Resolved Issues

Bugs listed for a patch were verified as resolved when that patch was initially released.

Resolved Issues in New Upgrade Packages

Sometimes Cisco releases updated builds. Only the latest build for each platform is available on the Cisco Support & Download site. You should always use the latest build. If you downloaded an earlier build, do not use it.

You cannot upgrade from one build to another for the same Firepower version. If a new build would fix your issue, determine if an upgrade or hotfix would work instead. If not, you must uninstall and then reinstall.

Find your platform in the following table to determine if a new Version 6.2.2.x build is available.

Table 1. Version 6.2.2.x Patches with Updated Builds
Version Updated Build Released Platforms Resolves

6.2.2.4

43

2018-09-21

FTD/FTDv

Resolved multiple issues for FTD paltforms.

34

2018-07-09

FMC/FMCv

NGIPS devices

CSCvk17382: Snort exiting unexpectedly while processing rule evaluation.

6.2.2.3

69

 2018-06-19 All

CSCvj25386: Missing default Identity realm EOs causing upgrade failure

6.2.2.1

 80 2017-12-05 Firepower 2100 series

CSCvg93011: FTD logical device name mismatch on FPR2100 causes upgrade and HA sync failure

Version 6.2.2.5 Resolved Issues

If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products.

Caveat ID Number

Description

CSCvd12834

FP Audit Logs do not log passed and failed SSH authentication attempts

CSCvd28906

ASA traceback at first boot in 5506 due to unable to allocate enough LCMB memory

CSCve53415

ASA traceback in DATAPATH thread while running captures

CSCvf54682

sudo : CVE-2017-1000368 : Sudo Parsed tty Information Privilege Escalation Vulnerability

CSCvf96773

Standby ASA has high CPU usage due to extremely large PAT pool range

CSCvg01119

IPV4: Implementing buffered reliability mechanism for routing updates

CSCvg45261

Firepower 2100 high availability pair upgrade failed from 6.2.1-341 to 6.2.3-5305

CSCvg76652

Default DLY value of port-channel sub interface mismatch

CSCvg96103

Including a very large HTML page for the Block response causes all Decrypted sites to fail to load.

CSCvh01213

An ASA may Traceback and reload when processing traffic

CSCvh16252

ASA may traceback and reload in Thread Name: fover_rep during conn replication

CSCvh62705

Firepower 2110 ASA : Shared management across context unable to reach to GW

CSCvh91399

upgrade of ASA5500 series firewalls results in boot loop (not able to get past ROMMON)

CSCvh98781

ASA/FTD Deployment ERROR 'Management interface is not allowed as Data is in use by this instance'

CSCvi03103

BGP ASN cause policy deployment failures.

CSCvi06120

vpn-idle-timeout is not triggered after switching to rebooted failover pair

CSCvi07974

FTD: Layer 2 packets (ex: BPDUs) are dropped during snort restarts (Inline/Passive Interfaces Only)

CSCvi34164

ASA does not send 104001 and 104002 messages to TCP/UDP syslog

CSCvi59968

Firepower 2100 Incorrect reply for SNMP get request 1.3.6.1.2.1.1.2.0

CSCvi84315

Unexpected failures on Firepower 2100 Series devices

CSCvi95544

ASA not matching IPv6 traffic correctly in access control license with "any" keyword configured

CSCvi96442

Slave unit drops UDP/500 and IPSec packets for S2S instead of redirecting to Master

CSCvi97729

To-the-box traffic being routing out a data interface when failover is transitioning on a New Active

CSCvj07038

Firepower devices need to trust Threat Grid certificate

CSCvj15572

Flow-offload rewrite rules not updated when MAC address of interface changes

CSCvj37924

CWE-20: Improper Input Validation

CSCvj42450

ASA traceback in Thread Name: DATAPATH-14-17303

CSCvj43591

Firepower 2110 with ASA DHCP does not work properly

CSCvj49452

sftunnel using weak SSL/TLS versions and ciphers

CSCvj58342

Multicast dropped after deleting a security context

CSCvj72309

FTD does not send Marker for End-of-RIB after a BGP Graceful Restart

CSCvj75793

2100/4100/9300: stopping/pausing capture from Management Center doesn't lower the CPU usage

CSCvj81287

Firepower Threat Defense rejecting syslog server TLS-X509 certificate due to EKU invalid purpose

CSCvj83316

Snort process exits while clearing XFF data.

