Cisco Cisco FirePOWER Appliance 8120 릴리즈 노트
Version 5.3
Sourcefire 3D System Release Notes
31
Known Issues
•
In some cases, if you configure an access control policy with a Monitor rule
(which forces end-of-connection logging) and a Trust rule with Log at
Beginning of Connection enabled, the system may not generate
end-of-connection events for matching SSH-encrypted traffic. As a
workaround, configure the rules as stated above and add an Allow rule
directly above the Trust rule. Configure the Allow rule with the same
conditions as your Trust rule, with both Log at Beginning of Connection and Log
at End of Connection enabled, and with an application condition that matches
SSH-encrypted traffic. (135952)
•
If you schedule a task with Report as the job type, the system does not
attach the report to the emailed status report. (136026)
•
In some cases, the system restricts access to the User Management page
(System > Local > User Management) on physical managed devices. As a
workaround, access the User Management page as the
admin
user by
manually entering the URL:
https://
appliance
/admin/user/view/cgi
,
where
appliance
is the IP address or name of the appliance. (136079)
•
If you apply an access control policy to multiple devices, the Defense
Center displays the task status differently on the Task Status page, the
Access Control policy page, and the Device Management page of the web
interface. The status on the Device Management page (Devices > Device
Management) is correct. (136364, 136614)
•
In some cases, if you create a custom workflow based on the health events
table, the Defense Center displays conflicting data in the event viewer.
(136419)
•
If you import a custom intrusion rule as an
.rtf
file, the system does not
warn you that the .
rtf
file type is not supported. (136500)
•
If you disable a physical interface, the logical interfaces associated with it
are disabled but remain green on the Interfaces tab of the appliance editor
for that managed device. (136560)
•
Connection events logged to the syslog or SNMP trap server may have
incorrect URL Reputation values. (138504)
•
In an access control policy, the system processes certain Trust rules before
the policy’s Security Intelligence blacklist. Trust rules placed before either
the first Monitor rule or before a rule with an application, URL, user, or
geolocation-based network condition are processed before the blacklist.
That is, Trust rules that are near the top of an access control policy (rules
with a low number) or that are used in a simple policy allow traffic that
should have been blacklisted to pass uninspected instead. (138743, 139017)