Cisco Cisco Firepower Management Center 2000
37
FireSIGHT System Release Notes
Known Issues
Resolved an issue where, if the Defense Center sent a file to the cloud to perform a dynamic analysis in a sandbox environment and
the cloud was not available within 50 minutes, the file’s status remained Sent for Analysis instead of a timed out status.
(142309/CSCze93757)
the cloud was not available within 50 minutes, the file’s status remained Sent for Analysis instead of a timed out status.
(142309/CSCze93757)
Resolved an issue where, if the Defense Center incorrectly assigned an invalid serial header, the Defense Center failed to send events
to the eStreamer client. (143201/CSCze93686)
to the eStreamer client. (143201/CSCze93686)
Resolved an issue where, if you clicked on an application in the Denied Connections by Application dashboard widget, the system did
not properly constrain the resulting event view to blocked connections. (143376/CSCze93645)
not properly constrain the resulting event view to blocked connections. (143376/CSCze93645)
Resolved an issue where, if you generated a report in CSV format only, report section queries would ignore the option to inherit the
time window. (143403/CSCze94376)
time window. (143403/CSCze94376)
Resolved an issue where the Modbus preprocessor failed to generate events after the system missed or dropped a packet.
(142450/CSCze95921)
(142450/CSCze95921)
Resolved an issue where, if you created an access control policy that referenced an SSL policy set to decrypt traffic, policy apply failed.
(144518/CSCze94864)
(144518/CSCze94864)
Resolved an issue where, if you created an intrusion policy or network analysis policy and added a shared layer to it, then exported and
imported the new policy the system generated a Back-end failed for import error and did not import the policy.
(144905/CSCze96093)
imported the new policy the system generated a Back-end failed for import error and did not import the policy.
(144905/CSCze96093)
Known Issues
The following known issues are reported in Version 5.4.0.9 and Version 5.4.1.8:
If you update an appliance from Version 5.4.1.8 to Version 6.0 or if you uninstall Version 5.4.1.8 from an appliance to Version 5.4.1.7
and attempt to update the device to Version 6.0, the update fails. As a workaround, execute the sudo touch /.skip_fsic CLI command
prior to updating to Version 6.0. (CSCvb62987, CSCvb63002)
and attempt to update the device to Version 6.0, the update fails. As a workaround, execute the sudo touch /.skip_fsic CLI command
prior to updating to Version 6.0. (CSCvb62987, CSCvb63002)
If you plan to update the system to Version 6.0, you must install the FireSIGHT System Version 6.0 Pre-Installation package before
you update to Version 6.0. For more information, see the
you update to Version 6.0. For more information, see the
In some cases, if you deploy a network analysis policy (NAP) and enable inline mode, connection events generated by HTTPS traffic
does not display the correct total bytes value. (CSCus59142)
does not display the correct total bytes value. (CSCus59142)
If you apply an access control policy with an associated policy that requires a firewall preprocessor, then apply an access control policy
that does not require the firewall preprocessor, the firewall preprocessor remains enabled when it should not. As a workaround, apply
the access control policy that does not require the firewall preprocessor again, such as a basic access control policy or the default access
control policy. (CSCuu53467)
that does not require the firewall preprocessor, the firewall preprocessor remains enabled when it should not. As a workaround, apply
the access control policy that does not require the firewall preprocessor again, such as a basic access control policy or the default access
control policy. (CSCuu53467)
The update process to Version 5.4.0 terminates existing login sessions on a serial or Lights-out Management (LOM) console and
disables additional sessions until the update completes. If you initiate the update via shell from a serial over LAN or LOM console
without the --detach option, the update to Version 5.4.0 fails. (CSCuw65158)
disables additional sessions until the update completes. If you initiate the update via shell from a serial over LAN or LOM console
without the --detach option, the update to Version 5.4.0 fails. (CSCuw65158)
In some cases, if you reboot a managed virtual managed device and add multiple vmxnet3 interfaces, the system incorrectly adds the
interfaces and pre-existing interfaces experience issues. (CSCux15018)
interfaces and pre-existing interfaces experience issues. (CSCux15018)
If you disable the Sensitive Data Detection option in the Advanced Settings section of the Intrusion Policy page (Policies > Intrusion
> Intrusion Policy), the system may incorrectly enable the detection option every time you download a new intrusion rule update. You
must manually disable the Sensitive Data Detection option after every new intrusion rule update. (CSCux57338)
> Intrusion Policy), the system may incorrectly enable the detection option every time you download a new intrusion rule update. You
must manually disable the Sensitive Data Detection option after every new intrusion rule update. (CSCux57338)
If you update at least one physical and at least one virtual device simultaneously, the update may fail and the devices that failed to
update may be incorrectly placed into maintenance mode. As a workaround, reboot the devices that failed to update, unregister the
devices and then register the devices to the Defense Center. Update the device once it is successfully registered to the Defense Center.
(CSCux93946)
update may be incorrectly placed into maintenance mode. As a workaround, reboot the devices that failed to update, unregister the
devices and then register the devices to the Defense Center. Update the device once it is successfully registered to the Defense Center.
(CSCux93946)