Cisco Cisco Firepower Management Center 2000 發佈版本通知
27
FireSIGHT System Release Notes
Known Issues
FirePOWER services are unavailble during the update process if you update the following Cisco ASA devices with
FirePOWER services from Version 5.4.1 to Version 5.4.1.1: ASA5506-X, ASA506H-X, ASA5506W-X, ASA5508-X,
ASA5516-X. FirePOWER services are available after updating your devices. As a workaround, use the tail –f
/var/log/sf/Cisco_network_sensor_Patch-5.4.1.1_main_upgrade_script.log command via SSH to observe the
update process and restart the Adaptive Security Device Manager (ASDM) on your ASA module after the update
completes. (CSCut89599)
FirePOWER services from Version 5.4.1 to Version 5.4.1.1: ASA5506-X, ASA506H-X, ASA5506W-X, ASA5508-X,
ASA5516-X. FirePOWER services are available after updating your devices. As a workaround, use the tail –f
/var/log/sf/Cisco_network_sensor_Patch-5.4.1.1_main_upgrade_script.log command via SSH to observe the
update process and restart the Adaptive Security Device Manager (ASDM) on your ASA module after the update
completes. (CSCut89599)
If you have a managed ASA5506-X device running ASA platform version 9.3(3) or 9.4(1) and the device stops
processing traffic, contact support. (CSCuu38535)
processing traffic, contact support. (CSCuu38535)
In rare cases, if you attempt to update a device running Version 5.3.0.5 to Version 5.4.0, the device may not exit
maintenance mode after updating. If your device is unable to exit maintenance mode after updating, contact support.
(CSCuu70243)
maintenance mode after updating. If your device is unable to exit maintenance mode after updating, contact support.
(CSCuu70243)
The following known issues were reported in previous releases:
In some cases, if a Microsoft Windows update occurs on a client transferring a file, detection of that file fails because
the client transmits pieces of the file in separate sessions that the system cannot reassemble to detect the complete
file. (112284/CSCze88424)
the client transmits pieces of the file in separate sessions that the system cannot reassemble to detect the complete
file. (112284/CSCze88424)
You cannot reapply an intrusion policy (individually or as part of an access control policy reapply) a total of 4096 or
more times to a single managed device. (134385/CSCze89030)
more times to a single managed device. (134385/CSCze89030)
The system requires additional time to reboot appliances or ASA FirePOWER modules running Version 5.3 or later
due to a database check. If errors are found during the database check, the reboot requires additional time to repair
the database. (135564, 136439)
due to a database check. If errors are found during the database check, the reboot requires additional time to repair
the database. (135564, 136439)
In some cases, if you view the threat score of some files from generated events, the system may incorrectly report
the threat score as a number instead of Low, Medium, High, or Very High. (142290/CSCze93722)
the threat score as a number instead of Low, Medium, High, or Very High. (142290/CSCze93722)
In some cases, if you create an SSL rule with logging enabled, the connection events page (Analysis > Connections
> Events) does not display the URL category or URL reputation values. (142878/CSCze93434)
> Events) does not display the URL category or URL reputation values. (142878/CSCze93434)
If you create a new report (Overview > Reporting > Report Templates) and attempt to insert a report parameter
while viewing the web interface with Internet Explorer 11, no report parameters are added to the report section
description. As a workaround, use Internet Explorer 10. (142950/CSCze94011)
while viewing the web interface with Internet Explorer 11, no report parameters are added to the report section
description. As a workaround, use Internet Explorer 10. (142950/CSCze94011)
In some cases, if your clustered Series 3 devices go into maintenance mode, then experience a power failure and
you attempt to reboot the devices, the system does not recover. Contact Support if your device does not successfully
recover from maintenance mode. (143504/CSCze94928)
you attempt to reboot the devices, the system does not recover. Contact Support if your device does not successfully
recover from maintenance mode. (143504/CSCze94928)
In some cases, if you create an access control rule set to allow traffic that references an SSL rule set to
Decrypt-Resign and an intrusion rule set to drop when inline, the system incorrectly displays the SSL Status as
Unknown
Decrypt-Resign and an intrusion rule set to drop when inline, the system incorrectly displays the SSL Status as
Unknown
in the intrusion events table view (Analysis > Intrusion > Events). (143665/CSCze94947)
In some cases, your access control policies may appear as out-of-date even when they are not.
(14412/CSCze95029)
(14412/CSCze95029)
In some cases, if you attempt to use the SFR system restart CLI command while logged in via the ASA session
command, the device may stop processes and not restart them. This affects all devices except the ASA5506-X.
(143135/CSCze94403)
command, the device may stop processes and not restart them. This affects all devices except the ASA5506-X.
(143135/CSCze94403)
In some cases, if you create an access control rule set with an interactive block action and enable
beginning-of-connection logging or both beginning-of-connection and end-of-connection logging, the system
does not log beginning-of-connection events with the reason User Bypass. (143357/CSCze93672,
144167/CSCze94675)
beginning-of-connection logging or both beginning-of-connection and end-of-connection logging, the system
does not log beginning-of-connection events with the reason User Bypass. (143357/CSCze93672,
144167/CSCze94675)