Cisco Cisco FirePOWER Appliance 8260 Release Notes
Version 5.2.0.2
Sourcefire 3D System Release Notes
28
Known Issues
Known Issues
The following known issues were reported in Version 5.2.0.2:
•
In some cases, the system generates impact flag alerts that contain
incorrect intrusion event classifications. (125934)
•
If a managed device processes traffic only from the initiator of a TCP
connection, the system does not log a connection event at the end of the
connection. (126040)
•
If you create a custom saved search for intrusion events with the Generator
(GID) field populated, the search returns empty. (126109)
•
In some cases, connection logs incorrectly identify the responder as the
initiator. (126151)
•
In some cases after completing a scheduled rule update import and
subsequent intrusion policy reapply, Defense Centers in a high availability
configuration may incorrectly show intrusion policies as out-of-date.
(126670)
•
In some cases, IPv6-in-IPv4 traffic does not match an access control rule
that uses a port condition for IPv6 (41) and that has an Allow, Monitor, or
Interactive Block action. Instead, the system handles this traffic using the
next matching rule. (126746)
•
In some cases, the eStreamer client fails to deserialize network discovery
user events and the system generates an error message. As a workaround,
clear the User Activity checkbox in the eStreamer Event Configuration
(System > Local > Registration). (126827)
•
If the system logs the only intrusion event associated with a connection as
Would have dropped
, the associated connection logs with the incorrect
action of
Block
. (127141)
•
In rare cases, the system detects a user login through network discovery
but the Defense Center incompletely logs the user data. (127274)
•
If you register a managed device as the only device on a Defense Center
with an existing custom network discovery policy configuration, the device
does not detect hosts or users until you edit, modify, and reapply the
existing network discovery policy. (127633)
•
If you remove a NetMod from a device managed by a Defense Center in a
high availability configuration, the system generates an error message
when you edit the device configuration. You cannot replace one NetMod
with another in this type of deployment. (128091)