Cisco Secure Firewall Threat Defense Release Notes
This document contains release information for:
-
Cisco Secure Firewall Threat Defense
-
Cisco Secure Firewall Management Center (on-prem)
-
Cisco Secure Firewall Device Manager
For cloud deployments, see the Cisco Cloud-delivered Firewall Management Center Release Notes or What's New for Security Cloud Control Firewall Management.
Release Dates
Version |
Build |
Date |
Platforms |
---|---|---|---|
7.4.2.3 |
4 |
2025-06-17 |
All |
7.4.2.2 |
28 |
2025-03-03 |
All |
7.4.2.1 |
30 |
2024-10-09 |
All |
7.4.2 |
172 |
2024-07-31 |
All |
7.4.1.1 |
12 |
2024-04-15 |
All |
7.4.1 |
172 |
2023-12-13 |
All |
7.4.0 |
81 |
2023-09-07 |
Firewall Management Center Secure Firewall 4200 series |
Compatibility
Before you upgrade or reimage, make sure the target version is compatible with your deployment. If you cannot upgrade or reimage due to incompatibility, contact your Cisco representative or partner contact for refresh information.
For compatibility information, see:
Features
For features in earlier releases, see Cisco Secure Firewall Management Center New Features by Release and Cisco Secure Firewall Device Manager New Features by Release.
Upgrade Impact
A feature has upgrade impact if upgrading and deploying can cause the system to process traffic or otherwise act differently without any other action on your part. This is especially common with new threat detection and application identification capabilities. A feature can also have upgrade impact if upgrading requires that you take action before or after upgrade to avoid an undesirable outcome; for example, if you must change a configuration.
The feature descriptions here include upgrade impact where appropriate. For a more complete list of features with upgrade impact by version, see Upgrade Impact Features.
Features in Maintenance Releases
Features, enhancements, and critical fixes included in maintenance releases (third-digit) and patches (fourth-digit) can skip future releases, depending on release date, release type (short term vs. long term), and other factors. Minimize upgrade and other impact by going directly to the latest maintenance release in your chosen version. See Choosing your upgrade target.
If you are using the web interface in a language other than English, features introduced in maintenance releases and patches may not be translated until the next major release.
Snort Features
Snort 3 is the default inspection engine for Firewall Threat Defense. Snort 3 features for Firewall Management Center deployments also apply to Firewall Device Manager, even if they are not listed as new Firewall Device Manager features. However, keep in mind that the Firewall Management Center may offer more configurable options than Firewall Device Manager.
![]() Important |
Snort 2 is deprecated in Version 7.7+, and prevents Firewall Threat Defense upgrade. If you are still using Snort 2 on older devices, switch to Snort 3 for improved detection and performance. |
Intrusion Rules and Keywords
Upgrades can import and auto-enable new and updated intrusion rules and preprocessor rules, modified states for existing rules, and modified default intrusion policy settings. If a newer intrusion rule uses keywords that are not supported in your current version, that rule is not imported when you update the SRU/LSP. After you upgrade and those keywords become supported, the new intrusion rules are imported and, depending on your IPS configuration, can become auto-enabled and thus start generating events and affecting traffic flow.
For details on new keywords, see the Snort release notes: https://www.snort.org/downloads.
FlexConfig
Upgrades can add web interface or Smart CLI support for features that previously required FlexConfig. Although you cannot newly assign or create FlexConfig objects using deprecated commands, in most cases existing FlexConfigs continue to work and you can still deploy. However, sometimes, using deprecated commands can cause deployment issues. The upgrade does not convert FlexConfigs. After upgrade, configure the newly supported features in the web interface or Smart CLI. When you are satisfied with the new configuration, delete the deprecated FlexConfigs.
The feature descriptions here include information on deprecated FlexConfigs when appropriate. For a full list of deprecated FlexConfigs, see your configuration guide.
Integrations and Logging
These integrations and logging facilities may have new features associated with threat defense and management center releases:
-
Syslog: Cisco Secure Firewall Threat Defense Syslog Messages
-
Cisco Success Network: Cisco Success Network Telemetry Data Collected from Cisco Secure Firewall Management Center
-
REST API: Secure Firewall Management Center REST API Quick Start Guide and Cisco Secure Firewall Threat Defense REST API Guide
Management Center Features in Version 7.4.2
Feature |
Minimum Management Center |
Minimum Threat Defense |
Details |
---|---|---|---|
Features from Earlier Maintenance Releases |
|||
Features from earlier maintenance releases. |
Feature dependent |
Feature dependent |
Version 7.4.2 also has: |
Platform |
|||
Firewall Management Center Virtual 300 for Azure. |
7.4.2 7.6.0 |
Any |
We introduced the Firewall Management Center Virtual 300 for Azure. It can manage up to 300 devices, and high availability is supported. Migration from the FMCv25 for Azure is also supported. See: Cisco Secure Firewall Management Center Virtual Getting Started Guide and Cisco Secure Firewall Management Center Model Migration Guide |
High Availability: Management Center |
|||
High availability for Firewall Management Center Virtual for Azure. |
7.4.2 7.6.0 |
Any |
We now support high availability for Firewall Management Center Virtual for Azure. In a Firewall Threat Defense deployment, you need two identically licensed Firewall Management Centers, as well as one Firewall Threat Defense entitlement for each managed device. For example, to manage 10 devices with an FMCv10 high availability pair, you need two FMCv10 entitlements and 10 Firewall Threat Defense entitlements. If you are managing Version 7.0.x Classic devices only (NGIPSv or ASA FirePOWER), you do not need FMCv entitlements. Platform restrictions: Not supported with FMCv2 See: Cisco Secure Firewall Management Center Virtual Getting Started Guide and High Availability |
Management Center Features in Version 7.4.1
Feature |
Minimum Management Center |
Minimum Threat Defense |
Details |
---|---|---|---|
Features from Earlier Maintenance Releases |
|||
Features from earlier maintenance releases. |
Feature dependent |
Feature dependent |
Version 7.4.1 also has:
|
Platform |
|||
Network modules for the Secure Firewall 3130 and 3140. |
7.4.1 |
7.4.1 |
The Secure Firewall 3130 and 3140 now support these network modules:
See: Cisco Secure Firewall 3110, 3120, 3130, and 3140 Hardware Installation Guide |
Optical transceivers for Firepower 9300 network modules. |
7.4.1 |
7.4.1 |
The Firepower 9300 now supports these optical transceivers:
On these network modules:
|
Performance profile support for the Secure Firewall 3100. |
7.4.1 |
7.4.1 |
The performance profile settings available in the platform settings policy now apply to the Secure Firewall 3100. Previously, this feature was supported on the Firepower 4100/9300, the Secure Firewall 4200, and on Firewall Threat Defense Virtual. See: Platform Settings |
Interfaces |
|||
Deploy without the diagnostic interface on Firewall Threat Defense Virtual for Azure and GCP. |
7.4.1 |
7.4.1 |
You can now deploy without the diagnostic interface on Firewall Threat Defense Virtual for Azure and GCP. Previously, we required one management, one diagnostic, and at least two data interfaces. New interface requirements are:
Restrictions: This feature is supported for new deployments only. It is not supported for upgraded devices. See: Cisco Secure Firewall Threat Defense Virtual Getting Started Guide |
Device Management |
|||
Inspect and protect traffic through an Azure Virtual WAN hub. |
7.4.1 |
7.4.1 |
You can now use Firewall Threat Defense Virtual for Azure to inspect and protect traffic through a Microsoft Azure Virtual WAN hub. This integration allows you to consistently and easily apply security policies and configurations across all spokes in the hub, and to leverage built-in scalability and load balancer capabilities for optimal performance. See: Cisco Secure Firewall Threat Defense Virtual Getting Started Guide |
Device management services supported on user-defined VRF interfaces. |
7.4.1 |
Any |
Device management services configured in the Firewall Threat Defense platform settings (NetFlow, SSH access, SNMP hosts, syslog servers) are now supported on user-defined Virtual Routing and Forwarding (VRF) interfaces. Platform restrictions: Not supported with container instances or clustered devices. See: Platform Settings |
High Availability/Scalability: Firewall Threat Defense |
|||
Multi-instance mode for the Secure Firewall 3100. |
7.4.1 |
7.4.1 |
You can deploy the Secure Firewall 3100 as a single device (appliance mode) or as multiple container instances (multi-instance mode). In multi-instance mode, you can deploy multiple container instances on a single chassis that act as completely independent devices. Note that in multi-instance mode, you upgrade the operating system and the firmware (chassis upgrade) separately from the container instances (Firewall Threat Defense upgrade). New/modified screens: New/modified Firewall Threat Defense CLI commands: configure multi-instance network ipv4 , configure multi-instance network ipv6 New/modified FXOS CLI commands: create device-manager , set deploymode Platform restrictions: Not supported on the Secure Firewall 3105. See: Multi-Instance Mode for the Secure Firewall 3100 and Cisco Secure Firewall Threat Defense Upgrade Guide for Management Center |
16-node clusters for Firewall Threat Defense Virtual for VMware and KVM. |
7.4.1 |
7.4.1 |
You can now configure 16-node clusters for Firewall Threat Defense Virtual for VMware and Firewall Threat Defense Virtual for KVM. See: Clustering for Threat Defense Virtual in a Private Cloud |
Target failover for clustered Firewall Threat Defense Virtualdevices for AWS. |
7.4.1 |
7.4.1 |
You can now configure target failover for clustered Firewall Threat Defense Virtual for AWS using the AWS Gateway Load Balancer (GWLB). Platform restrictions: Not available with five and ten-device licenses. See: Clustering for Threat Defense Virtual in a Public Cloud |
Detect configuration mismatches in Firewall Threat Defense high availability pairs. |
7.4.1 |
7.4.1 |
You can now use the CLI to detect configuration mismatches in Firewall Threat Defense high availability pairs. New/modified CLI commands: show failover config-sync error , show failover config-sync stats See: High Availability and Cisco Secure Firewall Threat Defense Command Reference |
High Availability: Management Center |
|||
Management center high availability synchronization enhancements. |
7.4.1 |
Any |
Management center high availability (HA) includes the following synchronization enhancements:
New/modified screens: You can view these alerts on the following screens:
See: High Availability |
SD-WAN |
|||
Application monitoring on the SD-WAN Summary dashboard. |
7.4.1 |
7.4.1 |
You can now monitor WAN interface application performance on the SD-WAN Summary dashboard. New/modified screens: |
VPN |
|||
IPsec flow offload on the VTI loopback interface for the Secure Firewall 3100. |
7.4.1 |
7.4.1 |
Upgrade impact. Qualifying connections start being offloaded. On the Secure Firewall 3100, qualifying IPsec connections through the VTI loopback interface are now offloaded by default. Previously, this feature was only supported on physical interfaces. This feature is automatically enabled by the upgrade. You can change the configuration using FlexConfig and the flow-offload-ipsec command. See: VPN Overview |
Crypto debugging enhancements for the Secure Firewall 3100 and Firepower 4100/9300. |
7.4.1 |
7.4.1 |
The crypto debugging enhancements introduced in Version 7.4.0 now apply to the Secure Firewall 3100 and the Firepower 4100/9300. Previously, they were only supported on the Secure Firewall 4200. See: Decryption Rules |
View details of the VTIs in route-based VPNs. |
7.4.1 |
Any |
You can now view the details of route-based VPNs' virtual tunnel interfaces (VTI) on your managed devices. You can also view details of all the dynamically created virtual access interfaces of the dynamic VTIs. New/modified screens: Device > Device Management > Edit a device > Interfaces > Virtual Tunnels tab. See: Site-to-Site VPNs |
Routing |
|||
Configure BFD routing on IS-IS interfaces with FlexConfig. |
7.4.1 |
7.4.1 |
You can now use FlexConfig to configure Bidirectional Forwarding Detection (BFD) routing on physical, subinterface, and EtherChannel IS-IS interfaces. |
Access Control: Threat Detection and Application Identification |
|||
Zero trust access enhancements. |
7.4.1 |
7.4.1 with Snort 3 |
Management center now includes the following zero trust access enhancements:
New/modified screens: New/modified CLI commands: show running-config zero-trust , show zero-trust statistics |
CIP detection. |
7.4.1 |
7.4.1 with Snort 3 |
You can now detect and handle Common Industrial Protocol (CIP) by using CIP and Ethernet/IP (ENIP) application conditions in your security policies. See: Access Control Rules |
CIP safety detection. |
7.4.1 |
7.4.1 with Snort 3 |
CIP Safety is a CIP extension that enables the safe operation of industrial automation applications. The CIP inspector can now detect the CIP Safety segments in the CIP traffic. To detect and take action on the CIP Safety segments, enable the CIP inspector in the Firewall Management Center's network Analysis policy and assign it to an access control policy. New/modified screens: Policies > Access Control > Edit a policy > Add Rule > Applications tab > Search for CIP Safety in the search box. See: Cisco Secure Firewall Management Center Snort 3 Configuration Guide |
Access Control: Identity |
|||
Captive portal support for multiple Active Directory realms (realm sequences). |
7.4.1 |
7.4.1 |
Upgrade impact. Update custom authentication forms. You can configure active authentication for either an LDAP realm; or a Microsoft Active Directory realm or a realm sequence. In addition, you can configure a passive authentication rule to fall back to active authentication using either a realm or a realm sequence. You can optionally share sessions between managed devices that share the same identity policy in access control rules. In addition, you have the option to require users to authenticate again when they access the system using a different managed device than they accessed previously. If you use the HTTP Response Page authentication type, after you upgrade Firewall Threat Defense, you must add <select name="realm" id="realm"></select> to your custom authentication form. This allows the user to choose between realms. Restrictions: Not supported with Microsoft Azure Active Directory. New/modified screens: |
Share captive portal active authentication sessions across firewalls. |
7.4.1 |
7.4.1 |
Determines whether or not users are required to authenticate when their authentication session is sent to a different managed device than one they previously connected to. If your organization requires users to authenticate every time they change locations or sites, you should disable this option.
New/modified screens: |
Merge downloadable access control list with a Cisco attribute-value pair ACL for RADIUS identity sources, using the Firewall Management Center web interface. |
7.4.1 |
Any |
Upgrade impact. Redo any related FlexConfigs after upgrade. New/modified screens: New CLI commands:
See: Object Management |
Health Monitoring |
|||
Chassis-level health alerts for the Firepower 4100/9300. |
7.4.1 |
Any with FXOS 2.14.1 |
You can now view chassis-level health alerts for Firepower 4100/9300 by registering the chassis to the Firewall Management Center as a read-only device. You must also enable the Firewall Threat Defense Platform Faults health module and apply the health policy. The alerts appear in the Message Center, the health monitor (in the left pane, under Devices, select the chassis), and in the health events view. You can also add a chassis (and view health alerts for) the Secure Firewall 3100 in multi-instance mode. For those devices, you use the Firewall Management Center to manage the chassis. But for the Firepower 4100/9300 chassis, you still must use the chassis manager or the FXOS CLI. New/modified screens: See: Device Management |
Improved Firewall Management Center memory usage calculation, alerting, and swap memory monitoring. |
7.4.1 |
Any |
Upgrade impact. Memory usage alert thresholds may be lowered. We improved the accuracy of Firewall Management Center memory usage and have lowered the default alert thresholds to 88% warning/90% critical. If your thresholds were higher than the new defaults, the upgrade lowers them automatically—you do not have to apply health policies for this change to take place. Note that the Firewall Management Center may now reboot in extremely critical system memory condition if terminating high-memory processes does not work. You can also add new swap memory usage metrics to a new or existing Firewall Management Center health dashboard. Make sure you choose the Memory metric group. New/modified screens:
See: Health |
Deployment and Policy Management |
|||
Change management. |
7.4.1 |
Any |
You can enable change management if your organization needs to implement more formal processes for configuration changes, including audit tracking and official approval before changes are deployed. We added the System( See: Change Management |
Upgrade |
|||
Firmware upgrades included in FXOS upgrades. |
7.4.1 |
Any |
Chassis/FXOS upgrade impact. Firmware upgrades cause an extra reboot. For the Firepower 4100/9300, FXOS upgrades to Version 2.14.1 now include firmware upgrades. If any firmware component on the device is older than the one included in the FXOS bundle, the FXOS upgrade also updates the firmware. If the firmware is upgraded, the device reboots twice—once for FXOS and once for the firmware. Just as with software and operating system upgrades, do not make or deploy configuration changes during firmware upgrade. Even if the system appears inactive, do not manually reboot or shut down during firmware upgrade. |
Automatically generate configuration change reports after Firewall Management Center upgrade. |
7.4.1 |
Any |
You can automatically generate reports on configuration changes after major and maintenance Firewall Management Center upgrades. This helps you understand the changes you are about to deploy. After the system generates the reports, you can download them from the Tasks tab in the Message Center. Version restrictions: Only supported for Firewall Management Center upgrades from Version 7.4.1+. Not supported for upgrades to Version 7.4.1 or any earlier version. New/modified screens: See: System Configuration |
Administration |
|||
Erase the hard drives on a hardware Firewall Management Center. |
7.4.1 |
Any |
You can use the Firewall Management Center CLI to reboot and permanently erase its own hard drive data. After the erase is completed, you can install a fresh software image. New/modified CLI commands: secure erase See: Secure Firewall Management Center Command Line Reference |
Troubleshooting |
|||
Troubleshooting file generation and download available from Device and Cluster pages. |
7.4.1 |
7.4.1 |
You can generate and download troubleshooting files for each device on the Device page and also for all cluster nodes on the Cluster page. For a cluster, you can download all files as a single compressed file. You can also include cluster logs for the cluster for cluster nodes. You can alternatively trigger file generation from the menu.New/modified screens: See: Device Management |
Automatic generation of a troubleshooting file on a node when it fails to join the cluster. |
7.4.1 |
7.4.1 |
If a node fails to join the cluster, a troubleshooting file is automatically generated for the node. You can download the file from Tasks or from the Cluster page. |
View CLI output for a device or device cluster. |
7.4.1 |
Any |
You can view a set of pre-defined CLI outputs that can help you troubleshoot the device or cluster. You can also enter any show command and see the output. New/modified screens: See: Device Management |
Quick recovery after data plane failure for the Firepower 1000/2100 and Firepower 4100/9300. |
7.4.1 |
7.4.1 |
If the data plane process crashes, the system now reloads only the data plane process instead of rebooting the device. Along with the data plane process reload, Snort and a few other processes also get reloaded. However, if the data plane process crashes during bootup, the device follows the normal reload/reboot sequence, which helps avoid a reload process loop from occurring. This feature is enabled by default for both new and upgraded devices. To disable it, use FlexConfig. New/modified CLI commands: data-plane quick-reload , no data-plane quick-reload , show data-plane quick-reload status Supported platforms: Firepower 1000/2100, Firepower 4100/9300 Platform restrictions: Not supported in multi-instance mode. See: Cisco Secure Firewall Threat Defense Command Reference and Cisco Secure Firewall ASA Series Command Reference. |
Deprecated Features |
|||
Deprecated: Health alerts for frequent drain of events. |
7.4.1 |
7.4.1 |
The Disk Usage health module no longer alerts with
See: Troubleshooting |
Deprecated: VPN Tunnel Status health module. |
7.4.1 |
Any |
We deprecated the VPN Tunnel Status health module. Use the VPN dashboards instead. |
Deprecated: Merging downloadable access control list with a Cisco attribute-value pair ACL for RADIUS identity sources with FlexConfig. |
7.4.1 |
Any |
Upgrade impact. Redo any related FlexConfigs after upgrade. This feature is now supported in the Firewall Management Center web interface. |
Management Center Features in Version 7.4.0
![]() Note |
Version 7.4.0 is available only on the Firewall Management Center and the Secure Firewall 4200. A Version 7.4.0 Firewall Management Center can manage older versions of other device models, but you must use a Secure Firewall 4200 for features that require Threat Defense 7.4.0. Support for all other device platforms resumes in Version 7.4.1. |
Feature |
Minimum Management Center |
Minimum Threat Defense |
Details |
||
---|---|---|---|---|---|
Features from Earlier Maintenance Releases |
|||||
Features from earlier maintenance releases. |
Feature dependent |
Feature dependent |
Version 7.4.0 also has:
|
||
Platform |
|||||
Management center 1700, 2700, 4700. |
7.4.0 |
Any |
We introduced the Secure Firewall Management Center 1700, 2700, and 4700, which can manage up to 300 devices. Management center high availability is supported. See: Cisco Secure Firewall Management Center 1700, 2700, and 4700 Getting Started Guide |
||
Management center virtual for Microsoft Hyper-V. |
7.4.0 |
Any |
We introduced Secure Firewall Management Center Virtual for Microsoft Hyper-V, which can manage up to 25 devices. Management center high availability is supported. See: Cisco Secure Firewall Management Center Virtual Getting Started Guide |
||
Secure Firewall 4200. |
7.4.0 m |
7.4.0 |
We introduced the Secure Firewall 4215, 4225, and 4245. You must manage these devices with a Firewall Management Center. They do not support device manager. These devices support the following new network modules:
See: Cisco Secure Firewall 4215, 4225, and 4245 Hardware Installation Guide |
||
Performance profile support for the Secure Firewall 4200. |
7.4.0 |
7.4.0 |
The performance profile settings available in the platform settings policy now apply to the Secure Firewall 4200. Previously, this feature was supported only on the Firepower 4100/9300 and on Firewall Threat Defense Virtual. See: Platform Settings |
||
Platform Migration |
|||||
Migrate Firepower 1000/2100 to Secure Firewall 3100. |
7.4.0 |
Any |
You can now easily migrate configurations from the Firepower 1000/2100 to the Secure Firewall 3100. New/modified screens: Platform restrictions: Migration not supported from the Firepower 1010 or 1010E. See: Device Management |
||
Migrate Firepower Management Center 4600 to Secure Firewall Management Center for AWS. |
7.4.0 |
Any |
You can migrate from Firepower Management Center 4600 to Secure Firewall Management Center Virtual for AWS with a 300-device license. See: Cisco Secure Firewall Management Center Model Migration Guide |
||
Migrate Firepower Management Center 1600/2600/4600 to Secure Firewall Management Center 1700/2700/4700. |
7.4.0 |
Any |
You can migrate from Firepower Management Center 1600/2600/4600 to Secure Firewall Management Center 1700/2700/4700. See: Cisco Secure Firewall Management Center Model Migration Guide |
||
Migrate Firepower Management Center 1000/2500/4500 to Secure Firewall Management Center 1700/2700/4700. |
7.4.0 only |
7.0.0 |
You can migrate Firepower Management Center 1000/2500/4500 to Secure Firewall Management Center 1700/2700/4700. To migrate, you must temporarily upgrade the old Firewall Management Center from Version 7.0 to Version 7.4.0.
