Cisco Cisco FirePOWER Appliance 8250 Notas de publicación
Version 5.2.0.5
Sourcefire 3D System Release Notes
29
Known Issues
Known Issues
The following new known issues are reported in Version 5.2.0.5:
•
In an access control policy, the system processes certain Trust rules before
the policy’s Security Intelligence blacklist. Trust rules placed before either
the first Monitor rule or before a rule with an application, URL, user, or
geolocation-based network condition are processed before the blacklist.
That is, Trust rules that are near the top of an access control policy (rules
with a low number) or that are used in a simple policy allow traffic that
should have been blacklisted to pass uninspected instead. (138743, 139017)
Known Issues Reported in Previous Releases
The following is a list of known issues that were discovered in previous releases
of the Sourcefire 3D System:
•
You must use the Defense Center’s web interface to unregister a managed
device. If you unregister a device using either the device’s web interface or
its command line interface (CLI), it is not removed from the Defense Center.
(112659)
•
The system will generate a health alert if the Defense Center is unable to
connect to the Sourcefire cloud. To troubleshoot, ensure the connection
from the Defense Center to the Sourcefire cloud (
54.243.248.19
and
54.243.248.162
) on port 32137 is working properly. (112708)
•
If multiple files are attached to a single email, the system may incorrectly
identify files after the first. (114523)
•
If you attempt to create multiple static NAT rules with the same original
values, the system may experience issues with traffic mapping. (116148)
•
In some cases, the Defense Center may show a cluster in a degraded state
when it has already recovered, generating extraneous system alerts.
(118122)
•
When Lights-Out Management is enabled, the system also enables a web
server in the background. The web server does not drain system resources
and has no known exploits. (119456)
•
Sourcefire documentation currently does not reflect that, on a Series 3
device, TCP connections matching a Trust access control rule on the first
packet generate different events depending on the presence of a Monitor
rule. If an active Monitor rule is present, the system generates both a
beginning and end-of-connection event, as expected. If no monitor rule is
active, the system does not generate a beginning-of-connection event.
(121060)
•
Do not name security zone objects using the pound sign (
#
); it may cause
errors during device reconfiguration. (121514)