Cisco Cisco Firepower Management Center 2000 發佈版本通知
29
FireSIGHT System Release Notes
Known Issues
If you use an invalid IP address when configuring the DNS preprocessor in an intrusion policy on an 81xx Family
device, system functionality may slow down exponentially. To resolve this issue, enter a valid IP address and reapply
the intrusion policy. (CSCur59598)
device, system functionality may slow down exponentially. To resolve this issue, enter a valid IP address and reapply
the intrusion policy. (CSCur59598)
In some cases, if you configure an inline pair of interfaces including eth1 and eth2 on a virtual device and issue the
show traffic-statistics CLI command, the system will only display traffic statistics for eth1 and not for eth2.
(CSCur59771)
show traffic-statistics CLI command, the system will only display traffic statistics for eth1 and not for eth2.
(CSCur59771)
In some cases, the Device tab of the Device Management page (Devices > Device Management) displays yes for
licenses that may have expired or been removed from the registered device when it should display no. (CSCur61884)
licenses that may have expired or been removed from the registered device when it should display no. (CSCur61884)
In some cases, if you delete a protection license from the licenses page (System > Licenses), the system does not
decrement the number of used licenses when it should. As a workaround, disable the license from the Device
Management page (Devices > Device Management). (CSCur61927)
decrement the number of used licenses when it should. As a workaround, disable the license from the Device
Management page (Devices > Device Management). (CSCur61927)
You cannot apply an existing intrusion policy that is not referenced in the currently-applied access control policy.
(CSCur72904)
(CSCur72904)
An intrusion detected on the ASA5506-X device may not generate alerts for gzip compressed HTTP traffic or
chunked HTTP response data where the decompressed or non-chunked data would match. (CSCur77397)
chunked HTTP response data where the decompressed or non-chunked data would match. (CSCur77397)
If you create an intrusion policy referencing a network analysis policy that is set to Ignore Audio/Video Data
Channel, the system generates alerts for session initiation protocol (SIP) audio data when it should not.
(CSCur83184)
Channel, the system generates alerts for session initiation protocol (SIP) audio data when it should not.
(CSCur83184)
If you manually configure the time of the Defense Center or managed device into the past, the Health Monitor page
(Health > Health Monitor) does not display alerts. (CSCur85894)
(Health > Health Monitor) does not display alerts. (CSCur85894)
In some cases, if you configure the router interface of your clustered Series 3 managed devices to both a private IP
address and a Cisco Redundancy Protocol (SFRP) IP address, the system does not recognize which IP address is
the primary address and does not establish an Open Shortest Path First (OSPF) connection. (CSCur86355)
address and a Cisco Redundancy Protocol (SFRP) IP address, the system does not recognize which IP address is
the primary address and does not establish an Open Shortest Path First (OSPF) connection. (CSCur86355)
In some cases, if you create a network analysis policy with the HTTP preprocessor enabled and Unlimited
Decompression enabled, and an intrusion rule set to alert for data within gzip compressed HTTP traffic, the system
may not generate alerts for traffic matching the applied intrusion rule beyond 65535 bytes of decompressed data.
(CSCur87659)
Decompression enabled, and an intrusion rule set to alert for data within gzip compressed HTTP traffic, the system
may not generate alerts for traffic matching the applied intrusion rule beyond 65535 bytes of decompressed data.
(CSCur87659)
In some cases, if you deploy a large database and attempt to create a troubleshoot file on your Defense Center, the
system utilizes extraneous memory for the task and generates an Out of memory! error. (CSCur97450)
system utilizes extraneous memory for the task and generates an Out of memory! error. (CSCur97450)
You may experience some latency during Snort restart. (CSCus13247)
You may encounter false positives on the detection of the Sametime application. (CSCus17165)
You cannot reset the password for the admin user on the ASA5585-X device. (CSCus17991)
In some cases, indications of compromise (IOC) cannot be removed or resolved from the IOC table view (Analysis
> Hosts > Indications of Compromise) if the host associated with the event has been retired. (CSCus24116)
> Hosts > Indications of Compromise) if the host associated with the event has been retired. (CSCus24116)
Some HTTPS traffic classifications may result in false positives. (CSCus32474)
In some cases, if you have a single trusted certificate authority (CA) group or object referenced in your applied SSL
policy, the system does not allow you to remove the group or object from the policy. As a workaround, add a different
CA group or object to the policy and remove the trusted CA group or object from the current SSL policy.
(CSCus42239)
policy, the system does not allow you to remove the group or object from the policy. As a workaround, add a different
CA group or object to the policy and remove the trusted CA group or object from the current SSL policy.
(CSCus42239)
If your ASA5506-X device running Version 5.4.1 does not have a URL license installed or if the license is unavailable,
the Cloud Services page (System > Local > Configuration) erroneously displays a Last URL filtering update
message with a timestamp. (CSCus51935)
the Cloud Services page (System > Local > Configuration) erroneously displays a Last URL filtering update
message with a timestamp. (CSCus51935)