FireSIGHT System Release Notes
Features and Functionality Added in Previous Releases
Management of Cisco ASA with FirePOWER Services
Feature Limitations of Cisco ASA with FirePOWER Services
Features Introduced in Previous Versions
Before You Begin: Important Update and Compatibility Notes
Configuration and Event Backup Guidelines
Traffic Flow and Inspection During the Update
Audit Logging During the Update
Version Requirements for Updating to Version 5.3.1.7
Time and Disk Space Requirements for Updating to Version 5.3.1.7
Product Compatibility After Updating to Version 5.3.1.7
Updating Cisco ASA with FirePOWER Services
Uninstalling the Update from a ASA FirePOWER Device
Uninstalling the Update from a Defense Center
Even if you are familiar with the update process, make sure you thoroughly read and understand these release notes, which describe supported platforms, new and changed features and functionality, known and resolved issues, and product and web browser compatibility. They also contain detailed information on prerequisites, warnings, and specific installation and uninstallation instructions for the following appliances:
Note This update is for Defense Centers and Cisco ASA with FirePOWER Services only.
Tip For detailed information on the FireSIGHT System, refer to the online help or download the FireSIGHT System User Guide from the Support site.
These release notes are valid for Version 5.3.1.7 of the FireSIGHT System. You can update appliances running at least Version 5.3.1 of the FireSIGHT System to Version 5.3.1.7.
For detailed information, see the FireSIGHT System User Guide, and the FireSIGHT System Installation Guide.
Version 5.3.1 introduces the ability to manage Cisco ASA with FirePOWER Services (ASA FirePOWER devices) with the FireSIGHT Defense Center. Defense Centers running Version 5.3.1 can manage ASA FirePOWER modules on the following ASA devices:
The ASA FirePOWER module must be running Version 5.3.1 to be managed by a Defense Center running Version 5.3.1.1. ASA FirePOWER modules can only be installed on the above platforms running Version 9.2.2 or later of the ASA software.
When you use a Defense Center to manage Cisco ASA with FirePOWER Services devices, the ASA FirePOWER module provides the first-line system policy and passes traffic to the FireSIGHT System for access control, intrusion detection and prevention, discovery, and advanced malware protection.
Regardless of the licenses installed and applied, ASA FirePOWER devices do not support any of the following features through the FireSIGHT System:
Note The ASA platform provides these features, configured using the ASA command line interface (CLI) and Adaptive Security Device Manager (ASDM). For more information, see the ASA FirePOWER module documentation.
The ASA FirePOWER device does not have a FireSIGHT web interface. However, it has software and a CLI specific to the ASA platform. You use these ASA-specific tools to install the system and to perform other platform-specific administrative tasks. For more information, see the ASA FirePOWER module documentation.
Note that if you edit an ASA FirePOWER device and switch from multiple context mode to single context mode (or vise versa), the device renames all of its interfaces. You must reconfigure all FireSIGHT System security zones, correlation rules, and related configuration to use the updated ASA FirePOWER interface names.
Note The Defense Center does not display ASA interfaces when the ASA FirePOWER device is deployed in SPAN port mode.
Version 5.3.1 introduces the ability to manage Cisco ASA with FirePOWER Services using FireSIGHT Defense Centers. If you reference documentation for Version 5.3 or Version 5.3.0.1, you may notice the terminology differs from the documentation for Version 5.3.1.
Tip Cisco documentation may refer to the Defense Center as the FireSIGHT Management Center. The Defense Center and the FireSIGHT Management Center are the same appliance.
Functionality described in previous versions may be superseded by other new functionality or updated through resolved issues.
The following functionality was introduced in Version 5.3.1.3:
The following features and functionality were introduced in Version 5.3.1.1:
The documentation provided for Version 5.3.1.7 contains the following errors:
You can use Lights-Out Management (LOM) on the default (eth0) management interface on a Serial Over LAN (SOL) connection to remotely monitor or manage Series 3 appliances without logging into the management interface of the appliance
when you cannot.(CSCuu17674) If a secondary device fails, the primary device continues to sense traffic, generate alerts, and send traffic to all secondary devices. On failed secondary devices, traffic is dropped. A health alert is generated indicating loss of link.
