Примечания к выпуску для Cisco Cisco FirePOWER Appliance 8290
Version 5.2.0.8
Sourcefire 3D System Release Notes
35
Known Issues
•
If Greenwich Mean Time (GMT, also known as UTC) is not your local
timezone, scheduled geolocation database (GeoDB) updates may fail. If
your local timezone is +X number of hours from GMT, schedule GeoDB
updates for
X:00
or later. If your local timezone is -X number of hours from
GMT, schedule GeoDB updates for
(24:00 - X)
or earlier. For example, if
your local timezone is UTC-5, schedule updates before
19:00
local time.
(135756)
•
The documentation incorrectly states the following:
If a secondary
device fails, the primary device continues to sense traffic,
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
generate alerts, and send traffic to all secondary devices. On
failed secondary devices, traffic is dropped. A health alert
is generated indicating loss of link.
The documentation should specify that, if the secondary device in a stack
fails, inline sets with configurable bypass enabled go into bypass mode on
the primary device. For all other configurations, the system continues to
load balance traffic to the failed secondary device. In either case, a health
alert is generated to indicate loss of link. (138269)
•
The documentation does not reflect that, if you enable an intrusion rule that
checks for a flowbits state on traffic over a port, and enable at least one
other rule that affects assigning the same flowbits state for traffic over the
same port, when you apply or reapply the policy, the system does not
automatically enable any other rule within the policy that affects assigning
that flowbits state. (138507, 141143)
•
In an access control policy, the system processes certain Trust rules before
the policy’s Security Intelligence blacklist. Trust rules placed before either
the first Monitor rule or before a rule with an application, URL, user, or
geolocation-based network condition are processed before the blacklist.
That is, Trust rules that are near the top of an access control policy (rules
with a low number) or that are used in a simple policy allow traffic that
should have been blacklisted to pass uninspected instead. (138743, 139017)
•
Security Issue
Sourcefire is aware of a vulnerability inherent in the Intelligent
Platform Management Interface (IPMI) standard (CVE-2013-4786). Enabling
Lights-Out Management (LOM) on an appliance exposes this vulnerability.
To mitigate the vulnerability, deploy your appliances on a secure
management network accessible only to trusted users and use a complex,
non-dictionary-based password. To prevent exposure to the vulnerability, do
not enable LOM. If you enable LOM and expose this vulnerability, change
the complex password every three months. (139286, 140954)
•
The documentation does not reflect that, if you register a cluster, stack, or
clustered stack of devices to a Defense Center, you may have to manually
reapply the device configuration. (142411, 141602)
•
In some cases, if you generate a report from a report template, reports only
display the IP address if the system cannot resolve the IP address to a host
name. (142640)The documentation does not reflect that Lights-Out
Management (LOM) users on 7100 Family devices must limit their
password to 16 characters rather than 20 characters. (142752)