CSCvj89470

Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability

CSCvj91858

Cisco Adaptive Security Appliance Access Control List Bypass Vulnerability

CSCvj92040

TLS client offers some ciphersuites in CC mode that are not allowed by CC

CSCvj93913

SSL Inspection TLS 1.3 downgrade needs to modify client/server random values to be RFC compliant

CSCvk02250

"show memory binsize" and "show memory top-usage" do not show correct information (Complete fix)

CSCvk04592

Flows get stuck in lina conn table in half-closed state

CSCvk06160

SFDC repeatedly exits while Initializing OS Vuln Map

CSCvk18330

Active FTP Data transfers fail with FTP inspection and NAT

CSCvk31035

KVM (FTD): Mapping web server through outside not working consistent with other platforms

CSCvk34648

Firepower 2100 tunnel flap at data rekey with high throughput Lan-to-Lan VPN traffic

CSCvk45443

ASA cluster: Traffic loop on CCL with NAT and high traffic

CSCvk57516

Low DMA memory leading to VPN failures due to incorrect crypto maps

CSCvk66722

Configuring DHCP option 'false' causes DHCP configuration to be not visible from GUI

CSCvk66771

The CPU profiler stops running without having hit the threshold and without collecting any samples.

CSCvk67239

FTD or ASA traceback and reload in "Thread Name: Logger Page fault: Address not mapped"

CSCvm01497

Scheduled reports not stored in correct domain when using another domain's report template

CSCvm03931

software update downloads by Firepower failing due to newer CA certificates not being present

CSCvm09624

Protocol not updated based on AppID when enforcing IPS rules

CSCvm23370

ASA: Memory leak due to PC cssls_get_crypto_ctxt

CSCvm43975

Cisco ASA and FTD Denial of Service or High CPU due to SIP inspection Vulnerability

CSCvm60361

SSH public key auth not working on FTD on 5500

CSCvm80874

ASAv/FP2100 Smart Licensing - Unable to register/renew license

CSCvn08146

Missing audit detail for changes to x509 certificates and keys

Version 6.2.2.4 Resolved Issues

If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products. These queries are for Version 6.2.2.4:

Table 2. Version 6.2.2.4 Resolved Issues
Bug ID Description

CSCuv68725

ASA unable to remove ACE with log disable option

CSCvc20141

Cisco Firepower System Software Server Message Block File Policy Bypass Vulnerability

CSCvc92934

When SSL decryption is enabled, URL constraints in access control policy are not applied correctly

CSCvd13182

AVT : Missing X-Content-Type-Options in ASA 9.5.2

CSCvd44525

ASA show tech some commands twice, show running-config/ak47 detailed/startup-config errors

CSCvd72158

Evaluation of sfims for NTP March 2017

CSCvd86594

Need ability to enable PPTP inspection

CSCve87945

Cannot install new https certificate

CSCve94917

Stale VPN Context issue seen in 9.1 code despite fix for CSCvb29688

CSCvf18160

ASA traceback on failover sync with WebVPN and shared storage-url config

CSCvf39539

Netflow Returns Large Values for Bytes Sent/Received and IP address switch

CSCvf40179

ERROR: Unable to create crypto map: limit reached, when adding entry

CSCvf82832

ASA : ICMPv6 syslog messages after upgrade to 962.

CSCvf92262

ASA Webvpn HTTP Strict-Transport-Security Header missing despite fix of CSCvc82150

CSCvf97979

NAT policy deployment failed during generating delta config after changing security zone in rule.

CSCvg05442

ASA traceback due to deadlock between DATAPATH and webvpn processes

CSCvg20782

Identified Vulnerabilities associated with the CVEs from Oracle MySQL Patch Updates

CSCvg37391

Migrated access control policy deploy fails since it has FQDN objects

CSCvg89215

ASA crashed with Thread name DATAPATH-1-27929 in 3 node Firepower 9300 Distributed Cluster

CSCvh14743

IKEv2 MOBIKE session with Strongswan/3rd party client fails due to DPD with NAT detection payload.

CSCvh20742

Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability

CSCvh22181

Failures loading websites, such as mail sites, using TLS 1.3 with SSL inspection enabled

CSCvh30261

ASA watchdog traceback during context modification/configuration sync

CSCvh47057

ASA - ICMP flow drops with no-adjacency on interface configured in zone when inspection enabled

CSCvh55035

Firepower Threat Defense device unable to stablish ERSPAN with Nexus 9000

CSCvh62164

Firepower 9300 standby stuck in Bulk-Sync state with high CPS traffics on active

CSCvh63903

Failover of IPv6 addresses on 8000 series pair devices may not succeed

CSCvh75577

Firepower Management Center displays no data for CPU usage even when enabled and deployed in 6.2.2.1

CSCvh81142

Snort Core Generated while running 6.2.3

CSCvh81474

Need to catch malformed JSON to allow rendering of Deploy button and notifications

