Cisco Cisco Firepower Management Center 2000
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Version 5.3
Sourcefire 3D System Release Notes
29
Known Issues
•
If you create a URL object with an asterisk (
*
) in the URL, the system does
not generate preempted rule warnings for access control policies containing
rules that reference the object. Do not use asterisks (
*
) in URL object
URLs. (134095, 134097)
•
Reapplying any of your intrusion policies (individually or part of an access
control policy reapply) a total of 4096 or more times on a single managed
device causes system issues. (134231)
•
If you configure your intrusion policy to generate intrusion event syslog
alerts, the syslog alert message for intrusion events generated by intrusion
rules with preprocessor options enabled is Snort Alert, not a customized
message. (134270)
•
In rare cases, the system generates an extraneous Module Disk Usage:
Frequent drain of Connection Events health alert. You can safely ignore the
health alert if you see it during the update to Version 5.3. (134355, 137660)
•
Sourcefire documentation incorrectly states that you can perform
geolocation-based traffic filtering in access control policies using Sourcefire
Software for X-Series. You cannot perform geolocation-based traffic filtering
in access control policies on X-Series. (134400)
•
If the secondary device in a stack generates an intrusion event, the system
does not populate the table view of intrusion events with security zone
data. (134402)
•
Sourcefire documentation does not reflect that the system does not match
traffic or generate events on access control rules referencing user groups
unless the user group was previously seen in traffic and entered into the
cache. If the access control policy default action is set to Block All Traffic,
the system may block an allowed user group the first time traffic from a
user in that group is seen on your network. (134440)
•
If you install a version of the vulnerability database (VDB) and you previously
enabled NAVL detectors in your access control policy, the system may not
mark your access control policy as out-of-date. To synchronize the NAVL
detectors between your Defense Center and managed devices, reapply
your access control policy completely after installing a new version of the
VDB. (134458)
•
If you configure an Nmap scan remediation with the Fast Port Scan option
enabled, Nmap remediation fails. As a workaround, disable the Fast Port
Scan option. (134499)
•
If you generate a report containing connection event summary data based
on a connection event table saved search, reports on that table populate
with no data. (134541)
•
Scheduling and running simultaneous system backup tasks negatively
impacts system performance. As a workaround, stagger your scheduled
tasks so only one backup runs at a time. (134575)