Cisco Cisco Firepower Management Center 2000 發佈版本通知
Firepower System Release Notes
Known Issues
36
The Syslog ID drop-down list of the Syslog Settings pop-up window does not list all the supported Syslog
IDs if you edit the Syslog Settings page (Devices > Platform Settings > Syslog > Syslog Setting).
(CSCuy21648)
IDs if you edit the Syslog Settings page (Devices > Platform Settings > Syslog > Syslog Setting).
(CSCuy21648)
If you edit an intrusion policy and click one of the categories listed in the Classifications section of the Rules
window on the Edit Policy page (Policies > Access Control > Intrusion), the system does not display all the
relevant rules when it should. (CSCuy22305)
window on the Edit Policy page (Policies > Access Control > Intrusion), the system does not display all the
relevant rules when it should. (CSCuy22305)
In some cases, if you access the Firepower Management Center web interface via an IPv6 address with
Internet Explorer version 11, the web interfaces experiences a slow response time. As a workaround, either
use a different web browser or use an IPv4 address. (CSCuy22566)
Internet Explorer version 11, the web interfaces experiences a slow response time. As a workaround, either
use a different web browser or use an IPv4 address. (CSCuy22566)
In rare cases, if you deploy a VPN on a 7000 Series or 8000 Series device that experiences issues and the
system generates health alerts in the Health tab of the Message Center, then you delete the VPN, the system
continues to generate health alerts for the VPN even though the configuration is deleted. Once the VPN
configuration is removed, the alerts have no impact on device functionality. (CSCuy25356)
system generates health alerts in the Health tab of the Message Center, then you delete the VPN, the system
continues to generate health alerts for the VPN even though the configuration is deleted. Once the VPN
configuration is removed, the alerts have no impact on device functionality. (CSCuy25356)
In some cases, accessing the online help page (Help > ASA Firepower Online Help) on an ASA Firepower
managed by ASDM incorrectly generates an
managed by ASDM incorrectly generates an
Error - 403 Forbidden You have tried to access a page that
is forbidden
error. (CSCuy27084)
In some cases, if device registration to a Firepower Management Center fails, the Create new policy option
on the Add Device page does not respond. As a workaround, Add Device again. (CSCuy28275)
on the Add Device page does not respond. As a workaround, Add Device again. (CSCuy28275)
If you expand the SSL Policy to use for inspecting encrypted connections option under the SSL Policy
Settings section of the Advanced tab on the Access Control Policy page (Policies > Access Control) and click
the help icon, the system incorrectly generates a
Settings section of the Advanced tab on the Access Control Policy page (Policies > Access Control) and click
the help icon, the system incorrectly generates a
Error 404:page not found page
error. (CSCuy28935)
If you click the help icon in the Compare Policy window of the Access Control policy page (Configuration >
ASA FirePOWER Configuration > Policies > Access Control Policy) on an ASA FirePOWER device managed
by ASDM, the system does not redirect to the help page when it should. (CSCuy28937)
ASA FirePOWER Configuration > Policies > Access Control Policy) on an ASA FirePOWER device managed
by ASDM, the system does not redirect to the help page when it should. (CSCuy28937)
If you Add URL on the URL tab of the Object Management page (Configuration > ASA FirePOWER
Configuration > Object Management) of an ASA FirePOWER device managed by ASDM and use
unsupported characters in the name of the URL, the system does not generate an error message when it
should. The following characters are currently supported: ( a...z ), ( A...Z ), ( - ) ( _ ) ( + ) ( . ). Note that the
URL object name must start with a letter or an underscore ( _ ). (CSCuy28945)
Configuration > Object Management) of an ASA FirePOWER device managed by ASDM and use
unsupported characters in the name of the URL, the system does not generate an error message when it
should. The following characters are currently supported: ( a...z ), ( A...Z ), ( - ) ( _ ) ( + ) ( . ). Note that the
URL object name must start with a letter or an underscore ( _ ). (CSCuy28945)
If you deploy an SSL rule with the rule action set to Decrypt-Resign and browse decrypted websites using
Chrome Version 40 or later, the browser generates alerts for the decrypted websites. As a workaround, use
the Internet Explorer or Firefox web browser. (CSCuy30988)
Chrome Version 40 or later, the browser generates alerts for the decrypted websites. As a workaround, use
the Internet Explorer or Firefox web browser. (CSCuy30988)
In some cases, if the active peer of a high availability pair of ASA Firepower devices running Threat Defense
uses all available disk space and the system automatically switches the backup peer as the active peer, then
you free up disk space on the backup peer and manually switch the backup peer with the active peer, the
Tasks tab of the System Alerts page erroneously reports the high availability switch taking several minutes to
complete. (CSCuy31838)
uses all available disk space and the system automatically switches the backup peer as the active peer, then
you free up disk space on the backup peer and manually switch the backup peer with the active peer, the
Tasks tab of the System Alerts page erroneously reports the high availability switch taking several minutes to
complete. (CSCuy31838)
The system does not alert you to click the Refresh icon on the User Download tab of the Realms editor page
(Configuration > ASA FirePOWER Configuration > Integration > Realms) if you modify the Group DN option
in the Realm Configuration tab of the Realms page when it should. (CSCuy32051)
(Configuration > ASA FirePOWER Configuration > Integration > Realms) if you modify the Group DN option
in the Realm Configuration tab of the Realms page when it should. (CSCuy32051)
In some cases, if you deploy an access control policy referencing an intrusion policy and an SSL with the action
set to Decrypt-Resign, the system does not generate downloadable packet information on the packet view
of the Intrusion Events page (Analysis > Intrusion > Events). (CSCuy34078)
set to Decrypt-Resign, the system does not generate downloadable packet information on the packet view
of the Intrusion Events page (Analysis > Intrusion > Events). (CSCuy34078)
If you create high availability pair with two ASA with Firepower Threat Defense devices and the active peer in
the high availability pair does not have any settings configured on the Platform Settings page (Devices >
Platform Settings), then click Policy Assignments, the system does not display the high availability pair as
an available device to deploy to. As a workaround, configure platform settings to both ASA with Firepower
Threat Defense devices prior to creating the high availability pair. (CSCuy35753)
the high availability pair does not have any settings configured on the Platform Settings page (Devices >
Platform Settings), then click Policy Assignments, the system does not display the high availability pair as
an available device to deploy to. As a workaround, configure platform settings to both ASA with Firepower
Threat Defense devices prior to creating the high availability pair. (CSCuy35753)