Cisco Cisco Firepower 4120 Security Appliance

Page 7 of 8

Known Limitations

This section lists known limitations for this release.

Limitations in Version 8.10.01

Item

Description

A one-time throughput license exceeded warning might be displayed when changing licenses.

Traffic statistics values displayed by Real Time Monitoring (in the APSolute Vision Security
Monitoring perspective) do not account for the packet CRC size.

Inspection of tunneled traffic is not supported on SYN Flood Protection, Packet Anomalies.

No warning is displayed for 90% utilization of the licensed throughput.

Packet leak may occur when sending traffic matched to PA 103.

For PA 107, some packets are processed, instead of being passed through.

When handling IPv6 traffic, PA 104 may also trigger PA 107.

When handling IPv4 traffic, PA 104 also triggers PA 103.

PA 108 traffic is dropped without reporting.

The PA 110 Report Action Process behaves as Bypass.

Under certain circumstances, a packet anomaly may not send traps to CLI, when the Report Action is
set to Report.

SYN Flood Protection in APSolute Vision Reporter reports No traffic statistics.

Web authentication over SYN Flood Protection does not support fragmented GET or POST requests.

In some scenarios, when using SYN Flood Protection with Safe-Reset, some of the RESET packets
sent back by clients challenged might be forwarded to the server.

When in manual mode, DNS Flood Protection may report

“forward” while actually dropping traffic.

In Security Monitoring per policy, Dropped Packets / Dropped Bytes are not displayed.

A management port cannot be configured to use VLAN.