CSCvh95807

SSL FLow Errors reported when accessing ECDSA signed websites

CSCvh99159

RADIUS authentication/authorization fails for ASDM

CSCvh99414

NFE failure causes Snort to constantly restart

CSCvi01312

webvpn: multiple rendering issues on Confluence and Jira applications

CSCvi03546

User-IP mapping not updated on managed device due to error in updating current map

CSCvi08450

CWS redirection on ASA doesn't treat SSL Client Hello retransmission properly in specific condition

CSCvi16264

ASA traceback and reload due to watchdog timeout when DATAPATH accesses compiling ACL structure

CSCvi19263

ASA 9.7.1.15 Traceback while releasing a vpn context spin lock

CSCvi22507

IKEv1 RRI : With Answer-only Reverse Route gets deleted during Phase 1 rekey

CSCvi34137

With SSL decryption enabled and TCP Segmented HTTP requests, Snort does not capture URI correctly

CSCvi37889

Packet Tracer fails with ERROR: TRACER: NP failed tracing packet, even after removing captures

CSCvi45567

Not able to do snmpwalk when snmpv1&2c host group configured.

CSCvi47847

Shell application not pin-holing for new tcp port for data transfer as expected

CSCvi55070

IKEv1 RRI : With Originate-only Reverse Route gets deleted during Phase 1 rekey

CSCvi57808

Continuously sfdatacorrelator process terminated unexpectedly

CSCvi58089

Memory leak on webvpn

CSCvi58865

SSL policy with URL category rules specifying decryption can cause browser errors

CSCvi59148

Sessions can remain active on managed device if they are from same IP address but different realms

CSCvi63888

SSL errors might occur when resumed sessions are not decrypted

CSCvi66905

PIM Auto-RP packets are dropped after cluster master switchover

CSCvi76577

ASA:netsnmp:Snmpwalk is failed on some group of IPs of a host-group.

CSCvi77352

Illegal update occurs when device removes itself from the cluster

CSCvi82779

ASA generate traceback in DATAPATH thread

CSCvi86799

ASA traceback during output of show service-policy with a high number of interfaces and qos

CSCvi95544

ASA not matching IPv6 traffic correctly in ACL with any keyword configured

CSCvj07038

Firepower devices need to trust Threat Grid certificate

CSCvj07843

eStreamer using 100% CPU, event processing slows when File/FireAMP events enabled

CSCvj25386

Missing default Identity realm EOs causing upgrade failure

CSCvj43591

Firepower 2110 with ASA DHCP does not work properly

CSCvj56008

Scansafe feature doesn't work at all for HTTPS traffic

Version 6.2.2.3 Resolved Issues

If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products. These queries are for Version 6.2.2.3:

Table 3. Version 6.2.2.3 Resolved Issues
Bug ID Description

CSCuu67159

ASA: traceback in DATAPATH-2-1157

CSCux17501

SSL inspection blocks traffic with decryption errors for sites with 3072 bit key RSA certificates

CSCvc03899

Firepower Threat Defense managed by Management Center 6.2 - High unmanaged disk usage on /ngfw

CSCvc91092

Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability

CSCve20395

ASA Portal Java plug-ins fail with the latest Java updates

CSCve48087

Deploy policy tab failed to populate the device list from Firepower Management Center

CSCve49722

Can't export if intrusion policy inherits intrusion layer from parent domain

CSCve77286

Intrusion policy rule filter is not working properly

CSCvf53734

access control rules and Categories duplication on Firepower Management Center UI

CSCvf56533

Cannot re-register Firepower 9300 cluster to a different Firepower Management Center

CSCvf81672

ASA Routes flushed after failover when etherchannel fails

CSCvf98631

SSL does not properly re-register with the IsAppIdRequired framework on reload

CSCvg00565

ASA crashes in glib/g_slice when do debug menu self testing

CSCvg05368

Upon joining cluster slave unit generates ASA-3-202010: NAT/PAT pool exhausted for all PAT'd conns

CSCvg08988

Access Control Rule is not created in snort if source zone and destination zone are the same

CSCvg23028

REST-API residues on Firepower Threat Defense (2100, 4100, 9300 Series)

CSCvg36672

Need a way to prioritize user driven deployment tasks in Action Queue

CSCvg43389

ASA traceback due to 1550 block exhaustion.

