Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.1
Sourcefire 3D System Release Notes
35
Features Introduced in Previous Versions
Version 2.1 of the Sourcefire User Agent also now detects logoffs of active
directory users. When the agent checks a host and discovers that the expected
user is no longer logged in, the agent generates a logoff for that user. When the
Defense Center receives the logoff, it unmaps the user from the previously
associated IP address.
Access Control
Version 5.2 also adds new functionality in the access control policy: support for
source ports and ICMP types and codes in port conditions in access control rules
and support for blocking encrypted application traffic using either application
conditions or URL conditions.
Source Ports in Access Control Rules
You can now specify source ports as a condition for access control rules; this
expands upon the existing capability to specify destination ports. The source
ports you specify must be TCP or UDP ports.
ICMP Types and Codes in Access Control Rules
You can now use Internet Control Message Protocol (ICMP) types and codes in
access control rules, correlation rules, and port objects. You can also now view
ICMP types and codes for all relevant events in the event viewer.
SSL Application Detection
Version 5.2 adds many new application detectors for applications in SSL traffic,
allowing you to identify, and optionally block, encrypted application sessions
based on the common name from the SSL client certificate used in the session.
URL Blocking based on SSL Common Name
You can now block encrypted application traffic using a URL based on the
common name in an SSL certificate.
Updates to API Support
Version 5.2 introduces the ability to request intrusion rule documentation using
either eStreamer or the database access feature. In addition, several structures
were updated for new features.
eStreamer and Database Access Updates
Version 5.2 contains several data structures updated for IPv6 address support,
geolocation changes, changes to support malware blocking, ICMP type and code
support, and bug fixes. For more information, see the Sourcefire 3D System
eStreamer Integration Guide and Sourcefire 3D System Database Access Guide
for Version 5.2.