To summarize the migration process:
See:
If you have questions or need assistance at any point in the migration process, contact Cisco TAC. |
||
Migrate devices from Firepower Management Center 1000/2500/4500 to Cloud-Delivered Firewall Management Center. |
7.4.0 only |
7.0.3 |
You can migrate devices from Firepower Management Center 1000/2500/4500 to Cloud-Delivered Firewall Management Center. To migrate devices, you must temporarily upgrade the on-prem Firewall Management Center from Version 7.0.3 (7.0.5 recommended) to Version 7.4.0. This temporary upgrade is required because Version 7.0 Firewall Management Centers do not support device migration to the cloud. Additionally, only standalone and high availability Firewall Threat Defense running Version 7.0.3+ (7.0.5 recommended) are eligible for migration. Cluster migration is not supported at this time.
To summarize the migration process:
See: If you have questions or need assistance at any point in the migration process, contact Cisco TAC. |
||
Device Management |
|||||
Zero-Touch Provisioning to register the Firepower 1000/2100 and Secure Firewall 3100 to the Firewall Management Center using a serial number. |
7.4.0 |
Mgmt. center is publicly reachable: 7.2.0 Mgmt. center is not publicly reachable: 7.2.4 |
Zero-Touch Provisioning (also called low-touch provisioning) lets you register Firepower 1000/2100 and Secure Firewall 3100 devices to the Firewall Management Center by serial number without having to perform any initial setup on the device. The Firewall Management Center integrates with SecureX and Security Cloud Control for this functionality. New/modified screens: Version restrictions: This feature is not supported on Version 7.3.x or 7.4.0 Firewall Threat Defense when the Firewall Management Center is not publicly reachable. Support returns in Version 7.4.1. See: Add a Device to the Management Center Using the Serial Number (Low-Touch Provisioning) |
||
Interfaces |
|||||
Merged management and diagnostic interfaces. |
7.4.0 |
7.4.0 |
Upgrade impact. Merge interfaces after upgrade. For new devices using 7.4 and later, you cannot use the legacy diagnostic interface. Only the merged management interface is available. If you upgraded to 7.4 or later and:
Merged mode also changes the behavior of AAA traffic to use the data routing table by default. The management-only routing table can now only be used if you specify the management-only interface (including Management) in the configuration. For platform settings, this means:
New/modified screens: New/modified commands: show management-interface convergence See: Interface Overview |
||
VXLAN VTEP IPv6 support. |
7.4.0 |
7.4.0 |
You can now specify an IPv6 address for the VXLAN VTEP interface. IPv6 is not supported for the Firewall Threat Defense Virtual cluster control link or for Geneve encapsulation. New/modified screens: |
||
Loopback interface support for BGP and management traffic. |
7.4.0 |
7.4.0 |
You can now use loopback interfaces for AAA, BGP, DNS, HTTP, ICMP, IPsec flow offload, NetFlow, SNMP, SSH, and syslog. New/modified screens: Devices > Device Management > Edit device > Interfaces > Add Interfaces > Loopback Interface |
||
Loopback and management type interface group objects. |
7.4.0 |
7.4.0 |
You can create interface group objects with only management-only or loopback interfaces. You can use these groups for management features such as DNS servers, HTTP access, or SSH. Loopback groups are available for any feature that can utilize loopback interfaces. However, it's important to note that DNS does not support management interfaces. New/modified screens: See: Object Management |
||
High Availability/Scalability: Threat Defense |
|||||
Manage Firewall Threat Defense high availability pairs using a data interface. |
7.4.0 |
7.4.0 |
Firewall Threat Defense high availability now supports using a regular data interface for communication with the Firewall Management Center. Previously, only standalone devices supported this feature. See: Device Management |
||
SD-WAN |
|||||
WAN summary dashboard. |
7.4.0 |
7.2.0 |
The WAN Summary dashboard provides a snapshot of your WAN devices and their interfaces. It provides insight into your WAN network and information about device health, interface connectivity, application throughput, and VPN connectivity. You can monitor the WAN links and take proactive and prompt recovery measures. New/modified screens: Overview > WAN Summary |
||
Policy-based routing using HTTP path monitoring. |
7.4.0 |
7.2.0 |
Policy-based routing (PBR) can now use the performance metrics (RTT, jitter, packet-lost, and MOS) collected by path monitoring through HTTP client on the application domain rather than the metrics on a specific destination IP. HTTP-based application monitoring option is enabled by default for the interface. You can configure a PBR policy with match ACL having the monitored applications and interface ordering for path determination. New/modified screens: Devices > Device Management > Edit device > Edit interface > Path Monitoring > Enable HTTP based Application Monitoring check box. Platform restrictions: Not supported for clustered devices. See: Policy Based Routing |
||
Policy-based routing with user identity and SGTs. |
7.4.0 |
7.4.0 |
Upgrade impact. Check SGT propagation before device upgrade. You can now classify network traffic based on users, user groups, and SGTs in PBR policies. Select the identity and SGT objects while defining the extended ACLs for the PBR policies. Note that as a result of how this feature was implemented, Firewall Threat Defense can now add egress SGTs to traffic if the egress interface is configured to propagate SGTs. This can happen with ISE integration even if you do not configure policy-based routing. Starting with Version 7.4.0, the Propagate Security Group Tag option is disabled by default for new interfaces. But because upgrade respects your current settings, this option may be enabled for existing interfaces.
New/modified screens: Objects > Object Management > Access List > Extended > Add/Edit Extended Access List > Add/Edit Extended Access List Entry > Users and Security Group Tag See: Object Management |
||
VPN |
|||||
IPsec flow offload on the VTI loopback interface for the Secure Firewall 4200. |
7.4.0 |
7.4.0 |
On the Secure Firewall 4200, qualifying IPsec connections through the VTI loopback interface are offloaded by default. Previously, this feature was supported for physical interfaces on the Secure Firewall 3100. You can change the configuration using FlexConfig and the flow-offload-ipsec command. Other requirements: FPGA firmware 6.2+ See: VPN Overview |
||
Crypto debugging enhancements for the Secure Firewall 4200. |
7.4.0 |
7.4.0 |
We made the following enhancements to crypto debugging:
New/modified CLI commands: show counters See: Decryption Rules |
||
VPN: Remote Access |
|||||
Customize Secure Client messages, icons, images, and connect/disconnect scripts. |
7.4.0 |
7.1.0 |
You can now customize Secure Client and deploy these customizations to the VPN headend. The following are the supported Secure Client customizations:
Firewall Threat Defense distributes these customizations to the endpoint when an end user connects from the Secure Client. New/modified screens:
See: Remote Access VPN |
||
VPN: Site to Site |
|||||
Easily view IKE and IPsec session details for VPN nodes. |
7.4.0 |
Any |
You can view the IKE and IPsec session details of VPN nodes in a user-friendly format in the Site-to-Site VPN dashboard. New/modified screens: Overview > Site to Site VPN > Under the Tunnel Status widget, hover over a topology, click View, and then click the CLI Details tab. See: Site-to-Site VPNs |
||
Site-to-site VPN information in connection events. |
7.4.0 |
7.4.0 with Snort 3 |
Connection events now contain three new fields: Encrypt Peer, Decrypt Peer, and VPN Action. For policy-based and route-based site-to-site VPN traffic, these fields indicate whether a connection was encrypted or decrypted (or both, for transiting connections), and who by. New/modified screens: |
||
Easily exempt site-to-site VPN traffic from NAT translation. |
7.4.0 |
Any |
We now make it easier to exempt site-to-site VPN traffic from NAT translation. New/modified screens:
|
||
Routing |
|||||
Configure graceful restart for BGP on IPv6 networks. |
7.4.0 |
7.3.0 |
You can now configure BGP graceful restart for IPv6 networks on managed devices version 7.3 and later. New/modified screens: Devices > Device Management > Edit device > Routing > BGP > IPv6 > Neighbor > Add/Edit Neighbor. See: BGP |
||
Virtual routing with dynamic VTI. |
7.4.0 |
7.4.0 |
You can now configure a virtual router with a dynamic VTI for a route-based site-to-site VPN. New/modified screens: Platform restrictions: Supported only on native mode standalone or high availability devices. Not supported for container instances or clustered devices. See: Virtual Routers |
||
Access Control: Threat Detection and Application Identification |
|||||
Clientless zero-trust access. |
7.4.0 |
7.4.0 with Snort 3 |
Zero Trust Access allows you to authenticate and authorize access to protected web based resources, applications, or data from inside (on-premises) or outside (remote) the network using an external SAML Identity Provider (IdP) policy. The configuration consists of a Zero Trust Application Policy (ZTAP), Application Group, and Applications. New/modified screens: New/modified CLI commands:
See: Zero Trust Access |
||
Encrypted visibility engine enhancements. |
7.4.0 |
7.4.0 with Snort 3 |
Encrypted Visibility Engine (EVE) can now:
New/modified screens: Use the access control policy's advanced settings to enable EVE and configure these settings. See: Cisco Secure Firewall Management Center Snort 3 Configuration Guide |
||
Exempt specific networks and ports from bypassing or throttling elephant flows. |
7.4.0 |
7.4.0 with Snort 3 |
You can now exempt specific networks and ports from bypassing or throttling elephant flows. New/modified screens:
Platform restrictions: Not supported on the Firepower 2100 series. See: Cisco Secure Firewall Management Center Snort 3 Configuration Guide |
||
First-packet application identification using custom application detectors. |
7.4.0 |
7.4.0 with Snort 3 |
A new Lua detector API is now introduced, which maps the IP address, port, and protocol on the very first packet of a TCP session to application protocol (service AppID), client application (client AppID), and web application (payload AppID). This new Lua API addHostFirstPktApp is used for performance improvements, reinspection, and early detection of attacks in the traffic. To use this feature, you must upload the Lua detector by specifying the detection criteria in advanced detectors in your custom application detector. |
||
Sensitive data detection and masking. |
7.4.0 |
7.4.0 with Snort 3 |
Upgrade impact. New rules in default policies take effect. Sensitive data such as social security numbers, credit card numbers, emails, and so on may be leaked onto the internet, intentionally or accidentally. Sensitive data detection is used to detect and generate events on possible sensitive data leakage and generates events only if there is a transfer of significant amount of Personally Identifiable Information (PII) data. Sensitive data detection can mask PII in the output of events, using built-in patterns. Disabling data masking is not supported. |
||
Improved JavaScript inspection. |
7.4.0 |
7.4.0 with Snort 3 |
We improved JavaScript inspection, which is done by normalizing the JavaScript and matching rules against the normalized content. See: HTTP Inspect Inspector and Cisco Secure Firewall Management Center Snort 3 Configuration Guide |
||
MITRE information in file and malware events. |
7.4.0 |
7.4.0 |
The system now includes MITRE information (from local malware analysis) in file and malware events. Previously, this information was only available for intrusion events. You can view MITRE information in both the classic and unified events views. Note that the MITRE column is hidden by default in both event views. See: Network Malware Protection and File Policies and File/Malware Events and Network File Trajectory |
||
Access Control: Identity |
|||||
Cisco Secure Dynamic Attributes Connector on the Firewall Management Center. |
7.4.0 |
Any |
You can now configure the Cisco Secure Dynamic Attributes Connector on the Firewall Management Center. Previously, it was only available as a standalone application. |
||
Microsoft Azure AD as a user identity source. |
7.4.0 |
7.4.0 |
You can use a Microsoft Azure Active Directory (Azure AD) realm with ISE to authenticate users and get user sessions for user control. New/modified screens:
Supported ISE versions: 3.0 patch 5+, 3.1 (any patch level), 3.2 (any patch level) See: Realms |
||
Event Logging and Analysis |
|||||
Configure Firewall Threat Defense devices as NetFlow exporters from the Firewall Management Center web interface. |
7.4.0 |
Any |
Upgrade impact. Redo FlexConfigs after upgrade. NetFlow is a Cisco application that provides statistics on packets flows. You can now use the Firewall Management Center web interface to configure Firewall Threat Defense devices as NetFlow exporters. If you have an existing NetFlow FlexConfig and redo your configurations in the web interface, you cannot deploy until you remove the deprecated FlexConfigs. New/modified screens: See: Platform Settings |
||
More information about "unknown" SSL actions in logged encrypted connections. |
7.4.0 |
7.4.0 |
Serviceability improvements to the event reporting and decryption rule matching.
New/modified screens:
|
||
Health Monitoring |
|||||
Stream telemetry to an external server using OpenConfig. |
7.4.0 |
7.4.0 |
You can now send metrics and health monitoring information from your Firewall Threat Defense devices to an external server (gNMI collector) using OpenConfig. You can configure either Firewall Threat Defense or the collector to initiate the connection, which is encrypted by TLS. New/modified screens: System ( See: Health |
||
New asp drop metrics. |
7.4.0 |
7.4.0 |
You can add over 600 new asp (accelerated security path) drop metrics to a new or existing device health dashboard. Make sure you choose the ASP Drops metric group. New/modified screens: System ( |
||
Administration |
|||||
Send detailed Firewall Management Center audit logs to syslog. |
7.4.0 |
Any |
You can stream configuration changes as part of audit log data to syslog by specifying the configuration data format and the hosts. The Firewall Management Center supports backup and restore of the audit configuration log. New/modified screens: System ( See: System Configuration |
||
Granular permissions for modifying access control policies and rules. |
7.4.0 |
Any |
You can define custom user roles to differentiate between the intrusion configuration in access control policies and rules and the rest of the access control policy and rules. Using these permissions, you can separate the responsibilities of your network administration team and your intrusion administration teams. When defining user roles, you can select the Modify Remaining Access Control Policy Configuration to control the ability to edit all other aspects of the policy. The existing pre-defined user roles that included the Modify Access Control Policy permission continue to support all sub-permissions; you need to create your own custom roles if you want to apply granular permissions. option to allow the selection of intrusion policy, variable set, and file policy in a rule, the configuration of the advanced options for Network Analysis and Intrusion Policies, the configuration of the Security Intelligence policy for the access control policy, and intrusion actions in the policy default action. You can use theSee: Users |
||
Support for IPv6 URLs when checking certificate revocation. |
7.4.0 |
7.4.0 |
Previously, Firewall Threat Defense supported only IPv4 OCSP URLs. Now, Firewall Threat Defense supports both IPv4 and IPv6 OCSP URLs. See: System Configuration and Object Management |
||
Default NTP server updated. |
7.4.0 |
Any |
The default NTP server for new Firewall Management
Center deployments changed from sourcefire.pool.ntp.org to
time.cisco.com. We recommend you use the Firewall Management
Center to serve time to its own devices. You can update the Firewall Management
Center's NTP server on System ( |
||
Usability, Performance, and Troubleshooting |
|||||
Usability enhancements. |
7.4.0 |
Any |
You can now:
|
||
Specify the direction of traffic to be captured with packet capture for the Secure Firewall 4200. |
7.4.0 |
7.4.0 |
On the Secure Firewall 4200, you can use a new direction keyword with the capture command. New/modified CLI commands: capturecapture_nameswitchinterfaceinterface_name[ direction{ both| egress| ingress} ] |
||
Snort 3 restarts when it becomes unresponsive, which can trigger HA failover. |
7.4.0 |
7.4.0 with Snort 3 |
To improve continuity of operations, an unresponsive Snort can now trigger high availability failover. This happens because Snort 3 now restarts if the process becomes unresponsive. Restarting the Snort process briefly interrupts traffic flow and inspection on the device, and in high availability deployments can trigger failover. (In a standalone deployment, interface configurations determine whether traffic drops or passes without inspection during the interruption.) This feature is enabled by default. You can use the CLI to disable it, or configure the time or number of unresponsive threads before Snort restarts. New/modified CLI commands: configure snort3-watchdog |
||
Deprecated Features |
|||||
Deprecated: NetFlow with FlexConfig. |
7.4.0 |
Any |
You can now configure Firewall Threat Defense devices as NetFlow exporters from the Firewall Management Center web interface. If you do this, you cannot deploy until you remove any deprecated FlexConfigs. See: Platform Settings |
Firewall Device Manager Features in Version 7.4.x
![]() Note |
Firewall Device Manager support for Version 7.4 features begins with Version 7.4.1. This is because Version 7.4.0 is not available on any platforms that support device manager. |
Feature |
Description |
---|---|
Platform Features |
|
Network modules for the Secure Firewall 3130 and 3140. |
We introduced these network modules for the Secure Firewall 3130 and 3140:
See: Cisco Secure Firewall 3110, 3120, 3130, and 3140 Hardware Installation Guide |
Firewall and IPS Features |
|
Sensitive data detection and masking. |
Upgrade impact. New rules in default policies take effect. Sensitive data such as social security numbers, credit card numbers, emails, and so on may be leaked onto the internet, intentionally or accidentally. Sensitive data detection is used to detect and generate events on possible sensitive data leakage and generates events only if there is a transfer of significant amount of Personally Identifiable Information (PII) data. Sensitive data detection can mask PII in the output of events, using built-in patterns. Disabling data masking is not supported. Requires Snort 3. |
VPN Features |
|
IPsec flow offload on the VTI loopback interface for the Secure Firewall 3100. |
Upgrade impact. Qualifying connections start being offloaded. On the Secure Firewall 3100, qualifying IPsec connections through the VTI loopback interface are now offloaded by default. Previously, this feature was only supported on physical interfaces. This feature is automatically enabled by the upgrade. You can change the configuration using FlexConfig and the flow-offload-ipsec command. |
Interface Features |
|
Merged management and diagnostic interfaces. |
Upgrade impact. Merge interfaces after upgrade. For new devices using 7.4 and later, you cannot use the legacy diagnostic interface. Only the merged management interface is available. If you upgraded to 7.4 or later, and you did not have any configuration for the diagnostic interface, then the interfaces will merge automatically. If you upgraded to 7.4 or later, and you have configuration for the diagnostic interface, then you have the choice to merge the interfaces manually, or you can continue to use the separate diagnostic interface. Note that support for the diagnostic interface will be removed in a later release, so you should plan to merge the interfaces as soon as possible. Merged mode also changes the behavior of AAA traffic to use the data routing table by default. The management-only routing table can now only be used if you specify the management-only interface (including management) in the configuration. New/modified screens:
New/modified commands: show management-interface convergence |
Deploy without the diagnostic interface on threat defense virtual for Azure and GCP. |
You can now deploy without the diagnostic interface on threat defense virtual for Azure and GCP. Azure deployments still require at least two data interfaces, but GCP requires that you replace the diagnostic interface with a data interface, for a new minimum of three. (Previously, threat defense virtual deployments required one management, one diagnostic, and at least two data interfaces.) Restrictions: This feature is supported for new deployments only. It is not supported for upgraded devices. See: Cisco Secure Firewall Threat Defense Virtual Getting Started Guide |
Inline sets for Firepower 1000 series, Firepower 2100, and Secure Firewall 3100. |
You can configure inline sets on Firepower 1000 series, Firepower 2100, and Secure Firewall 3100 devices. We added the inline sets tab to the Interface page. |
Licensing Features |
|
Changes to license names and support for the Carrier license. |
Licenses have been renamed:
In addition, you can now apply the Carrier license, which allows you to configure GTP/GPRS, Diameter, SCTP, and M3UA inspections. Use FlexConfig to configure these features. See: Licensing the System |
Administrative and Troubleshooting Features |
|
Default NTP server updated. |
Upgrade impact. The system connects to new resources. The default NTP servers have changed from sourcefire.pool.ntp.org to time.cisco.com. To use a different NTP server, select Device, then click Time Services in the System Settings panel. |
SAML servers for HTTPS management user access. |
You can configure a SAML server to provide external authentication for HTTPS management access. You can configure external users with the following types of authorization access: Administrator, Audit Admin, Cryptographic Admin, Read-Write User, Read-Only User. You can use Common Access Card (CAC) for login when using a SAML server. We updated the SAML identity source object configuration, and the page to accept them. |
Detect configuration mismatches in threat defense high availability pairs. |
You can now use the CLI to detect configuration mismatches in threat defense high availability pairs. New/modified CLI commands: show failover config-sync error , show failover config-sync stats |
Capture dropped packets with the Secure Firewall 3100. |
Packet losses resulting from MAC address table inconsistencies can impact your debugging capabilities. The Secure Firewall 3100 can now capture these dropped packets. New/modified CLI commands: [drop{ disable| mac-filter} ] in the capture command. |
Firmware upgrades included in FXOS upgrades. |
Chassis/FXOS upgrade impact. Firmware upgrades cause an extra reboot. For the Firepower 4100/9300, FXOS upgrades to Version 2.14.1+ now include firmware upgrades. If any firmware component on the device is older than the one included in the FXOS bundle, the FXOS upgrade also updates the firmware. If the firmware is upgraded, the device reboots twice—once for FXOS and once for the firmware. Just as with software and operating system upgrades, do not make or deploy configuration changes during firmware upgrade. Even if the system appears inactive, do not manually reboot or shut down during firmware upgrade. |
Quick recovery after data plane failure for the Firepower 1000/2100 and Firepower 4100/9300. |
When the data plane process on the Firepower 1000/2100 or the Firepower 4100/9300 crashes, the system reloads the process instead of rebooting the device. Reloading the data plane also restarts other processes, including Snort. If the data plane crashes during bootup, the device follows the normal reload/reboot sequence; this avoids a reload loop. This feature is enabled by default for both new and upgraded devices. To disable it, use FlexConfig. New/modified ASA CLI commands: data-plane quick-reload , show data-plane quick-reload status New/modified threat defense CLI commands: show data-plane quick-reload status See: Cisco Secure Firewall Threat Defense Command Reference and Cisco Secure Firewall ASA Series Command Reference. |
Upgrade Impact Features
A feature has upgrade impact if upgrading and deploying can cause the system to process traffic or otherwise act differently without any other action on your part. This is especially common with new threat detection and application identification capabilities. A feature can also have upgrade impact if upgrading requires that you take action before or after upgrade to avoid an undesirable outcome; for example, if you must change a configuration.
![]() Important |
Minimize upgrade and other impact by going directly to the latest maintenance release in your chosen version. See Choosing your upgrade target. |
Upgrade Impact Features for Firewall Management Center
Target version |
Features with upgrade impact |
---|---|
|
|
|
|
|
|
|
|
|
Upgrade Impact Features for Firewall Threat Defense with Firewall Management Center
Current version |
Features with upgrade impact |
---|---|
7.4.0–7.4.1 7.3.x 7.2.9 and earlier |
|
7.4.0 and earlier |
|
7.3.x and earlier |
|
7.2.x and earlier |
|
7.2.0–7.2.3 7.1.0–7.1.0.2 7.0.4 and earlier |
|
7.1.x and earlier |
|
7.0.x and earlier |
Upgrade Impact Features for Firewall Threat Defense with Firewall Device Manager
Target version |
Features |
---|---|
|
|
|
|
|
Upgrade Guidelines
The following sections contain release-specific upgrade warnings and guidelines. You should also check for features and bugs with upgrade impact. For general information on time/disk space requirements and on system behavior during upgrade—which can include interruptions to traffic flow and inspection—see the appropriate upgrade guide: For Assistance.
Upgrade Guidelines for Firewall Management Center
Current Version |
Guideline |
Details |
||
---|---|---|---|---|
7.4.1 |
Migration failure: do not migrate to management center Version 7.4.1 if you are using Security Intelligence. |
Patch the target management center to Version 7.4.1.1 before you begin migration. The source management center can continue to run Version 7.4.1.
