Cisco Cisco Firepower Management Center 2000 Notas de publicación
5
FireSIGHT System Release Notes
Version 5.3.1.1
Before You Begin: Important Update and Compatibility Notes
headers, as well as set the priority order in which the system selects the value for the Original Client
IP event field. See Selecting Server-Level HTTP Normalization Options, page 25-33 of the
FireSIGHT System User Guide for more information.
IP event field. See Selecting Server-Level HTTP Normalization Options, page 25-33 of the
FireSIGHT System User Guide for more information.
When Extract Original Client IP Address is enabled, specifies the order in which the system
processes original client IP HTTP headers. If, on your monitored network, you expect to encounter
original client IP headers other than X-Forwarded-For (XFF) or True-Client-IP, you can click Add
to add up to six additional Client IP header names to the priority list. Note that if multiple XFF
headers appear in an HTTP request, the value for the Original Client IP event field is the header with
the highest priority. You can use the up and down arrow icons beside any header type to adjust its
priority. (139492/CSCze91210, 141233/CSCze92868
processes original client IP HTTP headers. If, on your monitored network, you expect to encounter
original client IP headers other than X-Forwarded-For (XFF) or True-Client-IP, you can click Add
to add up to six additional Client IP header names to the priority list. Note that if multiple XFF
headers appear in an HTTP request, the value for the Original Client IP event field is the header with
the highest priority. You can use the up and down arrow icons beside any header type to adjust its
priority. (139492/CSCze91210, 141233/CSCze92868
•
The FireSIGHT System Online Help does not reflect that the system removes interfaces from your
security zone configurations when you modify your ASA device security contexts and switch from
single context mode to multiple context mode or visa versa. (141050, 141064)
security zone configurations when you modify your ASA device security contexts and switch from
single context mode to multiple context mode or visa versa. (141050, 141064)
•
The appliances delivered with FireSIGHT System Online Help for Version 5.3.1 list Series 2,
Series 3, virtual, and X-Series devices as supported devices. They are not supported. (144113)
Series 3, virtual, and X-Series devices as supported devices. They are not supported. (144113)
•
The FireSIGHT System Online Help does not reflect that, if you register a cluster, stack, or clustered
stack of devices to a Defense Center, you may have to manually reapply the device configuration.
(142411, 141602)
stack of devices to a Defense Center, you may have to manually reapply the device configuration.
(142411, 141602)
•
The FireSIGHT System User Guide does not reflect:
A file detected for the first time ever is assigned a disposition after the Defense Center completes a
cloud lookup. The system generates a file event, but
cloud lookup. The system generates a file event, but
cannot
store a file unless the file is immediately
assigned a disposition.
If a previously undetected file matches a file rule with a Block Malware action, the subsequent cloud
lookup immediately returns a disposition, allowing the system to store the file and generate events.
lookup immediately returns a disposition, allowing the system to store the file and generate events.
If a previously undetected file matches a file rule with a Malware Cloud Lookup action, the system
generates file events but requires additional time to perform a cloud lookup and return a disposition.
Due to this delay, the system cannot store files matching a file rule with a Malware Cloud Lookup
action until the second time they are seen on your network. (143973)
generates file events but requires additional time to perform a cloud lookup and return a disposition.
Due to this delay, the system cannot store files matching a file rule with a Malware Cloud Lookup
action until the second time they are seen on your network. (143973)
•
The FireSIGHT System Online Help does not reflect that the apply icon for device changes on the
Device Management page (
Device Management page (
Devices > Device Management
) activates and turns green when out-of-date
device configuration policies need to be reapplied. (144142)
Before You Begin: Important Update and Compatibility Notes
Before you begin the update process for Version 5.3.1.1, you should familiarize yourself with the
behavior of the system during the update process, as well as with any compatibility issues or required
pre- or post-update configuration changes.
behavior of the system during the update process, as well as with any compatibility issues or required
pre- or post-update configuration changes.
Caution
Cisco strongly recommends you perform the update in a maintenance window or at a time when the
interruption will have the least impact on your deployment.
interruption will have the least impact on your deployment.
For more information, see the following sections:
•
•
•