The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following table addresses defects resolved at the time of publication of these release notes. For an updated list of known issues, run the provided query in the Bug Search Tool.
If you have a Cisco support contract, use the Firepower Management Center query or the ASA FirePOWER module query as a dynamic search for all resolved bugs with a severity 3 and higher.
Caveat ID Number |
Description |
---|---|
Security Issue |
Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability |
Caveat ID Number |
Description |
---|---|
turn off older SSL/TLS versions and ciphers |
|
Sensor managed by Management Center thinks it is managed locally |
|
Firepower Management Center 6.0.0 User Interface does not show more than 8 User Agents |
|
After upgrading to 6.0, you cannot remove tasks from the taskbar |
|
In Task Status page the task is stuck/spinning |
|
Inline result showing would have dropped |
|
Only 1500 Group Members are downloaded per group for an AD Realm |
|
Detection engine, primary detection engine, alerting process health alert |
|
Security Intelligence category goes missing from Security Intelligence events after time |
|
SFDCNotificationd dumps core if stopped after SFDataCorrelator |
|
Large flow introduces latency on all traffic in FirePower Service on ASA |
|
access control policy search highlight incorrectly highlights |
|
ASA 5506-X Firepower Threat Defense Reset Button |
|
Unable to save AD join credentials from edit realm page |
|
Firepower: Identity policy shows incorrect warning about Zones |
|
Mperf causing high CPU and stays constantly high . |
|
Firepower Management Center freezes when attempt is made to sort the App Detectors |
|
Firewall rules may not be in sync with firmware rules following policy apply |
|
SFDataCorrelator polling for status of file analysis can fail in certain circumstances |
|
Document bug: Impact of Leap second on Firepower products |
|
Cannot edit intrusion policy after upgrade to 6.1 due to undefined rule state |
|
Rule copy and paste reset to top instead of the rule being edited |
|
Mismatched VLAN tagged traffic has inconsistent access control rule matches. |
|
Task getting created whenever Cloud Management option is selected |
|
Mishandled rule index numbers on multipage access control policies with collapsed rule categories |
|
Health monitor error: The cloud databases for these appliances are not synced |
|
Excessive logging from sfbbhealthd process. |
|
Making minor changes to included/excluded users in a realm may cause unexpected behavior |
|
User identity lost due to limited identity timeout configuration |
|
Performance issues related to High Availability |
|
Database settings for a fresh deployment were not saved |
|
modbus false postive on MODBUS_BAD_LENGTH |
|
Cannot break Firepower Threat Defense high availability if one of the paired devices has failed |
|
C-groups modification during policy apply causes AAB to trigger. |
|
upgraded 6.x Management Center incorrectly deploys obsoleted detectors to 6.x devices |
|
Snort is unable to map the filename if there are unsupported characters. |
|
SSL Trusted CAs not deployed to sensor in some cases |
|
Snort reloads cause memory leaks and CPU increase |
|
Custom detection/Clean list is incorrect with multiple file polices in use |
|
Custom NAP rule with inline normalization enabled does not enable normalization |
|
Deadlock in Firepower Management Center high availability syncronization |
|
Mismatch between internal database entries prevents correct session propagation |
|
micro engine failure failure with msg Microengine heartbeat stopped |
|
apache not listening on loopback IPv4 when management interface has only ipv6 configured |
|
Repeated same DiskMgr logs flooding messages log - causing small log retention period |
|
Query Cisco CSI for Unknown URLs option is not properly synchronized in Management Center pairs |
|
Show user information in connection events for flows hitting early deny |
|
Correlation Events and Syslog Events show incorrect local rule SID |
|
Policy deploy hangs at 40% with the object names end with [ _ ] |
|
High availability Status health module should not run on device |
|
Unable to delete third party vulnerabilities when the host count associated with them is > 100 |
|
SSL Block action when Extended Master Secret is used with SSL Policy Known Key Decrypt |
|
7000 and 8000 Series Device with Passive Interface does not Failover when Active device powers off |
|
Intermittent failure in User Group lookup. |
|
Data channel traffic on windows FTP server aren't matching the pin hole session as expected |
|
Firepower Threat Defense: block depletion with continuous SSL traffic and decrypt resign enabled. |
|
Unable to import if Access Control rules has Realm as matching condition |
|
Snort process at 100% and takes excessive amount of time to parse IPS rules. |
|
2048 byte block depletion with continuous SSL traffic and decrypt resign enabled on Threat Defense |
|
eStreamer certificate generates errors with a McAfee ESM generationQualifier verification failed |
|
Docs have incorrect commands to suspend or resume Firepower Threat Defense high availability |
|
URL DB Download Fail with error -8 |
|
Stack entering bypass due to disk space health alert |
|
SFDataCorrelator will not stop on Threat Defense device due to database connection corruption |
|
POP3 payload inspection not proper on snort with the file detection policy |
|
Check UUID of Firepower Management Center high availability pair and both having same UUID |
|
Host input operations can overwhelm high availability transactions |
|
