Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.3.0.6
Sourcefire 3D System Release Notes
29
Known Issues
•
Defense Center local configurations (System > Local > Configuration) are not
synchronized between high availability peers. You must edit and apply the
changes on all Defense Centers, not just the primary. (130612/CSCze89250,
130652)
•
In some cases, large system backups may fail if disk space usage exceeds
the disk space threshold before the system begins pruning.
(132501/CSCze88368)
•
In some cases, using the RunQuery tool to execute
a SHOW TABLES
command may cause the query to fail. To avoid query failure, only run this
query interactively using the RunQuery application. (132685/CSCze89153)
•
If you reboot a Series 3 managed device after a Sourcefire 3D System
update fails, subsequent updates may fail even after you resolve the original
issue. (132700/CSCze89273)
•
If you delete a previously-imported local intrusion rule, you cannot re-import
the deleted rule. (132865/CSCze88250)
•
In rare cases, the system may not generate events for intrusion rules 141:7
or 142:7. (132973/CSCze89252)
•
In some cases, remote backups of managed devices include extraneous
unified files, generating large backup files on your Defense Center.
(133040/CSCze89204)
•
You must edit the maximum transmission unit (MTU) on a Defense Center
or managed device using the appliance’s CLI or shell. You cannot edit the
MTU on a Defense Center or managed device via the user interface.
(133802/CSCze89748)
•
If you create a URL object with an asterisk (
*
) in the URL, the system does
not generate preempted rule warnings for access control policies containing
rules that reference the object. Do not use asterisks (
*
) in URL object
URLs. (134095/CSCze88837, 134097/CSCze88846)
•
If you configure your intrusion policy to generate intrusion event syslog
alerts, the syslog alert message for intrusion events generated by intrusion
rules with preprocessor options enabled is
Snort Alert
, not a customized
message. (134270/CSCze88831)
•
If the secondary device in a stack generates an intrusion event, the system
does not populate the table view of intrusion events with security zone
data. (134402/CSCze88843)
•
If you configure an Nmap scan remediation with the Fast Port Scan option
enabled, Nmap remediation fails. As a workaround, disable the Fast Port
Scan option. (134499/CSCze88810)
•
If you generate a report containing connection event summary data based
on a connection event table saved search, reports on that table populate
with no data. (134541/CSCze89348)