Cisco Sourcefire Defense Center 3000 Chassis Release Notes
Version 5.3.0.3
Sourcefire 3D System Release Notes
33
Known Issues
requests for incoming addresses that matches rules in the applied network
analysis policy and experience a disruption in traffic. As a workaround,
ensure the primary device of a cluster is configured as an active SFRP with
an SFRP IP address. (CSCur55568)
Known Issues Reported in Previous Releases
The following is a list of known issues that were reported in previous releases of
the Sourcefire 3D System:
•
In some cases, applying changes to your access control policy, intrusion
policy, network discovery policy, or device configuration, or installing an
intrusion rule update or update of the vulnerability database (VDB), causes
the system to experience a disruption in traffic that uses Link Aggregation
Control Protocol (LACP) in fast mode. As a workaround, configure LACP
links in slow mode. (112070/CSCze87966)
•
In some cases, the system includes extraneous data about dropped packets
in intrusion event performance graphs. (124934/CSCze87728)
•
If the system generates intrusion events with a Destination Port/ICMP Code
of
0
, the Top 10 Destination Ports section of the Intrusion Event Statistics
page (Overview > Summary > Intrusion Event Statistics) omits port numbers
from the display. (125581/CSCze88014)
•
Defense Center local configurations (System > Local > Configuration) are not
synchronized between high availability peers. You must edit and apply the
changes on all Defense Centers, not just the primary. (130612/CSCze89250,
130652)
•
In some cases, large system backups may fail if disk space usage exceeds
the disk space threshold before the system begins pruning.
(132501/CSCze88368)
•
In some cases, using the RunQuery tool to execute
a SHOW TABLES
command may cause the query to fail. To avoid query failure, only run this
query interactively using the RunQuery application. (132685/CSCze89153)
•
If you reboot a Series 3 managed device after a Sourcefire 3D System
update fails, subsequent updates may fail even after you resolve the original
issue. (132700/CSCze89273)
•
If you delete a previously-imported local intrusion rule, you cannot re-import
the deleted rule. (132865/CSCze88250)
•
In rare cases, the system may not generate events for intrusion rules 141:7
or 142:7. (132973/CSCze89252)
•
In some cases, remote backups of managed devices include extraneous
unified files, generating large backup files on your Defense Center.
(133040/CSCze89204)