Cisco Cisco Firepower Management Center 2000 Notas de publicación
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
23
FireSIGHT System Release Notes
Version 5.3.1.5
Known Issues
•
In some cases, if your device appears to have unapplied changes on the Device Management page
(Devices > Device Management) and you Apply Changes, then click the View Changes link from
the Apply Device Changes pop-up window, the system generates the Intrusion Policy comparison
viewer when it should not. (CSCuu88332)
(Devices > Device Management) and you Apply Changes, then click the View Changes link from
the Apply Device Changes pop-up window, the system generates the Intrusion Policy comparison
viewer when it should not. (CSCuu88332)
•
In some cases, if you create a new task on the Scheduling page (
System > Tools > Scheduling
) and select
the link provided as the Backup Profile, the web page generates as a
HTTP Error 500 Internal
server
error page. (CSCuv22624)
The following known issues were reported in previous releases:
•
In some cases, applying changes to your access control policy, intrusion policy, network discovery
policy, or device configuration, or installing an intrusion rule update or update of the vulnerability
database (VDB) causes the system to experience a disruption in traffic that uses Link Aggregation
Control Protocol (LACP) in fast mode. As a workaround, configure LACP links in slow mode.
(112070/CSCze87966)
policy, or device configuration, or installing an intrusion rule update or update of the vulnerability
database (VDB) causes the system to experience a disruption in traffic that uses Link Aggregation
Control Protocol (LACP) in fast mode. As a workaround, configure LACP links in slow mode.
(112070/CSCze87966)
•
If the system generates intrusion events with a
Destination Port/ICMP Code
of
0
, the Top 10 Destination
Ports section of the Intrusion Event Statistics page (
Overview > Summary > Intrusion Event Statistics
)
omits port numbers from the display. (125581/CSCze88014)
•
Defense Center local configurations (
System > Local > Configuration
) are not synchronized between
high availability peers. You must edit and apply the changes on all Defense Centers, not just the
primary. (130612/CSCze89250, 130652)
primary. (130612/CSCze89250, 130652)
•
In some cases, large system backups may fail if disk space usage exceeds the disk space threshold
before the system begins pruning. (132501/CSCze88368)
before the system begins pruning. (132501/CSCze88368)
•
In some cases, using the RunQuery tool to execute a
SHOW TABLES
command may cause the query to
fail. To avoid query failure, only run this query interactively using the RunQuery application.
(132685/CSCze89153)
(132685/CSCze89153)
•
If you delete a previously imported local intrusion rule, you cannot re-import the deleted rule.
(132865/CSCze88250)
(132865/CSCze88250)
•
In rare cases, the system may not generate events for intrusion rules 141:7 or 142:7.
(132973/CSCze89252)
(132973/CSCze89252)
•
In some cases, remote backups of managed devices include extraneous unified files, generating large
backup files on your Defense Center. (133040/CSCze89204)
backup files on your Defense Center. (133040/CSCze89204)
•
You must edit the maximum transmission unit (MTU) on a Defense Center or managed device using
the appliance’s CLI or shell. You cannot edit MTUs via the user interface. (133802/CSCze89748)
the appliance’s CLI or shell. You cannot edit MTUs via the user interface. (133802/CSCze89748)
•
If you create a URL object with an asterisk (
*
) in the URL, the system does not generate preempted
rule warnings for access control policies containing rules that reference the object. Do not use
asterisks (
asterisks (
*
) in URL object URLs. (134095/CSCze88837, 134097/CSCze88846)
•
If you configure your intrusion policy to generate intrusion event syslog alerts, the syslog alert
message for intrusion events generated by intrusion rules with preprocessor options enabled is
message for intrusion events generated by intrusion rules with preprocessor options enabled is
Snort
Alert
, not a customized message. (134270/CSCze88831)
•
If the secondary device in a stack generates an intrusion event, the system does not populate the table
view of intrusion events with security zone data. (134402/CSCze88843)
view of intrusion events with security zone data. (134402/CSCze88843)
•
If you configure an Nmap scan remediation with the
Fast Port Scan
option enabled, Nmap remediation
fails. As a workaround, disable the
Fast Port Scan
option. (134499/CSCze88810)
•
If you generate a report containing connection event summary data based on a connection event table
saved search, reports on that table populate with no data. (134541/CSCze89348)
saved search, reports on that table populate with no data. (134541/CSCze89348)