The documentation should specify that, by default, if the secondary device in a stack fails, by default, inline sets with configurable bypass enabled go into bypass mode on the primary device. For all other configurations, the system continues to load balance traffic to the failed secondary device. In either case, a health alert is generated to indicate loss of link. (122708/CSCze88292, 123380/CSCze88692, 138433/CSCze91099)
The original client IP address that was extracted from an X-Forwarded-For (XFF), True-Client-IP, or custom-defined HTTP header. To display a value for this field, you must enable the HTTP preprocessor Extract Original Client IP Address option in the network analysis policy. Optionally, in the same area of the network analysis policy, you can also specify up to six custom client IP headers, as well as set the priority order in which the system selects the value for the Original Client IP event field. See Selecting Server-Level HTTP Normalization Options, page 25-33 of the FireSIGHT System User Guide for more information.
When Extract Original Client IP Address is enabled, specifies the order in which the system processes original client IP HTTP headers. If, on your monitored network, you expect to encounter original client IP headers other than X-Forwarded-For (XFF) or True-Client-IP, you can click Add to add up to six additional Client IP header names to the priority list. Note that if multiple XFF headers appear in an HTTP request, the value for the Original Client IP event field is the header with the highest priority. You can use the up and down arrow icons beside any header type to adjust its priority. (139492/CSCze91210, 141233/CSCze92868, 144139/CSCze95050)
A file detected for the first time ever is assigned a disposition after the Defense Center completes a cloud lookup. The system generates a file event, but cannot store a file unless the file is immediately assigned a disposition.
If a previously undetected file matches a file rule with a Block Malware action, the subsequent cloud lookup immediately returns a disposition, allowing the system to store the file and generate events.
If a previously undetected file matches a file rule with a Malware Cloud Lookup action, the system generates file events but requires additional time to perform a cloud lookup and return a disposition. Due to this delay, the system cannot store files matching a file rule with a Malware Cloud Lookup action until the second time they are seen on your network. (143973/CSCze95101, 144180/CSCze94566)
Shell users can log in using user names with lowercase, uppercase, or mixed case letters
. The documentation should state that Shell users can log in using user names with lowercase letters
. (144936/CSCze95327) If you did not change the password using the wizard or you are deploying with a ESXi OVF template, use Cisco as the password.
The documentation should state that if you did not change the password using the wizard or you are deploying with a ESXi OVF template, use Sourcefire as the password. (CSCut77002)Before you begin the update process for Version 5.3.1.7, you should familiarize yourself with the behavior of the system during the update process, as well as with any compatibility issues or required pre- or post-update configuration changes.
For more information, see the following sections:
Before you begin the update, Cisco strongly recommends that you delete or move any backup files that reside on your appliance, then back up current event and configuration data to an external location.
Use the Defense Center to back up event and configuration data for itself and the devices it manages. For more information on the backup and restore feature, see the FireSIGHT System User Guide.
Note The Defense Center purges locally stored backups from previous updates. To retain archived backups, store the backups externally.
The update process (and any uninstallation of the update) reboots ASA FirePOWER devices. Depending on how your devices are configured and deployed, the following capabilities are affected:
Traffic Inspection and Link State
In an inline deployment, your ASA FirePOWER devices (depending on model) can affect traffic flow via application control, user control, URL filtering, Security Intelligence, and intrusion prevention. In a passive deployment, you can perform intrusion detection and collect discovery data without affecting network traffic flow. For more information on appliance capabilities, see the FireSIGHT System Installation Guide.
The following table provides details on how traffic flow, inspection, and link state are affected during the update, depending on your deployment.
When updating appliances that have a web interface, after the system completes its pre-update tasks and the streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until the update process is complete and the appliance reboots.
To update your appliances to Version 5.3.1.7, a Defense Center must be running at least Version 5.3.0.1. If you are running an earlier version, you can obtain updates from the Support site.
Note This update is not supported on managed devices or Sourcefire Software for X-Series.
The closer your appliance’s current version to the release version (Version 5.3.1.7), the less time the update takes.
The table below provides disk space and time guidelines for the Version 5.3.1.7 update. Note that when you use the Defense Center to update an ASA FirePOWER device, the Defense Center requires additional disk space on its /Volume
partition.
The reboot portion of the update includes a database check. If errors are found during the database check, the update requires additional time to complete. System daemons that interact with the database do not run during the database check and repair.
