Browsers Tested with Firepower Web Interfaces
Firepower web interfaces are tested with the latest versions of the
following popular browsers, running on currently supported versions
of macOS and Microsoft Windows:
If you encounter issues with any other browser, or are running an
operating system that has reached end of life, we ask that you
switch or upgrade. If you continue to encounter issues, contact Cisco TAC.
Note |
We do not perform extensive testing on this Firepower version
with Apple Safari or Microsoft Edge.
However, Cisco TAC welcomes feedback on issues you encounter.
|
Browser Settings and Extensions
Regardless of browser, you must make sure JavaScript, cookies, and TLS
v1.2 remain enabled.
If you are using Microsoft Internet Explorer 10 or
11:
-
For the Check for newer versions of stored
pages browsing history option, choose
Automatically.
-
Disable the Include local directory path when
uploading files to server custom security
setting
(Internet Explorer 11 only).
-
Enable Compatibility View
for the Firepower web interface IP
address/URL.
Note that some browser extensions can prevent you from saving values in
fields like the certificate and key in PKI objects. These extensions
include, but are not limited to, Grammarly and Whatfix Editor. This
happens because these extensions insert characters (such as HTML) in
the fields, which causes the system to see them invalid. We
recommend you disable these extensions while you’re logged into
Firepower appliances.
Securing Communications
When you first log in to a Firepower web interface, the system uses a
self-signed digital certificate to secure web communications. Your
browser should display an untrusted authority warning, but also
should allow you to add the certificate to the trust store. Although
this will allow you to continue to the Firepower web interface, we
do recommend that you replace the self-signed certificate with a
certificate signed by a globally known or internally trusted
certificate authority (CA).
To begin replacing the self-signed certificate:
-
FMC or 7000/8000
series: Select , then click HTTPS
Certificates.
-
FDM: Click Device, then the link, then the Management
Web Server tab.
For detailed procedures, see the online help or the configuration guide
for your Firepower product.
Note |
If you do not replace the self-signed certificate:
-
Google Chrome does not cache static content, such
as images, CSS, or JavaScript. Especially in low
bandwidth environments, this can extend page load
times.
-
Mozilla Firefox can stop trusting the self-signed
certificate when the browser updates. If this
happens, you can refresh Firefox, keeping in mind
that you will lose some settings; see Mozilla's
Refresh Firefox
support page.
|
Browsing from a Firepower-Monitored Network
Many browsers use
Transport Layer Security (TLS) v1.3 by default. If you are using an
SSL policy to handle encrypted traffic, and people in your monitored
network use browsers with TLS v1.3 enabled, websites that support
TLS v1.3 fail to load. As a workaround, configure your managed
device to remove extension 43 (TLS 1.3) from ClientHello
negotiation.
For more information, see the software advisory titled: Failures loading websites using TLS 1.3
with SSL inspection enabled.