For more information on model migration, see the Cisco Secure Firewall Management Center Model Migration Guide. |
||
7.2.6–7.2.x |
Upgrade not recommended: Version 7.2.6–7.2.x to Version 7.3.x–7.4.0. |
Upgrading is supported, but will remove critical fixes and enhancements that are included in your current version. Instead, upgrade to Version 7.4.1+. |
Upgrade Guidelines for Firewall Threat Defense with Firewall Management Center
Current Version |
Guideline |
Details |
---|---|---|
7.4.1 |
Reimage prohibited: Firepower 4100/9300 to Version 7.4.2+ on FXOS 2.14.1.131 or 2.14.1.143. |
Although we document that FXOS 2.14.1.163+ is required for Threat Defense 7.4.x, this is for reimaging to 7.4.2+. If you are already running an earlier FXOS 2.14.1 build, you can successfully upgrade to 7.4.2+ without upgrading FXOS (CSCwf64429). Note that in most cases, we recommend the latest FXOS build for reimages and upgrades. For more information, see the Cisco Firepower 4100/9300 FXOS Release Notes. |
Upgrade Guidelines for Firewall Threat Defense with Firewall Device Manager
Current Version |
Guideline |
Details |
---|---|---|
7.4.1 |
Reimage prohibited: Firepower 4100/9300 to Version 7.4.2+ on FXOS 2.14.1.131 or 2.14.1.143. |
Although we document that FXOS 2.14.1.163+ is required for Threat Defense 7.4.x, this is for reimaging to 7.4.2+. If you are already running an earlier FXOS 2.14.1 build, you can successfully upgrade to 7.4.2+ without upgrading FXOS (CSCwf64429). Note that in most cases, we recommend the latest FXOS build for reimages and upgrades. For more information, see the Cisco Firepower 4100/9300 FXOS Release Notes. |
Upgrade Guidelines for the Firepower 4100/9300 Chassis
In most cases, we recommend you use the latest build for your FXOS major version.
For release-specific FXOS upgrade warnings and guidelines, as well as features and bugs with upgrade impact, check all release notes between your current and target version: http://www.cisco.com/go/firepower9300-rns.
Upgrade Path
Planning your upgrade path and order is especially important for large deployments, high availability/clustering, multi-hop upgrades, and situations where you need to coordinate chassis, hosting environment, or other upgrades. Those scenarios, as well as information on revert and uninstall, are covered in more detail in the upgrade guide: For Assistance.
Choosing your upgrade target
Go directly to the latest maintenance release to minimize upgrade and other impact.
Features, enhancements, and critical fixes can skip "future" releases that are ahead by version, but not by release date. For example, if you are up-to-date within major Version A, upgrading to dot-zero Version B can deprecate features and fixes.
If you cannot go to the latest release, at least make sure your current version was released on a date before your target version. In the following table, confirm your current version is listed next to your target version. If it is not, choose a later target.
Target version |
Current version: confirm yours is listed. |
|||||
---|---|---|---|---|---|---|
from 7.0 |
7.1 |
7.2 |
7.3 |
7.4 |
||
to 7.4.2 |
2024-07-31 |
7.0.0–7.0.6 |
7.1.0 |
7.2.0–7.2.8 |
7.3.0–7.3.1 |
7.4.0–7.4.1 |
to 7.4.1 |
2023-12-13 |
7.0.0–7.0.6 |
7.1.0 |
7.2.0–7.2.5 |
7.3.0–7.3.1 |
7.4.0 |
to 7.4.0 * |
2023-09-07 |
— |
— |
— |
— |
— |
* You cannot upgrade Firewall Threat Defense to Version 7.4.0, which is available as a fresh install on the Secure Firewall 4200 only, and is not supported with Firewall Device Manager. It removes significant features, enhancements, and critical fixes included in earlier versions. Upgrade to a later release.
Upgrading from a patched deployment
Critical fixes in patches (fourth-digit) releases can also skip future releases. If you depend on these critical fixes, verify that your target version contains them. For a full list of release dates, see Cisco Secure Firewall Management Center New Features by Release or Cisco Secure Firewall Device Manager New Features by Release.
Supported upgrades and downgrades
This section summarizes upgrade and downgrade capability. For help with:
-
Choosing an upgrade target, see Choosing your upgrade target.
-
Upgrade and downgrade procedures, including general guidelines, best practices, and troubleshooting, see the upgrade guide for the version you are currently running: https://www.cisco.com/go/ftd-upgrade.
Supported upgrades
This table shows the supported direct upgrades for Firewall Management Center and Firewall Threat Defense software.
![]() Note |
You can upgrade directly to any major (first and second-digit) or maintenance (third digit) release. Patches change the fourth digit only. You cannot upgrade directly to a patch from a previous major or maintenance release. Although a patched device (fourth-digit) can be managed with an unpatched Firewall Management Center, fully patched deployments undergo enhanced testing. |
For the Firepower 4100/9300, the table also lists companion FXOS versions. If a chassis upgrade is required, Firewall Threat Defense upgrade is blocked. In most cases we recommend the latest build in each version; for minimum builds see the Cisco Secure Firewall Threat Defense Compatibility Guide.
Current version |
Target software version |
||||||
---|---|---|---|---|---|---|---|
to 7.7 |
7.6 |
7.4 * |
7.3 |
7.2 |
7.1 |
7.0 |
|
FXOS version for Firepower 4100/9300 chassis upgrades |
|||||||
to 2.17 |
2.16 |
2.14 |
2.13 |
2.12 |
2.11 |
2.10 |
|
from 7.7 |
YES |
— |
— |
— |
— |
— |
— |
from 7.6 |
YES |
YES |
— |
— |
— |
— |
— |
from 7.4 |
YES |
YES |
YES |
— |
— |
— |
— |
from 7.3 |
YES |
YES |
YES |
YES |
— |
— |
— |
from 7.2 |
YES |
YES |
YES |
YES |
YES |
— |
— |
from 7.1 |
— |
YES |
YES |
YES |
YES |
YES |
— |
from 7.0 |
— |
— |
YES |
YES |
YES |
YES |
YES |
from 6.4 |
— |
— |
— |
— |
— |
— |
YES |
* You cannot upgrade Firewall Threat Defense to Version 7.4.0, which is available as a fresh install on the Secure Firewall 4200 only, and is not supported with Firewall Device Manager. It removes significant features, enhancements, and critical fixes included in earlier versions. Upgrade to a later release.
Supported downgrades
If an upgrade or patch succeeds but the system does not function to your expectations, you may be able to revert (Firewall Threat Defense upgrades) or uninstall (Firewall Threat Defense and Firewall Management Center patches). For general information, particularly on common scenarios where returning to a previous version is not supported or recommended, see the upgrade guide: https://cisco.com/go/ftd-upgrade.
Bugs
For bugs in earlier releases, see the release notes for those versions. For cloud deployments, see the Cisco Cloud-delivered Firewall Management Center Release Notes.
![]() Important |
We do not list open bugs for most maintenance releases or patches. |
![]() Important |
Bug lists are auto-generated once and may not be subsequently updated. If updated, the 'table last updated' date does not mean that the list was fully accurate on that date—only that some change was made. Depending on how and when a bug was categorized or updated in our system, it may not appear in the release notes. If you have a support contract, you can obtain up-to-date bug lists with the Cisco Bug Search Tool. |
Open Bugs in Version 7.4.0
Table last updated: 2023-09-11
Bug ID |
Headline |
---|---|
Deploy failure when flow export destinations are swapped or port value changed |
|
IDP SAML missing filter in Zero Trust Policy shows all groups have missing IDP data |
|
New User activity page does not display events for Special Identities Realm |
|
Azure AD sessions do not get removed after disabling subscription or changing ise configuration |
|
Importing a realm with a proxy will fail |
|
Editing CSDAC dynamic attribute filter throwing Internal Error |
|
OSPFv3 BFD sessions not coming up for more than 7 |
|
PBR configuration using User Identity is not migrated during FTD migration to cdFMC |
|
Save button disabled when updating Zero Trust Policy |
|
New SRU is not immediately installed upon management center upgrade |
|
4200 Series: Portchannel in cluster may stay down sometimes when LACP is in active mode |
|
EventHandler should not log warning if it fails to open a unified file when the file doesn't exist |
Resolved Bugs in Version 7.4.2.3
Table last updated: 2025-06-17
Bug ID |
Headline |
---|---|
Frequent route updates causes routes to get removed causing outages |
|
Policy Deployment Hung at 5% or 8% Deployment - Collecting policies and objects |
Resolved Bugs in Version 7.4.2.2
Table last updated: 2025-08-21
Bug ID |
Headline |
---|---|
OpenPrinting CUPS is a standards-based, open source printing system fo |
|
A flaw was found in GLib. GVariant deserialization fails to validate t |
|
A flaw was found in GLib. GVariant deserialization is vulnerable to a |
|
A flaw was found in glib, where the gvariant deserialization code is v |
|
A flaw was found in GLib. The GVariant deserialization code is vulnerable |
|
A flaw was found in GLib. GVariant deserialization is vulnerable to an |
|
A flaw was found in glibc. In an uncommon situation, the gaih_inet fun |
|
Due to a failure in validating the length provided by an attacker-craf |
|
An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex |
|
Due to failure in validating the length provided by an attacker-crafte |
|
urllib3 is a user-friendly HTTP client library for Python. urllib3 pre |
|
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue |
|
LibTIFF is vulnerable to an integer overflow. This flaw allows remote |
|
A vulnerability was found in libtiff due to multiple potential integer |
|
ASA - Traceback the standby device while HA sync ACL-DAP |
|
An issue was discovered in the Linux kernel through 6.5.9. During a ra |
|
Twisted is an event-based framework for internet applications. Prior t |
|
cryptography is a package designed to expose cryptographic primitives |
|
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Rules Bypass Vulnerability |
|
This flaw allows a malicious HTTP server to set "super cookies" in cur |
|
Postfix through 3.8.4 allows SMTP smuggling unless configured with smt |
|
A vulnerability was found in GnuTLS. The response times to malformed c |
|
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den |
|
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 |
|
Cisco Secure Firewall Management Center Software XPATH Injection Vulnerability |
|
libexpat through 2.5.0 allows a resource consumption denial of service event |
|
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DT |
|
Vim before 9.0.2142 has a stack-based buffer overflow due to a set language map error |
|
A DMA reentrancy issue leading to a use-after-free error was found in |
|
A bug in QEMU could cause a guest I/O operation otherwise addressed to |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
libexpat through 2.6.1 allows an XML Entity Expansion attack when ther |
|
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractI |
|
Faulty input validation in the core of Apache allows malicious or expl |
|
In GNU tar before 1.35, mishandled extension attributes in a PAX archi |
|
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
In the Linux kernel, partitioning error existed CVE-2023-52458 |
|
HTTP Response splitting in multiple modules in Apache HTTP Server allo |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
In the Linux kernel, the following vulnerability has been resolved: K |
|
In the Linux kernel, the following vulnerability has been resolved: e |
|
In the Linux kernel, the following vulnerability has been resolved: s |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
In the Linux kernel, the following vulnerability has been resolved: a |
|
In the Linux kernel, the following vulnerability has been resolved: m |
|
In the Linux kernel, the following vulnerability has been resolved: d |
|
In the Linux kernel, the following vulnerability has been resolved: R |
|
HTTP/2 incoming headers exceeding the limit are temporarily buffered i |
|
wall in util-linux through 2.40, often installed with setgid tty permi |
|
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vuln |
|
A flaw has been discovered in GnuTLS where an application crash can be |
|
The iconv() function in the GNU C Library versions 2.39 and older may |
|
less through 653 allows OS command execution via a newline character i |
|
In the Linux kernel, serial: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed |
|
nscd: Stack-based buffer overflow in netgroup cache If the Name Servi |
|
nscd: Null pointer crashes after notfound response If the Name Servic |
|
nscd: netgroup cache may terminate daemon on memory allocation failure |
|
nscd: netgroup cache assumes NSS callback uses in-buffer strings The |
|
In the Linux kernel, the following vulnerability has been resolved: f |
|
In the Linux kernel, the following vulnerability has been resolved: U |
|
In the Linux kernel, the following vulnerability has been resolved: t |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
Requests is a HTTP library. Prior to 2.32.0, when making requests thro |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
In the Linux kernel, the following vulnerability has been resolved: H |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization |
|
The various Is methods (IsPrivate, IsLoopback, etc) did not work as ex |
|
url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo |
|
Vulnerabilities in linux-kernel CVE-2023-52439 |
|
Vulnerabilities in linux-kernel CVE-2023-52435 |
|
Vulnerabilities in linux-kernel CVE-2023-52463 |
|
urllib3 is a user-friendly HTTP client library for Python. When using |
|
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/ |
|
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the |
|
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva |
|
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vul |
|
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and |
|
In the Linux kernel, the following vulnerability has been resolved: x |
|
Cisco Secure Firewall Management Center Software HTML Injection Vulnerability |
|
In the Linux kernel, the following vulnerability has been resolved: t |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability |
|
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability |
|
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software DHCP Denial of Service Vulnerability |
|
In the Linux kernel, the following vulnerability has been resolved: a |
|
In the Linux kernel, for ata: libata-core: Fix null pointer dereference on error |
|
In the Linux kernel, for tcp_metrics: validate source addr length |
|
In the Linux kernel, the following vulnerability has been resolved: c |
|
Jinja is an extensible templating engine. Special placeholders in the |
|
Jinja is an extensible templating engine. The 'xmlattr' filter in affe |
|
Vim is an open source command line text editor. Vim < v9.1.0647 has do |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.5 |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
In the Linux kernel, the following vulnerability has been resolved: i |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: b |
|
Insufficient Input Validation Vulnerability |
|
Insufficient Input Validation Vulnerability |
|
Attempting to edit chassis of multinstance FTD gets "Request Timed Out. Retry after sometime." |
|
A null pointer dereference flaw was found in the hugetlbfs_fill_super |
|
In the Linux kernel, the following vulnerability has been resolved: m |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: x |
|
In the Linux kernel, the following vulnerability has been resolved: f |
|
In the Linux kernel, nvme: avoid double free special payload on discard request retry |
|
In the Linux kernel, the following vulnerability has been resolved: p |
|
In the Linux kernel, the following vulnerability has been resolved: e |
|
In the Linux kernel, the following vulnerability has been resolved: c |
|
Cisco Secure Firewall Threat Defense Software Snort 3 Denial of Service Vulnerability |
|
In the Linux kernel, for filelock: Remove locks reliably when fcntl/close race is detected |
|
In the Linux kernel, within mm: avoid overflows in dirty throttling logic |
|
A flaw was found in the python-cryptography package. This issue may al |
|
In the Linux kernel, the following vulnerability has been resolved: f |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, for dma: fix call order in dmam_free_coherent dmam_free_coherent() |
|
In the Linux kernel, the following vulnerability has been resolved: d |
|
Fix a Linux kernel file access permissions access check error |
|
In the Linux kernel, the following vulnerability has been resolved: m |
|
Fix linux kernel divide by zero error when calling ioctl TIOCSSERIAL with bad baud rate |
|
In the Linux kernel, the following vulnerability has been resolved: g |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: s |
|
In the Linux kernel, the following vulnerability has been resolved: x |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: v |
|
In the Linux kernel, the following vulnerability has been resolved: x |
|
In the Linux kernel, the following vulnerability has been resolved: n |
|
In the Linux kernel, the following vulnerability has been resolved: m |
|
In the Linux kernel, the following vulnerability has been resolved: f |
|
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not |
|
In the Linux kernel, the following vulnerability has been resolved: e |
|
In the Linux kernel, the following vulnerability has been resolved: K |
|
In the Linux kernel, the following vulnerability has been resolved: P |
|
Cisco ASA/FTD Firepower 3100/4200 Series TLS 1.3 Cipher Denial of Service Vulnerability |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
Redis is an open source, in-memory database that persists on disk. Aut |
|
Redis is an open source, in-memory database that persists on disk. An |
|
In the Linux kernel, the following vulnerability has been resolved: s |
|
In the Linux kernel, the following vulnerability has been resolved: a |
|
In the Linux kernel, the following vulnerability has been resolved: r |
|
In the Linux kernel, the following vulnerability has been resolved: e |
|
There is a MEDIUM severity vulnerability affecting CPython. Regul |
|
There is a LOW severity vulnerability affecting CPython, specifically |
|
Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Command Injection Vulnerability |
|
CVE-2022-48975: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-47659: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-47660: linux-kernel: In the Linux kernel, the following vuln... |
|
Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability |
|
Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability |
|
FMC is not pushing no-validation-usage to the trustpoint if user not choosing validation usage type |
|
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Web Services Denial of Service Vulnerability |
|
CVE-2024-38538: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2023-52498: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2023-52572: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2023-52615: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-46777: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-47668: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-47701: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-47742: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49858: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49860: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49878: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49882: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49883: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49884: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49889: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49948: linux-kernel: In the Linux kernel, the following vuln... |
|
CVE-2024-49949: linux-kernel: In the Linux kernel, the following vuln... |
Table last updated: 2025-08-21
Bug ID |
Headline |
---|---|
ENH: Appliance hostname or ip address should be included in FX-OS syslogs |
|
SNORT3: proxy traffic issue on port 80 when tls1.3 inspection enabled |
|
ENH: Need the output of "show ssh-client" in FPRM show tech bundle |
|
Snort3 TCP flow cache entry growth caused by embryonic connection mismanagement |
|
Lina core at swapcontext on FTD during policy deployment |
|
MSP Quota setting for instances is not correct |
|
Traffic incorrectly matches an ALLOW rule with a time-range object after time has expired |
|
Disk quota for the corefile should be revisited based on platform |
|
Add support for new Cloud SSX regions for India and Australia |
|
FMC HA Wizard shows error "Unable to retrieve high availability status." with other languages |
|
Snort3 traceback and reload due to memory corruption in file module |
|
Disable/Enable an MI instance results it in "State Failed" |
|
FTD - Trace back and reload due to NAT involving fqdn objects |
|
CDO: Chassis onboarding to CDO is failing with hostname |
|
ASA/FTD May traceback & reload citing Thread Name 'lina' as the faulting thread. |
|
IPv6 tunnel packets to DVTI Tunnel source on vrf loopback dropped (acl-drop) |
|
FMC REST API calls to get AC policy data times out, AC policy GUI slowness with larger rule query |
|
ASA/FTD may traceback and reload |
|
FTD/FxOS - Upgrade/erase configuration result in App-instance 'Operational State: Starting' |
|
FXOS upgrade failure due to insufficient free space in /mnt/pss (isan.log consumes most of space) |
|
FMC in CC-mode audit over syslog not working |
|
Policy export fails with error "Unable to process the policy information for Export" |
|
Critical fault : [FSM:FAILED]: user configuration(FSM:sam:dme:AaaUserEpUpdateUserEp) |
|
RAVPN Certificate Group Map get removed after it is modified on the FMC |
|
Disable cluster syn cookie decoding when FTD cluster is deployed with inline-set |
|
Continuous loading state and PolicyRPC call remains in pending |
|
SNMP trap OID changed after upgrade |
|
CSF 3100 series not rebooting after power outage, requiring manual power cycle |
|
Platform settings policy hidden on UI |
|
FPR3100: Interface may go to half duplex speed is hardcoded to 100mbps |
|
FTD/ASA : 1SXF interfaces on FP3100 stay in a link-down state when connected to a Nexus 9K Switch |
|
PDTS write from Daq can fail when PDTS buffer is full and it would eventually lead block depletion |
|
Serviceability to capture PDTS writing/reading block to help root cause CSCwm36314 |
|
FTD inline-set ignore reverse flag for inject/rewrite |
|
ID attribute of other device during copying config via REST API POST can remove original config |
|
FXOS fault F1738 seen in deploymet with Error: CSP_OP_ERROR. CSP signature verification error |
|
ha-mode graceful-restart is missing in advanced preview |
|
SSH access with public key authentication fails after FXOS upgrade |
|
FXOS: messages rotates every 40 minutes due to Notification Daemon messages' being spammed |
|
Deployment transcript showing "Enable management access: false" |
|
FTDv and FTD on 4100/9300 unlocking based on time is not configurable |
|
TPK Low End FPR3100:Changing interface speed from 1g to 100mbps/100mps to 1g bring downs the link |
|
ASA/FTD: RA VPN tunnel causing memory leak leading to traceback & Reload |
|
FXOS: Directory /var/tmp Triggering FXOS Fault F0182 due to vdc.log (Excessive Logging,Log Rotation) |
|
FMC is sending a wrong value for engineID in SNMPv3 traps |
|
ADI crashes on FTD due to both FMC ADIs going unmuted |
|
FTD syslog-over-TLS allowing too many curves in CC mode |
|
FPR9K-SM-56 module intermittently lock up and cause traffic impact. |
|
Bind ESP to VTI Tunnel Source Interface To Avoid Additional Route-Lookup Post Encryption |
|
FTD reload with traceback on swapcontext function |
|
Can't delete IPS policy when Workflow Mode is enabled |
|
Radius user ssh login fails with error: username is not defined with a service type that is valid |
|
Graceful restart flag in FTD OPEN message set to 0 when power is lost |
|
FMC unnecessary sending "network-service reload" to FTD on every deployment regardless of change |
|
FMC : OSPF setting screen cannot be opened in FMC English UI |
|
False alerts of FMC HA in degraded sync state |