CSCvg45236

Lower-than-expected 256 byte block count with fast-path pre-filter SSL policy

CSCvg56122

SSL handshake fails with large certificate chain size

CSCvg62337

Memory calculation in Snort incorrect for Firepower Threat Defense devices

CSCvg62916

ASA: Software traceback in Thread Name: Dynamic Filter updater

CSCvg65072

Cisco ASA sw, FTD sw, and AnyConnect Secure Mobility Client SAML Auth Session Fixation Vulnerability

CSCvg71421

Archive Cache Pruning May Not Work

CSCvg72583

Archive Cache Loading Could be in Deadlock

CSCvg73042

SSL Cache missing session info leading to ERR_SSL_PROTOCOL_ERROR in the browser for SSL websites

CSCvg83924

Traffic not hitting the access control rule which has deprecated Application in it

CSCvg84495

Remote access VPN using an OpenLDAP realm/server doesn't use the correct naming attribute

CSCvg85982

ERSPAN not working on Firepower Threat Defense running 6.2.2

CSCvg99285

[ERROR] Failed to init octeon -- FATAL ERROR: Can't initialize DAQ oct_ssl (-1)

CSCvh05081

ASA does not unrandomize the SLE and SRE values for SACK packet generated by ASA module

CSCvh15228

ASA/Firepower Threat Defense Traffic Zone Member Command Causes BGP to Flap

CSCvh19991

User/Group Download fails when an Included Group is missing from the AD Server

CSCvh23531

ASA TLS client connection fails with software DHE

CSCvh23776

Both ASA traceback in high availability pair on 4140 chassis

CSCvh25433

New CLI for Supporting Legacy method SAML Auth using external browser on Endpoint with AC

CSCvh32673

Freed memory not released back to the system quick enough on ASA 5506-x platforms

CSCvh47069

Firepower Management Center Data purge causes managed sensor to wipe out user sessions upon reboot

CSCvh53597

Policy deploy fails if SSL Policy has deprecated AppDetector

CSCvh53616

ASA on Firepower Threat Defense devices traceback due to SSL

CSCvh53901

SFDataCorrelator cores when reading invalid fingerprint type from database

CSCvh54940

ASA traceback with thread name idfw_proc

CSCvh55035

Firepower Threat Defense device unable to stablish ERSPAN with Nexus 9000

CSCvh58373

FlexConfig MPF configuration does not deploy all Access-Lists and not redeploying all Class-Maps

CSCvh59884

Notifications about pruned events contains invalid date/time (Thu Jan 1 00:00:01 1970)

CSCvh63896

ASA traceback in threadname CP Processing

CSCvh65500

Firepower 2100 Client in FTP active mode is not able to establish control channel with the Server

CSCvh67981

ASA 9.8.2 Cluster Slave unit traceback when joining cluster and SNMPv3 sync

CSCvh68521

On 8000 series stack, with Maint on sec fail setting enabled, stack health is in compromised state

CSCvh69967

5506 traceback when ASA module and RestAPI both enabled

CSCvh70474

SFDataCorrelator/SFDCNotificationd connection log spam after expiring many hosts

CSCvh73582

traceback related to SIP inspection processing

CSCvh75025

ASA traceback when failing over to standby unit

CSCvh77721

Standby SFDataCorrelator fails to connect to Sybase after Management Center pair establish/resume

CSCvh77942

new Certificate configuration of primary unit does not sync to standy unit in a Active/Active setup

CSCvh78133

Firepower 2100 process_stderr.log getting flooded with errors causing /ngfw high disk

CSCvh83026

ASA tracebacks intermittently with Thread Name: CTM message handler

CSCvh83145

ASA interface IP and subnet mask changes to 0.0.0.0 0.0.0.0 causing outage of services on interface

CSCvh83934

Memory usage of User-ID component of SNORT exceeds the reserved limit of 10M

CSCvh85246

ssl inspection can be limited by a do not decrypt rule specifying one or more common names

CSCvh85514

ASA Traceback in Thread Name: Unicorn Proxy Thread

CSCvh85580

ids_event_alerter core when processing connection events

CSCvh89095

Firepower Management Center allows deleting Interface Object being used in SLA monitor object

CSCvh89340

Cisco Firepower Threat Defense SSL Engine High CPU Denial Of Service Vulnerability

CSCvh90947

ASA traceback with Thread Name: fover_parse

CSCvh91053

ASA sending DHCP decline | not assiging address to AC clients via DHCP

CSCvh92381

ASA Traceback and goes to boot loop on 9.6.3.1

CSCvh95325

Standby ASA traceback during replication from mate 9.2(4)27

CSCvh95396

Policy deployment failure due to Invalid preprocessor normalize_tcp option ftp

CSCvh95600

Need consistent identifier for lines of ssl debug log output

CSCvh97216

Mmapped bytes allocated incorrectly accounted in Free Memory of show memory detail

