Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.3.0.2
Sourcefire 3D System Release Notes
35
Known Issues
•
In some cases, if you enabled Simple Network Management Protocol
(SNMP) polling in your system policy, modifying the high availability (HA) link
interface configuration on one of your clustered managed devices causes
the system to generate inaccurate SNMP polling requests. (137546)
•
In some cases, configuring your access control policy to log blacklisted
connections to the syslog or SNMP trap server causes system issues.
(137952)
•
In some cases, the Operating System Summary workflow displays incorrect
DNS server counts, NTP server counts, and DNS port counts if the system
receives DNS or NTP packets out of order. (138047)
•
The table view of file events appears to support viewing the file trajectory
for ineligible file events. You can only view file trajectories for files with a
calculated SHA-256 value. (138155)
•
If you generate a report in HTML or PDF format that includes a chart with
File Name as the x-axis, the system does not display UTF-8 characters in the
x-axis filenames. (138297)
•
In rare cases, if you have ever used your Defense Center to manage more
than one device, the system displays inaccurate intrusion event counts in
the dashboard. (138298)
•
In rare cases, revising and reapplying an intrusion policy hundreds of times
causes intrusion rule updates and system updates to require over 24 hours
to complete. (138333)
•
If the latest version of the geolocation database (GeoDB) is installed on your
Defense Center and you attempt to update the GeoDB with the same
version, the system generates an error message. (138348)
•
In some cases, if you apply more than one access control policy across your
deployment, searching for intrusion or connection events (Analysis > Search)
matching a specific access control rule may retrieve events generated by
unrelated rules in other policies. (138542)
unrelated rules in other policies. (138542)
•
In some cases, rebooting a Series 3 managed device after a failed system
update causes a hardware issue. If a system update fails, contact Support
and do not reboot the appliance. (138684)
•
You cannot cut and paste access control rules from one policy to another.
(138713)
•
In the Security Intelligence Source/Destination metadata (rec_type:281),
the eStreamer server identifies the source as the destination and the
destination as the source. (138740)
•
In an access control policy, the system processes certain Trust rules before
the policy’s Security Intelligence blacklist. Trust rules placed before either
the first Monitor rule or before a rule with an application, URL, user, or
geolocation-based network condition are processed before the blacklist.
That is, Trust rules that are near the top of an access control policy (rules
with a low number) or that are used in a simple policy allow traffic that
should have been blacklisted to pass uninspected instead. (138743, 139017)