If you encounter issues with the progress of your update, contact Support.
You must use at least Version 5.3.0.1 of the Defense Center to manage devices running Version 5.3.1.7. Defense Centers running Version 5.3.1.7 can manage ASA FirePOWER modules installed on ASA devices. Devices must be running the versions identified in the following table to be managed by a Defense Center.
Operating System Compatibility
You can host 64-bit virtual appliances on the following hosting environments:
You can update the FireSIGHT System on the following ASA platforms running Version 9.2(4.8), Version 9.3(3.9), Version 9.4(2.11), or Version 9.5(2.6):
For more information, see the FireSIGHT System Installation Guide or the FireSIGHT System Virtual Installation Guide.
Version 5.3.1.7 of the web interface for the FireSIGHT System has been tested on the browsers listed in the following table.
JavaScript, cookies, Secure Sockets Layer (SSL) v3, 128-bit encryption, Active scripting security setting, Compatibility View, set Check for newer versions of stored pages to Automatically |
Note Version 5.3.1.1 and later currently does not support including local directory paths when uploading files to your server on Microsoft Internet Explorer 11. Cisco recommends disabling the Internet Explorer Include local directory path when uploading files to server option via Tools > Internet Options > Security > Custom level.
Screen Resolution Compatibility
Cisco recommends selecting a screen resolution that is at least 1280 pixels wide. The user interface is compatible with lower resolutions, but a higher resolution optimizes the display.
Before you begin the update, you must thoroughly read and understand these release notes, especially Before You Begin: Important Update and Compatibility Notes.
To update appliances running at least Version 5.3.0.1 of the FireSIGHT System to Version 5.3.1.7, see the guidelines and procedures outlined below:
Note This update is not supported on physical or virtual managed devices or Sourcefire Software for X-Series.
Because the update process may affect traffic inspection, traffic flow, and link state, Cisco strongly recommends you perform the update in a maintenance window or at a time when the interruption will have the least impact on your deployment.
Use the Defense Center’s web interface to perform the update. Update the Defense Center first, then use it to update the devices it manages.
Update your Defense Centers before updating the devices they manage.
Installing the Update on Paired Defense Centers
When you begin to update one Defense Center in a high availability pair, the other Defense Center in the pair becomes the primary, if it is not already. In addition, the paired Defense Centers stop sharing configuration information; paired Defense Centers do not receive software updates as part of the regular synchronization process.
To ensure continuity of operations, do not update paired Defense Centers at the same time. First, complete the update procedure for the secondary Defense Center, then update the primary Defense Center.
After you perform the update on either the Defense Center or managed devices, you must reapply device configuration and access control policies. Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
There are several additional post-update steps you should take to ensure that your deployment is performing properly. These include:
The next sections include detailed instructions not only on performing the update, but also on completing any post-update steps. Make sure you complete all of the listed tasks.
Use the procedure in this section to update your Defense Centers, including virtual Defense Centers. For the Version 5.3.1.7 update, Defense Centers reboot.
Note Updating a Defense Center to Version 5.3.1.7 removes existing uninstallers from the appliance.
Step 1 Read these release notes and complete any required pre-update tasks.
For more information, see Before You Begin: Important Update and Compatibility Notes.
Step 2 Download the update from the Support site:
Note Download the update directly from the Support site. If you transfer an update file by email, it may become corrupted.
Step 3 Upload the update to the Defense Center by selecting System > Updates, then clicking Upload Update on the Product Updates tab. Browse to the update and click Upload.
The update is uploaded to the Defense Center. The web interface shows the type of update you uploaded, its version number, and the date and time it was generated.
Step 4 Make sure that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
Step 5 View the task queue ( System > Monitoring > Task Status) to make sure that there are no tasks in progress.
Tasks that are running when the update begins are stopped, become failed tasks, and cannot be resumed; you must manually delete them from the task queue after the update completes. The task queue automatically refreshes every 10 seconds. You must wait until any long-running tasks are complete before you begin the update.
Step 6 Select System > Updates.
The Product Updates tab appears.
Step 7 Click the install icon next to the update you uploaded.
The Install Update page appears.
Step 8 Select the Defense Center and click Install. Confirm that you want to install the update and reboot the Defense Center.
