Cisco Cisco Firepower Management Center 2000 Notas de publicación
20
FireSIGHT System Release Notes
Resolved Issues
Improved email notification reliability. (CSCuw36354)
Resolved an issue where, if you deployed a network discovery policy and enabled host discovery, the system incorrectly detected hosts
from networks not defined in the network discovery policy. (CSCuw51866)
from networks not defined in the network discovery policy. (CSCuw51866)
Resolved an issue where, if you clicked Create Custom Workflow on the Custom Workflows page (Analysis > Custom > Custom
Workflows) for intrusion events and included HTTP URI, HTTP Hostname, and/or Original Client IP fields, marking intrusion
events as reviewed generated an database error and the events did not get marked as reviewed. (CSCuw90541)
Workflows) for intrusion events and included HTTP URI, HTTP Hostname, and/or Original Client IP fields, marking intrusion
events as reviewed generated an database error and the events did not get marked as reviewed. (CSCuw90541)
Resolved an issue where, if user IP and group mappings streamed to a managed device while the mappings were updated on the
Defense Center, the network map on the managed device did not update correctly and did not match the network map on the Defense
Center. (CSCux12245)
Defense Center, the network map on the managed device did not update correctly and did not match the network map on the Defense
Center. (CSCux12245)
Resolved an issue where, if you configured a backup LDAP server on the LDAP Connections page (Policies > Users > LDAP
Connections), the system did not recognize the backup LDAP server and any attempt to Fetch Groups or Download Users failed if
the primary LDAP server was unreachable. (CSCux24855)
Connections), the system did not recognize the backup LDAP server and any attempt to Fetch Groups or Download Users failed if
the primary LDAP server was unreachable. (CSCux24855)
Resolved an issue where, if you applied an access control policy that generated more than 32,000 rules, then added either a network
address translation (NAT) policy or a VPN policy containing a static rule and reapplied, the rules became corrupted and policy apply
failed. (CSCux74877)
address translation (NAT) policy or a VPN policy containing a static rule and reapplied, the rules became corrupted and policy apply
failed. (CSCux74877)
Resolved an issue where, if you deployed an access control policy containing a user group within a realm and the system submitted a
high volume of URL lookups, network mapping dropped messages related to some users and did not match against deployed access
control rules when it should have. (CSCuy15844)
high volume of URL lookups, network mapping dropped messages related to some users and did not match against deployed access
control rules when it should have. (CSCuy15844)
Resolved an issue where, if you deployed an access control policy containing a file policy set to Block Malware and an SSL policy
set to Decrypt - Known key, the system did not successfully complete the initial file transfer for incoming traffic when it should have.
(CSCuy22114)
set to Decrypt - Known key, the system did not successfully complete the initial file transfer for incoming traffic when it should have.
(CSCuy22114)
Resolved an issue where the system displayed incorrect frame collision counts for the show portstats CLI command on a physical
Series 3 device. (CSCuy33294)
Series 3 device. (CSCuy33294)
Resolved an issue where the system experienced issues if processes exceeded memory limits. (CSCuy36889)
Resolved an issue where, if you configure inline sets to go into bypass mode on a Series 3 device running Version 5.4.0 or later and
update the device to Version 5.4.0.2 or later, the device experienced loss of link on sensing interfaces for an extended period of time
after the device rebooted during the update. (CSCuy74958, CSCva86844)
update the device to Version 5.4.0.2 or later, the device experienced loss of link on sensing interfaces for an extended period of time
after the device rebooted during the update. (CSCuy74958, CSCva86844)
Resolved an issue where, if you updated a Defense Center pair to at least Version 5.4.1.5 with multiple clustered devices registered and
expanded the last cluster of devices listed on the Device Management page (Devices > Device Management), the system did not
display all the devices within the cluster. (CSCuy79012)
expanded the last cluster of devices listed on the Device Management page (Devices > Device Management), the system did not
display all the devices within the cluster. (CSCuy79012)
Improved general performance of network mapping. (CSCuy83259)
Improved event threshold functionality. (CSCuy85993)
Resolved an issue where, if you deployed an access control rule containing applications detected by NMAP scan, the system could not
find a detector for the applications and redeploying the access control policy containing the rule with the risk application generated a
Policy has rules with missing detectors. The following rules specify applications for which a detector is not defined error.
(CSCuy87939)
find a detector for the applications and redeploying the access control policy containing the rule with the risk application generated a
Policy has rules with missing detectors. The following rules specify applications for which a detector is not defined error.
(CSCuy87939)
Resolved an issue where, if you updated a managed Series 3 or ASA FirePOWER module to Version 5.4.0.5 or later, the update failed
even though the Defense Center displayed the update successful. (CSCuy94873)
even though the Defense Center displayed the update successful. (CSCuy94873)
Resolved an issue where, if you registered multiple devices to a Defense Center, deploying an intrusion policy randomly failed on one
of the registered devices. (CSCuz01826)
of the registered devices. (CSCuz01826)
Improved Defense Center application reports. (CSCuz04049)
Resolved an issue where, in some cases, the system experienced memory issues if you applied a SSL rule containing an application
identification, URL category, or common name condition. (CSCuz09961)
identification, URL category, or common name condition. (CSCuz09961)