Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Release Notes

Cisco Cisco Firepower Management Center 4000 Release Notes

Download
Page of 41
Version 5.2.0.3
Sourcefire 3D System Release Notes
39
Features Introduced in Previous Versions
IPv6 Support
Version 5.2 introduces extensive support for IPv6 addresses in features that were 
previously limited (partially or completely) to IPv4 addresses. These include 
adaptive profiles, auditing compliance, correlation, custom fingerprinting, 
FireSIGHT recommendations, host profiles, intrusion events, IP packet 
defragmentation, network discovery, the network map, network objects, and the 
User Agent.
Hosts on your monitored network may now have multiple associated IP 
addresses (both IPv4 and IPv6). Most parts of the system coordinate data for 
each of a host's IP addresses to give a full picture of the host's activity and to 
allow you to take action against an entire host easily.
Sourcefire User Agent Logoff Detection
User Agents monitor users as they log into the network or when accounts 
authenticate against Active Directory credentials for other reasons and maps 
users to host IP addresses, to support user access control. 
Version 2.1 of the Sourcefire User Agent also now detects logoffs of active 
directory users. When the agent checks a host and discovers that the expected 
user is no longer logged in, the agent generates a logoff for that user. When the 
Defense Center receives the logoff, it unmaps the user from the previously 
associated IP address. 
Access Control
Version 5.2 also adds new functionality in the access control policy: support for 
source ports and ICMP types and codes in port conditions in access control rules 
and support for blocking encrypted application traffic using either application 
conditions or URL conditions.
Source Ports in Access Control Rules 
You can now specify source ports as a condition for access control rules; this 
expands upon the existing capability to specify destination ports. The source 
ports you specify must be TCP or UDP ports.
ICMP Types and Codes in Access Control Rules 
You can now use Internet Control Message Protocol (ICMP) types and codes in 
access control rules, correlation rules, and port objects. You can also now view 
ICMP types and codes for all relevant events in the event viewer.
SSL Application Detection
Version 5.2 adds many new application detectors for applications in SSL traffic, 
allowing you to identify, and optionally block, encrypted application sessions 
based on the common name from the SSL client certificate used in the session.