Cisco Cisco FirePOWER Appliance 7030 릴리즈 노트
Version 5.2.0.9
Sourcefire 3D System Release Notes
30
Known Issues
•
Sourcefire documentation does not reflect that you must disable Spanning
Tree Protocol (STP) on any third-party switching equipment connected to a
device’s management interface before connecting to a Series 3 appliance
using LOM/SOL. (132488)
•
Configuring a proxy server to authenticate with a Message Digest 5 (MD5)
password encryption for malware cloud lookups is not supported. (135279)
•
If Greenwich Mean Time (GMT, also known as UTC) is not your local
timezone, scheduled geolocation database (GeoDB) updates may fail. If
your local timezone is +X number of hours from GMT, schedule GeoDB
updates for
X:00
or later. If your local timezone is -X number of hours from
GMT, schedule GeoDB updates for
(24:00 - X)
or earlier. For example, if
your local timezone is UTC-5, schedule updates before
19:00
local time.
(135756)
•
The documentation incorrectly states the following:
If a secondary
device fails, the primary device continues to sense traffic,
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
The documentation should specify that, if the secondary device in a stack
fails, inline sets with configurable bypass enabled go into bypass mode on
the primary device. For all other configurations, the system continues to
load balance traffic to the failed secondary device. In either case, a health
alert is generated to indicate loss of link. (138269)
•
The documentation does not reflect that, if you enable an intrusion rule that
checks for a flowbits state on traffic over a port, and enable at least one
other rule that affects assigning the same flowbits state for traffic over the
same port, when you apply or reapply the policy, the system does not
automatically enable any other rule within the policy that affects assigning
that flowbits state. (138507, 141143)
•
In an access control policy, the system processes certain Trust rules before
the policy’s Security Intelligence blacklist. Trust rules placed before either
the first Monitor rule or before a rule with an application, URL, user, or
geolocation-based network condition are processed before the blacklist.
That is, Trust rules that are near the top of an access control policy (rules
with a low number) or that are used in a simple policy allow traffic that
should have been blacklisted to pass uninspected instead. (138743, 139017)
•
Security Issue
Sourcefire is aware of a vulnerability inherent in the Intelligent
Platform Management Interface (IPMI) standard (CVE-2013-4786). Enabling
Lights-Out Management (LOM) on an appliance exposes this vulnerability.
To mitigate the vulnerability, deploy your appliances on a secure
management network accessible only to trusted users and use a complex,
non-dictionary-based password. To prevent exposure to the vulnerability, do
not enable LOM. If you enable LOM and expose this vulnerability, change
the complex password every three months. (139286, 140954)