Cisco Cisco Firepower Management Center 2000 發佈版本通知
Firepower System Release Notes
Known Issues
35
If you create an access control rule and select a port to Add to Destination in the port tab of the Add Rule
window, the system does not let you select the same port and Add to Source. As a workaround, if you need
to use the same port as both a destination port and a source port, Add to Source before you Add to
Destination. (CSCuy08262)
window, the system does not let you select the same port and Add to Source. As a workaround, if you need
to use the same port as both a destination port and a source port, Add to Source before you Add to
Destination. (CSCuy08262)
If you add a user to a new access control rule via the Users tab of the Add Rule window and edit the same
access control rule to add another user from, then attempt to delete the first user in the Selected Users
column, the system incorrectly removes the wrong user from the Selected Users list. As a workaround, delete
required users before adding new user to the selected list. (CSCuy08275)
access control rule to add another user from, then attempt to delete the first user in the Selected Users
column, the system incorrectly removes the wrong user from the Selected Users list. As a workaround, delete
required users before adding new user to the selected list. (CSCuy08275)
The Firepower Management Center may experience a moderate delay in response time or system issues if
you register and manage more than 100 devices at a time. (CSCuy12452)
you register and manage more than 100 devices at a time. (CSCuy12452)
The system incorrectly allows you to configure Do not calculate SHA256 hash values for files larger than
value to be smaller than the Maximum file size for dynamic analysis testing value in the File and Malware
Settings section in the Advanced tab of the access control policy. To ensure the system is operating at
maximum efficiency, please configure the Do not calculate SHA256 hash values for files larger than value
to be smaller than the Maximum file size for dynamic analysis testing value. (CSCuy13054)
value to be smaller than the Maximum file size for dynamic analysis testing value in the File and Malware
Settings section in the Advanced tab of the access control policy. To ensure the system is operating at
maximum efficiency, please configure the Do not calculate SHA256 hash values for files larger than value
to be smaller than the Maximum file size for dynamic analysis testing value. (CSCuy13054)
The Device Management page (Devices > Device Management) and the Appliance Status section of the
Health Monitor page (System > Health > Health Monitor) incorrectly displays the configured IP address as the
name of a registered ASA Firepower device running Threat Defense. (CSCuy13451)
Health Monitor page (System > Health > Health Monitor) incorrectly displays the configured IP address as the
name of a registered ASA Firepower device running Threat Defense. (CSCuy13451)
In some cases, if you remove a whitelist or blacklist entry on the global whitelist or global blacklist page
(Security Intelligence > Network Lists and Feeds > Global Whitelist or Global Balcklist) and save changes
via the Chrome web browser, then try to edit the global whitelist or blacklist again, the system does not let you
edit the whitelist or blacklist again. As a workaround, refresh the page to edit the whitelist or blacklist.
(CSCuy14441)
(Security Intelligence > Network Lists and Feeds > Global Whitelist or Global Balcklist) and save changes
via the Chrome web browser, then try to edit the global whitelist or blacklist again, the system does not let you
edit the whitelist or blacklist again. As a workaround, refresh the page to edit the whitelist or blacklist.
(CSCuy14441)
If you edit an access control rule with the action set to Monitor, Trust, Block, or Interactive Block with Reset
and deploy changes, the system erroneously generates a
and deploy changes, the system erroneously generates a
Selecting this action will reset the Intrusion
Policy and File Policy to "None". Are you sure you want to continue?
warning whether the access control
policy contains an intrusion policy and a file policy or not. Close out the warning message to deploy changes.
(CSCuy14455)
(CSCuy14455)
If you query
CISCO-MEMORY-POOL-MIB
or
CISCO-ENHANCED-MEMPOOL-MIB
on a Cisco ASA with FirePOWER Services
or Firepower Threat Defense, the ASA may experience high CPU utilization. (CSCuy14724)
In some cases, the Firepower Management Center does not display all health events generated from
registered Firepower Threat Defense devices. (CSCuy16548)
registered Firepower Threat Defense devices. (CSCuy16548)
In some cases, if you create an access control rule containing an web application condition or an application
risk level and Store ASA FirePOWER changes on an ASA Firepower managed by ASDM, the system generates
a
risk level and Store ASA FirePOWER changes on an ASA Firepower managed by ASDM, the system generates
a
Policy has rules with missing detectors. The following rules specify applications for which a
detector is not defined
error and does not save changes. (CSCuy18141)
In some cases, if the system continuously receives large amounts of Microsoft Active Directory user sessions
and the network map experiences issues, and detected user sessions are not mapped to realms. If the system
experiences issues mapping detected users to realms, contact Support. (CSCuy18154)
and the network map experiences issues, and detected user sessions are not mapped to realms. If the system
experiences issues mapping detected users to realms, contact Support. (CSCuy18154)
In some cases, you are unable to edit a recently modified Intrusion policy under the Inspection tab of the
Editing Rule window (Policies > Access Control > Access Control Rules). (CSCuy18430)
Editing Rule window (Policies > Access Control > Access Control Rules). (CSCuy18430)
In some cases, if you create and enable a realm on an ASA FirePOWERdevice managed by ASDM, then click
Download on the User Download tab of the Realm Editor page prior to adding the ASA FirePOWER device
managed by ASDM IP address to a supported Windows server, the device CPU experiences high volume when
it should not and may encounter communication delays. (CSCuy18523)
Download on the User Download tab of the Realm Editor page prior to adding the ASA FirePOWER device
managed by ASDM IP address to a supported Windows server, the device CPU experiences high volume when
it should not and may encounter communication delays. (CSCuy18523)
If you deploy a custom network list to devices registered on a subdomain and then move the device to another
leaf domain, deploy fails. As a workaround, use a system-provided network list prior to moving the device from
a subdomain to a leaf domain. (CSCuy19978)
leaf domain, deploy fails. As a workaround, use a system-provided network list prior to moving the device from
a subdomain to a leaf domain. (CSCuy19978)