Access control rule is not matched correctly if src zone and dst zone have different types |
|
Nothing is shown when clicked on Policy Assignements |
|
Creating ngfw rules with [ # ] character prevent event_alerter from starting. |
|
Sub-domain SI objects cannot be deleted |
|
SIGABRT ActionQueueScrape cores in Firepower Management Center high availability |
|
snort stuck or signal 6 core with interactive block rule |
|
Static URL/DNS lists are not included in backup |
|
Threat Defense-NAT:Deployment fails when Auto nat group object values overlapped with interface IP. |
|
When expanding individual categories in Access Control Policy rule ID changes |
|
SFDataCorrelator segfault due to null pointer dereference in handle_host_address_changes() |
|
Deployment fails when SSL Platform Settings has deprecated RC4-SHA and RC4-MD5 algorithms configured |
|
after upgrade, sessions which were deleted were still present in sensor's firewall |
|
Cannot select Inherit from base policy check box |
|
Firepower Management Center Interface Type Mismatch with Syslog Server Ip Type error |
|
Sessions for local ISE users don't get deleted when delete is attempted |
|
Device Manager bootstrap aborted - URL category and reputations not populated in URL filtering rules |
|
eStreamer service sends corrupt messages and spams log files with Not connected |
|
Port Scan: IP Protocol scanning not getting detected. |
|
Snort not triggering Event 123:7 FRAG3_ANOMALY_BADSIZE_LG |
|
eStreamer log spam Unable to open directory |
|
record_count for interface stats from the sensor are being set to 0, coring SFDatacorrelator. |
|
5506/5508/5516 Threat Defense console login does not work if console speed set to 115200 in rommon |
|
Firepower Management Center high availability sync fails if file name contains 2 dots [ .. ] |
|
SFDataCorrelator still in local management mode after deployed from Management Center |
|
iprep_proxy.conf should encode special characters in pass for authetication |
|
BitTorrent traffic not blocked consistently on resumed sessions. |
|
REST API internal error when removing AP rule from API that moved via GUI |
|
eStreamer core when FireAMP event has no SHA |
|
Editing syslog server platform setting policy and deploy does not push the correct cli to device |
|
NTP Default Server addresses can be modified |
|
Missing column netmap_num from the join on event_extra_data table. |
|
Specific mysql statement causing 6.2.1 upgrade failure |
|
RPC.conf not getting properly re-enabled during resumed upgrades |
|
Threat Defense: Blocking Facebook post/chat/comments/likes application not working for Firefox |
|
SFDataCorrelator crash or exit when event table contains large highest index |
|
REST identity application and ADI leak File Descriptors |
|
REST API : PUT - Multiple entries allowed for the same user in Access policy Rule |
|
Configuring an IP pool for a diagnostic port channel interface on an Threat Defense cluster fails |
|
Firepower 2110 Firmware version MISMATCH error message after upgrade |
|
Add code to reread /etc/sf/devicecap.conf file when moving to local management |
|
Double byte characters are not rendered correctly for Identity Policy Name and description |
|
SFDataCorrelator coring due to ids_event_msg_map message being null |
|
MC2000 and MC4000 can rarely hang during boot |
|
ids_event_alerter causes high CPU on Threat Defense device when UUID is missing from EOAttributes |
|
Unicode file support over SMB on Firepwer Threat Defense |
|
Access control policy/Pre-filter rules are negated and readded on usage of icmp objects |
|
256 low block count leads to traffic failures due to alloc to inspect snort |
|
SNMP Username on Platform Settings accepts whitespace characters alone as name |
|
Management Center: Deleting 1 category in nested access control policy deletes all categories |
|
Firepower Threat Defense management interface link flaps when IPv6 gateway is configured |
|
Incorrect access control rule is matched in FTD when it is setup in passive mode. |
|
SFDataCorrelator segfaults repeatedly when processing SSL certificate details |
|
Third Party Vulnerability Maps won't save |
|
Multiple routes with same metric or gateway exists error when configuring ECMP |
|
When SSL rules are enabled and sensor is over subscribed, rules are not correctly enforced. |
|
SFDataCorrelator takes a long time to start due to large firewall_rule_cache table |
|
after captive portal authentication, packet is incorrectly associated with realm ID 0 |
|
DH Ephemeral Keys with Known Key SSL Policy and session reuse causes client to close session. |
|
Long traffic connections matching Do Not Decrypt SSL rules may be blocked |
|
Management interface bootstrap fails with IPv6 only configuratiom and no available DHCPv4 servers |
|
Documentation has incorrect info for Max Response Length on Client-Level FTP Options. |
|
SFDataCorrelator segfaults during loading of compliance rules |
|
SSL flows failing due to Flow tables and Flow ID's overflowing |
|
SSL policy Category lookup fails for URLs that aren't in local database |
|
Static route checking is too restrictive |
|
ACT LEDS do not reflect the correct high availability states of the devices |
|
Estreamer Cores - SSLCert length handling |
|
AS Path prepend command truncated while deployed |
|
cannot activate correlation policy with malware event by network based with file name as condition |
|
access-list rules missing after policy deployment on Firepower Threat Defense |
|
Need documentation how to view available OS fingerprint in VDB |
|
Missing IP address in AMP cloud malware events |
|
After a Manual Sync of Smart License, upgrade from 6.2.0-363 to 6.2.2-66 fails |
|
Outage caused by process exiting |