Cisco Cisco FirePOWER Appliance 7050 릴리즈 노트
Version 5.3.0.6
Sourcefire 3D System Release Notes
44
Features Introduced in Previous Versions
•
Sourcefire identifies traffic referred by a web server as the web application
for referred connections as of Version 5.3. For example, if an advertisement
accessed via advertising.com is actually referred by CNN.com, Sourcefire
identifies CNN.com as the web application.
•
You can no longer configure access control rules containing any of the
following port conditions:
IP 0
,
IP-ENCAP 4
,
IPv6 41
,
IPv6-ROUTE 43
,
IPv6-FRAG 44
,
GRE 47
,
ESP 50
, or
IPv6-OPTS 60
.
If you are updating from an earlier version of the Sourcefire 3D System, the
access control policy rule editor marks invalid rules with a warning and the
object manager resets invalid port object values to TCP.
•
If you break a stack or cluster, the devices now remain in the primary
device's group. Before Version 5.3, the system reverted the devices to the
groups they belonged to before they joined a stack or cluster.
•
Improved the performance and stability of NetFlow data collection and
logging. Sourcefire also added the following new fields for connections
exported by NetFlow--enabled devices: NetFlow Destination/Source
Autonomous System, NetFlow Destination/Source Prefix, NetFlow
Destination/Source TOS, and NetFlow SNMP Input/Output.
•
You can use IPv6 addresses to create authentication objects as of Version
5.3. Note that you cannot use authentication objects with IPv6 addresses to
authenticate shell accounts.
•
As of Version 5.3 you can identify unique Initiator and Responder IP
addresses when creating IPv6 fast-path rules on Series 3 managed devices.
Before Version 5.3, the fields were fixed and set to Any.
•
For fresh installations of Version 5.3 on Series 3 managed devices, the
Automatic Application Bypass (AAB) feature is enabled by default. If you
update from a previous version of the Sourcefire 3D System, your AAB
settings are not affected. Note that AAB activates only when a preset
amount of time is spent processing a single packet. If AAB engages, the
system kills the affected Snort processes.
•
During the update to Version 5.3, the system now stores your currently
applied access control policy and up to 10 saved but unapplied revisions to
the access control policy, retaining your changes.
•
If you schedule multiple report generation tasks at the same time, the
system queues the tasks. You can view them on the Task Status page
(System > Monitoring > Task Status).
•
You cannot name security zone objects using the pound sign (#).
•
As of Version 5.3 you can use -1 as the minimum value in intrusion rule
icode
argument ranges. Selecting -1 as the minimum value allows you to
include the ICMP code 0 in the range.
•
Added a new SMTP preprocessor alert to detect attacks against Cyrus SASL
authentication.