CSCvh97594

ssl inspection cache can become unbalanced, leading to premature removal of recently used items

CSCvi01376

Upon reboot, non-default SSL commands are removed from the FP4100 device

CSCvi02989

Access control policy not able to be edited or deployed after upgrade to Version 6.2.2.1

CSCvi03532

Audit message not generated by: no logging enable

CSCvi07636

ASA: Traceback in Thread Name UserFromCert

CSCvi09305

Some SSL connections slow or fail under a Do-Not-Decrypt SSL policy action

CSCvi09811

Traceback in DATAPATH, assertion 0 failed: file ./snp_cluster_transport.h, line 480

CSCvi12354

Threat Defense member in intra-cluster environment is not able to be re-added in Management Center

CSCvi18602

FSIC failed while downgrade ASA FirePOWER module (5585-x) from 6.2.2.2 to 6.2.2.1

CSCvi29682

ISE-PIC Connection to Firepower Management Center does not work

CSCvi33962

WebVPN rewriter: drop down menu doesn't work in BMC Remedy

CSCvi35805

ASA Cut-Through Proxy allowing user to access website, but displaying authentication failed

CSCvi39938

Traffic outage while downloading large number of users and groups

CSCvi53922

Failures loading websites using TLS 1.3 with SSL inspection enabled

CSCvi80849

Cisco Firepower 2100 Series POODLE TLS security scanner alerts

Version 6.2.2.2 Resolved Issues

If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products. These queries are for Version 6.2.2.2:

Table 4. Version 6.2.2.2 Resolved Security Issues
Bug ID Description

CSCvd07072

SSL logging denial-of-service vulnerability

CSCve91584

Cisco Firepower Management Console Security Intelligence Objects Denial of Service Vulnerability

CSCvf86435

If Drop threshold is configured in Intelligent Application Bypass, all traffic will be trusted

CSCvg35384

snort crash deleteSessionByKey found when access control policy edited and malware traffic is sent

CSCvg35618

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability

CSCvh79732

Cisco Adaptive Security Appliance Denial of Service Vulnerability

CSCvh81737

Cisco Adaptive Security Appliance Denial of Service Vulnerability

CSCvh81870

Cisco Adaptive Security Appliance Denial of Service Vulnerability
Table 5. Version 6.2.2.2 Resolved Issues
Bug ID Description

CSCuz25599

Firepower Threat Defense CLI command system support run-rule-profiling exits prematurely

CSCuz44985

Erroneous syslog messages cause excessive upgrade times/failures

CSCva42408

Ev AnalysisUI: Domain column disappears after switching to Secondary Firepower Management Center

CSCvb01438

Syslog deployment fails

CSCvb81481

No Input/Output packet for Port-channel in Firepower Threat Defense 4100

CSCvc09017

Show Nat flows on Firepower 7000/8000 series devices displays incorrect data

CSCvc21275

Internal error on editing the NAT policy after import

CSCvc55027

context explorer slow to load due to db deadlocks in rna_client_app_payload

CSCvc92854

Firepower Management Center does not detect changes if they are configured via FlexConfig.

CSCvd34694

Enabling SSL Decryption blocks legitimate traffic

CSCvd93621

Unable to edit performance settings in advanced section of Access Control policy

CSCve31387

No CPU alert on 8000 Series, when snort is overwhelmed.

CSCve31938

Changes Made to Objects Referenced Only by FlexConfig not Recognized for Deployment

CSCve34640

SSL policy causing inspection engine (snort) processes stop unexpectedly

CSCve55973

configure ssh-access-list command does not work 6.2.x

CSCve58826

Issues with multiple pending UserEnforcementSnapshot tasks

CSCve70416

SSL policy with Decrypt-Resign action does not decrypt traffic with ECDSA certificates

CSCve71562

Implement a mechanism to track the status between ISE pxgrid and Management Center pairs

CSCve74524

User Agent does not properly report group names with special characters in the name

CSCve82410

Port Scan does not block scans

CSCve85996

Deployment timeouts after 30 minutes due to expand of ACE during deployment

CSCve86182

Reserved Characters in access control/ Prefilter policy rule name may fail Threat Defense Deployment

CSCve88096

File Events may incorrectly show Device Not Activated for capacity handled files

CSCve91343

Firepower Threat Defense: With CC mode enabled, NGFWv IPSec performance degraded 10-20%

CSCve96463

False positives for TCP Session Hijacking in routed deployments

CSCve97046

threat_name table prune cannot keep up with insertion

CSCve97395

Syslog and SNMP do not work for Prefilter Policy on Firepower Threat Defense

CSCvf10088

Migration fails when access-list contains vxlan port

CSCvf13106

EIGRP system defined template for every time deployment is not working

CSCvf20259

ids_event_alerter output is missing attribute names on Firepower Threat Defense devices

