Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.3.0.2
Sourcefire 3D System Release Notes
30
Known Issues
•
Resolved an issue where the system misplaced the home directory files for
user accounts after updating to a major version of the Sourcefire 3D
System. (132503)
•
Resolved an issue where disabling the Quoted-Printable Decoding Depth
advanced option in your intrusion policy did not prevent the system from
generating events on intrusion rule 124:11. (132538)
•
Resolved an issue where, if you configured a custom table populated with
data from the Correlation Events table and the Applications table, then
selected Source IP as a common field, updates to Version 5.3 failed.
(135735)
•
Resolved an issue where, in some cases, if you configured an access
control policy with a Monitor rule (which forces end-of-connection logging)
and a Trust rule with Log at Beginning of Connection enabled, the system did
not generate end-of-connection events for matching SSH-encrypted traffic.
(135952)
Known Issues
The following known issues are reported in Version 5.3.0.2:
•
In some cases, applying changes to your access control policy, intrusion
policy, network discovery policy, or device configuration, or installing an
intrusion rule update or update of the vulnerability database (VDB), causes
the system to experience a disruption in traffic that uses Link Aggregation
Control Protocol (LACP) in fast mode. As a workaround, configure LACP
links in slow mode. (112070)
•
In some cases, the system includes extraneous data about dropped packets
in intrusion event performance graphs. (124934)
•
The documentation incorrectly states that, in a high availability deployment:
If a secondary device fails, the primary device continues to
sense traffic, generate alerts, and send traffic to all
secondary devices. On failed secondary devices, traffic is
dropped. A health alert is generated indicating loss of link.
sense traffic, generate alerts, and send traffic to all
secondary devices. On failed secondary devices, traffic is
dropped. A health alert is generated indicating loss of link.
The documentation should specify that, if the secondary device in a stack
fails, by default, inline sets with configurable bypass enabled go into bypass
mode on the primary device. For all other configurations, the system
continues to load balance traffic to the failed secondary device. In either
case, a health alert is generated to indicate loss of link. (138432)
•
In some cases, the system does not enforce the maximum transmission
unit (MTU) setting on Series 2 or virtual devices. (139620)
•
The system does not prevent an externally authenticated user from
modifying the LDAP password via the User Preferences page. If an
externally authenticated user does this, the user becomes an internally
authenticated user. (140143)