Cisco Cisco Firepower Management Center 2000 Notas de publicación
25
FireSIGHT System Release Notes
Version 5.3.1.7
Known Issues
•
If you delete a previously imported local intrusion rule, you cannot re-import the deleted rule.
(132865/CSCze88250)
(132865/CSCze88250)
•
In rare cases, the system may not generate events for intrusion rules 141:7 or 142:7.
(132973/CSCze89252)
(132973/CSCze89252)
•
In some cases, remote backups of managed devices include extraneous unified files, generating large
backup files on your Defense Center. (133040/CSCze89204)
backup files on your Defense Center. (133040/CSCze89204)
•
You must edit the maximum transmission unit (MTU) on a Defense Center or managed device using
the appliance’s CLI or shell. You cannot edit MTUs via the user interface. (133802/CSCze89748)
the appliance’s CLI or shell. You cannot edit MTUs via the user interface. (133802/CSCze89748)
•
If you create a URL object with an asterisk (
*
) in the URL, the system does not generate preempted
rule warnings for access control policies containing rules that reference the object. Do not use
asterisks (
asterisks (
*
) in URL object URLs. (134095/CSCze88837, 134097/CSCze88846)
•
If you configure your intrusion policy to generate intrusion event syslog alerts, the syslog alert
message for intrusion events generated by intrusion rules with preprocessor options enabled is
message for intrusion events generated by intrusion rules with preprocessor options enabled is
Snort
Alert
, not a customized message. (134270/CSCze88831)
•
If the secondary device in a stack generates an intrusion event, the system does not populate the table
view of intrusion events with security zone data. (134402/CSCze88843)
view of intrusion events with security zone data. (134402/CSCze88843)
•
If you configure an Nmap scan remediation with the
Fast Port Scan
option enabled, Nmap remediation
fails. As a workaround, disable the
Fast Port Scan
option. (134499/CSCze88810)
•
If you generate a report containing connection event summary data based on a connection event table
saved search, reports on that table populate with no data. (134541/CSCze89348)
saved search, reports on that table populate with no data. (134541/CSCze89348)
•
Scheduling and running simultaneous system backup tasks negatively impacts system performance.
As a workaround, stagger your scheduled tasks so only one backup runs at a time.
(134575/CSCze89679)
As a workaround, stagger your scheduled tasks so only one backup runs at a time.
(134575/CSCze89679)
•
If you edit a previously configured LDAP connection where user and group access control
parameters are enabled, clicking
parameters are enabled, clicking
Fetch Groups
does not populate the Available Groups box. You must
re-enter your password when editing an LDAP connection in order to fetch available groups.
(134872/CSCze89834)
(134872/CSCze89834)
•
In some cases, if you enable
Resolve IP Addresses
in the
Event Preferences
section of the Event View
Settings page, hostnames associated with IPv6 addresses may not resolve as expected in the
dashboard or event views. (135182/CSCze90155)
dashboard or event views. (135182/CSCze90155)
•
Configuring a proxy server to authenticate with a Message Digest 5 (MD5) password encryption for
malware cloud lookups is not supported. (135279/CSCze89442)
malware cloud lookups is not supported. (135279/CSCze89442)
•
You cannot enter more than 450 characters in the
Base Filter
field when creating an LDAP
authentication object. (135314/CSCze89081)
•
In some cases, if you schedule a task while observing Daylight Saving Time (DST), the task does
not run during periods when you are not observing DST. As a workaround, select
not run during periods when you are not observing DST. As a workaround, select
Europe, London
as
your local time zone on the Time Zone Preference page (
Admin > User Preferences
) and recreate the
task during a period when you are not observing DST. (135480)
•
The system requires additional time to reboot appliances or ASA FirePOWER devices running
Version 5.3 or later due to a database check. If errors are found during the database check, the reboot
requires additional time to repair the database. (135564, 136439)
Version 5.3 or later due to a database check. If errors are found during the database check, the reboot
requires additional time to repair the database. (135564, 136439)
•
In some cases, the system may generate a false positive for the SSH preprocessor rule 128:1.
(135567/CSCze89434)
(135567/CSCze89434)
•
If you apply an intrusion policy containing a rule with the
Extract Original Client IP Address
HTTP
preprocessor option enabled, the system may populate intrusion events with incorrect data in the
Original Client IP
field if traffic passes through a dedicated proxy server. (135651/CSCze89056)