Cisco Cisco Firepower Management Center 2000
26
FireSIGHT System Release Notes
Version 5.3.1.4
Known Issues
•
In some cases, managed devices stop processing traffic when the Defense Center updates a large
security intelligence feed referenced in an access control policy during a policy apply. As a
workaround, reapply the policies containing security intelligence feeds. (CSCus19921)
security intelligence feed referenced in an access control policy during a policy apply. As a
workaround, reapply the policies containing security intelligence feeds. (CSCus19921)
•
If you select Enable Remote Storage of Reports from the Reports page (Overview > Reporting
> Reports) with the Server Message Block (SMB) protocol enabled, the
> Reports) with the Server Message Block (SMB) protocol enabled, the
$User, Host Report:
$Host
,
Attack Report: $Attack SID
, and
Sourcefire FireSIGHT Report: $Customer Name
templates fail to generate reports due to unsupported characters in the report names. (CSCus21871)
•
In some cases, if you create a file policy containing a Web Application category and a Block
Malware rule, the system will not block files identified as malware if the Block Malware rule is
positioned after the Web Application category. As a workaround, position the Block Malware rule
before the Web Application category. (CSCus64526)
Malware rule, the system will not block files identified as malware if the Block Malware rule is
positioned after the Web Application category. As a workaround, position the Block Malware rule
before the Web Application category. (CSCus64526)
•
In some cases, if you place an access control rule referencing a file policy after an access control
rule with a web application, the traffic matching the file policy is not identified. As a workaround,
position the rule containing the file policy before the rule with the web application.
(CSCus64393,CSCus64526)
rule with a web application, the traffic matching the file policy is not identified. As a workaround,
position the rule containing the file policy before the rule with the web application.
(CSCus64393,CSCus64526)
•
In some cases, if you include special characters in the password for your registered ASA
FirePOWER device, the system generates an
FirePOWER device, the system generates an
Internal Server Error
message. (CSCus68604)
•
In some cases, If your system includes an SSL Visibility Appliance (SSLVA) device and you create
a file policy containing a Web Application category and a Block Malware rule, your first attempt to
download a file over HTTPS may fail. As a workaround, disable the file policy. (CSCus72505)
a file policy containing a Web Application category and a Block Malware rule, your first attempt to
download a file over HTTPS may fail. As a workaround, disable the file policy. (CSCus72505)
•
In some cases, if you create an access control policy with a rule set to block an object group
containing URLs, the system does not block traffic related to the contained URL objects. As a
workaround, include the URL(s) to be blocked as individual URL object(s) in the access control rule
instead of the object group. (CSCus77551)
containing URLs, the system does not block traffic related to the contained URL objects. As a
workaround, include the URL(s) to be blocked as individual URL object(s) in the access control rule
instead of the object group. (CSCus77551)
•
In some cases, if you apply an access control policy to multiple managed devices, the system
incorrectly displays the policy status as
incorrectly displays the policy status as
pending
when the policy was successfully applied. As a
workaround, edit and save the policy, then reapply. (CSCus86011)
•
If you remove the LSI RegEx card from the top blade of an ASA5585 device, you cannot install the
ASA FirePOWER module. (CSCus89754)
ASA FirePOWER module. (CSCus89754)
•
In some cases, if your system experiences a network disruption during a policy apply, and you later
attempt to deactivate an unused detector on the Application Detector page (Policies > Application
Detectors), the system generates a
attempt to deactivate an unused detector on the Application Detector page (Policies > Application
Detectors), the system generates a
Failed to deactivate 1 detectors because they are
detecting applications used by applied Access Control policies
error. (CSCus91892)
•
If you edit and reapply an access control policy, the system incorrectly marks the policy as
out-of-date even if it is not. (CSCut08225)
out-of-date even if it is not. (CSCut08225)
•
In some case, if you attempt to restore a backup archive located on a Windows network file server
(NFS), backup restoration fails. As a workaround, manually transfer your archived files with
WinSCP. (CSCut08317)
(NFS), backup restoration fails. As a workaround, manually transfer your archived files with
WinSCP. (CSCut08317)
•
You are unable to block URL's which have not been categorized or assigned a reputation score.
(CSCut17683)
(CSCut17683)
•
Access control policy rules currently do not support LDAP group names with 37 or more characters.
(CSCut34003)
(CSCut34003)
•
The Backup Management tab of the
Managed Device Backup
page (
System > Tools > Backup/Restore >
Managed Device Backup
) does not include registered ASA55X5 or ASA55X5-SSP-XX devices as
options. (CSCut41338)