Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Known Issues
43
In some cases, if you break a high availability Firepower Threat Defense pair and remove the secondary device
from the Firepower Management Center, then re-register the same Firepower Threat Defense device to the
same Firepower Management Center, the web interface incorrectly reports device discovery took 40 minutes
or more when device registration may take as little as 1.5 minutes. (CSCva51271)
from the Firepower Management Center, then re-register the same Firepower Threat Defense device to the
same Firepower Management Center, the web interface incorrectly reports device discovery took 40 minutes
or more when device registration may take as little as 1.5 minutes. (CSCva51271)
If you disable the Show Notifications option in the deployment tab of the Message Center, the system
continues to display notifications. (CSCva51945)
continues to display notifications. (CSCva51945)
In some cases, backup and restore functionality does not work on managed 7000 Series devices.
(CSCva56596)
(CSCva56596)
On a Firepower Threat Defense Virtual with RIP and redistribution configured, even if you disable RIP and
redeploy, the device continues to use RIP. (CSCva57174)
redeploy, the device continues to use RIP. (CSCva57174)
In some cases, if you Add Manager on the Remote Management tab of the Integration page (System >
Integration) and save, then delete the manage via the delete icon for the manager, the system incorrect
generates an
Integration) and save, then delete the manage via the delete icon for the manager, the system incorrect
generates an
Error: Failed to delete
message when the manager is deleted successfully. (CSCva61777)
If you enable OSPF for the primary Firepower Threat Defense in a high availability configuration with multiple
router IDs and deploy, then navigate to the global domain and view the Non Stop Forwarding tab of the
Advanced routing window, you are able to check all the non stop forwarding check boxes when they should
be non-configurable. (CSCva73299)
router IDs and deploy, then navigate to the global domain and view the Non Stop Forwarding tab of the
Advanced routing window, you are able to check all the non stop forwarding check boxes when they should
be non-configurable. (CSCva73299)
In some cases, if you change the default action of an access control policy from Trust All Traffic to Block All
Traffic, the system does not block ICMP traffic that was flowing before you made the change. New ICMP
connections are blocked. (CSCva80187)
Traffic, the system does not block ICMP traffic that was flowing before you made the change. New ICMP
connections are blocked. (CSCva80187)
If you enable border gateway protocol and enter a value for the AS Number field on the routing tab of the
Device Management page (Devices > Device Management) and deploy to a Firepower Threat Defense
registered to a Firepower Management Center, then disable the border gateway protocol and redeploy, the
system incorrectly generates an
Device Management page (Devices > Device Management) and deploy to a Firepower Threat Defense
registered to a Firepower Management Center, then disable the border gateway protocol and redeploy, the
system incorrectly generates an
Invalid Values:Errors on the page, unable to navigate. Do you want to
revert back the configuration?
error message. Ignore the message and continue. (CSCva83773)
If you deploy an access control rule with the action set to Interactive Block or Interactive Block with Reset
and contains a shopping URL category condition, then browse to Amazon.com and click Continue to bypass
the block page, the images on the website do not load when they should. (CSCvb03678)
and contains a shopping URL category condition, then browse to Amazon.com and click Continue to bypass
the block page, the images on the website do not load when they should. (CSCvb03678)
Importing or exporting more than 15 intrusion policies at a time may fail and display an Error 500. As a
workaround, import and export intrusion policies in smaller batches. (CSCvb18570)
workaround, import and export intrusion policies in smaller batches. (CSCvb18570)
If you deploy an access control policy and with an intrusion policy added from the Intrusion Policy used
before Access Control rule is determined drop-down menu in the Advanced tab of the Access Control Policy
page (Policies > Access Control), the system does not execute the action of the intrusion policy unless the
access control policy also contains a file policy. (CSCvb24280)
before Access Control rule is determined drop-down menu in the Advanced tab of the Access Control Policy
page (Policies > Access Control), the system does not execute the action of the intrusion policy unless the
access control policy also contains a file policy. (CSCvb24280)
The following known issues were reported in previous releases:
The system allows you to select a custom context on the ASA FirePOWER Configuration page (Configuration
> ASA FirePOWER Configuration) of an ASA FirePOWER module managed by ASDM running Version 6.0.1
even though custom context is not supported on devices managed by ASDM. Cisco strongly recommends
using admin context on the ASA FirePOWER Configuration page. (CSCus71713, CSCuy18360)
> ASA FirePOWER Configuration) of an ASA FirePOWER module managed by ASDM running Version 6.0.1
even though custom context is not supported on devices managed by ASDM. Cisco strongly recommends
using admin context on the ASA FirePOWER Configuration page. (CSCus71713, CSCuy18360)
You may experience latency if you use Firefox version 38.0.1 to view your Firepower Management Center's
interface. As a workaround, use Firefox 41 or later or use a different web browser. (CSCuv11830)
interface. As a workaround, use Firefox 41 or later or use a different web browser. (CSCuv11830)
In some cases, if you create an access control policy when registering a device on a subdomain, the system
creates the access control policy in the global domain instead of the subdomain when it should not.
(CSCut56951)
creates the access control policy in the global domain instead of the subdomain when it should not.
(CSCut56951)
In some cases, if you edit a route map from
Allow
to
Block
on a Firepower Threat Defense device, the system
does not deploy the edit to your managed devices. As a workaround, create a new route map on the Route
Map page (
Map page (
Objects > Object Management > Route Map
) with the correct action and redeploy. (CSCuu27697)