Примечания к выпуску для Cisco Cisco Security Manager 4.7
17
Release Notes for Cisco Security Manager 4.7
OL-32162-01
Important Notes
Note
If a route-map is configured on the ASA and the same route-map is used in OSPF policy, after
upgrading to Security Manager 4.7 from Security Manager 4.6, the OSPF page will show a
red-banner. To overcome this issue, you must rediscover the ASA.
upgrading to Security Manager 4.7 from Security Manager 4.6, the OSPF page will show a
red-banner. To overcome this issue, you must rediscover the ASA.
•
If you have a device that uses commands that were unsupported in previous versions of Security
Manager, these commands are not automatically populated into Security Manager as part of the
upgrade to this version of Security Manager. If you deploy back to the device, these commands are
removed from the device because they are not part of the target policies configured in Security
Manager. We recommend that you set the correct values for the newly added attributes in Security
Manager so that the next deployment will correctly provision these commands. You can also
rediscover the platform settings from the device; however, you will need to take necessary steps to
save and restore any shared Security Manager policies that are assigned to the device.
Manager, these commands are not automatically populated into Security Manager as part of the
upgrade to this version of Security Manager. If you deploy back to the device, these commands are
removed from the device because they are not part of the target policies configured in Security
Manager. We recommend that you set the correct values for the newly added attributes in Security
Manager so that the next deployment will correctly provision these commands. You can also
rediscover the platform settings from the device; however, you will need to take necessary steps to
save and restore any shared Security Manager policies that are assigned to the device.
•
Device and Credential Repository (DCR) functionality within Common Services is not supported in
Security Manager 4.7.
Security Manager 4.7.
•
LACP configuration is not supported for the IPS 4500 device series.
•
A Cisco Services for IPS service license is required for the installation of signature updates on IPS
5.x+ appliances, Catalyst and ASA service modules, and router network modules.
5.x+ appliances, Catalyst and ASA service modules, and router network modules.
•
Do not connect to the database directly, because doing so can cause performance reductions and
unexpected system behavior.
unexpected system behavior.
•
Do not run SQL queries against the database.
•
If an online help page displays blank in your browser view, refresh the browser.
•
Security Manager 4.7 only supports Cisco Secure ACS 5.x for authentication. ACS 4.1(3), 4.1(4),
or 4.2(0) is required for authentication and authorization.
or 4.2(0) is required for authentication and authorization.
•
If you do not manage IPS devices, consider taking the following performance tuning step. In
$NMSROOT\MDC\ips\etc\sensorupdate.properties, change the value of packageMonitorInterval
from its initial default value of 30,000 milliseconds to a less-frequent value of 600,000 milliseconds.
Taking this step will improve performance somewhat. [$NMSROOT is the full pathname of the
Common Services installation directory (the default is C:\Program Files (x86)\CSCOpx).]
$NMSROOT\MDC\ips\etc\sensorupdate.properties, change the value of packageMonitorInterval
from its initial default value of 30,000 milliseconds to a less-frequent value of 600,000 milliseconds.
Taking this step will improve performance somewhat. [$NMSROOT is the full pathname of the
Common Services installation directory (the default is C:\Program Files (x86)\CSCOpx).]
•
The IPS packages included with Security Manager do not include the package files that are required
for updating IPS devices. You must download IPS packages from Cisco.com or your local update
server before you can apply any updates. The downloaded versions include all required package files
and replace the partial files that are included in the Security Manager initial installation.
for updating IPS devices. You must download IPS packages from Cisco.com or your local update
server before you can apply any updates. The downloaded versions include all required package files
and replace the partial files that are included in the Security Manager initial installation.
•
The “License Management” link on the CiscoWorks Common Services home page has been
removed.
removed.
•
CsmReportServer and CsmHPMServer are now supported with 64-bit JRE.
•
The “rsh” service has been changed to manual start mode. You can start it manually if you need it.