Release Notes

ManualsBrandsCisco Manualshardware firewallsCisco FirePOWER Appliance 7010

Version 5.2.0.2 Sourcefire 3D System Release Notes 29

Known Issues

Known Issues Discovered in Previous Releases

The following is a list of known issues that were discovered in previous releases

of the Sourcefire 3D System:

• You must use the Defense Center’s web interface to unregister a managed

device. If you unregister a device using either the device’s web interface or

its command line interface (CLI), it is not removed from the Defense Center.

(112659)

• The system will generate a health alert if the Defense Center is unable to

connect to the Sourcefire cloud. To troubleshoot, ensure the connection

from the Defense Center to the Sourcefire cloud (

54.243.248.19 and

54.243.248.162

) on port 32137 is working properly. (112708)

• If multiple files are attached to a single email, the system may incorrectly

identify files after the first. (114523)

• If you attempt to create multiple static NAT rules with the same original

values, the system may experience issues with traffic mapping. (116148)

• In some cases, the Defense Center may show a cluster in a degraded state

when it has already recovered, generating extraneous system alerts.

(118122)

• When Lights-Out Management is enabled, the system also enables a web

server in the background. The web server does not drain system resources

and has no known exploits. (119456)

• Sourcefire documentation currently does not reflect that, on a Series 3

device, TCP connections matching a Trust access control rule on the first

packet generate different events depending on the presence of a Monitor

rule. If an active Monitor rule is present, the system generates both a

beginning and end-of-connection event, as expected. If no monitor rule is

active, the system does not generate a beginning-of-connection event.

(121060)

• Do not name security zone objects using the pound sign (

#); it may cause

errors during device reconfiguration. (121514)

• If you attempt to break a stack that was registered using DNS during a

period when DNS is disabled, you will experience system issues. Do not

attempt this. (122709)

• In some cases, intrusion event counts in the dashboard may not match the

counts in the event viewer. (122743, 123040, 122936)

• When creating stacks of devices from different device groups, the

secondary device in the stack both retains membership in its original group

and becomes associated with the stack’s primary group. The user interface

does not alert the user to this behavior. (122802)

• In some cases, your network discovery policy may not function as expected

if you apply two or more network discovery rules that apply to the same

zones and networks but are configured to discover different hosts, users,

and applications. (122853)