The update process begins. You can begin monitoring the update's progress in the task queue ( System > Monitoring > Task Status). However, after the Defense Center completes its necessary pre-update checks, you are logged out. When you log back in, the Upgrade Status page appears. The Upgrade Status page displays a progress bar and provides details about the script currently running.
If the update fails for any reason, the page displays an error message indicating the time and date of the failure, which script was running when the update failed, and instructions on how to contact Support. Do not restart the update.
When the update completes, the Defense Center displays a success message and reboots.
The update process begins. You can monitor the update's progress in the task queue ( System > Monitoring > Task Status).
Step 9 After the update finishes, clear your browser cache and force a reload of the browser. Otherwise, the user interface may exhibit unexpected behavior.
Step 10 Log into the Defense Center.
Step 11 Review and accept the End User License Agreement (EULA). Note that you are logged out of the appliance if you do not accept the EULA.
Step 12 Select Help > About and confirm that the software version is listed correctly: Version 5.3.1.7. Also note the versions of the rule update and VDB on the Defense Center; you will need this information later.
Step 13 Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
Step 14 If the rule update available on the Support site is newer than the rules on your Defense Center, import the newer rules.
For information on rule updates, see the FireSIGHT System User Guide.
Step 15 If the VDB available on the Support site is newer than the VDB on your Defense Center, install the latest VDB.
Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
Step 16 Reapply device configurations to all devices.
To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without making changes.
Step 17 Reapply access control policies to all devices.
Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
Step 18 If a patch for Version 5.3.1.7 is available on the Support site, apply the latest patch as described in the FireSIGHT System Release Notes for that version. You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Note After updating your Defense Center, note that the apply icon for device changes is enabled and turns green to indicate changes that need to be reapplied to your registered devices.
After you update your Defense Centers to Version 5.3.1.7, use them to update the ASA FirePOWER devices they manage.
A Defense Center must be running at least Version 5.3.0.1 to update its ASA FirePOWER devices to Version 5.3.1.7.
Updating ASA FirePOWER devices is a two-step process. First, download the update from the Support site and upload it to the managing Defense Center. Next, install the software. You can update multiple ASA FirePOWER devices at once, but only if they use the same update file.
For the Version 5.3.1.7 update, all ASA FirePOWER devices reboot. Depending on how your ASA FirePOWER devices are configured and deployed, the update process may also affect traffic flow and link state. For more information, see Traffic Flow and Inspection During the Update.
To update Cisco ASA with FirePOWER Services:
Step 1 Read these release notes and complete any required pre-update tasks.
For more information, see Before You Begin: Important Update and Compatibility Notes.
Step 2 Update the software on the ASA FirePOWER devices’ managing Defense Center; see Updating Defense Centers.
Step 3 Download the update from the Support site:
Note Download the update directly from the Support site. If you transfer an update file by email, it may become corrupted.
Step 4 Upload the update to the Defense Center by selecting System > Updates, then clicking Upload Update on the Product Updates tab. Browse to the update and click Upload.
The update is uploaded to the Defense Center. The web interface shows the type of update you uploaded, its version number, and the date and time it was generated. The page also indicates whether a reboot is required as part of the update.
Step 5 Make sure that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
Step 6 Click the install icon next to the update you are installing.
The Install Update page appears.
Step 7 Select the ASA FirePOWER devices where you want to install the update.
Step 8 Click Install. Confirm that you want to install the update and reboot the ASA FirePOWER devices.
Step 9 The update process begins. You can monitor the update's progress in the Defense Center’s task queue ( System > Monitoring > Task Status).
Note that ASA FirePOWER devices may reboot twice during the update; this is expected behavior.
Step 10 Select Devices > Device Management and confirm that the ASA FirePOWER devices you updated have the correct software version: Version 5.3.1.7.
Step 11 Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
Step 12 Reapply device configurations to all ASA FirePOWER devices.
Tip To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without making changes.
Step 13 Reapply access control policies to all ASA FirePOWER devices.
Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
Step 14 If a patch for Version 5.3.1.7 is available on the Support site, apply the latest patch as described in the FireSIGHT System Release Notes for that version. You must update to the latest patch to take advantage of the latest enhancements and security fixes.
