Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.7
Sourcefire 3D System Release Notes
36
Features Introduced in Previous Versions
•
The documentation does not reflect that, if you enable an intrusion rule that
checks for a flowbits state on traffic over a port, and enable at least one
other rule that affects assigning the same flowbits state for traffic over the
same port, when you apply or reapply the policy, the system does not
automatically enable any other rule within the policy that affects assigning
that flowbits state. (138507, 141143)
•
In an access control policy, the system processes certain Trust rules before
the policy’s Security Intelligence blacklist. Trust rules placed before either
the first Monitor rule or before a rule with an application, URL, user, or
geolocation-based network condition are processed before the blacklist.
That is, Trust rules that are near the top of an access control policy (rules
with a low number) or that are used in a simple policy allow traffic that
should have been blacklisted to pass uninspected instead. (138743, 139017)
•
Security Issue
Sourcefire is aware of a vulnerability inherent in the Intelligent
Platform Management Interface (IPMI) standard (CVE-2013-4786). Enabling
Lights-Out Management (LOM) on an appliance exposes this vulnerability.
To mitigate the vulnerability, deploy your appliances on a secure
management network accessible only to trusted users and use a complex,
non-dictionary-based password. To prevent exposure to the vulnerability, do
not enable LOM. If you enable LOM and expose this vulnerability, change
the complex password every three months. (139286, 140954)
•
The documentation does not reflect that, if you register a cluster, stack, or
clustered stack of devices to a Defense Center, you may have to manually
reapply the device configuration. (142411, 141602)
•
In some cases, if you generate a report from a report template, reports only
display the IP address if the system cannot resolve the IP address to a host
name. (142640)The documentation does not reflect that Lights-Out
Management (LOM) users on 7100 Family devices must limit their
password to 16 characters rather than 20 characters. (142752)
Features Introduced in Previous Versions
Functionality described in previous versions may be superseded by other new
functionality or updated through resolved issues.
5.2.x.x
No new features were introduced in Versions 5.2.0.1, 5.2.0.2, 5.2.0.3, 5.2.0.4, or
5.2.0.5.
5.2
The following new features and functionality were introduced in Version 5.2: