Cisco Cisco Firepower Management Center 4000 Release Notes
Version 5.2.0.2
Sourcefire 3D System Release Notes
30
Known Issues
•
In rare cases, the system may require up to 3 hours to complete an update
or uninstall to Version 5.2 of the Sourcefire 3D System on a 3D7110 or
3D7120 managed device. Do not interrupt the update; allow the
post-update reboot to finish completely. (124148)
•
If a device group contains an inactive managed device, you may be unable
to edit the device group. (124286)
•
In some cases, if you begin installing an intrusion rule update during a
system update, the intrusion rule update fails. To avoid this, do not attempt
to install an intrusion rule update during system update. (124290)
•
You can not use IPv6 addresses to configure connections to Sourcefire User
Agents (Policies > Users). As a workaround, configure the connection using
the associated IPv4 addresses instead. (124377)
•
In some cases, the system may trigger false positive events on the SMTP
preprocessor rule124:10. (125449)
•
In rare cases, the system does not terminate a rule update installation if the
installation fails in an early stage. If this occurs, you should attempt a rule
update reinstallation and contact Support if the issue persists. (125368)
•
In some cases, enabling sensitive data detection in your intrusion policy
may not generate events for all packets containing sensitive data. (125588)
•
In some cases, FireSIGHT rule state recommendations do not generate if an
intrusion rule variable contains a network object. (125910)
•
After updating an appliance running Version 5.1.x of the Sourcefire 3D
System and Version 2.0.3 of the Sourcefire User Agent to Version 5.2 of the
Sourcefire 3D System, the system may generate an extraneous health alert.
As a workaround, use the Defense Center to remove the Defense
Center-user agent connection and re-add the user agent. (127082, 127265,
127724)
•
If you create a custom analysis dashboard widget based on a saved
connection event search that uses data in fields without an asterisk (
*
), the
widget displays incorrect data. Only the fields that constrain connection
summaries can constrain custom analysis dashboard widgets based on
connection events. (127324, 127327)
•
If you apply a VPN deployment on a stack, cluster, or clustered stack and
then unregister the stack, cluster, or clustered stack from its managing
Defense Center, the VPN deployment remains active on the stack, cluster,
or clustered stack when you register the appliances to another Defense
Center. Additionally, you cannot manage the VPN deployment from the new
Defense Center. As a workaround, remove the VPN deployment from the
stack, cluster, or clustered stack before unregistering it from the Defense
Center. (128816, 130728)
•
In some cases, the system experiences issues with user account
management if devices running Version 5.1.1.x are managed by a Defense
Center running Version 5.2.x.x. As a workaround, update your managed
devices to Version 5.2. (130024)