CSCvf20753

Changing text object is not making flex object dirty to be deploy

CSCvf22930

Firepower 9300 running ASA 9.7.1.10 Threat Defense high availability traceback in Datapath

CSCvf23425

SSL handshake error and timeout occurs when HTTPS traffic is passed through GRE tunnel

CSCvf25415

Spaces in IP range in Access Control Policy can cause deploy to fail

CSCvf26676

With SSL inspection, Snort can terminate unexpected in SideChannel

CSCvf27435

SSL Monitor - Event matches wrong access control rule

CSCvf36492

Management Center high availability configuration is not always reflected correctly on sensors

CSCvf36796

Flood of captive portal messages

CSCvf40650

Certificates not synced to Standby/All certificates cleared on Standby post deployment failure

CSCvf41773

Threshold configuration files have old unneeded policies

CSCvf44801

Intrusion rule with multiple negations can be trigger false positives

CSCvf47736

TCP connection not reset on when SSL rule action action set to block with reset

CSCvf48889

Memory leak in ActionQueueScrape.pl can cause stacked Firepower devices to hang

CSCvf52889

Delay of end of connection events for SSL traffic

CSCvf58260

Categories missing from security intelligence events

CSCvf59214

User sessions without email might cause database issues

CSCvf63022

Application is not being identified for RTP stream

CSCvf63871

Inspection engine CPU usage high if SSL policy or captive portal are enabled

CSCvf64730

Incorrect upper limit for Intrusion Event Database records on Management Center virtual.

CSCvf64831

Firepower Management Center reports incorrect IPv6 addresses and ports

CSCvf67573

Errors during interface creation/deletion and config save

CSCvf69012

Unassigning Flexconfig object that has MPF config removes service-policy and pmap but not class-map

CSCvf70092

Resource Leak in SFTop10Cacher leads to deadlock

CSCvf70381

Malware embedded in an archive may not get blocked

CSCvf72930

Firepowe Threat Defense may traceback in Thread Name appAgent_monitor_nd_thread during registration

CSCvf73976

Increase the timeout for interface messages in ASAConfig.pl

CSCvf74790

OGS and TCM commands are negated by Firepower Management Center during policy deployment

CSCvf76566

S4000-K9 // Cannot add object to the network group (Firepower Management Center 682412623)

CSCvf77469

Packet loss during Server Hello when SSL policy verdict is Do Not Decrypt causes failures

CSCvf78924

Maximum Transmission Unit (MTU) setting ignored on managed devices, leading to dropped packets

CSCvf83436

Management Center Cannot add route-lookup keyword when using any as destination interface object

CSCvf86487

Intelligent Application Bypass drop percentage does not work as expected

CSCvf87538

Syslog ID is reset to 111111 when editing syslog settings

CSCvf90350

Firepower Management Center policy deploy fails on using banner values without line breaks

CSCvf91209

SI transaction on sensor should use the same directory for staging

CSCvf92782

PAT pool fails to be enabled on Japanese GUI

CSCvf93232

User can access URLs without active authentication if traffic is not decrypted

CSCvf95108

Action_queue tables not pruning successful/failure tasks

CSCvf95494

Routes are not applied on a 7000/8000 series devices in Cluster

CSCvf96656

After creating an access control rule with app filters via REST API, cannot access policy from UI

CSCvf97107

Retransmit delay when first packet lost with Decrypt-Resign or Do Not Decrypt SSL policy action

CSCvg04071

changing the system hostname in Management Center UI causes Device registration failure on 6.2.2

CSCvg04361

With SafeSearch on, user cannot access some websites using AES-CBC ciphers

CSCvg06695

Firepower 2100 Threat Defense pair reporting failed status due to Detect service module failure

CSCvg07052

RealID+TempID in Sybase makes SFDataCorrelator incorrectly assign TempID to new logins

CSCvg08988

Access Control Rule is not created in snort if source zone and destination zone are the same

CSCvg17478

Traceback with Show OSPF Database Commands

CSCvg21478

User/Group Downloads fail with non-ascii characters in included/excluded groups

CSCvg22873

Threat Defense Virtual: Azure, waagent.log file grows without bounds and needs to rotate

CSCvg23287

nfm_exceptiond exited unexpectedly is_allocator FATAL m_mutex->tryLock error

CSCvg23401

Firepower Management Center is not displaying VPN configuration.