The following sections help you uninstall the Version 5.3.1.7 update from your appliances:
Before you uninstall the update, you must thoroughly read and understand the following sections.
You must uninstall updates locally. You cannot use a Defense Center to uninstall the update from a ASA FirePOWER device.
For all physical appliances and virtual Defense Centers, uninstall the update using the local web interface. Because Cisco ASA with FirePOWER Servicesdo not have a web interface, you must use the bash shell to uninstall the update.
Uninstall the update in the reverse order that you installed it. That is, first uninstall the update from ASA FirePOWER devices, then from Defense Centers.
Uninstalling the Update from Devices Deployed Inline
ASA FirePOWER devices do not perform traffic inspection, switching, routing, or related functions while the update is being uninstalled. Depending on how your devices are configured and deployed, the uninstallation process may also affect traffic flow and link state. For more information, see Traffic Flow and Inspection During the Update.
Uninstalling the Update and Online Help
Uninstalling the Version 5.3.1.7 update does not revert the online help to its previous version. If the version of your online help does not match that of your FireSIGHT System software, your online help may contain documentation for unavailable features and may have problems with context sensitivity and link functionality.
After you uninstall the update, there are several steps you should take to ensure that your deployment is performing properly. These include verifying that the uninstall succeeded and that all appliances in your deployment are communicating successfully.
The next sections include detailed instructions not only on performing the update, but also on completing any post-update steps. Make sure you complete all of the listed tasks.
The following procedure explains how to uninstall the Version 5.3.1.7 update from ASA FirePOWER devices. You cannot use a Defense Center to uninstall the update from a ASA FirePOWER device.
Uninstalling the Version 5.3.1.7 update results in a device running Version 5.3.1.6. For information on uninstalling a previous version, refer to the FireSIGHT System Release Notes for that version.
Uninstalling the Version 5.3.1.7 update reboots the device. ASA FirePOWER devices do not perform traffic inspection or related functions during the update. Depending on how your devices are configured and deployed, the update process may also affect traffic flow. For more information, see Traffic Flow and Inspection During the Update.
To uninstall the update from a ASA FirePOWER device:
Step 1 Read and understand Planning the Uninstallation.
Step 2 Log into the device as admin
, via SSH or through the virtual console.
Step 3 At the CLI prompt, type expert
to access the bash shell.
Step 4 At the bash shell prompt, type sudo su -
.
Step 5 Type the admin password to continue the process with root privileges.
Step 6 At the prompt, enter the following on a single line:
The uninstallation process begins.
Step 7 After the uninstallation finishes, clear your browser cache and force a reload of the browser. Otherwise, the user interface may exhibit unexpected behavior.
Step 8 Log in to the Defense Center.
Step 9 Select Help > About and confirm that the software version is listed correctly: Version 5.3.1.
Step 10 Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
Use the following procedure to uninstall the Version 5.3.1.7 update from Defense Centers and virtual Defense Centers. Note that the uninstallation process reboots the Defense Center.
Uninstalling the Version 5.3.1.7 update results in a Defense Center running Version 5.3.0.1. For information on uninstalling a previous version, refer to the FireSIGHT System Release Notes for that version.
To uninstall the update from a Defense Center:
Step 1 Read and understand Planning the Uninstallation.
Step 2 Make sure that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
Step 3 View the task queue ( System > Monitoring > Task Status) to make sure that there are no tasks in progress.
Tasks that are running when the uninstallation begins are stopped, become failed tasks, and cannot be resumed; you must manually delete them from the task queue after the uninstallation completes. The task queue automatically refreshes every 10 seconds. You must wait until any long-running tasks are complete before you begin the uninstallation.
Step 4 Select System > Updates.
The Product Updates tab appears.
Step 5 Click the install icon next to the uninstaller that matches the update you want to remove.
The Install Update page appears.
Step 6 Select the Defense Center and click Install, then confirm that you want to uninstall the update and reboot the device.
The uninstallation process begins. You can monitor the uninstallation progress in the task queue ( System > Monitoring > Task Status).
Step 7 After the uninstallation finishes, clear your browser cache and force a reload of the browser. Otherwise, the user interface may exhibit unexpected behavior.
Step 8 Log in to the Defense Center.
Step 9 Select Help > About and confirm that the software version is listed correctly: Version 5.3.1.
