users in additional protocols.
data in DNS traffic and detection of users in additional protocols.
You can now configure LDAP authentication to use Common Access Cards (CACs) to associate the card with a user
name so a user can log directly into the system using the card.
name so a user can log directly into the system using the card.
The system now offers enhanced GPRS Tunneling Protocol (GTP) support.
Documentation Updates
You can download all updated documentation from the Support site. In Version 5.4.0.7 and Version 5.4.1.6, the following
documents were updated to reflect the addition of new features and changed functionality and to address reported
documentation issues:
documents were updated to reflect the addition of new features and changed functionality and to address reported
documentation issues:
FireSIGHT System Online Help
FireSIGHT System Online Help (SEU)
FireSIGHT System User Guide
The documentation updated for Version 5.4.0.7 and Version 5.4.1.6.contains the following errors:
The FireSIGHT System User Guide incorrectly states that Cisco does not recommend enabling more than one
non-SFRP IP address on a clustered Series 3 device’s routed or hybrid interface where one SFRP IP address is
already configured. The system does not perform NAT if clustered Series 3 devices experience failover while
in standby mode. The system does perform NAT if clustered Series 3 devices experience failover while in standby
mode.
non-SFRP IP address on a clustered Series 3 device’s routed or hybrid interface where one SFRP IP address is
already configured. The system does not perform NAT if clustered Series 3 devices experience failover while
in standby mode. The system does perform NAT if clustered Series 3 devices experience failover while in standby
mode.
The FireSIGHT System User Guide incorrectly states that you can use Lights-Out Management (LOM) on the
default (eth0) management interface on a Serial Over LAN (SOL) connection to remotely monitor or manage
Series 3 appliances. Using the same IP address for LOM and for a SOL connection to your Series 3 device is not
currently supported.
default (eth0) management interface on a Serial Over LAN (SOL) connection to remotely monitor or manage
Series 3 appliances. Using the same IP address for LOM and for a SOL connection to your Series 3 device is not
currently supported.
The FireSIGHT System User Guide does not reflect that, on devices with limited memory, the number of intrusion
policies may not be paired with more than one variable set. In the case where you can apply an access control policy
that references only one intrusion policy, verify every reference to the intrusion policy is paired with the same variable
set. Pairing an intrusion policy with different variable sets results in memory usage.
policies may not be paired with more than one variable set. In the case where you can apply an access control policy
that references only one intrusion policy, verify every reference to the intrusion policy is paired with the same variable
set. Pairing an intrusion policy with different variable sets results in memory usage.