CSCvg25287

Add mysql-server.err file to logrotate.d in Firepower Threat Defense

CSCvg25358

Set oom-killer priorities

CSCvg25694

Assert Traceback, thread name : cli_xml_server

CSCvg28321

Improve user group lookup handling by broadcasting info to all snort instances

CSCvg32885

Unable to edit or Deployment missing some of the access control rules after upgraded to 6.2.0.3

CSCvg34306

ENH - The memcap for Security Intelligence URL feeds needs to be increased.

CSCvg35384

snort crash deleteSessionByKey found when access control policy edited and malware traffic is sent

CSCvg42347

6.2.0.3 upgrade failed on standby 4140 at script 800_post/755_reapply_sensor_policy.pl

CSCvg42478

SFDaco can sometimes fail to respond to For Policy changes discovered during realm sync

CSCvg43193

Unable to change OSPF md5 key

CSCvg47955

CloudAgent segfault on Firepower Threat Defense

CSCvg52296

Threat Defense 5506 does not send a block page for URL filtering when using BVI switched interfaces

CSCvg53208

Application protocol field missing in connection events

CSCvg54460

[SFR onbox] ADI.conf removed on policy deployment

CSCvg55040

Health monitoring for 7000/8000 series devices does not set bypass rules on recovery

CSCvg55713

Search Rules field clears when moved to next page.

CSCvg56106

DHCP relay agents configured not visible on GUI

CSCvg56681

Upgrade framework scripts incorrectly delete rc symlinks

CSCvg56985

If Management Center backup dies in the middle, events are not received on the Management Center

CSCvg58754

Policy Deployment hangs on Threat Defense 6.2.1+ when cluster message and ack comes out of order

CSCvg60323

D/R HTTPS connections fail in browsers that enforce OCSP must staple

CSCvg64722

Firepower Threat Defense in high availability mode in Active-Failed state

CSCvg65044

When network packets are transmitted out-of-order, some SSL sessions may not be established

CSCvg66697

segfault in ssl_handshake::sig_hash

CSCvg66706

SFDataCorrelator deadlock core due to slow User Identity event processing

CSCvg66844

Excessive log messages found no record for Realm and excessive database queries

CSCvg67206

Traffic loss and pdts_daq_dext_process nse interface intialization has not occurred errors

CSCvg71777

Access control rules deleted/added back in every alternate deploy when VXLAN port UDP:4789 is used

CSCvg72472

user/group download timeout on slow network link - timeout needs to be increased

CSCvg75447

Duplicate User Group Names across AD/Realm causes the user download to fail

CSCvg76542

Correlation rule for connection Reason is not should fire when event has no Reason

CSCvg84474

Space in port range for an access control policy rule causes error that prevents rule editing

CSCvg92679

Use active authentication if passive or VPN identity cannot be established check gets disabled

CSCvg94742

Force Break from Management for Firepower Threat Defense devices fails to break pair

CSCvg96525

SFDataCorrelator deadlock during whitelist host evaluation

CSCvg97874

FireAMP Cloud events are not available for eStreamer clients

CSCvg99382

Restore backup that was created on remote storage and transferred locally has a problem

CSCvh01083

NAT rules with route-lookup option are exported with different original and translated object names

CSCvh07446

On 7000/8000 devices, many IPs in a single access control rule will match rule incorrectly

CSCvh12075

Firepower Threat Defense devices in high availability might go into reboot loop one after the other

CSCvh12510

system support identity-debug

CSCvh18106

Firepower Management Center- Flexconfig-Removal of EIGRP Authentication every time during deployment

CSCvh21873

SFDataCorrelator on Firepower Management Center repeatedly crashes for corrupt user login event

CSCvh58373

FlexConfig MPF configuration does not deploy all Access-Lists and not redeploying all Class-Maps

CSCvh77330

DOC: Incorrect path for an upgrade to 6.2.2.X

CSCvh91577

IDSEventAlerter:config [ERROR] Unrecognized keyword: ssl_policy_UUID

Version 6.2.2.1 Resolved Issues

If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products. These queries are for Version 6.2.21:

Table 6. Version 6.2.2.1 Resolved Issues
Bug ID Description

CSCuz68504

Dynamic Analysis Summary not showing full report

CSCvb22670

SFDCNotificationd dumps core if stopped after SFDataCorrelator

CSCvc06133

Firepower Management Center freezes when attempt is made to sort the App Detectors

CSCvc46599

Error message Unable to translate SSL cipher suite 65535 needs cleaning up

CSCvc59913

Mismatched VLAN tagged traffic has inconsistent access control rule matches.

