Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Release Notes

Cisco Cisco Firepower Management Center 4000 Release Notes

Download
Page of 42
Version 5.2.0.5
Sourcefire 3D System Release Notes
29
Known Issues
Known Issues
The following new known issues are reported in Version 5.2.0.5:
In an access control policy, the system processes certain Trust rules before 
the policy’s Security Intelligence blacklist. Trust rules placed before either 
the first Monitor rule or before a rule with an application, URL, user, or 
geolocation-based network condition are processed before the blacklist. 
That is, Trust rules that are near the top of an access control policy (rules 
with a low number) or that are used in a simple policy allow traffic that 
should have been blacklisted to pass uninspected instead. (138743, 139017)
Known Issues Reported in Previous Releases
The following is a list of known issues that were discovered in previous releases 
of the Sourcefire 3D System:
You must use the Defense Center’s web interface to unregister a managed 
device. If you unregister a device using either the device’s web interface or 
its command line interface (CLI), it is not removed from the Defense Center. 
(112659)
The system will generate a health alert if the Defense Center is unable to 
connect to the Sourcefire cloud. To troubleshoot, ensure the connection 
from the Defense Center to the Sourcefire cloud (
54.243.248.19 
and
 
54.243.248.162
) on port 32137 is working properly. (112708)
If multiple files are attached to a single email, the system may incorrectly 
identify files after the first. (114523)
If you attempt to create multiple static NAT rules with the same original 
values, the system may experience issues with traffic mapping. (116148)
In some cases, the Defense Center may show a cluster in a degraded state 
when it has already recovered, generating extraneous system alerts. 
(118122)
When Lights-Out Management is enabled, the system also enables a web 
server in the background. The web server does not drain system resources 
and has no known exploits. (119456)
Sourcefire documentation currently does not reflect that, on a Series 3 
device, TCP connections matching a Trust access control rule on the first 
packet generate different events depending on the presence of a Monitor 
rule. If an active Monitor rule is present, the system generates both a 
beginning and end-of-connection event, as expected. If no monitor rule is 
active, the system does not generate a beginning-of-connection event. 
(121060)
Do not name security zone objects using the pound sign (
#
); it may cause 
errors during device reconfiguration. (121514)