Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Release Notes

Cisco Cisco Firepower Management Center 4000 Release Notes

Download
Page of 46
Version 5.3.0.5
Sourcefire 3D System Release Notes
33
Known Issues
In rare cases, revising and reapplying an intrusion policy hundreds of times 
causes intrusion rule updates and system updates to require over 24 hours 
to complete. (138333/CSCze90747)
If the latest version of the geolocation database (GeoDB) is installed on your 
Defense Center and you attempt to update the GeoDB with the same 
version, the system generates an error message. (138348/CSCze90813)
The Sourcefire 3D System User Guide incorrectly states that, in a high 
availability deployment:
 If a secondary device fails, the primary 
device continues to sense traffic, generate alerts, and send 
traffic to all secondary devices. On failed secondary devices, 
traffic is dropped. A health alert is generated indicating 
loss of link. 
The documentation should specify that, if the secondary device in a stack 
fails, by default, inline sets with configurable bypass enabled go into bypass 
mode on the primary device. For all other configurations, the system 
continues to load balance traffic to the failed secondary device. In either 
case, a health alert is generated to indicate loss of link. 
(138432/CSCze91093)
In some cases, if you apply more than one access control policy across your 
deployment, searching for intrusion or connection events (Analysis > Search
matching a specific access control rule may retrieve events generated by 
unrelated rules in other policies. (138542/CSCze91690)
In some cases, rebooting a Series 3 managed device after a failed system 
update causes a hardware issue. If a system update fails, contact Support 
and do not reboot the appliance. (138684/CSCze90977)
You cannot cut and paste access control rules from one policy to another. 
(138713/CSCze91012)
In the Security Intelligence Source/Destination metadata (rec_type:281), 
the eStreamer server identifies the source as the destination and the 
destination as the source. (138740/CSCze91402)
In an access control policy, the system processes certain Trust rules before 
the policy’s Security Intelligence blacklist. Trust rules placed before either 
the first Monitor rule or before a rule with an application, URL, user, or 
geolocation-based network condition are processed before the blacklist. 
That is, Trust rules that are near the top of an access control policy (rules 
with a low number) or that are used in a simple policy allow traffic that 
should have been blacklisted to pass uninspected instead. (138743, 139017)