Manualsbrain.com
  1. Manuals
  2. Brands
  3. Cisco
  4. Cisco Firepower Management Center 4000
  5. Release Notes

Cisco Cisco Firepower Management Center 4000 Release Notes

Download
Page of 46
Version 5.3.0.5
Sourcefire 3D System Release Notes
44
Features Introduced in Previous Versions
Sourcefire identifies traffic referred by a web server as the web application 
for referred connections as of Version 5.3. For example, if an advertisement 
accessed via advertising.com is actually referred by CNN.com, Sourcefire 
identifies CNN.com as the web application.
You can no longer configure access control rules containing any of the 
following port conditions: 
IP 0
IP-ENCAP 4
IPv6 41
IPv6-ROUTE 43
IPv6-FRAG 44
GRE 47
ESP 50
, or 
IPv6-OPTS 60
.
If you are updating from an earlier version of the Sourcefire 3D System, the 
access control policy rule editor marks invalid rules with a warning and the 
object manager resets invalid port object values to TCP.
If you break a stack or cluster, the devices now remain in the primary 
device's group. Before Version 5.3, the system reverted the devices to the 
groups they belonged to before they joined a stack or cluster.
Improved the performance and stability of NetFlow data collection and 
logging. Sourcefire also added the following new fields for connections 
exported by NetFlow--enabled devices: NetFlow Destination/Source 
Autonomous SystemNetFlow Destination/Source PrefixNetFlow 
Destination/Source TOS, and NetFlow SNMP Input/Output.
You can use IPv6 addresses to create authentication objects as of Version 
5.3. Note that you cannot use authentication objects with IPv6 addresses to 
authenticate shell accounts.
As of Version 5.3 you can identify unique Initiator and Responder IP 
addresses when creating IPv6 fast-path rules on Series 3 managed devices. 
Before Version 5.3, the fields were fixed and set to Any.
For fresh installations of Version 5.3 on Series 3 managed devices, the 
Automatic Application Bypass (AAB) feature is enabled by default. If you 
update from a previous version of the Sourcefire 3D System, your AAB 
settings are not affected. Note that AAB activates only when a preset 
amount of time is spent processing a single packet. If AAB engages, the 
system kills the affected Snort processes.
During the update to Version 5.3, the system now stores your currently 
applied access control policy and up to 10 saved but unapplied revisions to 
the access control policy, retaining your changes.
If you schedule multiple report generation tasks at the same time, the 
system queues the tasks. You can view them on the Task Status page 
(System > Monitoring > Task Status).
You cannot name security zone objects using the pound sign (#).
As of Version 5.3 you can use -1 as the minimum value in intrusion rule 
icode
 argument ranges. Selecting -1 as the minimum value allows you to 
include the ICMP code 0 in the range.
Added a new SMTP preprocessor alert to detect attacks against Cyrus SASL 
authentication.