Cisco Cisco Firepower Management Center 2000 Release Notes
28
FireSIGHT System Release Notes
Known Issues
In some cases, if you apply an access control policy referencing two intrusion policies to two devices, then edit the
first intrusion policy, then reapply the policy to one device and cluster the two devices, the modified intrusion policy
is marked out-of-date on the second device. As a workaround, apply a different access control policy with the same
intrusion policies to the second device. (144136/CSCze95126)
first intrusion policy, then reapply the policy to one device and cluster the two devices, the modified intrusion policy
is marked out-of-date on the second device. As a workaround, apply a different access control policy with the same
intrusion policies to the second device. (144136/CSCze95126)
In some cases, if you create an access control policy referencing a rule with the HTTP response page set with an
Interactive Block action and you attempt to access a URL that generates an HTTP response page, you are unable to
access the same web page in additional tabs on the same browser. (144419/CSCze95694)
Interactive Block action and you attempt to access a URL that generates an HTTP response page, you are unable to
access the same web page in additional tabs on the same browser. (144419/CSCze95694)
In some cases, the system may not display policy-related information for the following columns on the Connection
Events table view (Analysis > Connections > Events): Action, Reason, Access Control Policy, Access Control
Rule, and Network Analysis Policy. (145142/CSCze95299)
Events table view (Analysis > Connections > Events): Action, Reason, Access Control Policy, Access Control
Rule, and Network Analysis Policy. (145142/CSCze95299)
In some cases, the system does not display any events in the Total Events, Total Events Last Hour, or Total Events
Last Day rows of the statistics summary of the Discovery Statistics page (Overview > Summary > Discovery
Statistics). (145153/CSCze95751)
Last Day rows of the statistics summary of the Discovery Statistics page (Overview > Summary > Discovery
Statistics). (145153/CSCze95751)
In some cases, if you generate an intrusion event performance graph (Overview > Summary > Intrusion Event
Performance) and select Last Hour as the time range, the generated graph is blank instead of including data from
the intrusion events table view. (145237/CSCze95774)
Performance) and select Last Hour as the time range, the generated graph is blank instead of including data from
the intrusion events table view. (145237/CSCze95774)
Your device may experience a prolonged wait period when powering on. (145248/CSCze96068)
In some cases, if you enable a fail-open Cisco Redundancy Protocol (SFRP) set to monitor-only on a ASA 5515
module in a high availability configuration and your device experiences a failover, your module may change from
active to standby mode several times when it should not. (145256/CSCze95812)
module in a high availability configuration and your device experiences a failover, your module may change from
active to standby mode several times when it should not. (145256/CSCze95812)
If you configure an ASA FirePOWER module running Version 5.0 or later with network address translation (NAT), the
system incorrectly processes data channels matching applied access control, intrusion, and network discovery
policies. (145274/CSCze96017)
system incorrectly processes data channels matching applied access control, intrusion, and network discovery
policies. (145274/CSCze96017)
If you enable remote storage and create a scheduled email alert response on your Defense Center, the scheduled
email alert may disable remote storage and remote storage backups may fail. As a workaround, create local backups
and manually place the backups into remote storage. (145288/CSCze95993)
email alert may disable remote storage and remote storage backups may fail. As a workaround, create local backups
and manually place the backups into remote storage. (145288/CSCze95993)
In some cases, access control rules containing web application conditions may not match against web application
traffic if users on your network enter a URL that is not lower case into the address bar. (CSCur37364)
traffic if users on your network enter a URL that is not lower case into the address bar. (CSCur37364)
In some cases, if you make changes on the Advanced Malware Protection Alerts tab of the Alerts page (Policies >
Actions > Alerts) on a system configured with high availability, the changes may not be synchronized properly
between the appliances. (CSCur46711)
Actions > Alerts) on a system configured with high availability, the changes may not be synchronized properly
between the appliances. (CSCur46711)
In some cases, if you create an intrusion rule set to block multiprotocol label switching (MPLS) traffic and specify
either a source IP address or a destination IP address, the system does not block matching traffic. (CSCur46880)
either a source IP address or a destination IP address, the system does not block matching traffic. (CSCur46880)
If you do not deactivate a traffic profile before deleting it, the system allows the deleted profile to continuously use
resources without generating traffic. (CSCur48345)
resources without generating traffic. (CSCur48345)
In some cases, if you configure your cluster of routed Series 3 managed devices with Cisco Redundancy Protocol
(SFRP) and apply a network address translation (NAT) rule, both the primary and secondary device of the cluster
respond to the address resolution protocol (ARP) detected in matching traffic when only the primary device should
respond. As a workaround, designate the SFRP interface on the primary device as the master interface and the SFRP
on the secondary device as the backup interface when creating a NAT rule for your clustered devices. (CSCur55568)
(SFRP) and apply a network address translation (NAT) rule, both the primary and secondary device of the cluster
respond to the address resolution protocol (ARP) detected in matching traffic when only the primary device should
respond. As a workaround, designate the SFRP interface on the primary device as the master interface and the SFRP
on the secondary device as the backup interface when creating a NAT rule for your clustered devices. (CSCur55568)
In some cases, if your Defense Center has a file list with SHA-256 file entries and you add a Defense Center in high
availability configuration, the secondary Defense Center deletes the existing file list data. (CSCur57708)
availability configuration, the secondary Defense Center deletes the existing file list data. (CSCur57708)
If you create a scheduled task to install a new version of the vulnerability database (VDB) on your Defense Center,
the system will not alert you if you already have a recent VDB version installed and the Defense Center switches from
active to standby mode every time the task is scheduled. Cisco does not recommend scheduling automatic VDB
updates. (CSCur59252)
the system will not alert you if you already have a recent VDB version installed and the Defense Center switches from
active to standby mode every time the task is scheduled. Cisco does not recommend scheduling automatic VDB
updates. (CSCur59252)