Cisco Cisco Firepower Management Center 2000 Notas de publicación
47
FireSIGHT System Release Notes
Known Issues
In some cases, if you apply an access control rule that uses more than one VLAN, traffic that should trigger the applied access control
rule incorrectly triggers other rules. (CSCuw99834)
rule incorrectly triggers other rules. (CSCuw99834)
In some cases, if you view the Traffic by Initiator User widget on the Traffic tab of the Connection Summary page (Overview >
Dashboards > Connection Summary) in a Firefox web browser running Version 43, the system does not display any data when it
should. As a workaround, use an earlier version of Firefox or a different web browser to view the Connection Summary page.
(CSCuw99854)
Dashboards > Connection Summary) in a Firefox web browser running Version 43, the system does not display any data when it
should. As a workaround, use an earlier version of Firefox or a different web browser to view the Connection Summary page.
(CSCuw99854)
If the Defense Center runs out of disk space but resolves the issue on its own, the system may still fail to store and display new event
information and generate All shard connections are busy for partition errors in the Syslog page (System > Monitoring > Syslog).
As a workaround, reboot the system. If the system continues to experience issues, contact Support. (CSCux00142)
information and generate All shard connections are busy for partition errors in the Syslog page (System > Monitoring > Syslog).
As a workaround, reboot the system. If the system continues to experience issues, contact Support. (CSCux00142)
In some cases, if you configure automated policy apply for an extended period of time and attempt to manually apply a policy, policy
apply fails and the system generates a the table 'EOContainerStore' is full error in the Health Events page (Health > Health Events).
(CSCux00455)
apply fails and the system generates a the table 'EOContainerStore' is full error in the Health Events page (Health > Health Events).
(CSCux00455)
The system may experience dropped packets if you edit the access control policy to an intrusion preventative default action and apply
to registered devices configured with routed, transparent, or inline interfaces. (CSCux02726)
to registered devices configured with routed, transparent, or inline interfaces. (CSCux02726)
In some cases, if you add a security zone to an access control policy and apply, the system does not correctly process traffic. If you add
security zones to your applied access control policy and suspect your traffic is being incorrectly processed or blocked, disable the
security zones in your access control policy. (CSCux05653)
security zones to your applied access control policy and suspect your traffic is being incorrectly processed or blocked, disable the
security zones in your access control policy. (CSCux05653)
In some cases, if you configure 3D8250 or 3D8350 devices with a virtual switch and the system experiences a failover, the IP and MAC
address switch from the primary device to the secondary device and ARP traffic that passed through a specific interface on the switch
before the failover is incorrectly processed when passed through a difference interface on the switch. (CSCux11121)
address switch from the primary device to the secondary device and ARP traffic that passed through a specific interface on the switch
before the failover is incorrectly processed when passed through a difference interface on the switch. (CSCux11121)
In some cases, if user IP and group mappings are being streamed to a managed device while the mappings are being updated on the
Defense Center, the network map on the managed device may not update correctly and may not match the network map on the Defense
Center. If your Defense Center and managed devices appear to have different network maps, contact Support. (CSCux12245)
Defense Center, the network map on the managed device may not update correctly and may not match the network map on the Defense
Center. If your Defense Center and managed devices appear to have different network maps, contact Support. (CSCux12245)
In rare cases, the ASDM user interface does not successfully load the configuration page or the statstics page and you cannot access
ASA FirePOWER module logging. As a workaround, restart the ASDM. (CSCux12539)
ASA FirePOWER module logging. As a workaround, restart the ASDM. (CSCux12539)
In some cases, if you baseline a device to Version 5.3 and update to Version 5.4.0 and apply an access control policy configured with
inline normalization or if you configure a managed device's available interfaces to passive mode and apply an access control policy
configured with inline normalization, the system does not generate a warning when it should. (CSCux23258)
inline normalization or if you configure a managed device's available interfaces to passive mode and apply an access control policy
configured with inline normalization, the system does not generate a warning when it should. (CSCux23258)
In some cases, if you configure a backup LDAP server on the LDAP Connections page (Policies > Users > LDAP Connections), the
system does not recognize the backup LDAP server and any attempts to Fetch Groups will fail if the primary LDAP server is
unreachable. As a workaround, make sure the primary LDAP server is active prior to executing Fetch Groups. (CSCux24855)
system does not recognize the backup LDAP server and any attempts to Fetch Groups will fail if the primary LDAP server is
unreachable. As a workaround, make sure the primary LDAP server is active prior to executing Fetch Groups. (CSCux24855)
In some cases, if you create a security zone that contains an active interface without saving device configuration and apply an access
control policy referencing the security zone in some or all of the access control rules, all the rules referencing the security zone are not
included in the applied access control rule. As a workaround, recreate the security zone and save device configuration before applying
an access control policy that references that security zone. (CSCux38908)
control policy referencing the security zone in some or all of the access control rules, all the rules referencing the security zone are not
included in the applied access control rule. As a workaround, recreate the security zone and save device configuration before applying
an access control policy that references that security zone. (CSCux38908)
In some cases, if you enable automatic application bypass (AAB) on your 3D7010 device and generate troubleshoot, AAB activates
when it should not. (CSCux46403)
when it should not. (CSCux46403)
In some cases, if you update a system running Version 5.4.1.4 or earlier to Version 5.4.1.5 or later, the system experiences a fatal error
and update fails. As a workaround, attempt to update the system a second time. If you continue to experience failures while updating,
contact Support. (CSCux48859)
and update fails. As a workaround, attempt to update the system a second time. If you continue to experience failures while updating,
contact Support. (CSCux48859)
The system does not automatically trim oversized UDP packets to match the configured MTU value when it should and over time drops
traffic that is oversized. (CSCux51826)
traffic that is oversized. (CSCux51826)
In some cases, updating a managed device fails and the system does not indicate why in Task Status. If you update a device and the
update fails without a reason, contact Support. (CSCux56288)
update fails without a reason, contact Support. (CSCux56288)