CSCvc65384

Identity policy not working after import

CSCvc92397

Webpages loads very slowly when URL retry is enabled

CSCvd16631

Excessive logging from sip preprocessor function SipSessionSnortCallback

CSCve10708

Upgrade file-transfer from Firepower Management Center to Firepower device times out after one hour

CSCve11915

POP3 payload inspection not proper on snort with the file detection policy

CSCve28417

[NSS] Snort 6 Core - AAB - in SnortPcre of file detection_options.c

CSCve39775

Multiple login messages different username and same realm/IP/timestamp scrambles SFDaco

CSCve46186

Snort memcals for startup memory incorrect on Firepower Threat Defense

CSCve47333

Management Center not deactivating smart licenses for Firepower Threat Defense devices

CSCve47800

Port Scan: IP Protocol scanning not getting detected.

CSCve47868

Snort not triggering Event 123:7 FRAG3_ANOMALY_BADSIZE_LG

CSCve55696

UIMP continues to attempt import for deleted users

CSCve58157

Host Input Daemon exits when interface is IPv6 (no IPv4)

CSCve79555

ASA/FTD traceback when clearing capture - assertion 0 failed: file mps_hash_table_debug.c

CSCve85240

Access control policy uneditable if copying large Policy, insert/move 50+ rules into category

CSCve85996

Deployment timeouts after 30 minutes due to expand of ACE during deployment

CSCve91343

Firepower Threat Defense: With CC mode enabled, NGFWv IPSec performance degraded 10-20%

CSCve94530

SFDataCorrelator signal-6 core on Firepower Management Center after reconfigure

CSCve95168

Unicode file support over SMB on Firepwer Threat Defense

CSCve99203

256 low block count leads to traffic failures due to alloc to inspect snort

CSCvf09949

Incorrect access control rule is matched in Threat Defense device when it is setup in passive mode

CSCvf12124

Third Party Vulnerability Maps won't save

CSCvf14953

Health Alert for CPU usage on cores dedicated to Radware DefensePro service

CSCvf15216

When SSL rules are enabled and sensor is over subscribed, rules are not correctly enforced.

CSCvf15265

SFDataCorrelator takes a long time to start due to large firewall_rule_cache table

CSCvf16799

DH Ephemeral Keys with Known Key SSL Policy and session reuse causes client to close session.

CSCvf18368

Long traffic connections matching Do Not Decrypt SSL rules may be blocked

CSCvf20259

ids_event_alerter output is missing attribute names on Threat Defense devices

CSCvf22930

FP9300 9.7.1.10 Threat Defense high availability traceback in Datapath

CSCvf38056

SSL flows failing due to Flow tables and Flow ID's overflowing

CSCvf38081

SSL policy Category lookup fails for URLs that aren't in local database

CSCvf40650

Certificates not synced to Standby/All certificates cleared on Standby post deployment failure

CSCvf42713

cannot import web UI HTTPS server certificate on Firepower Management Center or 7000/8000 Series

CSCvf43107

Estreamer Cores - SSLCert length handling

CSCvf50819

AS Path prepend command truncated while deployed

CSCvf52744

cannot activate correlation policy with malware event by network based with file name as condition

CSCvf54853

Large database size for devices upgraded from 6.1.0.x to 6.2.0.x

CSCvf54986

Policy import from SFO or deleting realms fails with unreachable directory servers

CSCvf56267

Environments having multiple user accounts with same email address scrambles/crashs SFDataCorrelator

CSCvf59399

Memory growth in SFDataCorrelator due to User Identity

CSCvf62276

Missing IP address in AMP cloud malware events

CSCvf71086

Port-channel cannot be configured as a passive interface

CSCvf75135

Configure sysopt connection permit-vpn using FlexConfig to prevent unintended clear-text traffic

CSCvf75781

Firepower Threat Defense device may leave cluster due to disk space alert

CSCvf76338

Scheduled configuration backup shows missing/wrong information on UI once generated.

CSCvf80717

TCP SACK in conjunction with SSL decryption can cause connections to stuck

CSCvf86080

SFDataCorrelator needs to log incorrect timestamp on bucketized partitioned tables

CSCvf87960

integrity check failure after updating GeoDB on Firepower Management Center

CSCvf89183

Large Deploy Bundles and slow links causes deploy to fail

CSCvg06695

FP2100 Threat Defense pair reporting failed status due to Detect service module failure

CSCvg08745

Snort segfaults and coring while processing FTP traffic.

CSCvg17478

traceback with Show OSPF Database Commands

CSCvg25694

Assert Traceback, thread name : cli_xml_server

CSCvg32885

Deployment missing some of the access control rules after upgraded to 6.2.0.3

CSCvg42347

6.2.0.3 upgrade failed on standby 4140 at script 800_post/755_reapply_sensor_policy.pl