Cisco Cisco Firepower Management Center 2000
Version 5.3
Sourcefire 3D System Release Notes
9
New and Updated Features and Functionality
•
Improved the performance and stability of NetFlow data collection and
logging. Sourcefire also added the following new fields for connections
exported by NetFlow--enabled devices: NetFlow Destination/Source
Autonomous System, NetFlow Destination/Source Prefix, NetFlow
Destination/Source TOS, and NetFlow SNMP Input/Output.
•
You can now use IPv6 addresses to create authentication objects. Note that
you cannot use authentication objects with IPv6 addresses to authenticate
shell accounts.
•
You can now identify unique Initiator and Responder IP addresses when
creating IPv6 fast-path rules on Series 3 managed devices. Before Version
5.3, the fields were fixed and set to Any.
•
For fresh installations of Version 5.3 on Series 3 managed devices, the
Automatic Application Bypass (AAB) feature is enabled by default. If you
update from a previous version of the Sourcefire 3D System, your AAB
settings are not affected. Note that AAB activates only when a preset
amount of time is spent processing a single packet. If AAB engages, the
system kills the affected Snort processes.
•
During the update to Version 5.3, the system now stores your currently
applied access control policy and up to 10 saved but unapplied revisions to
the access control policy, retaining your changes.
•
If you schedule multiple report generation tasks at the same time, the
system queues the tasks. You can view them on the Task Status page
(System > Monitoring > Task Status).
•
You cannot name security zone objects using the pound sign (#).
•
You can now use -1 as the minimum value in intrusion rule
icode
argument
ranges. Selecting -1 as the minimum value allows you to include the ICMP
code 0 in the range.
•
Added a new SMTP preprocessor alert to detect attacks against Cyrus SASL
authentication.
authentication.
•
The system now includes file policy UUID metadata for type 502 intrusion
events.
•
The file disposition Neutral is now Unknown. Files with an Unknown
disposition indicate that a malware cloud lookup occurred before the cloud
assigned a disposition.
•
Added several new Snort decoder rules to identify packets containing
malformed authentication headers.
•
You can no longer configure custom analysis dashboard widgets based on
the Ingress Interface, Ingress Security Zone, Egress Interface, or Egress Security
Zone fields of the connection summary table.
•
The system now alerts you if you attempt to install a version of the
Sourcefire Geolocation Database (GeoDB) already installed on your system.