The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
For your convenience, these release notes list the resolved bugs for this version.
 Note |
This list is auto-generated once and is not subsequently updated. Depending on how and when a bug was categorized or updated in our system, it may not appear in the release notes. You should regard the Cisco Bug Search Tool as the 'source of truth.' |
For resolved issues, see:
If you have a support contract, you can use the Cisco Bug Search Tool to obtain an up-to-date list of resolved bugs for Firepower products. You can constrain searches to bugs affecting specific Firepower platforms and versions. You can also search by bug ID, or for specific keywords.
These general queries display resolved bugs for Firepower products running Version 6.2.3:
Sometimes Cisco releases updated builds. In most cases, only the latest build for each platform is available on the Cisco Support & Download site. We strongly recommend you use the latest build. If you downloaded an earlier build, do not use it.
You cannot upgrade from one build to another for the same Firepower version. If a new build would fix your issue, determine if an upgrade or hotfix would work instead. If not, contact Cisco TAC. See the Cisco Firepower Hotfix Release Notes for quicklinks to publicly available Firepower hotfixes.
Use this table to determine if a new build is available for your platform.
| New Build | Released | Platforms: Upgrade | Platforms: Reimage |
Resolves |
|---|---|---|---|---|
|
113 |
2020-06-01 |
FMC/FMCv |
FMC/FMCv |
CSCvr95287: Cisco Firepower Management Center LDAP Authentication Bypass Vulnerability If you are running an earlier build, apply Hotfix DO. |
|
111 |
2019-11-25 |
— |
FTDv: AWS, Azure |
Contact Cisco TAC. |
|
110 |
2019-06-14 |
— |
— |
CSCvn78174: Cisco ASA and Cisco FTD Software TCP Timer Handling Denial of Service Vulnerability |
|
99 |
2018-09-07 |
— |
— |
Contact Cisco TAC. |
|
96 |
2018-07-26 |
— |
— |
Contact Cisco TAC. |
|
92 |
2018-07-05 |
— |
— |
CSCvk06176: SSEConnector is not coming up because of Wrong Executable |
|
88 |
2018-06-11 |
— |
— |
CSCvj13327: Upgrade to 6.2.3 fails at 600_schema/100_update_database.sh - oom killer invoked |
|
85 |
2018-04-09 |
— |
— |
Contact Cisco TAC. |
|
84 |
2018-04-09 |
Firepower 7000/8000 NGIPSv |
— |
CSCvi74560: 6.2.3 does not properly deploy variables in variable sets and causes deploy failure CSCvi74623: 6.2.3 upgrade resets home_net variable to default "any" CSCvi77527: upgrade to 6.2.3 fails with post install database integrity check error |
|
83 |
2018-04-02 |
FTD/FTDv ASA FirePOWER |
FTD: Physical platforms FTDv: VMware, KVM Firepower 7000/8000 ASA FirePOWER NGIPSv |
Contact Cisco TAC. |
| Bug ID | Headline |
|---|---|
|
Not keep URL entries in cache forever. |
|
|
DST for Europe/Istanbul time zone is now on a different date |
|
|
SSL inspection blocks traffic with decryption errors for sites with 3072 bit key RSA certificates |
|
|
Cisco ASA module captive portal redirect gets stuck |
|
|
UserIDs get lost if an error occurs while streaming to the sensor |
|
|
ASA Security Zone cannot be used in Active Authentication identity rules |
|
|
ADISubscriber shuts down before session receive in SFDataCorrelator |
|
|
Firepower Threat Defense / Unable to deploy after restoring a backup |
|
|
SCP Expect during backup to remote server times out and fails |
|
|
Cisco Adaptive Security Appliance Traffic Flow Confidentiality Denial of Service Vulnerability |
|
|
Active/Passive authentication does not work with predefined objects |
|
|
New added management interface does not have "management-only" configuration |
|
|
Policy deployment fails with mode 10 Gbit Full-Duplex for lag interface |
|
|
Traffic capture BPF validation |
|
|
DNS blacklist has an 81 character limit |
|
|
ASA Stops Accepting Anyconnect Sessions/Terminates Connections Right After Successful SSL handshake |
|
|
Policy apply fails due to orphaned database objects |
|
|
Readiness Check option should NOT be enabled for VDB updates |
|
|
