Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.3
Sourcefire 3D System Release Notes
30
Known Issues
•
In some cases, the system may not log connection events for IPv6-in-IPv4
traffic if the access control policy contains an access control rule with
connection event logging enabled and any of the following ports selected:
IP 0
,
IP-ENCAP 4
,
IPv6 41
,
IPv6-ROUTE 43
,
IPv6-FRAG 44
,
GRE 47
,
ESP
50
, or
IPv6-OPTS 60
. (126117, 126746)
•
In some cases, if you configure a syslog alert response to send connection
events to the syslog, the system may omit data from the Initiator Country,
Responder Country, Client Version, Application Risk, Business Relevance,
Intrusion Events, Files, TCP Flags, NetBIOS Domain, Initiator Packets, Responder
Packets, Initiator Bytes, or Responder Bytes fields. (127682)
•
If you configure a traffic profile and a correlation rule to trigger on traffic
spikes at or above two standard deviations, the system may not generate a
correlation event. (128107)
•
In rare cases, the 3D8120, 3D8130, 3D8140, and 3D8250 may experience
system issues that require you to reboot the appliance. (128689)
•
If you disable ldap protocol detection in your network discovery policy, the
Defense Center stops logging user agent login data. (128741)
•
In some cases, if you schedule an automatic LDAP user data retrieval, you
cannot perform on-demand user data retrieval and download. (128962)
•
In rare cases, automatic application bypass (AAB) activates during network
discovery policy apply. (129230)
•
Critical Issue
After completing an event-only backup, the backup process
enters an unrecoverable state. Do not attempt an event-only backup. As a
workaround, back up both configurations and events. (129231)
•
In some cases, if you view reviewed intrusion events and drill down to the
packet view, there are no visible events and the reviewed constraint is
removed. (129257)
•
In rare cases, installing Version 5.2 or later on a 3D6500 managed device
may cause system issues. (129561)
•
In some cases, the system incorrectly identified SMTP and generated a
connection event with missing application information if the SMTP server
responded with a connection error. (130085)
•
In rare cases, the system may generate critical health alert emails
containing indecipherable messages. (130518)
•
In some cases, the system may incorrectly sort values in the Type column or
omit names from the Security Zones column on the security zones page in
the object manager. (130569, 130631, 130632)
•
In some cases, drilling down in a custom workflow may redirect you to the
incorrect packet view page for an intrusion event. (130620)
•
In rare cases, the system mishandles dynamic NAT rules when a preceding
rule's source network overlaps the source network of the dynamic NAT rule.
(130765)