Cisco Cisco Firepower Management Center 2000

In some cases, managed devices stop processing traffic when the Defense Center updates a large 
security intelligence feed referenced in an access control policy during a policy apply. As a 
workaround, reapply the policies containing security intelligence feeds. (CSCus19921)

If you select Enable Remote Storage of Reports from the Reports page (Overview > Reporting 
> Reports) with the Server Message Block (SMB) protocol enabled, the 

$User, Host Report: 

$Host

, 

Attack Report: $Attack SID

, and 

Sourcefire FireSIGHT Report: $Customer Name

 

templates fail to generate reports due to unsupported characters in the report names. (CSCus21871)

In some cases, if you create a file policy containing a Web Application category and a Block 
Malware rule, the system will not block files identified as malware if the Block Malware rule is 
positioned after the Web Application category. As a workaround, position the Block Malware rule 
before the Web Application category. (CSCus64526)

In some cases, if you place an access control rule referencing a file policy after an access control 
rule with a web application, the traffic matching the file policy is not identified. As a workaround, 
position the rule containing the file policy before the rule with the web application. 
(CSCus64393,CSCus64526)

In some cases, if you include special characters in the password for your registered ASA 
FirePOWER device, the system generates an 

Internal Server Error

 message. (CSCus68604)

In some cases, If your system includes an SSL Visibility Appliance (SSLVA) device and you create 
a file policy containing a Web Application category and a Block Malware rule, your first attempt to 
download a file over HTTPS may fail. As a workaround, disable the file policy. (CSCus72505)

In some cases, if you create an access control policy with a rule set to block an object group 
containing URLs, the system does not block traffic related to the contained URL objects. As a 
workaround, include the URL(s) to be blocked as individual URL object(s) in the access control rule 
instead of the object group. (CSCus77551)

In some cases, if you apply an access control policy to multiple managed devices, the system 
incorrectly displays the policy status as 

pending

 when the policy was successfully applied. As a 

workaround, edit and save the policy, then reapply. (CSCus86011)

If you remove the LSI RegEx card from the top blade of an ASA5585 device, you cannot install the 
ASA FirePOWER module. (CSCus89754)

In some cases, if your system experiences a network disruption during a policy apply, and you later 
attempt to deactivate an unused detector on the Application Detector page (Policies > Application 
Detectors), the system generates a 

Failed to deactivate 1 detectors because they are 

detecting applications used by applied Access Control policies

 error. (CSCus91892)

If you edit and reapply an access control policy, the system incorrectly marks the policy as 
out-of-date even if it is not. (CSCut08225)

In some case, if you attempt to restore a backup archive located on a Windows network file server 
(NFS), backup restoration fails. As a workaround, manually transfer your archived files with 
WinSCP. (CSCut08317)

You are unable to block URL's which have not been categorized or assigned a reputation score. 
(CSCut17683)

Access control policy rules currently do not support LDAP group names with 37 or more characters. 
(CSCut34003)

The Backup Management tab of the 

 page (

) does not include registered ASA55X5 or ASA55X5-SSP-XX devices as 

options. (CSCut41338)