|
FMC backup failed while cfgdb dump after upgrading FMC to 7.4.2.1 |
|
Snort3 traceback and reload during user identity reload |
|
Last synchronization time in the FMC HA page shows 'Data unavailable' in language other than English |
|
Snort3 traceback and reload with stale pointer |
|
Stale Snort3 stream inspector flow stash after flow data is cleared |
|
External authentication radius SSH login failure with FXOS version 2.14.1.186 |
Resolved Bugs in Version 7.4.2.1
Table last updated: 2025-03-03
Bug ID |
Headline |
---|---|
Time sync status and error message do not elaborate NTP server rejection case |
|
Cisco ASA and FTD Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability |
|
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
|
FTW no longer working in NM3 on Warwick |
|
Cisco ASA and FTD NSG Access Control List Bypass Vulnerability |
|
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability |
|
Cisco ASA and FTD VPN Web Client Services Cross-Site Scripting Vulnerabilities |
|
Cisco Secure Firewall Management Center Software Command Injection Vulnerability |
|
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability |
|
TLS Handshake Fails if Fragmented Client Hello Packet is Received Out of Order |
|
FMC on upgrade results in FTDv losing its performance tier |
|
Snort2 SSL decryption with known key fails on Chrome v124 and above. |
|
Snort2 - SSL decryption failing and some websites not loading on Chrome v124+ |
|
ENH: Add application support for blocking consecutive AAA failures on LINA |
|
CDO: Chassis onboarding to CDO is failing with hostname |
|
Cisco Firepower Management Center SQL Injection Vulnerability |
|
SGT INLINE-TAG added after upgrade to 7.4.x |
|
Cisco FTD for Cisco Firepower 2100 Series TCP UDP Snort 2 and Snort 3 DoS Vulnerability |
|
Cisco ASA and FTD Software Remote Access VPN Denial of Service Vulnerability |
|
ASA might traceback and reload due to ssh/client hitting a null pointer while using SCP. |
|
NTP is not synchronising when using SHA-1 authentication |
|
FXOS upgrade failure due to insufficient free space in /mnt/pss (isan.log consumes most of space) |
|
DAP policies not working with attribute TRUE/FALSE |
|
Cisco Adaptive Security Appliance and Firepower Threat Defense TLS Denial of Service Vulnerability |
|
Traffic outage due to 9k block depletion (tcpmod proc) observed on FPR 3100 (HA) |
|
Unable to create MI FTD in TPK chassis |
|
Configure External Storage fails second time with same backup profile |
|
FTD: Username missing in syslog message ID 302013 after upgrade to 7.4.1 |
|
Snort AppID incorrectly identifies SSH traffic as Unknown |
|
CSF 3100 series not rebooting after power outage, requiring manual power cycle |
|
FTD - Â Multi-Instance, docker0 interface overlap with private network 172.17.0.0/16 |
|
FMC4700 displays premature fan speed alerts |
|
After FMC upgrade results in standby FTDv losing its performance tier for FTD HA |
|
Crash handler notification for snort3 failure not being sent in MI setup. |
|
Cisco Adaptive Security Appliance Software SSH Server Resource DoS Vulnerability |
Resolved Bugs in Version 7.4.2
Table last updated: 2024-07-31
Bug ID |
Headline |
---|---|
FMC HA synchronisation task failures should generate alarms |
|
Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense |
|
FXOS does not retry NTP sync with servers |
|
IKEv2 debugs: Received Policies and Expected Policies are empty |
|
Cisco ASA and FTD Software RSA Private Key Leak Vulnerability |
|
Prevention of RSA private key leaks regardless of root cause. |
|
mgmt interface taking long time to come up and causing cluster registration issues |
|
Deleting a routed mode Etherchannel interface changes member interfaces to switch port mode |
|
FMC 7.0.2 Deployment error message is irrelevant | Deployment Failed due to configuration error |
|
Unnecessary FAN error logs needs to be removed from thermal file |
|
ssl policy errors: Unable to get server certificate's internal cached status |
|
ASA traceback and reload on Datapath process |
|
Device Management Applied Policies Widget Defaulting to classic theme when editting |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
ENH: Combine firmware bundle packages into FXOS MIO update packages |
|
ASA/FTD: Improve GTP Inspection Logging |
|
ASA/FTD: GTP Inspection engine serviceability |
|
Classic and Unified Events should handle cases when SMC is unreachable |
|
FTD: CLISH slowness due to command execution locking LINA prompt |
|
Cisco-Intelligence-Feed - Failed to download due to timeout |
|
Consul and Consul Enterprise allowed an authenticated user with service: |
|
Snort3 is crashing frequently on cd_pdts.so |
|
Deployment fails to FTD when reusing/reassigning existing vlan id to diff interface |
|
Cannot copy rules from one policy to another policy using the new AC policy UI |
|
ASA/FTD Cluster: Change "cluster replication delay" with max value increase from 15 to 50 sec |
|
FTD: ADI.conf - send_s2s_vpn_events is set to 0, even after applying s2s vpn health policy |
|
HashiCorp Vault's implementation of Shamir's secret sharing used precomp |
|
FMC deploy logs rotating faster because of /internal_rest_api/accesscontrol/rapplicationsavailable |
|
Error loading data in NAT page - When unused port object is used |
|
AC policy change is not reflected in instance page on edit |
|
Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used |
|
show version system prints errors about PM_Control.sock |
|
Identity Policy Active auth snort3 redirect hostname doesn't list all FQDN objects\u0009 |
|
Failing to dowload FTD image via SAML SSO login |
|
ASA - The GTP inspection dropped the message 'Delete PDP Context Response' due to an invalid TEID=0 |
|
ASA/FTD traceback and reload on thread DATAPATH |
|
Management UI presents self-signed cert rather than custom CA signed one after upgrade |
|
Incorrect exit interface choose for VTI traffic next-hop |
|
SNMP is not working on the primary active ASA unit in multi-context environment |
|
ASA crashed with Saml scenarios |
|
FXOS: Remove enforcement of blades going into degraded state after multiple DIMM correctable errors |
|
ASA: Traceback and reload when switching from single to multiple mode |
|
snort3 crashes observed due to memory corruption in file api |
|
ASA/FTD: 1 Second failover delay for each NLP NAT rule |
|
Getting an exception on the UI while editing and saving the intrusion policy |
|
Extensive logging for a problematic deployment caused logs to rollover important logs |
|
Strong Encryption license is not getting applied to ASA firewalls in HA. |
|
FTD/ASA traceback and reload may occur when ssl packet debugs are enabled |
|
Save button disabled when updating ZTNA policy |
|
ASA/FTD may traceback and reload in Thread Name 'dns_cache_timer' |
|
Vulnerabilities in linux-kernel 5.10.79 CVE-2023-3111 and others |
|
Message asa_log_client exited 1 time(s) seen multiple times |
|
The html/template package does not apply the proper rules for handling o |
|
Improve CPU utilization in ssl inspection for supported signature algorithm handling |
|
FMC Deployment failure in csm_snapshot_error |
|
ASA does not sent 'warmstart' snmp trap |
|
FMC Deployment failed due to internal errors after upgrade |
|
LINA would randomly generate a traceback and reload on FPR-1K |
|
NAT pool is not working properly despite is not reaching the 32k object ID limit. |
|
FDM: Allow turn on/off GSP mempool polling via Flexconfig |
|
FTD Upgrade from 6.6.5 to 7.2.5 removing OGS causing rule expansion on boot |
|
LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file) |
|
Firepower WCCP router-id changes randomly when VRFs are configured |
|
WM DT - ASA in transparent mode doesn't send equal IPv6 Router Advertisement packets to all nodes |
|
A flaw was found in QEMU. The async nature of hot-unplug enables a rac |
|
ENH: FMC - Ability to Filter Security Zone in Interface Drop Down Selection |
|
ASA traceback under match_partial_keyword during CPU profiling |
|
Reload takes forever when reload command is issued on the lina prompt when devices are on HA |
|
FMC Primary disk degraded error |
|
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a |
|
No error message is given when deleting object referred in new object created in another ticket |
|
ASA/FTD HA pair EIGRP routes getting flushed after failover |
|
ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing |
|
Cannot configure Correlation rule because there are no values for GID that exceed 2000 |
|
In FPR4200/FPR3100-cluster observed core file ?core.lina? observed on device reboot. |
|
Disconnecting RA VPN users from the FMC gui fails. |
|
Backup restore: silent failure when the device managed locally |
|
FTD: Internal certificate generation results to certificate and private key mismatch |
|
Need ability to configure SSH public key auth without using root shell |
|
FMC plain-text passwords for radius server and certificate passphrase |
|
FTD: Traceback in threadname cli_xml_request_process |
|
crypto_archive file generated after the software upgrade. |
|
Random FTD snort3 traceback |
|
Last Rule hit shows a hex value ahead of current time in ASA and ASDM |
|
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i |
|
Init process spikes to 100% CPU usage after a failed backup |
|
Unexpected traceback on thread name Lina and device experienced reboot |
|
GTP connections, under certain circumstances do not get cleared on issuing clear conn. |
|
Datapath hogs causing clustering units to get kicked out of the cluster |
|
Management DNS Servers may be unreacheable if data interface is used as the gateway |
|
syslog not generated "ASA-3-202010: NAT pool exhausted" while passing traffic from iLinux to oLinux |
|
ASA/FTD may traceback and reload in Thread Name 'DATAPATH-34-17852' |
|
Event search with URL object ${example} is displaying no results |
|
FTD VMWare tracebacks at PTHREAD-3587 |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
Connection drops during file transfers due to HeartBeat failures |
|
Thirty-day automatic upgrade revert-info deletion is not resilient to communication failures |
|
FMC clean_revert_backup script fails silently without creating any logs |
|
FTD sends multiple replicated NetFlow records for the same flow event |
|
SSX Eventing continues to go to old tenant upon FTD migration to CDO. |
|
FTD 1120 standby sudden reboot |
|
SNMP Unresponsive when snmp-server host specified |
|
Traceback on FP2140 without any trigger point. |
|
Daily Change Reconciliation Report Randomly Generating Reports with the same time periods |
|
FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh |
|
Certificate Encoding Issue when using AnyConnect cert Authentication/Authorisation |
|
ASA/FTD traceback and reload on thread DATAPATH |
|
FMC backup fails with "Registration Blocking" failure caused by DCCSM issues |
|
FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers |
|
HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023 - Golang |
|
ASA cluster traceback Thread Name: DATAPATH-8-17824 |
|
Debug messages seen on console on executing show tech-support fprm detail |
|
Hardware bypass not working as expected in FP3140 |
|
Source of the VTI interface is getting empty |
|
ASA/FTD - may traceback and reload in Thread Name 'Unicorn Proxy Thread' |
|
ASA traceback and reload during ACL configuration modification |
|
FMC does not generate email health notifications for Database Integrity Check failures. |
|
CP Session Handling for per site auth is inaccurate for Cluster break and join scenarios |
|
Error Text is repeated twice for Interface config if pool range is less than Cluster Nodes plus 1 |
|
Firewall traceback and reload due to SSH thread |
|
FMC-4600: Pre-Filter policy is showing as none |
|
ASA/FTD may traceback and reload in Thread Name 'DATAPATH-13-6022' |
|
Fail open snort-down is off in inline pairs despite it being enabled and deployed from FMC |
|
VPN load-balancing cluster encryption using Phase 2 deprecated ciphers |
|
ASA/FTD may traceback and reload in Thread Name 'lina' due to a watchdog in 9.16.3.23 code |
|
ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling |
|
FTD with may traceback in data-path during deployment when enabling TAP mode |
|
FailSafe admin password is not properly sync'd with system context enable pw |
|
HA CP clients statistics doesn't show actual Tx/Rx and Reliable Tx/Rx |
|
Python 3.x through 3.10 has an open redirection vulnerability in lib/h |
|
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th |
|
An issue was discovered in the Linux kernel before 6.5.9, exploitable |
|
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` |
|
A heap out-of-bounds write vulnerability in the Linux kernel's Linux K |
|
Standby manager addition is failed on Primary FMC due to previous entries in table |
|
Stale HA transactions need to be moved to failed and subsequent HA transaction needs to be created |
|
Device/port-channel goes down with a core generated for portmanager |
|
In FIPS mode, External auth with TLS config enabled, CLI logins are not working (FMC & FTDs) |
|
FMC Analysis Vulnerabilities error "Unable to process this query. Please try the query again." |
|
ASA : Modifying a route-map in one context affects other contexts |
|
ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values |
|
Stale asp entry for TCP 443 remains on standby after changing default port |
|
User assigned to a read only custom role is not able to view content of intrusion policy for snort2 |
|
EIGRP migration failed using 'FlexConfig Policiies' script failed generating database corruption |
|
Cisco FXOS Software Link Layer Discovery Protocol Denial of Service Vulnerability |
|
Error Fetching Data in Exclude Policy Page when non permanent exclude periods are selected |
|
Deployment stuck on FMC when device goes down during deploy and doesn't boot up |
|
Alert: Decommission failed, reason: Internal error is not cleared from FCM or CLI after acknowledge |
|
file-extracts.logs are not recognised by the diskmanager leading to High disk space |
|
cdFMC: Table View of Rule Update Import Log UI is throwing error, unable to check SRU update log |
|
PSU fan shows critical in show environment output while operating normally |
|
FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions |
|
ASA/FTD: SSL VPN Second Factor Fields Disappear |
|
Username-from-certificate secondary attribute is not extracted if the first attribute is missing |
|
ipv6 table flush exception when cli_firstboot installs bootstrap configuration multi instance |
|
ASA: Snmpwalk shows "No Such Instance" for the OID ceSensorExtThresholdValue |
|
After importing AC policy, Realm is not present in UI causing validation error for Azure AD users |
|
Unable to SSH into FTD device using External authentication with Radius |
|
tls website decryption breaks with ERR_HTTP2_PROTOCOL_ERROR |
|
FTD Upgrade logs should contain the certificate name or files |
|
TLS1.3: core decode points to tls_trk_try_switch_to_bypass_aux() |
|
use kill tree function in SMA instead of SIGTERM |
|
Detailed logging related to reason behind sub-interfce admin state change during operations |
|
ASA/FTD traceback and reload due to file descriptor limit being exceeded |
|
Health Monitor Alerts set in Global are not sending alert from devices assigned in leaf domain |
|
Hostnames are replaced with IP addresses in alert email content |
|
Module name displayed in the alert got changed and it is differ from the one set in FMC |
|
FTD HA should not be created partially on FMC |
|
FDM deployment failure |
|
Policy Apply failed moving from FDM to FMC |
|
Hairpinning of DCE/RPC traffic during the suboptimal lookup |
|
Deployment fails on new AWS FTDv device with "no username admin" |
|
FTD HA Failure after SNORT crash. |
|
ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition |
|
Umbrella Profile and others cleared incorrectly when editing group policy in the UI |
|
MonetDB startup enhancement to clean up large files |
|
Radius traffic not passing after ASA upgrade 9.18.2 and above version. |
|
installing GeoDB country code package update to FMC does not automatically push updates to FTDs |
|
ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon |
|
Deployment fails if Network Discovery policy reference is missing from FMC Database |
|
ASA traceback and reload on Thread Name: DATAPATH |
|
GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152 |
|
FMC Validation failure for large object range and success for object network in NAT64 |
|
low memory/stress causing traceback in SNMP |
|
Monetdb having 14GB of unknown BAT data causing "High unmanaged disk usage on /Volume" |
|
Snort3 traceback with fqdn traffics |
|
ASA/FTD: DNS Load Balancing with SAML does not work with VPN Load Balancing |
|
ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP |
|
FTD drops double tagged BPDUs. |
|
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11. |
|
FTDv may traceback and reload in Thread Name 'PTHREAD-3744' when changing interface status |
|
API:/operational/commands not working as swagger indicate |
|
"Update file is corrupted" for "Download Latest Cisco Firepower Geolocation Database Update." in FMC |
|
ASA traceback and reload on Thread Name: pix_flash_config_thread |
|
Sftunnel DEBUG level not logged on FMC/FTD after running DEBUG script |
|
Update logs - SSP object serialization during HA |
|
A flaw was found in the 9p passthrough filesystem (9pfs) implementatio |
|
Before Go 1.20, the RSA based TLS key exchanges used the math/big libr |
|
ASA|FTD Traceback & reload in thread name Datapath |
|
Event Searching with Objects and Networks Leads to only showing events matching Objects |
|
Threat Defense Service Policy - Reset Connection Upon Timeout not working |
|
Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module |
|
Error while trying to push SNMP configuration using API |
|
Snort3 crash with race conditions |
|
Filtering the Malware Events table by IP address removes events which should remain in the results. |
|
Service object-group protocol type mismatch error seen while access-list referencing already |
|
Unable to Synch more then 100 environment-data with data unit |
|
SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1 |
|
Decryption policy page is empty if user that modified/created policy was deleted. |
|
413 Request Entity Too Large error due to cookies added by FMC/Amplitude |
|
ASA/FTD : Port-channels remain down on Firepower 1010 devices after upgrade |
|
7.4 - If policy save in progress deploy might indicate failure for only few devices |
|
The "show asp drop" command usage requires better updates for cluster-related drops |
|
Interface fragment queue may get stuck at 2/3 of fragment database size |
|
Readiness check failed on vFTD during upgrade from 741-172 to 760-1270 |
|
Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic |
|
ASA Traceback and reload on Thread Name "fover_parse" on Standby after Failover Group changes |
|
Internal error when attempting to configure PBR in FMC |
|
HMS process crash - "interface conversion: interface {} is nil, not map[string]interface {}" |
|
Blocking SMB traffic with reason "Blocked by the firewall preprocessor" |
|
Suppress "End of script output before headers" syslog on FXOS |
|
Multiple lina cores on 7.2.6 KP2110 managed by cdFMC |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
High disk usage caused by large write-ahead log in eventdb |
|
ZTNA: FMC doesn't accept IdP with local domain |
|
A malicious HTTP sender can use chunk extensions to cause a receiver r |
|
strongSwan before 5.9.12 has a buffer overflow and possible unauthenti |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us |
|
Debugs failed to be enabled on SSH session |
|
The SSH transport protocol with certain OpenSSH extensions, found in ... (CVE-2023-48795) |
|
ASA/FTD Traceback and reload related to SSL/DTLS traffic processing |
|
SFDataCorrelator timeout thread deadlock detection core on busy FMC |
|
Threat Defense Upgrade wizard might incorrectly show clusters/HAs as disabled |
|
Null pointer dereference in SNMP that results in traceback and reload |
|
ASA/FTD may traceback and reload in Thread Name "appAgent_monitor_nd_thread" & Rip: _lina_assert. |
|
MonetDB memory usage grows slowly over time |
|
traceback and reload around function HA |
|
Correlation policy not work when condition of the rule is "Intrusion Policy" is XXX |
|
DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT. |
|
Lina traceback on RAVPN connection after enabling webvpn debug |
|
WARN msg(speed not compatible, suspended) while creating port-channel on Victoria CE |
|
The report doesn't include "Default Variables" information after change "Variable Sets" name |
|
ASA/FTD may traceback and reload in Thread Name 'webvpn_task' |
|
FMC: Packet-tracer showing a "Interface not supported" error for VLAN interfaces |
|
Devices might change status to "missing the upgrade package" after Readiness Check is initiated |
|
FMC configured DAP rule with Azure IDP SAML attributes does not match |
|
Product Upgrades page: Download action creates a lot of "uninitialized value" error messages in log |
|
A heap out-of-bounds write vulnerability in the Linux kernel's Perform |
|
A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon |
|
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie |
|
During FMC hardware migration failure encountered due to missing prometheus directories |
|
Continuous snmpd restarts observed if SNMP host is configured before the IP is configured |
|
ASA/FTD: Memory leak caused by Failover not freeing dnscrypt key cache due to unsyned umbrella flow |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
upgrade of FMC to 7.2.x removes FlexConfig-provided EIGRP authentication from interfaces on FTDs |
|
Intermittent Packet Losses When VTI Is Sourced From Loopback |
|
Firewall is in App Sync error in pseudo-standby mode and uses IPs from Active unit |
|
standard error (stderr) not inserted into restore.log when restoring FMC backups |
|
Download failed for Available Upgrade Packages |
|
"Stream: TCP normalization error in NO_TIMESTAMP" is seen when SSL Policy decrypt all is used |
|
Unable to delete custom DNS Server Group Object post upgrade 7.2.x |
|
FTD: Improve or optimize LSP package verification logic to run it faster |
|
ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA |
|
Configuring MTU value via CLI does not apply |
|
Standby FTD experiencing periodic traceback and reload |
|
Memory exhaustion due to absence of freeing up mechanism for tmatch |
|
Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently |
|
FP2100/FP1000: ASA Smart licenses lost after reload |
|
ASDM connection lost issue is observed in ASAv device due to config issue |
|
It was discovered that when exec'ing from a non-leader thread, armed P |
|
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL |
|
An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Tra |
|
41xx/93xx : Update CiscoSSH (Chassis Manager FXOS) to address CVE-2023-48795 |
|
tds-cloud-events.json getting updated from both cdFMCs (ftd migration from 1 tenant to another) |
|
FDM deployment fails with error "Some interfaces have been added to or removed from the device" |
|
IKEv2 client services is not getting enabled - XML profile is not downloaded |
|
FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy |
|
some ssh sessions not timing out, leading to ssh and console unable to connect to the FXOS CLI |
|
FMC: Add logging for PM functions |
|
Policy Deployment Fails when removing the Umbrella DNS Policy from Security Intelligence |
|
FMC API Call for Network Object Overrides Returns Different Results for Active vs Standby FW |
|
Incorrect Timezone Format on FTD When Configured via FXOS |
|
Snort stripping packet information and injects its packet with 0 bytes data |
|
singlevar in lparser.c in Lua from (including) 5.4.0 up to 5.4.4 |
|
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to ... |
|
HTTP/HTTPS detection for application needs to fail it's detection earlier |
|
ACP page goes blank or error thrown if one of the ACP rules has user created app filter |
|
MonetDB Monitor triggers for restarting MonetDB based on WAL size are not effective |
|
ASA CLI hangs with 'show run' on multiple SSH |
|
Incorrect Variable set in derived policy when derived policy is same as default. |