False warnings in DB Integrity Check for PlatformSettings object |
|
|
Firepower Threat Defense managed by Management Center- High unmanaged disk usage on /ngfw |
|
|
Policy deploy fails due to inconsistency in Primary Threat Defense device pair in the backend |
|
|
Under rare circumstances captive portal is very slow and even unresponsive |
|
|
Application categories and tags are missing in Version 6.1 or 6.2.1 |
|
|
Search Option does not work for network objects under NAP editor |
|
|
Comparison reports for intrusion policy between two revisions is not working correctly |
|
|
Intermittent error 500 when trying to review an event from the packet view |
|
|
Altering logging settings like disabling syslog causes IPS and File policies to become disabled |
|
|
ASDM:Importing access control policy leads to duplicate objects |
|
|
Custom configuration for SFDataCorrelator should be checked on updates otherwise it may remain down |
|
|
Firepower sensor will not ingest users from ISE using EAP chaining |
|
|
Cisco FireSIGHT System Software Arbitrary Code Execution Vulnerability |
|
|
When SSL decryption is enabled, URL constraints in access control policy are not applied correctly |
|
|
Upgrade from 6.1.0 to 6.1.0.1 failed at 000_start/113_EO_integrity_check.pl |
|
|
ASA traceback at first boot in 5506 due to unable to allocate enough LCMB memory |
|
|
Disk status health monitoring should be disabled for virtual ASA 5500-X series |
|
|
Unable to use objects inside IPS rules |
|
|
Hard-coded query limit needed to prevent QueryEngine and Report Generation failures |
|
|
Firepower Enterprise Objects Missing References Causes Multiple Problems |
|
|
URL cloud lookup has URL category as Uncategorized |
|
|
Access Control Policy does not match condition with URL SI lists for HTTPS traffic |
|
|
possible to have data-interfaces + Firepower Management Center from cli_firstboot wizard |
|
|
Partial match of DNS Queries if DNS Feed or DNS List contains single word entry |
|
|
Deleted objects continue to show up as available to add to variable sets on the Management Center UI |
|
|
SafeSearch-specific codes get hit even if SafeSearch rule is disabled in Firepower Management Center |
|
|
Connections not blacklisted by Security Intelligence due to memory (memcap) issues |
|
|
Unable to change logical name of interface and add sub-interface |
|
|
Document details on what synchronizes between Firepower Management Centers in High Availabilty |
|
|
SMTP traffic prematurely reaching SafeSearch engine rule. |
|
|
Ping traffic is dropped for 1 minute during high availability switchover |
|
|
Failure on deleting port object used in manual NAT rule |
|
|
Policy deployment failing on AWS Firepower Management Center |
|
|
Restore from backup fails when clock is behind on restore device |
|
|
Firepower Management Center does not show any network discovery data when using security zones |
|
|
URL Database Updates Use IP for Proxy Connection in HTTP Header |
|
|
SCALE : Avoid queueing Sync Sybase to MySQL task if similar PENDING task already there |
|
|
not allowed to choose Firepower Threat Defense as Secondary Peer during High Availability creation |
|
|
Internal error message while loading access control policy in Japanese environment |
|
|
Deploy policy tab failed to populate the device list from Firepower Management Center |
|
|
Threat Defence Platform Settings Policy does not check the NTP input value properly |
|
|
Policy apply failed at "FINALIZE" prevents future policy apply from succeeding |
|
|
User logins with double byte characters are not recorded on Firepower Management Center correctly |
|
|
Can't export if intrusion policy inherits intrusion layer from parent domain |
|
|
Threat Defense ICMP platform settings security zones with multiple interfaces not handled properly |
|
|
DNS policy generates DNS responses for already generated responses, if it is seen over the wire |
|
|
Firepower Threat Defense pair: Snort is dropping traffic inspite of having a trust rule. |
|
|
For NGFW rules processing, always use first packet of flow to determine initiator direction |
|
|
Sites with large certificate not loading with SSL policy turned on even with "Do not decrypt" action |
|
|
Upgrade framework needs to review onbox scripts NEVER_SKIP |
|
|
Cisco Adaptive Security Appliance Application Layer Protocol Inspection DoS Vulnerabilities |
|
|
DB query does not terminate when upgrade to 6.2.1 fails |
|
|
Intrusion policy rule filter is not working properly |
|
|
ASA/Threat Defense traceback when clearing capture-assertion "0" failed: mps_hash_table_debug.c file |
|
|
Capturing asp-drop causes unexpected ASA failure |
|
|
Cannot install new https certificate |
|
|
Don't restore Primary Firepower Management Center backup to secondary |
|
|
high availability break/Config Deployment fails on 2100 platforms when in secondary is Active |
|
|
User Identity count tracking may be incorrect |
|
|
Dashboard Drilldown Does Not Match Top Level Report |
|
|
Traceback and reload in thread name: sfr-vpn-status-watcher when unit takes active role |
|
|
Time window setting for Connection events gets reset to different range |
|
|
vFMC getting logged out for "An unauthorized action has been detected" after some idle time |
|
|
Error generating report preview for Vulnerabilities section |
|
|
After adding a secondary Firepower Threat Defense to cluster, deploy can fail |
|
|
Security Intelligence category may be incorrect in alert response from correlation policy |
|
|
Device stuck at HA state progression failed due to App sync issue on QP FTD HA pair |
|
|
Sync hostname to ASA when device is managed by Firepower Management Center/no manager |
|
|
Connection events are not generated for unmonitored hosts in ND rules |
|
|
Adding Port Group Object to Extended Access Control Entry causes ERROR: Invalid Protocol |
|
|
FMC: Ownership of sydb.out changes to root and prevents vmsDbEngine/dbsrv16 to start |
|
|
Firepower Threat Defense Security Intelligence DNS memcap exceeded health alert |
|
|
Copying Realm and replacing users in SSL policy criteria corrupts policy |
|
|
Unable to view access control policy with the error "End value is less than start value" |
|
|
Install 6.2.2-1290 on an ASA with Firepower Services-- ASA fails unexpectedly. |
|
|
Deployment failure if group policy is unassigned from connection profile and deleted in advanced tab |
|
|
High memory usage of ids_event_processor/ids_event_alerter when threshold.conf file is not pruned |
|
|
Core seen while running snort restart automated regression suite for more than 14 hours. |
|
|
high availability progression failed for secondary when pair is rebooted due to App-sync failure |
|
|
"no capture <name> stop" doesn't change capture status from Stopped |
|
|
Security Analyst User Role not permitted to download file from malware event |
|
|
Add state-checking options on H323 policy inspect map |
|
|
access control rules and Categories duplication on Firepower Management Center UI |
|
|
Disable Intrusion Policy controls on Default action in Access Policy Page |
|
|
DNS Flexconfig removed after enabling LDAPS on Firepower 2120 device |
|
|
Cannot re-register Firepower 9300 cluster to a different Firepower Management Center |
|
|
Snort install silently fails and automatic deploy after Snort is installed is skipped |
|
|
Elektra Registration failures due to RPC call failures |
|
|
Firepower Management Center DB corruption name mismatch |
|
|
ERROR on Firepower Threat Defense device: Captive-portal port not available. Try again |
|
|
Deployment Failing on high availability pair due to Cluster Hold Request Timed Out by ASA |
|
|
updates to local URL filtering database and/or cloud dispositions need to supersede cached data |
|
|
Having custom "End Time" in "Intrusion Events" Analysis returns a blank page with no events |
|
|
OSPF Redistribution command not getting deleted on Firepower Threat Defense device |
|
|
Monitor rule does not log large sessions (such as file transfers) |
|
|
Unable to assign FQDN for hostname in Certificate Signing Request |
|
|
Log appropriate message if SFDataCorrelator exits during startup due to empty VDB tables |
|
|
re-registration failed due to stale entry in ID_MAPPING table post device delete |
|
|
Smart License registration failures when Proxy Authentication is configured on Management Center |
|
|
Firepower Intrusion rule UI policy deploy fails when threshold seconds of rules set to 00, 08, 09 |
|
|
Deployment failed with 'ERROR: Trustpoint not enrolled' |
|
|
FTD HA - both devices go into unknown state when HA break is performed |
|
|
Custom Fingerprint GUI offers "Defense Center" instead of "Firepower Management Center" option |
|
|
syncd uses high memory and exits when loading firewall_rule_cache table |
|
|
IP address for 10G interfaces cannot be changed from GUI. |
|
|
Invalid certificate error seen when internal CA is used for SSL Decrypt-Resign rule |
|
|
Management Center: Interface "mac-address-table" command not sent to the Firepower Threat Defense |
|
|
FDM pre-shared key changed to random value after upgrade |
|
|
Large user/group tables due to duplicated entries when group names are not ASCII |
|
|
FMC policy deployment slows down due to multiple failed attempts by Snort to load SI data |
|
|
Micro-Engine failure due to TCAM leads to bb-heath not generating auto-troubleshoot. |
|
|
Add captive_portal.log to logrotate.d |
|
|
Cisco Firepower Threat Defense Software Policy Bypass Vulnerability |
|
|
Identified Vulnerabilities associated with the CVEs from Oracle MySQL Patch Updates |
|
|
Parts of Firepower Management Center GUI not loading in Firefox 56 |
|
|
ASA panic/crash spin_lock_fair_mode_enqueue: Lock (mps_shash_bucket_t) is held for a long time |
|
|
FTW inline interfaces do not go into hardware bypass during Firepower 4100 Series |
|
|
6.2.3 Snort configuration validation failed due to ERROR: SMTP: Could not allocate SMTP mempool. |
|
|
Applying large access control policy fails on AWS - 6.2.2.1 |
|
|
Network Object - getting 'missing entry' while trying to delete an existing object |
|
|
Daily Change reconciliation report lacks details and users on Firepower 6.2.2 |
|
|
When IPSec is enabled, high availability goes in Active-Failed state |
|
|
FlexConfig - System variable should contain subinterface ID |
|
|
more than one default route with same metric allows on Threat Defense device's routing table |
|
|
6.1-6.2.3 upgrade: FTD upgrade failed with /ngfw/var/lib/mysql/sfsnort: not accessible error |
|
|
Migrated access control policy deploy fails since it has FQDN objects |
|
|
Deployment to high availability pair successful on active unit; standby unit will be updated message |
|
|
Upgrade failure from 6.2.0 -> 6.2.3-10646 on FDM |
|
|
Nested entities not deleted when deploying an object |
|
|
Firepower Management Center not displaying Firepower Threat Defense cluster names correctly |
|
|
URL filter matching fails - Two SSL Certificate CNs Concatenated |
|
|
Lower-than-expected 256 byte block count with fast-path pre-filter SSL policy |
|
|
Cisco FMC and Firepower System Software SF Tunnel Control Channel Command Execution Vulnerability |
|
|
Not able to create RA VPN after removing DfltGrpPolicy |
|
|
With verbose SSL logging enabled, logs can consume all available disk space |
|
|
Firepower Threat Defense high availability policy deploy fails with Found more than one NGFW Policy |
|
|
9300 pair NGFWs in inlineIPS mode do not trigger SNAP packet updates with proper VLAN tags |
|
|
Multiple Vulnerabilities in Apache tomcat |
|
|
Report generated from access control policy using object group in sub-domain is blank/0 bytes |
|
|
Deployment fails when Secondary-Active Primary-Disabled (by doing suspend operation in device) |
|
|
Deployement failed due to "Snort validation failed due to Unable to open rules file snort.conf file" |
|
|
Not all the syslog messages on Firepower Threat Defense are available for editing |
|
|
Sysopt permit-vpn behavior change to prevent unintended clear-text traffic |
|
|
Memory calculation in Snort incorrect for Firepower Threat Defense devices |
|
|
sysopt connection tcpmss 0 not removed after removing jumboframe |
|
|
Malware correlation rule is missing Device condition |
|
|
ASA/FTD device needs to be rebooted after adding Base license with export-controlled function |
|
|
SSL Cache missing session info leading to ERR_SSL_PROTOCOL_ERROR in the browser for SSL websites |
|
|
MASTER_KEY_INVALID flow error on FMC shown when having DND on few websites |
|
|
Repeated SFDaco crashes if current_user_ip_map references invalid realm, somehow caused by RA-VPN? |
|
|
Deployment failed in policy and object collection |
|
|
Init Process Respawning on FMCv/FTDv/NGIPSv |
|
|
Traffic not hitting the access control rule which has deprecated Application in it |
|
|
Smart call home does not work properly with HTTP Proxy, when Authentication is turned on |
|
|
After breaking Firepower Threat Defense high availability pair, policy deploy fails |
|
|
Change Reconciliation Report not generated after upgrade |
|
|
Unable to disable certain VPN related Syslog IDs from Management Center (like 402114 or 402119) |
|
|
Blocks of size 80 leak observed when IRB is used in conjunction with multicast traffic |
|
|
Dashboard custom analysis flow_chunk queries block event processing for hours |
|
|
Deployment on a healthy KP HA pair failed with message "ssp_ha_state_improper" |
|
|
Security Intelligence Connection Events showing '0' for Initiator User |
|
|
Customer Success Network fails after upgrade of high-availability Firepower Management Centers |
|
|
Management Center REST API - Threat Defense pairare not reported as targets on GET policyassignments |
|
|
Cluster-Hold-Abort and Cluster-Hold-Timeout during policy deployment not handled correctly |
|
|
[ERROR] Failed to init octeon -- FATAL ERROR: Can't initialize DAQ oct_ssl (-1) |
|
|
An ASA may Traceback and reload when processing traffic |
|
|
Cisco Firepower Management Center Command Injection Vulnerability |
|
|
NAT policy assignment by device group does not update UI after moving device to different group |
|
|
Firepower Threat Defense Cluster Registration with Group may fail |
|
|
Cannot remove "management-access" configuration via flexconfig |
|
|
Need to update docs that Firepower Threat Defense in cluster mode does not support Remote Access VPN |
|
|
Rule parsing error was ignored in 602_log_package.pl.log during Snort update |
|
|
policy deployment fails with QoS policy on firewall rulechecker |
|
|
Firepower Threat Defense Traffic Zone Member Causes Traffic Interruption |
|
|
ASA may traceback and reload in Thread Name: fover_rep during conn replication |
|
|
User/Group Download fails when an Included Group is missing from the AD Server |
|
|
Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability |
|
|
Cisco Adaptive Security Appliance Application Layer Protocol Inspection DoS Vulnerabilities |
|
|
custom user role unable to generate CSV reports without "health" privileges enabled |
|
|
Cannot modify an access control rules / "An internal error occurred" error |
|
|
blank space must be remove at the end of device name - cannot find events |
|
|
SFDataCorrelator core in deserialization of corrupt flow event |
|
|
Firepower Management Center allows wrong NAT rule when switching policy from Static to Dynamic |
|
|
Firepower Management Center allows deleting Interface Object being used in SLA monitor object |
|
|
Firepower Management Center Data purge causes managed sensor to wipe out user sessions upon reboot |
|
|
Cisco FireSIGHT System VPN Policy Bypass Vulnerability |
|
|
Malware.exe getting downloaded in the first try bypassing file detection due to unknown app-id |
|
|
Access control policy deployment failing when object description contains "?" character |
|
|
Policy deploy fails if SSL Policy has deprecated AppDetector |
|
|
SFDataCorrelator cores when reading invalid fingerprint type from database |
|
|
Deployment fails after S2S/RA VPN is deleted/unassigned following some edits and testing on it. |
|
|
Notifications about pruned events contains invalid date/time (Thu Jan 1 00:00:01 1970) |
|
|
ASA standby stuck in Bulk-Sync state with high CPS traffics on active |
|
|
ASA/FTD traceback in threadname CP Processing |
|
|
Policy deployment failing due to incomplete copying of deployment package |
|
|
Management Center doesn't allow site to site tunnel with both IPv4 and IPv6 protected networks |
|
|
Creation of two S2S VPN topologies with the same endpoints (nodes) leads to unpredictable results |
|
|
Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability |
|
|
On 8000 series stack, with "Maint on sec fail" setting enabled, stack health is in compromised state |
|
|
SFDataCorrelator/SFDCNotificationd connection log spam after expiring many hosts |
|
|
Documentation and logs specify Firepower remote storage via SSH uses SCP, when it actually uses SFTP |
|
|
Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability |
|
|
SSL errors on session resume when server IP address changes |
|
|
Firepower 2100 process_stderr.log getting flooded with errors causing /ngfw high disk |
|
|
Phase-1 solution for momentary traffic drop during ASA policy apply rollback tracked w/ CSCvc56570 |
|
|
ASA interface IP and subnet mask changes to 0.0.0.0 0.0.0.0 causing outage of services on interface |
|
|
Cisco FireSIGHT System URL-based Access Control Policy Bypass Vulnerability |
|
|
ssl inspection can be limited by a "do not decrypt" rule specifying one or more common names |
|
|
ids_event_alerter core when processing connection events |
|
|
Cisco Firepower Threat Defense SSL Engine High CPU Denial Of Service Vulnerability |
|
|
AQ task selection ignores few groups when large no of groups present causing 8 hr delays in deploy |
|
|
Failing to deploy after adding a URL literal from REST API |
|
|
Policy deployment failure due to Invalid preprocessor normalize_tcp option 'ftp' |
|
|
Cisco Adaptive Security Appliance Application Layer Protocol Inspection DoS Vulnerabilities |
|
|
SSL FLow Errors reported when accessing ECDSA signed websites |
|
|
Using the "match" keyword in capture command causes IPv6 traffic to be ignored in capture |
|
|
unable to render any of monitoring screens in any browser |
|
|
ssl inspection cache can become unbalanced, leading to premature removal of recently used items |
|
|
KP traceback illegal memory access inside a vendor Modular Exponentiation implementation |
|
|
ASA/FTD Deployment ERROR 'Management interface is not allowed as Data is in use by this instance' |
|
|
Data interfaces on Firepower devices shut down on upgrade failure, causing management interruptions |
|
|
Access control policy not able to be edited or deployed after upgrade to Version 6.2.2.1 |
|
|
Policy deployment failed on multiple devices because of large size of policy deployment DB |
|
|
FTD:Deployment takes lot of time when node in cluster is down/unreachable from FMC |
|
|
Traffic outage while downloading large number of users and groups |
|
|
Static Route:Proper Interface is not being assigned while configuring the route, causing problem. |
|
|
Port-channel's subinterfaces share same MAC address on both unit of Threat Defense pair |
|
|
After an upgrade the Firepower 4100 hostname is different than SFCLI hostname |
|
|
"ha-replace" action not working when peer not present |
|
|
6.2.3 Upgrade Resume Fails on KP-Onbox at 200_pre/600_ftd_onbox_data_export.sh |
|
|
Firepower 2100 Incorrect reply for SNMP get request 1.3.6.1.2.1.1.2.0 |
|
|
6.2.3 does not properly deploy variables in variable sets and causes deploy failure |
|
|
6.2.3 upgrade resets home_net variable to default "any" |
|
|
upgrade to 6.2.3 fails with post install database integrity check error |
|
|
Add warning to configure manager delete/add command |
|
|
CD state incorrect if failover happens during snort policy application on Active FTD |
|
|
Cisco Firepower 2100 Series POODLE TLS security scanner alerts |
|
|
ASA may traceback and reload with combination of packet-tracer and captures |
|
|
Traceback at snmp address not mapped when snmp-server not enabled |
|
|
Upgrade to 6.2.3 fails at 600_schema/100_update_database.sh - oom killer invoked |
|
|
FTD: Flow-preserve N1 flag shouldn't apply for IPS interfaces |
|
|
ASA traceback in Thread Name: DATAPATH-14-17303 |
|
|
"clear capture /all" might crash |
|
|
Doc: Table 1 has incorrect information on Configuration Guide Version 6.2.3 |
|
|
Multicast dropped after deleting a security context |
|
|
Cisco Firepower 2100 Series Security Appliances Denial of Service Vulnerability |
|
|
Excessive logging from ftdrpcd process on 2100 series appliances |
|
|
FTD does not send Marker for End-of-RIB after a BGP Graceful Restart |
|
|
Traceback at "ssh" when executing 'show service-policy inspect gtp pdp-context detail' |
|
|
Deployment changes are not pushed to the device due to disk0 mounted on read-only |
|
|
Packet capture fails for interface named "management" on Firepower Threat Defense |
|
|
Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability |
|
|
Linux Kernel cdrom_ioctl_media_changed Function Kernel Memory Read Vul |
|
|
Doc: Procedure of changing FTD management IP address should be corrected. |
|
|
ASA/Lina HA failover interface testing rendering control channel unresponsive |
|
|
"show memory binsize" and "show memory top-usage" do not show correct information (Complete fix) |
|
|
Flows get stuck in lina conn table in half-closed state |
|
|
webvpn: Bookmark fails to render on Firefox and Chrome. IE fine. |
|
|
Active FTP Data transfers fail with FTP inspection and NAT |
|
|
Enabling compression necessary to load ASA SSLVPN login page customization |
|
|
Traceback loop seen on fresh ASAv Azure, KVM and VMWare deployments |
|
|
Large ACL taking long time to compile on boot causing outage |
|
|
ASAv and FTDv deployment fails in Microsoft Azure and/or slow console response |
|
|
KVM (FTD): Mapping web server through outside not working consistent with other platforms |
|
|
Cisco ASA and FTD TCP Proxy Denial of Service Vulnerability |
|
|
ASA cluster: Traffic loop on CCL with NAT and high traffic |
|
|
Flow offload for UDP/TCP traffic is not working |
|
|
AnyConnect 4.6 Web-deploy fails on MAC using Safari 11.1.x browsers |
|
|
FTD IPV6 traffic outage after interface edit and deployment part 1/2 |
|
|
Low DMA memory leading to VPN failures due to incorrect crypto maps |
|
|
Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability |
|
|
FTD or ASA traceback and reload in "Thread Name: Logger Page fault: Address not mapped" |
|
|
RDP bookmark plugin won't launch |
|
|
ASA: Memory leak due to PC cssls_get_crypto_ctxt |
|
|
FTD Lina traceback while removing OSPF configuration. |
|
|
OpenSSH Bailout Delaying User Enumeration Vulnerability |
|
|
Not blocking EICAR files through HTTPS connection with SSL policy in place |
|
|
Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability |
|
|
IKEv2: IKEv2-PROTO-2: Failed to allocate PSH from platform |
|
|
tcp proxy: ASA traceback on DATAPATH |
|
|
Cisco ASA Software and FTD Software MOBIKE Denial of Service Vulnerability |
|
|
FTD Cluster in transparent mode; Inline set: FTP/SCP flows get stalled and never recover. |
|
|
FTD traceback and reload in snap_get_retaddr_mips at snap.h:285 |
|
|
FMC does not update time and display events when using sliding time window option for event analysis |
|
|
FTD device rebooted after taking Active State for less than 5 minutes |
|
|
ASA/FTD Connection Idle Timers Not Increasing For Inactive Offloaded Sessions |
|
|
FTD: Need ability to trust ethertype ACLs from the parser. Need to allow BPDU to pass through |
|
|
SNMPv2 pulls empty ifHCInOctets value if Nameif is configured on the interface |
|
|
Computing Processor PortSmash Side-Channel Information Disclosure Vuln |
|
|
Standby node traceback in wccp_int_statechange() with HA configuration sync |
|
|
overloading of the lina msglyr infra due to the sending of VPN status messages |
|
|
Port group objects not listed while creating extended access list ( FMC GUI ) |
|
|
selective acking not happening with SSL crypto hardware offload |
|
|
ASA traceback and reload due to multiple threads waiting for the same lock - watchdog |
|
|
Add troubleshooting for VPN Client Assignment |
|
|
IPsec VPN goes down intermittently during a re-key |
|
|
Firepower:when deplopy policy, device list is empty with error message "failed to fetch device list" |
|
|
Cisco ASA and Cisco FTD Software TCP Timer Handling Denial of Service Vulnerability |
|
|
Control-plane ACL doesn't work correctly on FTD |
|
|
Deployment on FTD with low memory results on interface nameif to be removed - finetune mmap thresh |
|
|
Cisco ASA Software and FTD Software IKEv1 Denial of Service Vulnerability |
|
|
ASA: EIGRP neighborship formation delayed after failover due to delay in sending out Hello packet |
|
|
Traceback at Thread Name: IP Address Assign |
|
|
FMC shows connection events with packet count as 0 |
|
|
FTD Lina traceback, due to packet looping in the system by normaliser |
|
|
VPN sessions failing due to PKI handles not freed during rekeys |
|
|
Lina does not properly report the error for configuration line that is too long |
|
|
ASA or FTD traceback and reload due to failover state change or xlates cleared |
|
|
Enhancement to address high IKE CPU seen due to tunnel replace scenario |
|
|
ASA Traceback and reload while running IKE Debug |
|
|
management-only of diagnostic I/F on secondary FTD get disappeared |
|
|
Do not decrypt rule causes traffic interruptions. |
|
|
FTD inline/transparent sends packets back through the ingress interface |
|
|
LACPDUs should not be sent to snort for inline-set interfaces |
|
|
ASA traceback and reload observed in Datapath due to SIP inspection. |
|
|
ASA: Watchdog traceback in Datapath |
|
|
FTD lina cored with Thread name: cli_xml_server |
|
|
Random SGT tags added by FTD |
|
|
FTD Lina traceback -Thread Name: cli_xml_server |
|
|
FDM Error: There were some connectivity problems while loading archived backups. |
|
|
Cisco ASA & FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability |
|
|
FP9300 Cluster - Master unit does not update all the route changes to slaves |
|
|
Traceback while Reverting the primary system as active |
|
|
Upgrade times out after 1 hour for slow FMC-to-sensor bandwidth |
|
|
FTD traceback due to watchdog on xlate_detach |
|
|
Flows are getting offloaded on inline-sets |
|
|
Fail-Closed FTD passes packets through on Snort processes down |
|
|
LINA traceback on ASA in HA Active Unit repeatedly |
|
|
FP9300 Cluster - Master unit does not update all the route changes to slaves |
|
|
ASA/FTD HA Data Interface Heartbeat dropped due to Reverse Path Check |
|
|
ASA Failover split brain (both units active) after rebooting a Firepower chassis |
|
|
ASA/Lina Traceback related to TLS/VPN |
|
|
Memory leak observed when ASA-SFR dataplane communication flaps |
|
|
FTD/ASA : Traceback in Datapath with assert snp_tcp_intercept_assert_disabled |
|
|
WRL6 and WRL8 commit-id update in CCM Layer (sprint 65) |
|
|
FPR2100 FTD Standby unit leaking 9K blocks |
|
|
Management interface configuration leads to immediate traceback and reload |
|
|
FQDN ACL entries incomplete due to DNS response from server is large and truncated |
|
|
Cannot add neighbor in BGP when the neighbor is on the same subnet as one interface |
|
|
WRL6 and WRL8 commit id update in CCM layer (sprint 67) |
|
|
Mac address flap on switch with wrong packet injected on ingress FTD interface |
|
|
Cisco ASA & FTD devices may reload under conditions of low memory and frequent complete MIB walks |
|
|
FTD/LINA Standby may traceback and reload during logging command replication from Active |
|
|
App-sync failure if unit tries to join HA during policy deployment |
|
|
Unable to auto-rejoin FTD cluster |
|
|
Lina traceback when changing device mode of FTD |
|
|
Clustering module needs to skip the hardware clock update to avoid the timeout error and clock jump |
|
|
NAT policy configuration range limit to be imposed for non service cmds as well |
|
|
ASA/FTD Tunneled Static Routes are Ignored by Suboptimal Lookup if Float-Conn is Enabled |
|
|
FP41xx incorrect interface applied in ASA capture |
|
|
WR6 and WR8 commit id update in CCM layer(sprint 77) |
|
|
Flow offload not working with combination of FTD 6.2(3.10) and FXOS 2.6(1.169) |
|
|
sctp-state-bypass is not getting invoked for inline FTD |
Feedback