Cisco Cisco FirePOWER Appliance 7020 Notas de publicación
Version 5.3.0.3
Sourcefire 3D System Release Notes
32
Known Issues
Known Issues
The following known issues are reported in Version 5.3.0.3:
•
The Sourcefire 3D System User Guide incorrectly states that, in a high
availability deployment:
If a secondary device fails, the primary
device continues to sense traffic, generate alerts, and send
traffic to all secondary devices. On failed secondary devices,
traffic is dropped. A health alert is generated indicating
loss of link.
traffic to all secondary devices. On failed secondary devices,
traffic is dropped. A health alert is generated indicating
loss of link.
The documentation should specify that, if the secondary device in a stack
fails, by default, inline sets with configurable bypass enabled go into bypass
mode on the primary device. For all other configurations, the system
continues to load balance traffic to the failed secondary device. In either
case, a health alert is generated to indicate loss of link. (138432)
•
If you create a new report (Overview > Reporting > Report Templates) and
attempt to Insert Report Parameter while viewing the web interface with
Internet Explorer 11, no report parameters are added to the report section
description. As a workaround, install and use Internet Explorer 10.
(142950/CSCze94011)
•
The Sourcefire 3D System User Guide does not reflect that if your Defense
Center loses connectivity to the Internet, the system may take up to 30
minutes to generate an Advanced Malware Protection health alert.
(143070/CSCze94138)
•
The Sourcefire 3D System User Guide does not reflect that you can now
choose whether to inspect traffic during policy apply. Inspecting traffic
during policy apply on a heavily loaded system may have an impact on
network throughput and latency. If this side effect is not ideal for your
network setup and connectivity is more important than inspection
unchecking this box will disable inspection temporarily during policy apply
unchecking this box will disable inspection temporarily during policy apply
and ensure that no packets are dropped during the procedure. After policy
apply is successful inspection will resume as normal. (143295/CSCze94372)
•
In some cases, if your Defense Center and managed devices experience
high volumes of traffic, the system generates incorrect CPU health alerts.
(143986/CSCze95067)
•
The Sourcefire 3D System User Guide does not reflect that, if you enable
inline normalization, the blocked packets graph on the Block Packets page
(Overview > Summary > Intrusion Event Performance >Blocked Packets) should
be described as the number of packets blocked as a result of rules set to
drop in an inline deployment instead of the number of packets blocked as
the result of TCP normalization. (144360/CSCze95222)
•
If you cluster Series 3 devices and configure the shared Sourcefire
Resolution Protocol (SFRP) configuration so the primary device is
configured as the backup SFRP with a non-SFRP IP address and the
secondary device is configured as the active SFRP with a SFRP IP address,
both devices attempt to respond to Address Resolution Protocol (ARP)