|
Upgrade Failed with error "Upgrade failed because of undeployed changes present on the device" |
|
TLS Server Identify: 'show asp table socket' output shows multiple TLS_TRK entries |
|
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super |
|
External Radius authentication fails post upgrade if radius key includes special characters |
|
SFData correlator keep terminating on FTDs configured for IDS |
|
Traceback and reload on Primary unit while running debugs over the SSH session |
|
Every realm sync indicates an access control policy change |
|
Cisco ASA and FTD Software Command Injection Vulnerability |
|
FTD/ASA system clock resets to year 2023 |
|
Access to website via Clientless SSL VPN Fails |
|
ASA SNMP Polling Failure for environmental FXOS DME MIB (.1.3.6.1.4.1.9.9.826.2) |
|
Heap-use-after-free in Discovery Filter on Snort shutdown |
|
7.2 - Deployment doesn't timeout, runs for hours after LSP install |
|
Check metadata cache size when generating retrospective events |
|
A flaw was found in the networking subsystem of the Linux kernel withi |
|
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner |
|
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab |
|
"crypto ikev2 limit queue sa_init" resets after reboot |
|
FTD: Hostname Missing from Syslog Message |
|
FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average |
|
SSH/SNMP connections to non-admin contexts fail after software upgrade |
|
Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall. |
|
ASA traceback and reload after configuring capture on nlp_int_tap and deleting context |
|
FTD traceback assert in vni_idb_get_mode and reloaded |
|
Tomcat restarts in the middle of the LTP flow due to certificate update |
|
Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability |
|
Policy deployment failure rollback didnt reconfigure the FTD devices |
|
FMC: Multiple Email address in Email Alert not working |
|
Snort process spamming syslog-ng messages so our on KP platform syslog-ng is being killed |
|
Backup failures needs to be displayed with the correct state on GUI |
|
ASA Checkheaps traceback while entering same engineID twice |
|
Backup generation on FDM fails with the error "Unable to backup Legacy data." |
|
pmtool restart of monetdb fails to bring up monetdb, too many files in monetdb Volume directory |
|
SFDataCorrelator creates huge numbers of to_import files when MonetDB table partition creation fails |
|
FMC : Health Monitor Alert is not properly issued regarding disk usage |
|
vFMC25 OCI to vFMC300 OCI migration failed 'Migration from Y to a is not allowed.' |
|
In Spoke dual ISP case if ISP2 is down, VTI tunnels related to ISP1 flapping. |
|
ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion |
|
FMC Server Certificate shows Only First 20 Objects |
|
ASA upgrade from 9.16 to 9.18 causing change in AAA ldap attribute values by adding extra slash '\' |
|
"pmtool restartbyid <invalid id>" should give some indication of error |
|
Deployment failure due to exceeding logging event list name size |
|
libuv is a multi-platform support library with a focus on asynchronous |
|
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1 |
|
FMC: fireamp generating too many logs |
|
FTD: HostScan scanning results not processed in version 7.4.1 |
|
cdFMC Multiple health monitor widgets throwing Error while fetching data |
|
Upload files through Clientless portal is not working as expected after the ASA upgrade |
|
BBManager text based search - lucene |
|
User not entitled for packet captures, is still able to open it from the Device Management |
|
Unable to remove suppression from snort3 rule once added |
|
FP 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU) |
|
In Snort 3 policy editor, selecting a Rule Action of \u201cRule Action\u201d causes UI to spin indefinitely |
|
The secondary device reloaded while rebooting the primary device. |
|
Cisco ASA and FTD Software Web Services Denial of Service Vulnerability |
|
Bailout when lina_io_write fails persistent with EPIPE errno. |
|
Never expiring machine user not logged out at various places |
|
Policy cache cleanup thread should cleanup any cache that is left open for a logged out session |
|
Crypto IPSEC SA Output Showing NO SA ERROR With IPSEC Offload Enabled |
|
fpr1k/2k/3k/4200:Need ability to configure SSH public key auth without using root shell |
|
FMC: Upgrade fails at "800_post/991_update_scheduled_tasks.pl" |
|
SAML: Single sign-on AnyConnect token verification failure is seen after successful authentication |
|
Page getting expaned while getting continuous task notifications |
|
FP2110: When Leaving On-Box (FDM) Mode Platform API Fails |
|
Issues with FMC Deployment preview (Advanced Preview) |
|
PM restart needs to be blocked or warned the user that it may go for reboot |
|
FMC - Inheritance Settings Select Base Policy Menu disappears while scrolling using Light or Dusk UI |
|
In Object page able to delete and create system provided object |
|
Object optimisation gets disabled on FMC if next deployment is after two hours |
|
FTD - Trace back and reload due to NAT involving fqdn objects |
|
ASA: Warning messages not displayed when Static interface NAT are configured |
|
FTDv reloads and generate backtrace after push EIGRP config |
|
FTD with Interface object optimization enabled is blocking traffic after renaming of zone names |
|
Active unit goes to disabled state when there is a mismatch in firewall mode |
|
Lina traceback and reload due to mps_hash_memory pointing to null hash table |
|
After upgrading the ASA, \u201cSlot 1: ATA Compact Flash memory\u201d shows a ditterent value |
|
extra file check is not reporting with pmtool SecureLSP lsp-rel-xxx command |
|
LSP Deployment fails in multi instance FP 41xx / 93xx |
|
Rabbitmq queues on FMC vHost may not be cleaned up after element removal |
|
CCM ID 68 - LTS21 - CISCO_LTS21_R2160 release branch |
|
FTD/ASA : CSR generation with comma between \u201cCompany Name\u201d attribute does not work expected |
|
FMC shows a non-User-Friendly Error during a Policy Deployment failure due to snapshot failure |
|
Rest API '/devices/devicerecords' is returning mismatch of values for (RA VPN) policy object id |
|
Identity Mapping Filter field gets updated with newly created network objects. |
|
Lina contains outdated libexpat source code |
|
Snort3: SQL traffic failure after upgrade due to large invalid sequence numbers and invalid ACKs |
|
Health Policy Configuration - Unable to remove device from the policy |
|
SFDataCorrelator memory leak after unregistering an active device |
|
3140 3 MI instances upgrade failed |
|
Addition of debugs & a show command to capture the ID usage in the CTS SXP flow. |
|
TLS Secure Client sessions cannot be established on ASA 9.19 and 9.20 |
|
Clientless VPN users are unable to reach pages with HTTP Basic Authentication |
|
ASA/FTD may traceback and reload while handling DTLS traffic |
|
Snort3 event PCAPs contain only header data when decrypting HTTP/2 |
|
IKEv2 tunnels flap due to fragmentation and throttling caused by multiple ciphers/proposal |
|
ASA/FTD Cluster memory exhaustion caused by NAT process during release of port blocks allocations |
|
Command to show counters for access-policy filtered with a source IP address gives incorrect result |
|
Multiple context interfaces fail to pass traffic |
|
rsync is not happening to standby unit when perform oob changes in active unit. |
|
ASA traceback with thread name SSH |
|
High latency observed on FPR3120 |
|
SFDataCorrelator memory growth when pruning a huge number of old service identities |
|
Unable to approve ticket due to monitored int in HA and getting Error to contact Cisco Support. |
|
FMC 7.3 Deployment failed due to OOM in PBR Configuration |
|
Backups fail on multi-instance with error "Backup died unexpectedly" |
|
Additional memory tracking in SFDataCorrelator |
|
ASA/FTD may traceback in Threadname: **CTM KC FPGA stats handler** |
|
FTD-HA creation is failing because FMC takes longer time to save overrides. |
|
FTD-HA upgrade fails to start - Configuration is out of sync between active and standby |
|
CCM ID LTS21-100 with RCPL21 update |
|
SNMP poll for some OIDs may cause CPU hogs and high latency can be observed for ICMP packets |
|
when set the route-map in route RIP on FTD, routes update is not working after FTD reload |
|
Stale Health Alerts seen on the UMS after model migration |
|
ASA traceback and reload when accessing file system from ASDM |
|
SFDataCorrelator high memory usage when restart with large network map hosts |
|
4200s have high UDP latency at low packet rates. |
|
Crypto IPSEC Negotiation Failing At "Failed to compute a hash value" |
|
SSE connection events, FirewallRuleList field is not sent in proper format |
|
All IPV6 BGP routes configured in device flapping |
|
Snort creating too many snort-unified log files when frequent policy deploys |
|
Large write-ahead log may leave monetdb in disabled state |
|
FMC backup remote server copy to Solar Winds remote server failing after upgrading to 7.x versions. |
|
Radius secret key of over 14 characters for external authentication does not get deployed (FPR3100) |
|
ASA/FTD: A delay in an async crypto command induces a traceback and subsequently a reload. |
|
FPR3K loses connectivity to FMC via mgmt data interface on reboot of FPR3K |
|
FDM1010E 7.4.1 unable to register to SA, getting "Invalid entitlement tag" |
|
False positive ISE bulk download alert error seen on FMC |
|
FMC REST API not sending 'deploymentStatus' Attribute |
|
ASA/FTD may traceback and reload in Thread Name 'lina' due to SCP/SSH process |
|
FMC only accepts a maximum of 30 characters for shared secret key when connecting to RADIUS server |
|
ASA/FTD may traceback and reload in Thread Name 'DATAPATH-1-16803' |
|
Error message spammed to console on Firepower 2100 devices while enabling SSH config |
|
Snort3: MSSQL query traffic corrupted by stream_tcp overlap handling causing SQL HY000 |
|
OGO changing the order of custom object group contents causing an outage at static NAT |
|
Snort3 crashes due to processing pdf tokenizer with no limits. |
|
cdFMC : Support for new regions in Aus and India |
|
Autodeployment failing on cdFMC v20240307 when onboarding a 1010 v7.2.5 |
|
New User activity page does not load because the VPN bytes in and out are long. |
|
Console Access Stuck for ASAv hosted in CSP after Upgrade to 9.18.3.56 |
|
FTD/ASA-HA configs not in sync as the command sync process is sending configs with special chars |
|
Default Hashing Algorithm is SHA1 for Firepower Chassis Manager Certificate on 4110 |
|
Snort dropping connections with reason blocked or blacklisted by the firewall preprocessor |
|
ASA - Bookmarks on the WebVPN portal are unreachable after successful login. |
|
ASA may traceback and reload in Thread Name 'DATAPATH-21-16432' |
|
SNMP OID for CPUTotal1min omits snort cpu cores entries when polled |
|
FTD LINA Traceback and Reload idfw_proc Thread |
|
Deployment fails on FTD HA while doing LINA ONLY DEPLOYMENT |
|
eStreamer memory leak when the FMC receives events from CDO-managed FTDs |
|
Access rule getting pushed with "deny tcp any any" on snort |
|
IP-SGT mappings on Lina-side are not being removed, when FMC pxGrid connection is disabled |
|
ASA/FTD may traceback and reload in Thread Name 'sdi_work' |
|
FPR might drop TLS1.3 connections when hybridized kyber cipher is enabled in web browser |
|
High LINA CPU observed due to NetFlow configuration |
|
net-snmp provides various tools relating to the Simple Network Managem |
|
net-snmp provides various tools relating to the Simple Network Managem |
|
net-snmp provides various tools relating to the Simple Network Managem |
|
net-snmp provides various tools relating to the Simple Network Managem |
|
net-snmp provides various tools relating to the Simple Network Managem |
|
net-snmp provides various tools relating to the Simple Network Managem |
|
HTTP Response splitting in multiple modules in Apache HTTP Server allows |
|
FTD HA: Traceback and reload in netsnmp_oid_compare_ll |
|
RAVPN: Failure to create SGT-IP mapping due to ID table exhaustion |
|
ASA after upgrade to 9.18.4.24 not able to save config with error: "Configuration line too long" |
|
Browser redirects to logon page when the user clicks the WebVPN bookmark |
|
FMC got deregistered from Smart License after upgrade |
|
Captive portal returns bad request for snort 2 for FMC 7.4.x , FTD version < 7.4 |
|
ASA/FTD may traceback and reload in Thread Name PTHREAD |
|
ASA CLI hangs with 'show run' with multiple ssh sessions |
|
"set ip next-hop" line deleted from config at reload if IP address is ma |
|
Clock skew between FXOS and Lina causes SAML assertion processing failure |
|
command to print the debug menu setting of service worker |
|
LSP downloads are not using the Web proxy, when configured. |
|
TCP Session Interrupted if Keep-Alive with 1 Byte is Received |
|
TLS Client Hello packet is dropped by snort |
|
cdFMC Fails to configure-geneve-encapsulation on interface |
|
Address SSP OpenSSH regreSSHion vulnerability |
|
Evaluation of ssp for OpenSSH regreSSHion vulnerability |
|
It was discovered that a nft object or expression could reference a nf |
|
An out-of-bounds access vulnerability involving netfilter was reported |
Resolved Bugs in Version 7.4.1.1
Table last updated: 2024-04-24
Bug ID |
Headline |
---|---|
HA CP clients statistics doesn't show actual Tx/Rx and Reliable Tx/Rx |
|
Readiness check failed on vFTD during upgrade from 741-172 to 760-1270 |
|
Blocking SMB traffic with reason "Blocked by the firewall preprocessor" |
|
Intermittent Packet Losses When VTI Is Sourced From Loopback |
|
Cisco ASA and FTD Software Command Injection Vulnerability |
|
Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability |
|
Cisco ASA and FTD Software Web Services Denial of Service Vulnerability |
|
SAML: Single sign-on AnyConnect token verification failure is seen after successful authentication |
Resolved Bugs in Version 7.4.1
Table last updated: 2025-02-25
Bug ID |
Headline |
---|---|
FMC should monitor only named interfaces on FTD |
|
FMC: critical processes can not boot up including vmsDBEngine |
|
ASA concatenates syslog event to other syslog event while sending to the syslog server |
|
Cores generated due to expected/graceful shutdown need to be cleaned up |
|
FMC fails to connect to SSM with error "Failed to send the message to the server" |
|
SNMPv3: Special characters used in FXOS SNMPv3 configuration causes authentication errors |
|
deployment failing with - Unable to load container |
|
BGP table not removing connected route when interface goes down |
|
IPTables.conf file is disappearing resulting in backup and restore failure. |
|
ERROR: Deleted IDB found in in-use queue - message misleading |
|
In some cases transition to lightweight proxy doesn't work for Do Not Decrypt flows |
|
ASA traceback and reload while allocating a new block for cluster keepalive packet |
|
FMC is pushing SLA monitor commands in an incorrect order causing deployment failure. |
|
"Number of interfaces on Active and Standby are not consistent" should trigger warning syslog |
|
Standby unit failed to join failover due to large config size. |
|
FTD with Inline TAP re-writes frame with wrong MAC Address leading to connectivity problems. |
|
LINA observed traceback on thread name "snmp_client_callback_thread" |
|
Unable to push extra domains >1024 Character, as part of Custom Attribute under Anyconnect VPN |
|
user-name from certificate feature does not work with SER option |
|
SNMPv3 polling may fail using privacy algorithms AES192/AES256 |
|
Disable NLP rules installation workaround after mgmt-access into NLP is enabled |
|
ENH: Support for snapshots of RX queues on InternalData interfaces when "Blocks free curr" goes low |
|
ASA Failover does not detect context mismatch before declaring joining node as "Standby ready" |
|
"SFDataCorrelator:Parser [ERROR] Syntax error" on FTD device |
|
ISA3000 in boot loop after powercycle |
|
ENH: Reduce latency in log_handler_file to reduce watchdog under scale or stress |
|
ASA/FTD: DF bit is being set on packets routed into VTI |
|
Unable to identify dynamic rate liming mechanism & not following msg limit per/sec at syslog server. |
|
When inbound packet contains SGT header, FPR2100 cannot distribute properly per 5 tuple |
|
[TPK 3105] Management through data interface not working |
|
FTD: IKEv2 tunnels flaps every 24 hours and crypto archives are generated |
|
ASA/FTD Traceback and reload caused by Smart Call Home process sch_dispatch_to_url |
|
snort3 crashinfo sometimes fails to collect all frames |
|
ASAv - 9344 Block not created automatically after enabling JumboFrames, breaks OSPF MD5 |
|
FW traceback in timer infra / netflow timer |
|
PBR not working on ASA routed mode with zone-members |
|
FMC GUI not displaying correct count of unused network objects |
|
RIP is advertising all connected Anyconnect users and not matching route-map for redistribution |
|
ASA/FTD traceback and reload due to the initiated capture from FMC |
|
Lina traceback and reload during EIGRP route update processing. |
|
ASA Traceback & reload in thread name: Datapath |
|
ASA/FTD traceback and reload on NAT related function nat_policy_find_location |
|
Network Object not visible after Flex migration and unable to save interface change in EIGRP->Setup |
|
We can't monitor the interface via "snmpwalk" once interface is removed from context. |
|
ASA/FTD failover pair traceback and reload due to connection replication race condition |
|
ASA graceful shut down when applying ACL's with forward reference feature and FIPS enabled. |
|
Unable to apply SSH settings to ASA version 9.16 or later |
|
cache and dump last 20 rmu request response packets in case failures/delays while reading registers |
|
Snort down due to missing lua files because of disabled application detectors (PM side) |
|
ASA/FTD may traceback and reload in Thread Name 'ssh' |
|
ASA/FTD may traceback and reload in Thread Name 'None' |
|
Interface internal data0/0 is up/up from cli but up/down from SNMP polling |
|
No-buffer drops on Internal Data interfaces despite little evidence of CPU hog |
|
ASA/FTD on FP1000 may reload during very heavy AnyConnect SSL VPN tunnel establishment |
|
AnyConnect SAML - Client Certificate Prompt incorrectly appears within External Browser |
|
Standby ASA goes to booting loop during configuration replication after upgrade to 9.16(3). |
|
User without password prompted to change password when logged in from SSH Client |
|
ASA/FTD may traceback and reload in Thread Name 'ci/console' |
|
FTDv Cluster unit not re-joining cluster with error msg "Failed to open NLP SSL listening socket" |
|
Temporary HA split-brain following upgrade or device reboot |
|
ASA/FTD - Traceback in Thread Name: appAgent_subscribe_nd_thread |
|
FTD: SNMP failures after upgrade to 7.0.2 |
|
ASA tracebacks after SFR was upgraded to 6.7.0.3 |
|
ASA traceback and reload when modifying DNS inspection policy via CSM or CLI |
|
Digitally signed ASDM image verification error on FPR3100 platforms |
|
FTD/ASA traceback and reload at at ../inspect/proxy.h:439 |
|
ASA - Restore not remove the new configuration for an interface setup after backup |
|
FMC M6 4700 10/25G - IP reachability Failed |
|
"show nat pool cluster" commands run within EEM scripts lead to traceback and reload |
|
ASA/FTD Voltage information is missing in the command "show environment" |
|
ASA/FTD may traceback and reload in Thread Name 'DATAPATH-20-7695' |
|
ASA/FTD can not parse UPN from SAN field of user's certificate |
|
AC SSLVPN with Certificate Authentication and DAP failure if client's machine cert has empty subject |
|
ASA/FTD traceback and reload on Thread id: 1637 |
|
ASA/FTD Traceback and Reload in Thread name Lina or Datatath |
|
Traceback and Reload while HA sync after upgrading and reloading. |
|
9344 Block leak due to fragmented GRE traffic over inline-set interface inner-flow processing |
|
MI hangs and not repsonding when FTD container instance is reloaded |
|
ASA Traceback and Reload on process name Lina |
|
Incorrect IF-MIB response when failover is configured on multiple contexts |
|
ASA: SLA debugs not showing up on VTY sessions |
|
NAT64 translates all IPv6 Address to 0.0.0.0/0 when object subnet 0.0.0.0 0.0.0.0 is used |
|
Snort leaking file descriptors with each u2 file created |
|
ASA traceback and reload due to "Heap memory corrupted at slib_malloc.c |
|
SSL AnyConnect access blocked after upgrade |
|
Lina Netflow sending permited events to Stealthwatch but they are block by snort afterwards |
|
ASA : HTTPS traffic authentication issue with Cut-through Proxy enabled |
|
FTD - Traceback and reload when performing IPv4 <> IPv6 NAT translations |
|
ASA/FTD may traceback and reload in Thread Name: fover_health_monitoring_thread |
|
ASA/FTD: GTP inspection causing 9344 sized blocks leak |
|
ASA HA - Restore in primary not remove new interface configuration done after backup |
|
ASA/FTD traceback and reload when ssh using username with nopassword keyword |
|
Inbound IPSEC SA stuck inactive - many inbound SPIs for one outbound SPI in "show crypto ipsec sa" |
|
SFDataCorrelator error: Table 'cfgdb.user_ioc_state' doesn't exist |
|
ASA/FTD 2100 platform traceback and reload when fragments are coalesced and sent to PDTS |
|
FTD - Traceback and reload on NAT IPv4<>IPv6 for UDP flow redirected over CCL link |
|
MPLS tagging removed by FTD |
|
FXOS-based Firepower platform showing 'no buffer' drops despite high values for RX ring watermarks |
|
ASA/FTD Cluster Split Brain due to NAT with "any" and Global IP/range matching broadcast IP |
|
ASA parser accepts incomplete network statement under OSPF process and is present in show run |
|
syslog related to failover is not outputted in FPR2140 |
|
IKEv2 rekey - Responding Invalid SPI for the new SPI received right after Create_Child_SA response |
|
ASA fails to rekey with IPSEC ERROR: Failed to allocate an outbound hardware context |
|
ASA/FTD OSPFv3 does not generate messages Type 8 LSA for IPv6 |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
vti hub with NAT-T enabled pinholes connections are looping and causing snort busy drops |
|
ASA/FTD may traceback and reload in Thread Name 'lina_inotify_file_monitor_thread' |
|
FTD/ASA "Write Standby" enables ECDSA ciphers causing AC SSLv3 handshake failure |
|
ASA/FTD Traceback and reload on function "snp_cluster_trans_allocb" |
|
TACACS Accounting includes an incorrect IPv6 address of the client |
|
Call home configuration on standby device is lost after reload |
|
ASA/FTD may traceback and reload in Thread Name 'DATAPATH-11-32591' |
|
FTD - Traceback in Thread Name: DATAPATH |
|
FTD may traceback and reload in Thread Name 'DATAPATH-0-4948' |
|
CGroups errors in ASA syslog after startup |
|
ASA/FTD may traceback and reload during ACL changes linked to PBR config |
|
During the deployment time, device got stuck processing the config request. |
|
"inspect snmp" config difference between active and standby |
|
ASA/FTD traceback and reload caused by SNMP process failure |
|
Traffic on data unit gets dropped with "LU allocate xlate failed" on GCP cluster with interface NAT |
|
Unable to configure 'match ip address' under route-map when using object-group in access list |
|
FTD Traceback and reload when applying long commands from FMC UI or CLISH |
|
ASA/FTD Traceback and reload in Threadname: IKE Daemon |
|
Valid DNS requests are being dropped by Lina DNS inspection when Umbrella DNS is configured |
|
ASA traceback and reload due to null pointer in Umbrella after modifying DNS inspection policy |
|
ASA 9.12(4)47 with user-statistics, will affects the "policy-server xxxx global" visibility. |
|
dvti hub core at ctm_sw_ipsec_cleanup_frags+394 |
|
Using write standby in a user context leaves secondary firewall license status in an invalid state |
|
Unable to establish DTLSv1.2 with FIPS enabled after upgrade from 6.6.5. |
|
ASA/FTD memory leak and tracebacks due to ctm_n5 resets |
|
Lina Traceback and reload when issuing 'debug menu fxos_parser 4' |
|
ESP rule missing in vpn-context may cause IPSec traffic drop |
|
traceback and reload due to tcp intercept stat in thread unicorn |
|
ISA3000 LACP channel member SFP port suspended after reload |
|
ASA/FTD may traceback and reload when clearing the configration due to "snp_clear_acl_log_flow_all" |
|
ifAdminStatus output is abnormal via snmp polling |
|
logging/syslog is impacted by SNMP traps and logging history |
|
FTD Traceback and reload |
|
ASA Custom login page is not working through webvpn after an upgrade |
|
Snort3 unexpectedly dropping packets after 4MB when using file inspection with detection mode NAP |
|
User/group download may fail if a different realm is changed and saved |
|
Unable to add on-board and netmod interfaces to the same port-channel on Firepower 3110 |
|
FTD traceback on Lina due to syslog component. |
|
ASA/FTD Cluster Traceback and Reload during node leave |
|
deployment fails for bad config with error unable load so rules |
|
25G CU SFPs not working in Brentwood 8x25G netmod |
|
cacert.pem on FMC expired and all the devices showing as disabled. |
|
Failover trigger due to Inspection engine in other unit has failed due to disk failure |
|
ASA might generate traceback in ikev2 process and reload |
|
ASA/FTD may traceback and reload in Thread Name 'ikev2_fo_event' |
|
ASA/FTD Traceback and Reload in Thread Name: pix_flash_config_thread |
|
GTP inspection drops packets for optional IE Header Length being too short |
|
ASA/FTD traceback due to block data corruption |
|
ASA/FTD: NAT configuration deployment failure |
|
ASA: Unable to connect AnyConnect Cert based Auth with "periodic-authentication certificate" enabled |
|
ASA/FTD High CPU in SNMP Notify Thread |
|
FTD in HA traceback multiple times after adding a BGP neighbour with prefix list. |
|
ISE Connection Monitor shows inaccurate alert status |
|
ASA/FTD SNMP traps enqueued when no SNMP trap server configured |
|
ASA/FTD Transactional Commit may result in mismatched rules and traffic loss |
|
Device should not move to Active state once Reboot is triggered |
|
No nameif during traffic causes the device traceback, lina core is generated. |
|
Lina traceback and reload - VPN parent channel (SAL) has an invalid underlying channel |
|
ASAv show crashinfo printing in loop continuously |
|
Management access over VPN not working when custom NAT is configured |
|
Cluster registration is failing because DATA_NODE isn't joining the cluster |
|
3130 HA assert: mh->mh_mem_pool > MEMPOOL_UNDEFINED && mh->mh_mem_pool < MEMPOOL_MAX_TYPE |
|
FTD: Traceback & reload in process name lina |
|
ASA/FTD: Command "no snmp-server enable oid mempool" enabled by default or enforced during upgrades |
|
Syslog 106016 is not rate-limited by default |
|
Serviceability Enhancement - Unable to parse payload are silently drop by ASA/FTD |
|
ASA traceback and reload due to DNS inspection |
|
PIM register packets are not sent to Rendezvous Point (RP) due to PIM tunnel interface down state |
|
Blade remains online for more than 600 secs after deleting Native logical device on 92.14.0 |
|
FMC: Script to change hostname/IP on FTD's when FMC's Ip/hostname is changed |
|
New AC Policy UI: ACP rule list takes a long time to load in case of large rule set |
|
256 / 1550 Block leak with TLS1.3 session |
|
Not able to ping Virtual IP of FTDv cluster |
|
FP2100: FXOS side changes for HA is not resilient to unexpected lacp process termination issue |
|
Deployment failure while configuring port-channels |
|
Multiple messages in a single packet are not handled correctly |
|
vFTD Platforms not tracking CPU/Memory metrics for Health Monitoring |
|
Saving capture with special characters fails to download - Error Timed out |
|
Cisco Firepower Management Center Object Group Access Control List Bypass Vulnerability |
|
FDM FPR2k Netmork module interfaces are greyed out post 7.1.0 update |
|
QEMU KVM console got stuck in "Booting the kernel" page |
|
internal.cloudapp.net_snort3 core file is generated on DST setup |
|
Fix Bootup Warning: Counter ID 'TLS13_DOWNSTREAM_CLIENT_CERTIFICATE_VERIFY' is too long |
|
Device API healthStatus for cluster devices not aligned with health status on device listing |
|
Snort3 stream core found init_tcp_packet_analysis |
|
Stratix5950 and ISA3000 LACP channel member SFP port suspended after reload |
|
Traffic fails in Azure ASAv Clustering after "timeout conn" seconds |
|
ASA: After upgrade cannot connect via ssh to interface |
|
Unable to register new devices to buildout FMC 2700 (FMC HA Active) |
|
ASA/FTD may traceback and reload after a reload with DHCPv6 configured |
|
FTD HA upgrade fails due to one unit starting upgrade before the other rejoins HA pair |
|
Identity network filter not removed from FTD |
|
Internal Error while editing PPPoE configurations |
|
Nodes randomly fail to join cluster due to internal clustering error |
|
FTD: HA crash and interfaces down on FPR4200 |
|
Secondary state flips between Ready & Failed when node is rebooted and mgmt interface is shutdown |
|
multimode-tmatch_df_hijack_walk traceback observed during shut/unshut on FO connected switch interfa |
|
IKEv2 Multi-DVTI Hub Support FTD/ASA |
|
Search is slow and semantic based searches are not working in new ACP UI |
|
Application management interface may be down causing management connectivity failures |
|
FMC-HA Sync loss for more then hr due to MariaDB replication is not in good state and recovered |
|
Configuring HTTP-proxy on active in a HA setup from UI does not replicate to standby in FDM |
|
Defunct mojo process in device listing page |
|
Azure FMC not accessible after upgrading from 7.3.0 to 7.4.0 |
|
Write wrapper around "kill" command to log who is calling it |
|
8x10Gb netmod fails to come online |
|
ASA/FTD - SNMP related memory leak behavior when snmp-server is not configured |
|
Azure D5v2 FTDv unable to send traffic - underruns and deplete DPDK buffers observed |
|
FTD registration failure due to empty channelStrings and missing HA_STATE file |
|
FPR 4115- primary unit lost all HA config after ftd HA upgrade |
|
Traffic drops with huge rule evaluation on snort |
|
dvti memory leak on mp_counter_alloc |
|
ASA/FTD may traceback and reload in Thread Name 'ci/console' when checking Geneve capture |
|
FTD: The upgrade was unsuccessful because the httpd process was not running |
|
Snort2 ENH: Use a common pattern matcher list for CN and SNI patterns in apps |
|
DBCheck error is unclear when monetdb is in a 'crashed' state |
|
The interface is deleted from interface group if the user change the name of it [API] |
|
Intrusion user not able to change intrusion action and File Policy |
|
v1_message* and abp* files & sxp bookmark are not cleaned in user_enforcement on device registration |
|
Unable to create MI HA after changing resource profile |
|
FMC search error: "Error Loading Data Search Service Please Try Again." |
|
EventHandler warnings if syslog facility is CONSOLE |
|
FTD may not reboot as expect post upgrade if bundled FXOS version is the same on old and new version |
|
Deleting a BVI in FTD interfaces is causing packet drops in other BVIs |
|
FMC: Domain creation fails with error "Index 'netmap_num' for table 'domain_control_info'" |
|
FMC: GEOLOCATION size is causing upgrade failures |
|
FTD upgrade from 7.0 to 7.2.x and traceback/reload due to management-access enabled |
|
FDM: Cannot create multiple RA-VPN profiles with different SAML servers that have the same SAML IDP\u2028 |
|
Protocol Down with lower CPU instances on ESXi 8 for ASAv and FTDv |
|
Umbrella DNS Policy Doesn't honor Multiple URLs entered into the Bypass Domain Field |
|
Memory leak in the MessageService |
|
Readiness Check Failed [ERROR] Fatal error: Enterprise Object integrity check failed with errors |
|
ASA/FTD: Revision of cluster event message "Health check detected that control left cluster" |
|
Create Identity Services Engine via API returns 404 Client Error: Not Found |
|
Upgrade readiness failed in WM FDM @009_check_snort_preproc.sh but upgrade to 7.3.1-19 passed |
|
Cluster hardening fixes |
|
KP Generating invalid core files which cannot be decoded 7.2.4-64 |
|
show xlate does not display xlate entries for internal interfaces (nlp_int_tap) after enabling ssh. |
|
FTD HA app-sync failure, due to corruption in cache files. |
|
add syslog ids the range 805003 ? 852002 for rate limit under fmc |
|
validation check on FMC GUI causing issue and throwing error when adding new NAT objects |
|
Connections not replicated to Standby FTD |
|
FTD Crash in Thead Name: CP Processing |
|
SNMPv3 polling may fail using privacy algorithms AES192/AES256 |
|
Cannot Force Break FTD HA Pair |
|
User Group Download fetches less data than available or fails with "Size limit exceeded" error |
|
FMC device search page removes FTD from the groups and put them back to ungrouped |
|
All the matching network object groups are not listed if the network objects are filtered by name |
|
FMCv on KVM does not recognize the platform/model correctly |
|
PortChannel sub-interfaces configured as data/data-sharing, in multi-instance HA go into "waiting" |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
asa_snmp.log is not rotated, resulting in large file size |
|
FMC/FTD Dynamic VPN. Possibility to choose default preshared key from the dropdown list. |
|
FTD: 10Gbps/full interfaces changed to 1Gbps/Auto after upgrade and going to down state |
|
Change color codes to represent processes in 'Waiting' state |
|
ASA/FTD: Traceback and reload due to high rate of SCTP traffic |
|
FMC UI response is very slow: Add health module monitoring FMC ntpd server(s) accessibility |
|
FTD readiness and upgrade passed with exception log as ProgressReport' has no attribute 'KB_UNIT' |
|
Unable to Access FMC GUI when using Certificate Authentication |
|
Phase 2 NAP delay seen in 7.0.1 while deploying policy |
|
KP - multimode: ASA traceback observed during HA node break and rejoin. |
|
FDM Deployment failure after VDB and SRU upgrade |
|
Connection events incorrectly show OVERSUBSCRIPTION flow message for passive interface traffic |
|
Health monitoring cores due to health alerts with more than 8 fields |
|
Cisco ASA & FTD SAML Authentication Bypass Vulnerability |
|
Platform Settings allowed Syslog to add TCP protocol with 514 port |
|
Observed ASA traceback and reload when performing hitless upgrade while VPN traffic running |
|
Snort3 cores seen in certain conditions with traffic |
|
ASAConfig multiple restarts are leaking 16K memory in every Restart leading to ZMQ Out Of Memory. |
|
Selective policy deploy with Identity Policy (captive-portal) and SSL Policy (dp-tcp-proxy) CLI |
|
snort3 - missing necessary counters for RNA statistics |
|
RRD files cannot be updated if the timestamp is ahead of time as a result of a system clock drift |
|
EventHandler occasional corrupt bundle record - SFDataCorrelator logs "Error deserializing" |
|
sfhassd process is not running after Revert from 7.4.0-1755 to 7.3.0-69 |
|
portmanager.sh outputing continuous bash warnings to log files |
|
3100 unit failed to join the cluster with error "configured object (sys/switch-A/slot-2) not found" |
|
FTD running on FP1000 series might drop packets on TLS flows after the "Client Hello" message. |
|
Cluster upgrade docs need more info on mixed-version clusters due to upgrade failure/reimage |
|
Setting heartbeat timeout to 6sec for Firepower 4100 and 9300 |
|
Cisco Firepower Threat Defense Software Encrypted Archive File Policy Bypass Vulnerability |
|
FMC Restore of remote backup fails due to no space left on the device |
|
If the user navigate to Packet Tracer from Device Mgmt page, the selected device is incorrect |
|
TPK 3110 - Firmware version MISMATCH after upgrade to 7.2.4-144 |
|
Deployments can cause certain RAVPN users mapping to get removed. |
|
Snort down due to missing lua files because of disabled application detectors (VDB side) |
|
getting wrong destination zone on traffic causing traffic to match wrong AC rule |
|
Very specific "vpn-idle-timeout" values cause continuous SSL session disconnects and reconnects |
|
getReadinessStatusTaskList pjb request is very frequent when user in Upgrade sensor list page |
|
HA Serviceability Enh: Maintain HA NLP client stats and HA CTL NLP counters for current App-sync |
|
ASDM replaces custom policy-map with default map on class inspect options at backup restore. |
|
node is leaving TPK cluster due to interface health check failure |
|
Firepower hotfixes should not be allowed to install when already installed previously |
|
Unable to edit name or inspection mode of intrusion policy |
|
DBCheck shouldn't run against MonetDB if user is collecting config backup alone |
|
Correlation rule 'Security Intelligence Category' option is missing DNS and URL values |
|
MYSQL, or any TCP high traffic, getting blocked by snort3, with snort-block as Drop-reason |
|
Network Object Group overrides not visible or be edited from FMC GUI |
|
Update Configuration State if sync is skipped |
|
Unable to change admin user password after FMC migration if it had LOM access |
|
FMC - Import SSL Certificate Pinning from a CSV file may result in a failure to deploy policy on FTD |
|
Device list takes longer to load while creating new AC policy |
|
High Disk Utilization and Performance issue due to large MariaDB Undo Logs |
|
User is not informed of the dependent IPS when policy import fails. |
|
KP: Cleanup/Reformat the second (MSP) disk on FTD reinstall |
|
Snort3 crash found during cleaning up a CHP object |
|
High CPU usage on multiple appliances incorrectly seen on FMC |
|
Cisco Adaptive Security Appliance Software and Firepower Threat Defense DoS |
|
Traffic may be impacted if TLS Server Identity probe timeout is too long |
|
The interface configuration is missing after the FTD upgrade |
|
access-list: Cannot mix different types of access lists. |
|
Change in syslog message ASA-3-202010 |
|
ASAv - High latency is experienced on Azure environment for ICMP ping packets while running snmpwalk |
|
FTD: High-Availability unit struck at CD App Sync error due to error ngfwManager restart on peer |
|
WINSCP and SFTP detectors do not work as expected |
|
ASA/FTD client IP missing from TACACS+ request in SSH authentication |
|
Improper load-balancing for traffic on ERSPAN interfaces on FPR 3100/4200 |
|
PSEQ (Power-Sequencer) firmware may not be upgraded with bundled FXOS upgrade |
|
deployment failure with Error-logging FMC MANAGER_VPN_EVENT_LIST |
|
S2S dashboard SVTI tunnel details are missing after upgrade |
|
Lina crash in thread name: cli_xml_request_process during FTD cluster upgrade |
|
ECMP + NAT for ipsec sessions support request for Firepower. |
|
99.20.1.16 lina crash on nat_remove_policy_from_np |
|
Traceback and reload on Thread DATAPATH-6-21369 and linked to generation of syslog message ID 202010 |
|
Snort3 matches SMTP_RESPONSE_OVERFLOW (IPS rule 124:3) when SMTPS hosts exchange certificates |
|
MariaDB Process in FMC should use jemalloc instead of glibc |
|
Remove Priority-queue command from FTD|| Priority-queue command causes silent egress packet drops |
|
store_*list_history.pl task is created every 5min without getting closed causing FMC slowness. |
|
DNS cache entry exhaustion leads to traceback |
|
2100 Reload due to internal links going down and NPU disconnection |
|
ASA SNMP polling not working and showing "Unable to honour this request now" on show commands |
|
ASA traceback and reload on Thread Name: DHCPRA Monitor |
|
Unable to delete custom rule group even when excluded from all the ips policies |
|
vFTD runs out of memory and goes to failed state |
|
ASA Traceback & reload on process name lina due to memory header validation |
|
FTD: HA App sync failure due to fover interface flap on standby unit |
|
"show route all summary" executed on transparent mode FTD is causing CLISH to become Sluggish. |
|
7.0.6 - Lina Crash in RAVPN interface with anomaly traffic in both non-FIPS and FIPS mode |
|
Failover: standby unit traceback and reload during modifying access-lists |
|
Firepower reloads unexpectedly with a traceback |
|
FTD Diskmanager.log is corrupt causing hm_du module to alert false high disk usage |
|
FTD taking longer than expected to form OSPF adjacencies after a failover switchover |
|
Units get kicked out of the cluster randomly due to HB miss | ASA 9.16.3.220 |
|
[IMS_7_4_0] FTD revert fails "The management state validation cannot be done, Cannot revert" |
|
vFMC: Scheduled deployment failing |
|
Correlation events for Connection Tracker <, <=, = or != rules show data for unrelated connections |
|
Snort Crash with SMB inspection traffic |
|
Firewall Traceback and reload due to SNMP thread |
|
FTD: Traceback and reload during OSPF redistribution process execution |
|
FMC not generating FTD S2S VPN alerts when down or idle |
|
Add meaningful logs when the maximums system limit rules are hit |
|
Dumping of last 20 rmu request response packets failed |
|
Health alert for significant difference of record numbers received with bulk download |
|
ASA removes the IKEv2 Remote PSK if the Key String ends with a backslash "\" after reload |
|
Duplicate FTD cluster has been created when multiple cluster events comes at same time |
|
Packet data is still dropped after upgrade |
|
False critical high CPU alerts for FTD device system cores running instantaneous high usage |
|
ASA: Checkheaps traceback and reload due to Clientless WebVPN |
|
azure vftd node traceback while loading multiple network-service objects during ns_reload. |
|
after HA break, selected list shows both the devices when 1 device selected for upgrade |
|
Critical Alert Smart Agent is not registered with Smart Licensing Cloud |
|
Snort3 core in navl seen during traffic flow |
|
Excessive logging of ssp-multi-instance-mode messages to /opt/cisco/platform/logs/messages |
|
Editing identity nat rule disables "perform route lookup" silently |
|
FTD: SNMP not working on management interface |
|
Snort2 engine is crashing after enabling TLS Server Identity Discovery feature |
|
Snort core while running IP Flow Statistics |
|
FMC displays VPN status as unknown even if the status is up if one of the peer is extranet |
|
Decrypting engine/ssl connections hang with PKI Interface Error seen |
|
WM RM - SFP port status of 9 follows port of state of SFP 10|11|12 |
|
When state-link is flapped HA state changed from Standby-ready to Bulk-sync without failover reason |
|
FMC pushes the "shutdown" command on the management interface for the logical device |
|
FPR 1010 - Switch ports in trunk mode may not pass vlan traffic after power loss or reboot |
|
ASA: ISA3000 does not respond to entPhySensorValue OID SNMP polls |
|
import of .SFO to FMC failed due to included local/custom rules having a blank rule message field |
|
ASA: Traceback and reload on Tread name "fover_FSM_thread" and ha_ntfy_prog_process_timer |
|
Cisco Firepower Management Center Software SQL Injection Vulnerability |
|
HA secondary unit disabled after reboot - Process Manager failed to secure LSP |
|
Deployment blocked due to port object with IP range max limit 131838 in NAT64 |
|
ECDSA Self-signed certificate using SHA384 for EC521 |
|
ASA|FTD: Traceback & reload due to a free buffer corruption |
|
Some Vault secrets including LDAP missing files after upgrade if the Vault token is corrupted |
|
FMC: Should not be able to add the same interface to the same ECMP zone |
|
FTD Lina traceback Thread Name: DATAPATH due to memory corruption |
|
"failover standby config-lock" config is lost after both HA units are reloaded simultaneously |
|
OSPFv3 Traffic is Centralized in Transparent Mode |
|
FMC: ACP Rule with UDP port 6081 is getting removed after subsequent deployment |
|
FTD /ngfw disk space full from Snort3 url db files |
|
Radius authentication stopped working after ASAv on AWS upgrade to any higher version than 9.18.2 |
|
Port-channel interface speed changes from 10G to 1G after a policy deployment |
|
Snort crash in active response |
|
ASA Traceback & reload on process name lina due to memory header validation - webvpn side fix |
|
ASDM application randomly exits/terminates with an alert message on multi-context setup |
|
ASA/FTD HA checkheaps crash where memory buffers are corrupted |
|
ASA omits port in host field of HTTP header of OCSP request if non-default port begins with 80 |
|
Interface speed mismatch in SNMP response using OID .1.3.6.1.2.1.2.2 |
|
ASA traceback on Lina process with FREEB and VPN functions |
|
FTDv/AWS - NTP clock offset between Lina and FTD cluster |
|
ASA/FTD: Traceback and reload due to NAT change and DVTI in use |
|
core-compressor fails due to core filename with white space |
|
ASA/FTD traceback and reload when invoking "show webvpn saml idp" CLI command |
|
Snort blacklisting traffic during deployment |
|
ASA/FTD may traceback and reload in Thread Name "RAND_DRBG_bytes" and CTM function on n5 platforms |
|
Encrypted Visibility Engine (EVE) FMC dashboard tab and widgets not renamed after 7.1 > 7.2+ upgrade |
|
ASA/FTD may traceback and reload in when changing capture buffer size |
|
File sizes larger than 100MB for AnyConnect/Secure Client images cannot be uploaded on FMC |
|
FTD events stopped being sent to FMC, EventHandler logs "publishing blocked" |
|
FTD 7.0.4 cluster drops Oracle's sqlnet packets due to tcp-not-syn |
|
SRU installation gets stuck at 602_log_package.pl script, causing deployment failure |
|
Lina crash in snp_fp_tcp_normalizer() when DAQ/Snort sends malformed L3 header |
|
Packet drop due to unexpected-packet drop reason if route to destination is missing in egress VRF |
|
Incorrect Hit count statistics on ASA Cluster only for Cluster-wide output |
|
Site-to-Site VPN tunnel status on FMC shows down even though it is UP from FTD side |
|
Include "show env tech" in FXOS FPRM troubleshoot |
|
ASA/FTD Cluster: Reuse of TCP Randomized Sequence number on two different conns with same 5 tuple |
|
The FMC preview deployment shows a wrong information. |
|
741 - HA & AppAgent - Long term solution for avoiding momentary split-brain situations |
|
ASA unexpected HA failover due to MIO blade heartbeat failure |
|
ASA traceback when re-configuring access-list |
|
LILO validation during Readiness Check missing |
|
sfdatacorrelator crashing due to table corruption 'rua_event_xxxxx' |
|
Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability |
|
PAC Key file missing on standby on reload |
|
SYSLOG UDP: One of syslog server is not getting the syslog message with userVRF |
|
FMC upgrade stuck at 1039_fmc_rabbitmq_enable |
|
'Frequent drain of events (not unprocessed events) to be removed from FMC |
|
FTD VMWare: High disk utilization on /dev/sda8 partition caused by file system corruption |
|
FMC userrole missing permissions may cause Tomcat to continuously restart after upgrade to 7.2.4 |
|
SQL packets involved in large query is drop by SNORT3 with reason snort-block |
|
Connections are not cleared after idle timeout when the interfaces are in inline mode. |
|
Deploy status is going to deployed right after starting deployment then going to deploying state |
|
While editing AC-policy rules, the rule order number becomes misaligned. |
|
Specific OID 1.3.6.1.2.1.25 should not be responding |
|
dl_task.pl tasks keep getting created every hour when a database query is blocked |
|
Firewall Blocking packets after failover due to IP <-> SGT mappings |
|
Syslog not updating when prefilter rule name changes |
|
FTD (FDM) fails when executing script 800_post/100_ftd_onbox_data_import.sh |
|
FMC FlexConfig re-orders objects after a single successful deployment |
|
FTD - Upgrade triggers persistent VPN Tunnel health monitor alarm |
|
Ping to the configured systemIP on management interface getting failed in cluster setup. |
|
ASA/FTD may traceback and reload in Thread Name 'ssh' when adding SNMPV3 config |
|
FTD - Traceback and reload due to nat rule removed by CPU core |
|
Enhancement for Lina copy operation for startup-config to backup-config.cfg in HA |
|
ASDM management-sessions quota reached due to HTTP sessions stuck in CLOSE_WAIT |
|
FTD not generating end of connection event after "Deleting Firewall session" |
|
DAP: FMC adds characters in a LUA script |
|
Removal of msie-proxy commands during flexconfig rollback |
|
Snort2:Skip writing malware seed file duing process shutdown |
|
FTD responding to UDP500 packet with a Mac Address of 0000.000.000 |
|
FMC7.2.x EIGRP flexconfig migration fails with internal error due to interface config mismatch |
|
FMC Restore is stuck in vault clear stage after mysql restore completed |
