Cisco Cisco Firepower Management Center 2000 Notas de publicación
48
FireSIGHT System Release Notes
Known Issues
In some cases, if you configure two intrusion policies to share layers and you compare the two policies without editing either policy,
the system incorrectly displays differences between the two policies when there should be no changes. (CSCux59094)
the system incorrectly displays differences between the two policies when there should be no changes. (CSCux59094)
In some cases, if you set the default time zone to Europe and Moscow on the Time Zone Preference tab (User Name > User
Preferences > Time Zone Preference), the system displays an incorrect timestamp on generated events. (CSCux66887)
Preferences > Time Zone Preference), the system displays an incorrect timestamp on generated events. (CSCux66887)
If you hover the mouse cursor over the Last Contacted icon in the Management tab of the Device Management page (Devices >
Device Management), the system incorrectly displays the timestamp without a colon separating the hour from the minutes.
(CSCux68570)
Device Management), the system incorrectly displays the timestamp without a colon separating the hour from the minutes.
(CSCux68570)
If you download the Sourcefire EventStreamer SDK 5.4.0 file from the Cisco Support site and attempt to install on a device running
Windows OS, the install fails. As a workaround, remove 2> /dev/null from line 58 of the SFPkcs12.pm file, located in the
EventStreamerSDK-5.4.0\examples\perl_client directory and install. (CSCux76998)
Windows OS, the install fails. As a workaround, remove 2> /dev/null from line 58 of the SFPkcs12.pm file, located in the
EventStreamerSDK-5.4.0\examples\perl_client directory and install. (CSCux76998)
In some cases, if you apply a file policy set to Detect Files or Block Malware to a virtual device configured with inline sets, the system
inconsistently detects or blocks packets containing PDF, zip, gzip bzip exe file types. (CSCux81938)
inconsistently detects or blocks packets containing PDF, zip, gzip bzip exe file types. (CSCux81938)
In some cases, if you apply a file rule with the action set to Detect Files or Block Files to a device registered to a system running
Version 5.4.0.4 or later, the system may not correctly detect and block the file types or decompress the archives correctly, as can be
seen on the File Summary page (Analysis > Files > Events) and the Connection Events page (Analysis > Connections > Events).
(CSCux81952)
Version 5.4.0.4 or later, the system may not correctly detect and block the file types or decompress the archives correctly, as can be
seen on the File Summary page (Analysis > Files > Events) and the Connection Events page (Analysis > Connections > Events).
(CSCux81952)
In some cases, if you stack two 3D8350 devices and apply an access control rule containing a large number of network objects, the
system generates erroneous Error sending cluster heartbeat from NFE0 to NFE0 on member 0:: Heartbeat timeout reached
before ACK received errors and does not successfully apply. As a workaround, disable the access control rule containing the large
number of network objects and reapply, or delete the rule and create a new rule containing fewer network objects. (CSCux89473)
system generates erroneous Error sending cluster heartbeat from NFE0 to NFE0 on member 0:: Heartbeat timeout reached
before ACK received errors and does not successfully apply. As a workaround, disable the access control rule containing the large
number of network objects and reapply, or delete the rule and create a new rule containing fewer network objects. (CSCux89473)
In some cases, if you register a device running at least Version 5.4.0.2 or Version 5.4.1.1 to a Defense Center running Version 6.0, then
de-register the device and register it to a Defense Center running at least Version 5.4.1.4, applying a policy from the Defense Center
running 5.4.1.4 fails and the action queue displays a Not a HASH reference error. (CSCuy01340)
de-register the device and register it to a Defense Center running at least Version 5.4.1.4, applying a policy from the Defense Center
running 5.4.1.4 fails and the action queue displays a Not a HASH reference error. (CSCuy01340)
In some cases, the system incorrectly deletes local report files even though the disk usage is not high and does not generate a warning
or message. As a workaround, use remote storage for local reports. For more information, see the Using Remote Storage for Reports
section of the FireSIGHT System User Guide. (CSCuy11976)
or message. As a workaround, use remote storage for local reports. For more information, see the Using Remote Storage for Reports
section of the FireSIGHT System User Guide. (CSCuy11976)
If you filter intrusion rules on the Rule State page (Rule Configuration > Rule State) and search for the FlowBit keyword, the system
generates inconsistent results. (CSCuy13901)
generates inconsistent results. (CSCuy13901)
If you apply an access control policy containing a file policy set to Block Malware and an SSL policy set to Decrypt - Known key,
the system does not successfully complete the initial file transfer for incoming traffic when it should. As a workaround, download the
file a second time. (CSCuy22114)
the system does not successfully complete the initial file transfer for incoming traffic when it should. As a workaround, download the
file a second time. (CSCuy22114)
If you update a system running Version 5.3.x to Version 5.4.0 or later, the system automatically sets the link mode to Autonegotiate
even if the managed device does not support autonegotiation. As a workaround, manually set the link mode on the Device Management
page (Devices > Device Management) and save. (CSCuy28028, CSCuy36266)
even if the managed device does not support autonegotiation. As a workaround, manually set the link mode on the Device Management
page (Devices > Device Management) and save. (CSCuy28028, CSCuy36266)
If you modify a load balancing configuration with a CLI command and then apply policy, the system does not retain the load balancing
configuration after a successful policy apply. You must execute the CLI command again to modify the load balancing configuration
after each policy apply. (CSCuy30534)
configuration after a successful policy apply. You must execute the CLI command again to modify the load balancing configuration
after each policy apply. (CSCuy30534)
If you apply an SSL rule with the rule action set to Decrypt-Resign and browse decrypted websites using Chrome Version 40 or later,
the browser generates alerts for the decrypted websites. As a workaround, use the Internet Explorer or Firefox web browser.
(CSCuy30988)
the browser generates alerts for the decrypted websites. As a workaround, use the Internet Explorer or Firefox web browser.
(CSCuy30988)
In some cases, if you apply an access control policy referencing an intrusion policy and an SSL policy with the action set to
Decrypt-Resign, the system does not generate downloadable packet information on the packet view of the Intrusion Events page
(Analysis > Intrusion > Events). (CSCuy34078)
Decrypt-Resign, the system does not generate downloadable packet information on the packet view of the Intrusion Events page
(Analysis > Intrusion > Events). (CSCuy34078)
If you remove a user from all groups within a realm referenced in the access control policy and apply configuration changes, then click
Download users and groups from the Access Control tab, the system does not update the applied configuration and continues to
process traffic as if the group(s) still contained the user. (CSCuy39685)
Download users and groups from the Access Control tab, the system does not update the applied configuration and continues to
process traffic as if the group(s) still contained the user. (CSCuy39685)