Changed Functionality
The following are a few of the changes in Version 6.2.0:
-
Version 6.2.0 introduces new functionality related to latency-based performance settings in access control policies. In Version 6.2.0 and later, by default, new access control policies obtain latency-based performance settings from the latest intrusion rule update. You can choose to overwrite these settings with custom settings. For more information, see "Latency-Based Performance Setting Configuration” in the Firepower Management Center Configuration Guide.
When you update to Version 6.2.0, the system determines whether existing access control policies use default or custom latency-based performance settings and continues as appropriate under the following conditions:
-
If existing policies use default settings, the system sets the Apply Settings From option to Installed Rule Update. When you deploy the access control policy, the system obtains the latency-based performance settings from the latest intrusion rule update and uses them in that policy.
-
If existing policies do not use default settings, the system sets the Apply Settings From option to Custom and retains the pre-upgrade settings.
-
-
Version 6.2.0 does not support international characters in URLS for URL objects or inline values in access control policy rules. (CSCux24338)
-
Private keys are no longer mandatory when importing certificates. (CSCvb13045)
-
Generated troubleshoot now includes captive portal information. (CSCvb26174)
-
If you create an access control policy or NAT policy referencing an object or object group that contains an invalid characters in the name, the system now generates an Unsupported object names are used in the policy for devices error message and does not save the policy. (CSCvb29308)
-
The ASA-to-FTD migration process failed if the ASA configuration file included an access list entry (ACE) with an interface object configured as source network, destination network, or both. Now, the migration tool converts this ASA configuration as a disabled FTD rule. (CSCvb49745)
-
Upgrading to Version 6.2.0 from Version 6.1.0.3 or a subsequent 6.1.0.x patch removes the Intelligent Application Bypass (IAB) All applications including unidentified application option from the user interface. You must install the Version 6.2.0.1 patch or a subsequent 6.2.0.x patch to restore this option.
If this option is enabled when you upgrade, and your access control policy does not contain IAB bypassable application and filter configurations, the user interface has the following unexpected behaviors:
-
IAB is enabled, but the All applications including unidentified applications option is no longer present.
-
The IAB configuration page displays 1 Applications/Filters, incorrectly indicating that you have configured one application or filter.
-
The Selected Applications and Filters window in the applications and filters editor displays one of the following, depending on which appliance you are using: deleted (Firepower Management Center, ASA with FirePOWER Services and Any Application (ASA FirePOWER module managed by ASDM).
We recommend deleting deleted or Any Application from the Selected Applications and Filters window. Installing Version 6.2.0.1 or a subsequent 6.2.0.x version restores the missing option.
-