Step 10 Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.
You can track defects resolved in this release using the Cisco Bug Search Tool ( https://tools.cisco.com/bugsearch/). A Cisco account is required. The following sections list the issues resolved in the Version 5.3.1.7 update.
Issues Resolved in Version 5.3.1.7:
admin
user and edited the base layer of an intrusion policy, the system incorrectly marked all affected edited intrusion policies as updated by admin
when it should not have. (CSCur79437)Issues resolved in Version 5.3.1.6:
sudo ips_profile
shell command on a device running at least Version 5.3 that is registered to a Defense Center running at least Version 5.4 caused the rule profiled script to fail. (CSCuu02211)Issues Resolved in Version 5.3.1.5:
Internal Server Error
message if the password for your registered ASA FirePOWER device included an unsupported character. (CSCus68604) Network file trajectory is not available for malware events due to pruning of the related file events based on configurable maximums
message if the network trajectory file is unavailable due to issues with your current configuration. (CSCut63362)Issues Resolved in Version 5.3.1.4:
High Unmanaged Disk Usage
health alerts. (145221/CSCze95877) pending
even though the action queue task successfully completed. (CSCus86011)Issues Resolved in Version 5.3.1.3:
High Unmanaged Disk Usage
health alerts. (145221/CSCze9587)Because you can update your appliances from Version 5.3.1 to Version 5.3.1.7, this update also includes the changes in all updates from Version 5.3.1.7 through Version 5.3.1. Previously resolved issues are listed by version.
Issues Resolved in Version 5.3.1.1:
$HOME_NET
as the value for Networks settings. (141225/CSCze92611) 0
in the field where you used the VLAN tag object instead. (141330/CSCze92734)Issues Resolved in Version 5.3.1:
The following known issues are reported in Version 5.3.1.7:
Private Cloud
in the Cloud Name drop-down list when it should. (CSCuu16374) FlowBit
keyword, the system generates inconsistent results. (CSCuy13901)The following known issues were reported in previous releases:
0
, the Top 10 Destination Ports section of the Intrusion Event Statistics page ( Overview > Summary > Intrusion Event Statistics) omits port numbers from the display. (125581/CSCze88014) SHOW TABLES
command may cause the query to fail. To avoid query failure, only run this query interactively using the RunQuery application. (132685/CSCze89153) *
) in the URL, the system does not generate preempted rule warnings for access control policies containing rules that reference the object. Do not use asterisks ( *
) in URL object URLs. (134095/CSCze88837, 134097/CSCze88846) Snort Alert
, not a customized message. (134270/CSCze88831).rtf
file, the system does not warn you that the .rtf
file type is not supported. (136500/CSCze89991) dos2unix
commands to convert the file from Windows encoding to Unix encoding and click Update Feeds on the Security Intelligence page. (136557/CSCze89888) $
), caret ( ^
), asterisk ( *
), brackets ( [ ]
), vertical bar ( |
), forward slash ( \
), period (.
), and question mark ( ?
). (137493/CSCze90413) ERROR 500 Internal Server Error
message. (139685/CSCze95818) SNORT ALERT
as a signature ID instead of the signature ID reported in syslog output seen from the Defense Center. (CSCur40263) $User, Host Report: $Host
, Attack Report: $Attack SID
, and Sourcefire FireSIGHT Report: $Customer Name
templates fail to generate reports due to unsupported characters in the report names. (CSCus21871) pending
when the policy was successfully applied. As a workaround, edit and save the policy, then reapply. (CSCus86011) Failed to deactivate 1 detectors because they are detecting applications used by applied Access Control policies
error. (CSCus91892) ::/0
or a network rule set to block all IPv4 addresses with 0.0.0.0/0
, the system incorrectly blocks all traffic. (CSCut58667) <script>alert(1)</script>
as the user name. (CSCuu39516, CSCuu39521) HTTP Error 500 Internal server
error page. (CSCuv22624)All new support cases must be opened using the Cisco Technical Assistance Center (TAC) by phone, web or email. To open a TAC case online, you must have a Cisco.com user ID and contract number. If you need assistance opening a case, call the Cisco TAC at 800-553-2447.
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information about Cisco ASA devices, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
If you have any questions or require assistance with Cisco ASA devices, please contact Cisco Support: