Cisco Cisco Firepower Management Center 2000

Resolved an issue where the system did not prevent you from creating a network variable with an 
excluded network value that excluded all (any) networks. (139510/CSCze91770)

The following known issues are reported in Version 5.3.1.6:

In some cases, if you log into your system as the admin user and edit the base layer of your applied 
intrusion policy, the system marks the base policy (as well as child policy if configured) updated by 

 when it should not. (CSCur79437)

In some cases, if you change the selected time zone in the Time Zone Preference tab on the User 
Preferences page (

), the system does not calculate 

daylight savings time for you selected time zone and may display the wrong time. (CSCur92028)

(CSCus45769)

In some cases, if you disable an access control rule referencing an intrusion policy, the Access 
Control Policy page (

) incorrectly displays the intrusion policy as out-of-date 

after the access control policy is successfully reapplied. The Intrusion Policy page (

) displays the correct policy status. (CSCuu15483)

In some cases, if you create a file policy and a NAT policy and enable TCP stream preprocessor rules 
with an HTTP port number that is not an available port from the network access policy's HTTP 
preprocessor configuration page, the system does not detect malware in traffic that matches the file 
policy and downloads malware content when it should not. (CSCuu24472)

In some cases, if you configure a system policy to use remote NTP server to synchronize time to a 
system with a registered ASA 5500-X device, a Series 2 device, or a Series 3 device running a 
version older than Version 5.4 and you experience a leap second, your system may use a high amount 
of CPU. (CSCuv11738)

The following known issues were reported in previous releases:

In some cases, applying changes to your access control policy, intrusion policy, network discovery 
policy, or device configuration, or installing an intrusion rule update or update of the vulnerability 
database (VDB) causes the system to experience a disruption in traffic that uses Link Aggregation 
Control Protocol (LACP) in fast mode. As a workaround, configure LACP links in slow mode. 
(112070/CSCze87966) 

If the system generates intrusion events with a 

 of 

0

, the Top 10 Destination 

Ports section of the Intrusion Event Statistics page (

) 

omits port numbers from the display. (125581/CSCze88014)

Defense Center local configurations (

) are not synchronized between 

high availability peers. You must edit and apply the changes on all Defense Centers, not just the 
primary. (130612/CSCze89250, 130652)

In some cases, large system backups may fail if disk space usage exceeds the disk space threshold 
before the system begins pruning. (132501/CSCze88368)

In some cases, using the RunQuery tool to execute a 

SHOW TABLES

 command may cause the query to 

fail. To avoid query failure, only run this query interactively using the RunQuery application. 
(132685/CSCze89153)

If you delete a previously imported local intrusion rule, you cannot re-import the deleted rule. 
(132865/CSCze88250)