|
ASA "pager line 25" command doesn't work as expected on few terminal applications |
|
FTD hosted on KP incorrectly dropping decoded ESP packets if pre-filter action is analyze |
|
ASA traceback due to panic event during SNMP configuration |
|
Large file download failed due to hitting the max segment limit |
|
ASA/FTD: NAT64 error "overlaps with inside standby interface address" for Standalone ASA |
|
Cisco_Firepower_GEODB_FMC_Update* are not included in diskmanager |
|
FTD Block 9344 leak due to fragmented GRE traffic over inline-set interface inner-flow processing |
|
Configuration archive creation failing and causing deployment preview to throw error |
|
2100: Interfaces missing from FTD after removing interfaces as members of a port-channel |
|
Extended Access List Object does not allow IP range configuration |
|
ASA allows same BGP Dynamic routing process for Physical Data and management-only interfaces |
|
FTD: Failover/High Availability disabled with Mate version 0.0 is not compatible |
|
Avoid unnecessary DB operations when processing derived fingerprints |
|
"show aaa-server" command always shows the Average round trip time 0ms. |
|
ASA/FTD may traceback and reload while running show inventory |
|
4200 Series: Portchannel in cluster may stay down sometimes when LACP is in active mode |
|
AMP Cloud look up timeout frequently. |
|
FMC SSO timesout when user session is active for more than 1 hr (idle timeout) |
|
Initiator Country and Continent missing on Custom View on Event viewer |
|
ASA:Management access via IPSec tunnel is NOT working |
|
FMC does not verify certificate issued to FTD device, when TLS1.3 is used |
|
FMC HA : Redundant FTD registration task failing on secondary FMC when FTD is disconnected. |
|
FMC: query_engine.log Growing More Quickly Than Expected, Resulting In High Disk Utilization |
|
The FMC is showing "The password encryption key has not been set" alert for a 11xx/21xx/31xx device |
|
SFDataCorrelator crashing repeatedly in RNA_DB_InsertServiceInfo |
|
Devices with classic licenses are failed to register with FMC running version 7.2.X |
|
ASA/FTD traceback and reload with IPSec VPN, possibly involving upgrade |
|
SNORT3 - FTD - TSID high cpu, daq polling when ssl enabled is not pulling enough packets |
|
Source NAT Rule performing incorrect translation due to interface overload |
|
ASA/FTD may traceback and reload in Thread Name 'lina' while processing DAP data |
|
VPN Load Balancing Cluster IP address/host name is not on the same subnet as the public interface |
|
Fragmented UDP packet via MPLS tunnel reassemble fail |
|
Multicast through the box traffic causing high CPU with 1GBps traffic |
|
additional command outputs needed in FTD troubleshoot for blocks and ssl cache |
|
FMC HA: When logging into the standby FMC stacktraces are always present. |
|
Lina core at snp_nat_xlate_verify_magic.part and soft traces |
|
FTD SNMPv3 host configuration gets deleted from IPTABLES after adding host-group configuration |
|
Cannot use .k12 domain on realm AD Primary Domain configuration |
|
Fixing the regression caused while handling web UI is not getting FTDv Variable |
|
ASDM can not see log timestamp after enable logging timestamp on cli |
|
Configuring and unconfiguring "match ip address test" may lead to traceback |
|
sshd restarting during upgrade leading to have /new-root as default root partition |
|
Backup fails on migrated FMC |
|
Configuration to disable TLS1.3 |
|
Diskmanager process terminated unexpectedly |
|
Prefilter cannot add Tunnel Endpoints in Tunnel Rule on FMC |
|
ASA: Traceback and reload when restore configuration using CLI |
|
FTDvs through put got changed to 100Kbps after upgrade |
|
Timestamp entry missing for some syslog messages sent to syslog server |
|
Community string sent from router is not matching ASA |
|
ASA/FTD may traceback and reload due to watchdog time exceeding the default 15 seconds |
|
Secondary lost failover communication on Inside, using IPv6, but next testing of Inside passes |
|
FXOS : Duplication of NTP entry results in Error message : Unreachable Or Invalid Ntp Server |
|
Unable to create VRF via FDM in Firepower 3105 device |
|
Coverity 886745: OVERRUN in verify_generic_signature |
|
Error while saving RAVPN with LDAP attribute map containing entry without cisco attr mapping name |
|
Snort3 dropping IP protocol 51 |
|
Unexpected high values for DAQ outstanding counter |
|
FMC does not save changes made on access list. |
|
ASA: Traceback and reload when executing the command "show nat pool detail" on a cluster setup |
|
FMC should report user whether it supports or not while configuring remote storage |
|
ASA/FTD traceback and reload on process fsm_send_config_info_initiator |
|
SNMP fails to poll accurate hostname from FMC |
|
VTI tunnel goes down due to route change detected in VRF scenario |
|
Every HA sync attempts to disable URL filtering if already disabled. |
|
eStreamer JSON parse error and memory leak |
|
Snort is getting reloaded during deploy due to diff in timerange and nap conf contents in each run |
|
FTD unregisters the standby FMC immediately after a successful registration |
|
FDM Upgrade failure due to expired certificates. |
|
File copy via SCP using ciscossh stack fails with error "no such file or directory" |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
Import Fails for Policy Description having new line. |
|
ASA: Traceback and reload during tests of High number of traffic flows and syslog messages |
|
cdFMC : FTD Dashboard does not display any data for last 1 hour or 6 hours. |
|
SSX Eventing continues to go to old tenant upon FTD migration to CDO. |
|
Cross ifc access: Revert PING to old non-cross ifc behavior |
|
FMC missing validation for syslog port setting |
|
SFDataCorrelator logs "Killing MySQL connection" every minute, causing performance problems |
|
FMC/cdFMC increase API rate limit |
|
Node kicked out of cluster while enabling or disabling rule profiling |
|
Capture-traffic Clish command with snort3 not producing a proper resulting capture |
|
Cisco ASA and FTD Software Inactive-to-Active ACL Bypass Vulnerability |
|
ASA dropping IPSEC traffic incorrectly when "ip verify reverse-path" is configured |
|
VPN and certificate configuration is cleared after the deployment - Regression of CSCwh29167 |
|
LINA would randomly generate a traceback and reload on FPR-1K |
|
OSPF Redistribution route-map with prefix-list not working after upgrade |
|
Classic licenses needs to be manually added after registering to license during migration/RMA |
|
Run All function on FMC Health Monitoring page is greyed out after upgrade |
|
FMC Model migration document doesn't have the roll-back steps if they hit failures |
|
FMC - Syslog overide in ACP always sent via Management interface |
|
Port Configuration Error in M6 FMC Documentation for Eth3 and Eth2 on FMC1700,FMC2700,FMC4700 Models |
|
FTD Registration fails if Management interface has the same IP as Data Interface |
|
FMC: FTD Subinterface SGT Propagation Default change to disabled |
|
Snort AppID incorrectly identifies SSH traffic as Unknown |
|
Onboarding on-prem FMC to CDO using SecureX fails due to User Authentication Failed error |
|
DOC: Update the Deploy Virtual Auto Scale Solution using GWLB on AWS Guide |
|
Connection been logged for rules with no logging enabled |
|
snort2 instances restart unexpectedly with OOM during policy deployment |
Resolved Bugs in Version 7.4.0
Table last updated: 2025-02-25
Bug ID |
Headline |
---|---|
Improve logging of Secure Firewall (Firepower)backups and retry for gzip when using remote storage |
|
Flex config Preview of $SYS_FW_ENABLED_INSPECT_PROTOCOL_LIST throws error |
|
FTD traceback in Thread Name cli_xml_server when deploying QoS policy |
|
FTD - Flow-Offload should be able to coexist with Rate-limiting Feature (QoS) |
|
Filtering Network objects is not working, getting 'Error Loading Data' |
|
Radius Key with the ASCII character " configured on FXOS does not work after chassis reload. |
|
Lack of throttling of ARP miss indications to CP leads to oversubscription |
|
Upgrade to 6.6.1 got failed at 800_post/1025_vrf_policy_upgrade.pl |
|
Observed few snort instances stuck at 100% |
|
FXOS: Fault "The password encryption key has not been set." displayed on FPR1000 and FPR2100 devices |
|
File list preview: Deleting two list having few similar contents throws stacktrace on FMC-UI |
|
Error Loading Data: Couldnt resolve few of the STDACE BBs |
|
"Warning:Update failed/in-progress." Cosmetic after successful update |
|
Crashinfo script is invoked on SFR running snort2 and device fails to upgrade to 7.0 |
|
SNORT2: FTD is performing Full proxy even when SSL rule has DND action. |
|
ENH:FMC Removal and manual reconfiguration of changes for CAC-authenticated users should not happen |
|
IPS policy should be imported when its referred in Access Control policy |
|
Cisco ASA Software SSL VPN Client-Side Request Smuggling Vulnerability via "/"URI |
|
FMC4500/4600 shows virtual license |
|
FDM IKEv2 S2S PSK Not Deploying Correctly (Changing Asymmetric to Symmetric PSK) |
|
API key corrupted for FMC with multiple interfaces |
|
FMC NFS configuration failling after upgrade from 6.4.0.4 to 7.0.1 |
|
Primary node disconnected from VPN-Cluster when performed HA failover on Primary with DNS lookup |
|
Modify /800_post/1027_ldap_external_auth_fix.pl to not fail FMC upgrade when objects are corrupt |
|
Microsoft update traffic blocked with Snort version 3 Malware inspection |
|
FDM: Policy deployment failure after upgrade due to unused IKEv1 policies |
|
ASA/FTD Traceback and reload in Process Name: lina |
|
Disk usage errors on Firepower Azure device due to large backup unified files under ngfw directory |
|
FDM bootstrap could be skipped if device rebooted when bootstrap is not completed |
|
FMC backup may fail due to monetdb backup failure with return code 102 |
|
upgrade with a large amount of unmonitored disk space used can cause failed upgrade and hung device |
|
MFIB RPF failed counter instead of Other drops increments when outgoing interface list is Null |
|
ASA: The timestamp for all logs generated by Admin context are the same |
|
FTD on FP2100 can take over as HA active unit during reboot process |
|
FMC | Interface update Failed. Could not find source interface |
|
ASAv high CPU and stack memory allocation errors despite over 30% free memory |
|
Snort3: NFSv3 mount may fail for traffic through FTD |
|
Deployment/Tasks Button not seen FMC_UI while doing upgrade tests configured in Light theme |
|
FMC: Validation check to prevent exponential expansion of NAT rules |
|
Selective deployment of IPS may cause outage due to incorrectly written FTD configuration files |
|
Connection Events seen on FMC even though the rule is not configured to send events to FMC |
|
FTPS getting ssl3_get_record:bad record type during connection for KK and DR rules |
|
FMC 7.2.0|7.3.0 Integration > Identity Sources page does not load, keeps spinning |
|
Excessive logging from hm_du.pm may lead to syslog-ng process restarts |
|
Failing to generate FMC Backup/Restore via SMB/SSH |
|
Estreamer page fails to load in ASDM |
|
Snort3 crash with TLS 1.3 |
|
Fix multiple crash handler issues |
|
FTD unable to sync HA due to snort validation failed |
|
ASA/FTD may traceback and reload in Thread Name 'lina' ip routing ndbshr |
|
sybase related modules should be removed |
|
snort3 hangs in Crash handler which can lead to extended outage time during a snort crash |
|
ASA HA failover triggers HTTP server restart failure and ASDM outage |
|
FPR2140 ASA Clock Timezone reverts to UTC after appliance restart/reload |
|
Auth-Daemon process is getting restarted continuously when SSO disabled |
|
FMC RSS Feed broken because FeedBurner is no longer active - "Unable to parse feed" |
|
25G-SR should default to RS-FEC (IEEE CL108) instead of FC-FEC |
|
link state propagation stops working when performing full chassis reboot |
|
FPR1000 ASA/FTD: Primary takes active role after reloading |
|
Database may fail to shut down and/or start up properly during upgrade |
|
Cannot save realm configuration unless AD Join Password is empty |
|
Snort process may trace back in ssl_debug_log_config and generate core file |
|
Intrusion events intermittently stop appearing in FMC when using snort3 |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 36) |
|
ASAv "Unable to retrieve license info. Please try again later" |
|
FTD misses diagnostic data required for investigation of "Communication with NPU lost" error |
|
FXOS ASA/FTD SNMP OID to poll Internal-data 'no buffer' interface counters |
|
ASA using WebVPN tracebacks in Unicorn thread during memory tracking |
|
Captive portal support in cross domain |
|
FMC module specific health exclusion disables all health checks |
|
SNMP 'Confirm Community String' string is not auto-populated after the FMC upgrade |
|
ASA: ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT |
|
PDTS write from Daq can fail when PDTS buffer is full eventually leads to block depletion |
|
multiple snort3 crashes after upgrading FTD from 7.2.0 to 7.2.0.1 |
|
ASA/FTD tmatch compilation check when unit joins the cluster, when TCM is off |
|
AnyConnect SAML using external browser and round robin DNS intermittently fails |
|
Deployment Fails with stacktrace: Invalid type (LocalIdentitySource) |
|
FTD sensor rules missing from ngfw.rules file after a sensor backup restore execution |
|
critical health alerts 'user configuration(FSM.sam.dme.AaaUserEpUpdateUserEp)' on 2100/3100 devices |
|
Missing fqdns_old.conf file causes FTD HA app sync failure |
|
FMC - Unable to initiate deployment due to incorrect threat license validation |
|
during download from file event on FMC, high CPU use on FMC for 20 minutes before download fails |
|
FTD upgrade failure due to Syslog files getting generated/deleted rapidly |
|
FTD Unable to bind to port 8305 after management IP change |
|
ASA/FTD: Using Round Robin with PAT rules on two or more interfaces breaks IP stickiness |
|
Object edit slowness when it is associated with NAT rules |
|
GTP drops not always logged on buffer and syslog |
|
File events show Action as "Malware Block" for files with correct disposition of unknown |
|
ASA/FTD may traceback and reload in Thread Name 'lina' following policy deployment |
|
HA did not failover due to misleading status updates from NDClient |
|
FPR1K FTD fails to form HA due to reason "Other unit has different set of hwidb index" |
|
ASA/FTD may traceback with large number of network objects deployment using distribute-list |
|
HTTP Block Response and Interactive Block response pages not being displayed by Snort3 |
|
EIGRPv6 - Crashed with "mem_lock: Assertion mem_refcount' failed" on LINA. |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
All traffic blocked due to access-group command missing from FTD config |
|
standby unit using both active and standby IPs causing duplicate IP issues due to nat "any" |
|
log rotate failing to cycle files, resulting in large file sizes |
|
FTD: FTPS Data Channel connection impacted by TLS Server Identity and Discovery Probe sent by FTD |
|
FMC HA - files in tmp/Sync are left on secondary when synchronisation task fails |
|
lost cac.conf after upgrade to 7.2.1 for FMC smart-card auth |
|
DHCP Relay is looping back the DHCP offer packet causing dhcprelay to fail on the FTD/ASA |
|
Duplicate SMB session id packets causing snort3 crash |
|
LTS18 and LTS21 commit id update in CCM layer (seq 39) |
|
Cisco FXOS Software Arbitrary File Write Vulnerability |
|
Filtering of jobs in deploy history page is applying the criteria only on Top50 jobs |
|
ASA/FTD traceback and reload on thread name fover_fail_check |
|
Proxy is engaged even when we have a Definitive DND rule match |
|
FMC can allow deployment of NAP in test mode with Decrypt policy |
|
SSL Policy DND default Rule fails on error unsupported cipher suite and SKE error. |
|
Firepower Management Center GUI view for Snort2 Local Intrusion Rules is missing |
|
Very long validation time during Policy Deployment due to big network object in SSL policy |
|
FMC HA webUI is not getting FTDv Variable tier assigned FTDv - Variable |
|
Re-downloaded users from a forest with trusted domains may become unresolved/un-synchronized |
|
deployment failed with OOM (out of memory) for policy_apply.pl process |
|
Packet-Tracer interfaces not showing up in UI after updating interface name from lower to upper case |
|
SRU installation failure. |
|
FMC not showing any alerts/warnings when deploying changes of prefix list with same seq # |
|
Expected snmp output is not found in 'show run | in fxos snmp' |
|
Deploying objects with escaped values in the description might cause all future deployments to fail |
|
Analyze why there is no logrotate for /opt/cisco/config/var/log/ASAconsole.log |
|
FTDv Cluster Health Monitor fails with "Error fetching live status of the cluster" |
|
Object NAT edit is failing |
|
Pre-login banner on FCM webUI shows extra characters on 92.14.0 |
|
FPR 2100: 10G interfaces with 1G SFP goes down post reload |
|
Periodic sync failures are not reported to users |
|
fxos log rotate failing to cycle files, resulting in large file sizes |
|
ASA/FTD: Traceback and reload in Thread Name: appAgent_reply_processor_thread |
|
FXOS: memory leak in svc_sam_envAG process |
|
800_post/1027_ldap_external_auth_fix.pl upgrade error -- reference to missing authentication object |
|
WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 40) |
|
ASA - traceback and reload when Webvpn Portal is used |
|
Port-channel interface went down post deployment |
|
FMC UI showing disabled/offline for multiple devices as health events are not processed |
|
Missing SSL MEMCAP causes deployment failure due timeout waiting for snort detection engines |
|
Pre-deployment failure seen in FMC due to huge number policies |
|
Upgrades are not cleaning up mysql files leading to alert for 'High unmanaged disk usage on /ngfw' |
|
ASA restore is not applying vlan configuration |
|
Unable to get polling results using snmp GET for connection rate OID’s |
|
Add validation in lua detector api to check for empty patterns for service apps |
|
FMC not opening deployment preview window |
|
ASA/FTD: Object Group Search Syslog for flows exceeding threshold |
|
FTD PDTS LINA RX queue can become stuck when snort send messages with 4085-4096 bytes size |
|
AWS: SSL decryption failing with Geneve tunnel interface |
|
Data migration from Sybase to MariaDB taking more time due to large data size of POLICY_SNAPSHOT |
|
FMC gives an irrelevant error message for Snort2 to Snort3 rules conversion failure |
|
Stale CPU core health events seen on FMC UI post upgrade to 7.0.0+. |
|
Need corrections in log_handler_file watchdog crash fix |
|
Deployment failure with localpool overlap error after upgrade |
|
"show tech-support" generation does not include "show inventory" when run on FTD |
|
FTD Lina traceback and reload in Thread Name 'IP Init Thread' |
|
Misleading drop reason in "show asp drop" |
|
Clientless Accessing Web Contents using application/octet-stream vs text/plain |
|
Recursive panic under lina_duart_write |
|
FMC UI may become unavailable and show "System processes are starting" message after upgrade |
|
Inline-pair's state could not able to auto recover from hardware-bypass to standby mode. |
|
allocate more cgroup memory for policy deployment subgroup |
|
HA Periodic sync is failing due to cfg files are missing |
|
At times AC Policy save takes longer time, may be around 10 or above mins |
|
ASA/FTD: Traceback and reload due to SNMP group configuration during upgrade |
|
ASA: Standby may get stuck in "Sync Config" status upon reboot when there is EEM is configured |
|
FMC UI Showing inaccurate data in S2S VPN Monitoring page |
|
FTDv: Policy Deployment failure due to interface setting on failover interface |
|
ASA Connections stuck in idle state when DCD is enabled |
|
Cross-domain users with non-ASCII characters are not resolved |
|
FPR2100: Increase in failover convergence time with ASA in Appliance mode |
|
FTDv Single-Arm Proxy behind AWS GWLB drops due to geneve-invalid-udp-checksum with all 0 checksum |
|
AC clients fail to match DAP rules due to attribute value too large |
|
Packets through cascading contexts in ASA are dropped in gateway context after software upgrade |
|
FXOS is not rotating PoE logs |
|
FP4125 2.10.1.166 FTD applications in HA went into not responding state |
|
Lina changes to support - Snort3 traceback in daq-pdts while handling FQDN based traffic |
|
Cisco Firepower Management Center Object Group Access Control List Bypass Vulnerability |
|
ASA|FTD: Implement different TLS diffie-hellman prime based on RFC recommendation |
|
FMC Connection Event stop displaying latest event |
|
Port-channel interfaces of secondary unit are in waiting status after reload |
|
FMC should not accept carriage return in the interface description field of a managed device |
|
ASA/FTD may traceback and reload in idfw fqdn hash lookup |
|
S2S VPN dashboard shows ipv4 SVTI tunnel down between KP-HA and WA-HA after KP-HA Switch role. |
|
FXOS: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy. |
|
FMC 7.1.0.1 Doesn't throw warning that S2S VPN Configs contain deprecated MD5 Hash during deployment |
|
FMC: Updates page takes more than 5 minutes to load |
|
S2S Tunnels do not come up due to DH computation failure caused by DSID Leak |
|
30+ seconds data loss when unit re-join cluster |
|
Predefined FlexConfig Text Objects are not exported by Import-Export |
|
FMC External Auth test error "Encryption method is configured but you did not upload a certificate." |
|
FTD with Snort3 might have memory corruption BT in snort file with same IP traffic scaling |
|
FMC import takes too long |
|
FPR3110 Fans' SN in label are different from show inventory cli output |
|
Snort crashes while reloading mercury library with any VDB install on 7.3.0 and 7.4.0 |
|
ASA configured with HA may traceback and reload with multiple input/output error messages |
|
intrusion events fail to migrate from MariaDB to MonetDB following FMC upgrade from 7.0.3 to 7.1.0 |
|
Import/export fails with backend error |
|
MI FTD running 7.0.4 is on High disk utilization |
|
Snort drops Bomgar application packets with Early Application Detection enabled |
|
FTD Traffic failure due to 9344 block depletion in peer_proxy_tx_q |
|
Snort3 crash seen sometimes while processing a future flow connection after appid detectors reload |
|
LINA Traceback on FPR-1010 under Thread Name: update_cpu_usage |
|
Snort outputs massive volume of packet events - IPS event view may show "No Packet Information" |
|
FMC should display the status of physical FTD interfaces bundled in port-channel |
|
FTD -Snort match incorrect NAP id for traffic |
|
Microsoft SCEP enrollment fails to get ASA identity cert - Unable to verify PKCS7 |
|
ASA/FTD may traceback and reload in Thread Name 'telnet/ci' |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
Observing some devcmd failures and checkheaps traceback when flow offload is not used. |
|
Snort mem used alert should read the value from perfstats for snort instance rather than cgroups |
|
AWS ASAv PAYG Licensing not working in GovCloud regions. |
|
FTDs running 6.6.x show as disconnected on new HM (6.7+) but checks are running and updating |
|
Traceback and reload when webvpn users match DAP access-list with 36k elements |
|
Unable to access Dynamic Access policy |
|
Number of objects are not getting updated under policies>>>Security intelligence >>>Block list |
|
ASA/FTD: Traceback and Reload on Netflow timer infra |
|
Disabling NAVL guids from userappid.conf doesn't work |
|
Cut-Through Proxy does not work with HTTPS traffic |
|
seeing error on access policies on FMC - "Error during policy validation" |
|
Enhance logging mechanism for syslogs |
|
ASA/FTD NAT Pool Cluster allocation and reservation discrepancy between units |
|
Deployment changes to push VDB package based on Device model and snort engine |
|
ASA/FTD failure due to heartbeat loss between chassis and blade |
|
MariaDB crash (segmentation fault) related to netmap query |
|
Software upgrade on FDM fails due to improver next-hop validation |
|
FMC | Deployment failure in csm_snapshot_error |
|
ASA/FTD may traceback and reload in logging_cfg processing |
