Cisco Cisco Firepower Management Center 2000
25
FireSIGHT System Release Notes
Version 5.3.1.6
Known Issues
•
If you apply an access control policy to multiple devices, the Defense Center displays the task status
differently on the Task Status page, the Access Control policy page, and the Device Management
page of the web interface. The status on the Device Management page (
differently on the Task Status page, the Access Control policy page, and the Device Management
page of the web interface. The status on the Device Management page (
Devices > Device Management
)
is correct. (136364/CSCze87068, 136614/CSCze89936)
•
In some cases, if you create a custom workflow based on the health events table, the Defense Center
displays conflicting data in the event viewer. (136419/CSCze90336)
displays conflicting data in the event viewer. (136419/CSCze90336)
•
If you import a custom intrusion rule as an
.rtf
file, the system does not warn you that the
.rtf
file type is not supported. (136500/CSCze89991)
•
If you configure a Security Intelligence feed and specify a
Feed URL
that was created on a computer
running a Windows operating system, the system does not display the correct number of submitted
IP addresses in the tooltips on the Security Intelligence tab. As a workaround, use
IP addresses in the tooltips on the Security Intelligence tab. As a workaround, use
dos2unix
commands to convert the file from Windows encoding to Unix encoding and click
Update Feeds
on
the Security Intelligence page. (136557/CSCze89888)
•
If you disable a physical interface, the logical interfaces associated with it are disabled but remain
green on the Interfaces tab of the appliance editor for that managed device. (136560/CSCze89894)
green on the Interfaces tab of the appliance editor for that managed device. (136560/CSCze89894)
•
If you create a custom table based on the captured files table, the system generates an error message.
The system does not support creating a custom table based on the captured files table.
(136844/CSCze89977)
The system does not support creating a custom table based on the captured files table.
(136844/CSCze89977)
•
If you register a managed device with a hostname containing more than 40 characters, device
registration fails. (137235/CSCze90144)
registration fails. (137235/CSCze90144)
•
In some cases, the system does not filter objects in the Object Manager as expected if you include
any of the following special characters in the filter criteria: dollar sign (
any of the following special characters in the filter criteria: dollar sign (
$
), caret (
^
), asterisk (
*
),
brackets (
[ ]
), vertical bar (
|
), forward slash (
\
), period (
.
), and question mark (
?
).
(137493/CSCze90413)
•
In some cases, if you enabled Simple Network Management Protocol (SNMP) polling in your
system policy, modifying the high availability (HA) link interface configuration on one of your
clustered managed devices causes the system to generate inaccurate SNMP polling requests.
(137546/CSCze90000)
system policy, modifying the high availability (HA) link interface configuration on one of your
clustered managed devices causes the system to generate inaccurate SNMP polling requests.
(137546/CSCze90000)
•
In some cases, configuring your access control policy to log blacklisted connections to the syslog or
SNMP trap server causes system issues. (137952)
SNMP trap server causes system issues. (137952)
•
In some cases, the Operating System Summary workflow displays incorrect DNS server counts,
NTP server counts, and DNS port counts if the system receives DNS or NTP packets out of order.
(138047/CSCze90930)
NTP server counts, and DNS port counts if the system receives DNS or NTP packets out of order.
(138047/CSCze90930)
•
The table view of file events appears to support viewing the file trajectory for ineligible file events.
You can only view file trajectories for files with a calculated SHA-256 value. (138155/CSCze90676)
You can only view file trajectories for files with a calculated SHA-256 value. (138155/CSCze90676)
•
If you generate a report in HTML or PDF format that includes a chart with
File Name
as the x-axis,
the system does not display UTF-8 characters in the x-axis filenames. (138297/CSCze90799)
•
In rare cases, if you have ever used your Defense Center to manage more than one device, the system
displays inaccurate intrusion event counts in the dashboard. (138298)
displays inaccurate intrusion event counts in the dashboard. (138298)
•
In rare cases, editing and reapplying an intrusion policy hundreds of times causes intrusion rule
updates and system updates to require over 24 hours to complete. (138333/CSCze90747)
updates and system updates to require over 24 hours to complete. (138333/CSCze90747)
•
If the latest version of the geolocation database (GeoDB) is installed on your Defense Center and
you attempt to update the GeoDB with the same version, the system generates an error message.
(138348/CSCze90813)
you attempt to update the GeoDB with the same version, the system generates an error message.
(138348/CSCze90813)
•
Connection events logged to the syslog or SNMP trap server may have incorrect
URL Reputation
values. (138504/CSCze91066, 139466/CSCze91510)