Cisco Cisco Firepower Management Center 4000
Version 5.2.0.1
Sourcefire 3D System Release Notes
27
Known Issues
•
Resolved an issue where users were not prompted to enable the TCP
stream preprocessor when saving an intrusion policy with the rate-based
attack prevention preprocessor enabled and the TCP stream preprocessor
disabled. (122905)
•
Resolved an issue where, in rare cases, intrusion rules that triggered on
pruned sessions applied the rule action to current sessions. (122990)
Known Issues
The following known issues were reported in Version 5.2.0.1:
•
In some cases, if you begin installing an intrusion rule update during a
system update, the intrusion rule update fails. To avoid this, do not attempt
to install an intrusion rule update during system update. (124290)
•
In some cases, the system may trigger false positive events on the SMTP
preprocessor rules 124:1, 124:3, or 124:10. (124688, 125449)
•
If you configure passive interfaces and assign them to a passive security
zone in the object manager, the device configuration apply may fail. As a
workaround, create the passive security zone in the object manager (Objects
> Object Management), then assign the zone to the passive interfaces by
editing a device (Devices > Device Management). (125119)
•
In rare cases, the system may not provide URL category or URL reputation
values for unknown URLs. If this issue occurs, try checking your proxy
settings or disabling the Query Cloud for Unknown URLs option (System > Local
> Configuration). (125151)
•
In rare cases, the system does not terminate a rule update installation if the
installation fails in an early stage. If this occurs, you should attempt a rule
update reinstallation and contact Support if the issue persists. (125368)
•
In some cases, enabling sensitive data detection in your intrusion policy
may not generate events for all packets containing sensitive data. (125588)
•
If you access the intrusion rule editor from the packet view (Analysis >
Intrusion > Events), the system displays an error message and logs the
attempt as an unauthorized action. As a workaround, access the rule editor
directly (Policies > Intrusion > Rule Editor). (125770)
•
In some cases, FireSIGHT rule state recommendations do not generate if an
intrusion rule variable contains a network object. (125910)
•
In some cases, after an update to Version 5.2.0.1, the device management
page shows managed devices running an outdated version. If this occurs,
reapply your access control policies completely. (126564)