Cisco Cisco Firepower Management Center 4000 Release Notes

Page of 45
Version 5.2.0.6
Sourcefire 3D System Release Notes
31
Known Issues
Resolved an issue where, in some cases, eStreamer logged packets before 
their associated event records. (122365)
Resolved an issue where, in some cases, the system did not enable traffic 
profiles with inactive periods. (122440)
Resolved an issue in network discovery policies where changes to user 
protocol detection configuration did not take effect. (122763)
Improved the system's reporting of error messages generated by the 
eStreamer client. (122859)
Resolved an issue with the eStreamer client where SHA-256 values were 
incorrectly reported by the Defense Center. (122869)
Resolved an issue where users were not prompted to enable the TCP 
stream preprocessor when saving an intrusion policy with the rate-based 
attack prevention preprocessor enabled and the TCP stream preprocessor 
disabled. (122905)
Resolved an issue where, in rare cases, intrusion rules that triggered on 
pruned sessions applied the rule action to current sessions. (122990)
Known Issues
The following new known issues are reported in Version 5.2.0.6:
Configuring a proxy server to authenticate with a Message Digest 5 (MD5) 
password encryption for malware cloud lookups is not supported. (135279)
The documentation incorrectly states the following: 
If a secondary 
device fails, the primary device continues to sense traffic, 
generate alerts, and send traffic to all secondary devices. On 
failed secondary devices, traffic is dropped. A health alert 
is generated indicating loss of link. 
The documentation should specify that, if the secondary device in a stack 
fails, by default, inline sets with configurable bypass enabled go into bypass 
mode on the primary device. For all other configurations, the system 
continues to load balance traffic to the failed secondary device. In either 
case, a health alert is generated to indicate loss of link. (138269)
The documentation does not reflect that, if you enable an intrusion rule that 
checks for a flowbits state on traffic over a port, and enable at least one 
other rule that affects assigning the same flowbits state for traffic over the 
same port, when you apply or reapply the policy, the system does not 
automatically enable any other rule within the policy that affects assigning 
that flowbits state. (138507, 141143)
Security Issue
 Sourcefire is aware of a vulnerability inherent in the Intelligent 
Platform Management Interface (IPMI) standard (CVE-2013-4786). Enabling 
Lights-Out Management (LOM) on an appliance exposes this vulnerability. 
To mitigate the vulnerability, deploy your appliances on a secure