|
Incorrect Paging and count value for Time Range Object Get API |
|
FAN LED flashing amber on FPR2100 |
|
No Inspect Interruption warning when deploy after FMC upgrade |
|
Clientless VPN users are unable to download large files through the WebVPN portal |
|
SFDataCorrelator performance degradation involving hosts with many discovered MAC addresses |
|
Anyconnect users unable to connect when ASA using different authentication and authorization server |
|
Blade not coming up after FXOS update support on multi-instance due to ssp_ntp.log log rotation prob |
|
Can't modify RA vpn group policy on FDM 7.3 |
|
Primary ASA traceback upon rebooting the secondary |
|
ASA/FTD traceback and reload, Thread Name: rtcli async executor process |
|
FMC SecureX via proxy stops working after upgrade to 7.x |
|
Link Up seen for a few seconds on FPR1010 during bootup |
|
FTD: Unable to configure WebVPN Keepout or Certificate Map on FPR3100 |
|
ASA is unexpected reload when doing backup |
|
41xx: Blade does not capture or log a reboot signal |
|
High FMC backup file size due to configurations snapshot for all managed devices |
|
ASA/FTD: External IDP SAML authentication fails with Bad Request message |
|
Summary status dashboard takes more than 3 mins to load upon login |
|
Interactive Block action doesn't work when websites are redirected to https |
|
License Commands go missing in Cluster data unit if the Cluster join fails. |
|
FTD traceback and reload while deploying PAT POOL |
|
Need to provide rate-limit on "logging history <mode>" |
|
collection of top.log.gz in troubleshoot can be corrupt due to race condition |
|
Unexpected "No Traffic" health alert on Standby HA Data Interface where no data flows |
|
FTD traceback/reloads - Icmp error packet processing involves snp_nat_xlate_identity |
|
FPR1K/FPR2K: Increase in failover time in Transparent Mode with high number of Sub-Interfaces |
|
Database table optimization not working for some of the tables |
|
Email alert incorrectly send for a successful database backup |
|
FMC HA Synchronization can hang forever if no response from SendUserReloadSGTAndEndpointsEvent |
|
FMC: Upgrade fails at DB Integrity check due to large number of EO warnings for "rule_comments" |
|
Cluster data unit drops non-VPN traffic with ASP reason "VPN reclassify failure |
|
On a cloud-delivered FMC there is no way to send events to syslog without sending to SAL/CDO as well |
|
FPR1120:connections are getting teardown after switchover in HA |
|
Threatgrid integration configuration is not sync'd as part of the FMC HA Synchronisation |
|
None option under trustpoint doesn't work when CRL check is failing |
|
FTD Deployment failures due to "snort3.validation.lua:5: '=' expected near 'change'" |
|
FTD traceback and reload during policy deployment adding/removing/editing of NAT statements. |
|
FTD is dropping GRE traffic from WSA |
|
ASA binding with LDAP as authorization method with missing configuration |
|
ASA: Traceback and reload while processing SNMP packets |
|
Purging of Config Archive failed for all the devices if one device has no versions |
|
High Lina memory use due to leaked SSL handles |
|
FMC Unable to fetch VPN troubleshooting logs. |
|
FTD - 'show memory top-usage' providing improper value for memory allocation |
|
FTD: IPSLA Pre-emption not working even when destination becomes reachable |
|
ASA/FTD Traceback and reload of Standby Unit while removing capture configurations |
|
FMC deployment preview showing full config instead of delta. |
|
FMC is not taking BGP default originate configuration via API PUT request. |
|
TLS sessions dropped under certain conditions after a fragmented Client Hello |
|
FMC Health Monitor does not report alerts for the Interface Status module |
|
Deployment failing - "Error while printing show-xml-response file contents" XML response too big |
|
FMC HA info is not sync'ed reliably to FTD to support CLOUD_SERVICE |
|
FMC deployment failure:"Validation failed: This is a slav*/ha standby device, rejecting deployment." |
|
null connection error seen in logs |
|
[FTD Multi-Instance][SNMP] - CPU OIDs return incomplete list of associated CPUs |
|
ASA/FTD may traceback and reload in Thread Name: CTM Daemon |
|
FTD High unmanaged disk usage alert is triggered due to stored files located on /ngfw/Volume/root1/ |
|
Policy deploy failure "error executing /*!40101 SET character_set_client = @saved_cs_client */; *" |
|
256-byte memory block gets depleted on start if jumbo frame is enabled with FTD on ASA5516 |
|
Traffic drop when primary device is active |
|
Snort mem used alert should be consistent with value from top.log |
|
ASA/FTD may drop multicast packets due to no-mcast-intrf ASP drop reason until UDP timeout expires |
|
Multicast connection built or teardown syslog messages may not always be generated |
|
add warning to FTD platform settings when VPN Logging Settings logging level is informational |
|
Snort3: Process in D state resulting in OOM with jemalloc memory manager |
|
After disabling malware analysis, high disk usage on /dev/shm/snort |
|
Partition "/opt/cisco/config" gets full due to wtmp file not getting logrotated |
|
Unexpected firewalls reloads with traceback. |
|
Slow UI loading for Table View of Hosts |
|
Database integrity check takes several minutes to complete |
|
NTP polling frequency changed from 5 minutes to 1 second causes large useless log files |
|
FPR2100: Mulitple snort3 & snort2 cores got generated and sensor goes down in KP platform |
|
Multiple instances of nvram.out log rotated files under /opt/cisco/platform/logs/ |
|
FMC External authentication getting "Internal error" |
|
rpc service detector causing snort traceback due to universal address being an empty string |
|
ASA Traceback & reload citing thread name: asacli/0 |
|
FTD taking longer than expected to form OSPF adjacencies after a failover switchover |
|
ASA/FTD may traceback and reload after executing 'clear counters all' when VPN tunnels are created |
|
Copy and pasting rules is broken and give blank error message in ID policy |
|
LINA traceback with icmp_thread |
|
The command "app-agent heartbeat" is getting removed when deleting any created context |
|
CLUSTER: ICMP reply arrives at director earlier than CLU add flow request from flow owner. |
|
occasional failure to load light-modal-ac-rule-xx.css with a net::ERR_TOO_MANY_RETRIES error |
|
FTD MI does not adjust PVID on vlans attached to BVI |
|
ASA/FTD may traceback and reload in Thread Name 'None' at lua_getinfo |
|
ASA/FTD Show chunkstat top command implementation |
|
SFDataCorrelator cores due to stuck database query after 1 hour deadlock timeout |
|
ASA/FTD might traceback in funtion "snp_fp_l2_capture_internal" due to cf_reinject_hide flag |
|
Workaround to set hwclock from ntp logs on low end platforms |
|
changing time window settings in FMC GUI event viewers may not work with FMC integrated with SecureX |
|
Supervisor does not reboot unresponsive module/blade due to IERR with minor severity sensor ID 79 |
|
Active authentication sessions are showing in VPN dashboard |
|
ASA/FTD: High failover delay with large number of (sub)interfaces and http server enabled |
|
TLS Server Identity may cause certain clients to produce mangled Client Hello |
|
Gateway is not reachable from standby unit in admin and user context with shared mgmt intf |
|
Multiple traceback seen on standby unit. |
|
2100: Power switch toggle leads to ungraceful shutdowns and "PowerCycleRequest" reset |
|
FMC Upgrade: generation of sftunnel.json file per FTD does not check for duplicate names |
|
FMC: Backup to an unavailable remote host results in the inability to restart the appliance. |
|
Stale IKEv2 SA formed during simultaneous IKE SA handling when missing delete from the peer |
|
FDM WM-HA ssh is not working after upgrading 7.2.3 beta with data interface as management |
|
ASA: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy. |
|
Remove the limit of 30characters in the rule name which a rule is moved from ACP to Prefilter |
|
FP2100:Update LINA asa.log files to avoid recursive messages-<date>.1.gz rotated filenames |
|
Question mark in NAT description causes config mismatch on Data members of an FTD cluster |
|
Syslog ASA-6-611101 is generated twice for a single ssh connection |
|
IMS: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy. |
|
Need to Warn the users before triggering a full deployment on FTD managed by FDM |
|
Snort3 crashes are seen under Dce2Smb2FileTracker processing of data |
|
ASA/FTD drops traffic to BVI if floating conn is not default value due to no valid adjacency |
|
Frequent errors seen regarding failures to load bulkcsv files that don't exist |
|
Remove FMC drop_cache trigger to prevent Disk I/O increase due to file cache thrashing |
|
Unable to save Access Control Policy changes due to Internal error |
|
Management interface link status not getting synced between FXOS and ASA |
|
SNMP on SFR module goes down and won't come back up |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
Not able to remove group policy from RAVPN via REST API |
|
ASA Evaluation of OpenSSL vulnerability CVE-2022-4450 |
|
SSL decrypted conns fails when tx chksum-offload is enabled with the egress interface a pppoe. |
|
NGIPSv syslog-tls.conf.tt needs filters removed when in CC mode |
|
The user belonging to a subdomain, is unable to collect packet tracer |
|
FTD on FPR2140 - Lina traceback and reload by TCP normalization |
|
Manager gets unregistered on its own from the FTD, show manager shows 'No managers configured' |
|
BGP IPv6 configuration : route-map association with neighbour not getting deployed |
|
FMC: Incorrect FTD cluster role status leading to inability to upgrade FTD |
|
Memory leak observed on ASA/FTD when logging history is enabled |
|
FTD:Node not joining cluster with "Health check detected that control left cluster" due to SSL error |
|
After FMC upgrade, SecureX ribbon redirects to US cloud region regardless of the set cloud region |
|
/var/sf/QueryPoolData fills up with warehouse directories |
|
FTD: "timeout floating-conn" not operating as expected for connections dependent on VRF routing |
|
DAP policy created in FMC Gui, to detect a Windows OS with a hotfix, will not work as expected |
|
ASA/FTD reboots due to traceback pointing to watchdog timeout on p3_tree_lookup |
|
FTD Traceback and reload on Thread Name "NetSnmp Event mib process" |
|
FXOS fault F0853 and F0855 seen despite keyring reporting renewed |
|
FTD 2100 -Update daq-ioq mempool to help protect against buffer corruption |
|
Unable to delete custom anyconnect attribute --dynamic-split-tunnel from group-policy |
|
PIM register packets are not sent to RP after a reload if FTD uses a default gateway to reach the RP |
|
ASA Multicontext 'management-only' interface attribute not synced during creation |
|
ASA reboots due to heartbeat loss and "Communication with NPU lost" |
|
New context subcommands are not replicated on HA standby when multiple sessions are opened. |
|
DCCSM session authorization failure cause multiple issues across FMC |
|
Policy Deploy Failing when trying to remove Umbrella DNS Connector Configuration |
|
ASA/FTD traceback in snp_tracer_format_route |
|
ASA/FTD may traceback and reload in Thread Name 'lina' due to due to tcp intercept stat |
|
ASA/FTD: Ensure flow-offload states within cluster are the same |
|
Need fault/error for invalid firmware MF-111-234949 |
|
Pri-Active FMC NOT triggering registration TASK for FTD to configure standby manager |
|
Post backup restore multiple processes are not up. No errors are observed during backup or restore. |
|
Cisco ASA and FTD ACLs Not Installed upon Reload |
|
Deployment failed in snapshot generation after upgrading FMC to 7.3 |
|
ASA/FTD may traceback and reload after changing IP of authentication server |
|
TID python processes stuck at 100% CPU |
|
ASA: Prevent SFR module configuration on unsuported platforms |
|
The command "neighbor x.x.x.x ha-mode graceful-restart" removed when deleting any created context |
|
FP2100 series devices might use excessive memory if there is a very high SNMP polling rate |
|
ASA - Standby device may traceback and reload during synchronization of ACL DAP |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
Last fragment from SIP IPv6 packets has MF equal to 1, flagging that more packets are expected |
|
ASA / FTD Traceback and reload when removing isakmp capture |
|
Failover fover_trace.log file is flooding and gets overwritten quickly |
|
Snort3 fails to match SMTPS traffic to ACP rules |
|
FMC should push the AnyConnect Custom attribute defer keyword as lowercase instead of capitalized |
|
Multiple times the failover may be disabled by wrongly seeing a different "Mate operational mode". |
|
FTD: unable to run any commands on CLISH prompt |
|
Snort high memory alerts still seen despite fix for CSCwd84942 |
|
Deployment is blocked due to Pre-deploy Validation Error - Invalid endpoint |
|
ASA/FTD may traceback and reload in Thread Name DATAPATH-3-21853 |
|
Selective deployment negating the route configs |
|
Selective deployment removing the prefilter-configs |
|
Selective deployment removing the Group policy |
|
FTD LINA traceback and reload in Datapath thread after adding Static Routing |
|
Unable to login to FTD using external authentication |
|
Cross-interface-access: ICMP Ping to management access ifc over VPN is broken |
|
FMC runs out of space when Snort sends massive numbers of packet logs |
|
logrotate is not compressing files on 9.16 ASA or 7.0 FTD |
|
ASA/FTD may traceback and reload in Thread Name DATAPATH-1-1656 |
|
SFDataCorrelator spam seen in /var/log/messages |
|
AnyConnect - mobile devices are not able to connect when hostscan is enabled |
|
CD App Sync error is App Config Apply Failed on Secondary/Standby after backup restore on RMA device |
|
Interface remains DOWN in an Inline-set with propagate link state |
|
Snort2 rule recommendations increases disabled rule count drastically |
|
[FMC model migration] Health monitoring on FMC reporting errors |
|
Upgraded FMC didn't mark FTD's with Hot Fix as light registered - failed FMC HA sync |
|
High rate of network map updates can cause large delays and backlogs in event processing |
|
ndclientd error message 'Local Disk is full' needs to provide mount details which is full |
|
ASA/FTD: From-the-box ping fails when using a custom VRF |
|
ASA/FTD : Degradation for TCP tput on FPR2100 via IPSEC VPN when there is delay between VPN peers |
|
Improve Azure AD realm documentation |
|
ASA/FTD may traceback and reload in Thread Name 'pix_flash_config_thread' |
|
Deployment for eigrp / bgp change may cause temporary outage during policy apply |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
LDAP External auth config fails to deploy to FTD if same LDAP server is added as Primary and backup |
|
Default DLY value of port-channel sub interface mismatch with parent Portchannel |
|
ASA: Standby failure on parsing of "management-only" not reported to parser/failover subsystem |
|
health alert for [FSM:STAGE:FAILED]: external aaa server configuration |
|
FMC isn't allowing to create more than 30 VLAN interfaces |
|
FMC Upgrade from Active-Primary FMC is failed with "Installation failed: Peer Discovery incomplete." |
|
Fix Snort3 Memory Utilisation Value |
|
Prune target should account for the allocated memory from the thread pruned |
|
ASA/FTD traceback and reload on thread DATAPATH-14-11344 when SIP inspection is enabled |
|
FMC system restore authentication error during FMC re-image when using FTP/SCP protocol |
|
ASA/FTD traceback and reload due citing thread name: cli_xml_server in tm_job_add |
|
email alert to scheduled activity is not working after upgrading to 7.2 |
|
"Failed to convert snort 2 custom rules. Refer /var/sf/htdocs/ips/snort.rej for more details." |
|
ASA traceback and reload with process name: cli_xml_request_process |
|
Serial number attribute from the subject DN of certificate should be taken as the username |
|
vFMC300 to FMC2600 migration failure with error "migration from R to N is not allowed" |
|
Notification Daemon false alarm of Service Down |
|
CVIM Console getting stuck in "Booting the kernel" page |
|
Username-from-certificate feature cannot extract the email attribute |
|
ASA: Standby failure on parsing of "management-only" for dynamic configuraiton changes |
|
Missing Instance ID in unified_events-2.log |
|
Elephant flow detection disabled on FMC, getting enabled on FTD after random deployment |
|
ASA Traceback and reload in parse thread due ha_msg corruption |
|
correlation events based on connection events do not contain Security Intelligence Category content |
|
ngfwManager process continuously restarting leading to ZMQ Out of Memory traceback |
|
FTD returns no output of "show elephant-flow status" when efd.lua file's content is empty |
|
FP1140 7.0.4 Deployment keep failing with error "Can\'t use an undefined value as a HASH reference" |
|
Snort2 rule assignments missing from ngfw.rules (assignment_data table ) after FMC upgrade. |
|
FXOS REST API: Unable to create a keyring with type "ecdsa" |
|
Threat-detection does not recognize exception objects with a prefix in IPv6 |
|
ASA/FTD may traceback and reload in Thread Name 'lina'. |
|
Threat-detection does not allow to clear individual IPv6 entries |
|
need to turn off default TLS 1.1 (deprecated) support for the FDM GUI |
|
ASA not updating Timezone despite taking commands |
|
FTD DHCP Relay drops NACK if multiple DHCP Servers are configured |
|
Umbrella DNS Negate of Bypass Domain Field is not generated from FMC |
|
ASA/FTD may traceback and reload in Thread Name 'lina' |
|
ASa/FTD: SNMP related traceback and reload immediately after upgrade from 6.6.5 to 7.0.1 |
|
ASA: Configurable CLU for Large amount of under/overruns on CLU RX/TX queues |
|
FMC error displaying users page due to wide characters in real name field |
|
FDM Cannot create self-signed certificates due to Expiration Date format |
|
AC policy deploy failing on 7.2.4 FMC to 6.7 FTD |
|
traceback and reload thread datapath on process tcpmod_proxy_continue_bp |
|
Add knob to pause/resume file specific logging in asa log infra. |
|
DOC: Misleading Documentation of Cisco Firepower 2100 GLC-T and GLC-TE SFP Support |
|
FTD: Unable to process a TLS1.2 website with TLS Server Identity with client generating SSL Errors |
|
Found Orphaned SFTop10Cacher processes |
|
FTD/ASA Hub and spoke (U-turn) VPN fails when one spoke is IPSec flow offloaded and the other isn't |
|
standby in disabled state after QP-MI HA 7.0.3 to 7.2.4-126, APPLY_APP_CONFIG_APPLICATION_FAILURE |
|
TCP ping is completely broken starting in 9.18.2 |
|
FTD: ADI.conf - send_s2s_vpn_events is set to 0, even after applying s2s vpn health policy |
|
Snort3 Crash in SslServiceDetector after call from nss_passwd_lookup |
|
Prune symmetric triggers that existed in sfsnort schema before FMC upgrade to 7.3 version or later |
|
ASA/FTD may traceback and reload in Thread Name 'ci/console' |
|
ASA: "Ping <ifc_name> x.x.x.x" is not working as expected starting 9.18.x |
|
Readiness check needs to be allowed to run without pausing FMC HA |
|
Setting heartbeat timeout to 6sec for BS and QP |
|
Upgrade Device listing page is taking more than 15 mins to load page fully with 25 FTDs registered |
|
ASA running out of SNMP PDU and SNMP VAR chunks |
|
Lina traceback and reload due to fragmented packets |
|
FPR3100: ASA/FTD High traffic impact on all data interfaces with high counter of "demux drops" |
|
"Security Intelligence feed download failed" displayed even though it succeeded |
|
ISE Integration Network filter not accepting multiple comma separated networks |
|
FTD : Traceback in ZMQ running 7.3.0 |
|
ASA sends OCSP request without user-agent and host |
|
ASA: After upgrade to 9.16.4 all type-8 passwords are lost on first reboot |
|
Unable to load intrusion policy page on FMC GUI |
|
FTDv: Traffic failure in VMware Deployments due to dpdk pool exhuastion and rx_buff_alloc_failure |
|
ASA Traceback and reload citing process name 'lina' |
|
FTD container restored from backup fails to register to FMC due to Peer send bad hash error |
|
traceback and reload in Process Name: lina related to Nat/Pat |
|
TCP normalizer needs stats that show actions like packet drops |
|
LDAP authentication over SSL not working for users that send large authorisation profiles |
|
ASAv in Hyper-V drops packets on management interface |
|
When enabling backup peer ip on FMC 7.3.1 with a space the VPN IPSec profile would be removed |
|
Failure to remove snort stat files older than 70 days |
|
ASA/FTD may traceback and reload in Thread Name '19', free block checksum failure |
|
Changes to lamplighter logs written to /var/log/tid_process.log |
|
FATAL errors in DBCheck due to missing columns in eventdb table |
|
admin user should be excluded from CLI shell access filter |
|
ASA may traceback and reload in Thread Name 'DHCPv6 Relay' |
|
No logrotate and max size is configured for Health.log file |
|
ASA/FTD: Traceback on thread name: snmp_master_callback_thread during SNMP and interface changes |
|
ASA Packet-tracer displays the first ACL rule always, though matches the right ACL |
|
FTD HA Creation fails resulting in devices showing up in an inconsistent state on the FMC |
|
Not able to add files with file names which has '\u' to clean list from Malware Summary page |
|
Unable to establish BGP when using MD5 authentication over GRE TUNNEL and FTD as passthrough device |
|
SFDataCorrelator process crashing very frequently on the FMC. |
|
crashhandler running with test mode snort |
|
FMC backup management page showing "Verifying Backup" for FTD sensors. |
|
FMC backup restore page takes around 5 mins to load when remote storage is unreachable |
|
FP2130- Unable to disassociate member from port channel, deployment fails, member is lost on FTD/FMC |
|
ASA/FTD: Connection information in SIP-SDP header remains untranslated with destination static Any |
|
FTD may fail to create a NAT rule with error: "IPv4 dst real obj address range is huge" |
|
Inconsistent log messages seen when emblem is configured and buffer logging is set to debug |
|
In some specific scenarios, object optimizer can cause incorrect rules to be deployed to the device |
|
ASA in multi context shows standby device in failed stated even after MIO HB recovery. |
|
ASA integration with umbrella does not work without validation-usage ssl-server. |
|
ASA traceback and reload with the Thread name: **CP Crypto Result Processing** |
|
Firewall may drop packets when routing between global or user VRFs |
|
Standby FMC SSH connection getting disconnected frequently. |
|
ASA access-list entries have the same hash after upgrade |
|
Virtual FDM Upgrade fails: HA configStatus='OUT_OF_SYNC after UpgradeOnStandby |
|
FMC Fails to deploy or register new FTDs due to SFTunnel Establishment Failure. |
|
Snort3 crash after the consequent snort restart if duplicate custom apps are present |
|
FTD: GRE traffic is load balanced between CPU cores |
|
SFTunnel Fails to Properly Establish due to running_config.conf file misconfiguration |
|
ASA: Traceback and reload while updating ACLs on ASA |
|
FMC should handle error appropriately when ISE reports error during SXP download |
|
AnyConnect Ikev2 Login Failed With certificate-group-map Configured |
|
FMC UI related issue in Object management page |
|
ASA/FTD may traceback and reload citing process name "lina" |
|
NMAP Remediation scan tasks remain in pending state in action queue table, does not clear out |
|
Traceback in Thread Name: ssh/client in a clustered setup |
|
Adding verify check for networks added under network object group in FMC |
|
Old LSP packages are not pruned causing high disk utilization |
|
CSM backup failed due to modification of CSM audit log file while tar was reading it |
|
VPN load-balancing cluster encryption using deprecated ciphers |
|
ASA/FTD: Traceback and reload when issuing 'show memory webvpn all objects' |
|
FXOS SNMP "property community of sys/svc-ext/snmp-svc is out of range" is unclear to users |
|
FTD username with dot fails AAA-RADIUS external authentication login after upgrade |
|
Reduce time taken to clear stale IKEv2 SAs formed after Duplicate Detection |
|
FMC config archives retention reverts to default if ca_purge tool was used prior to 7.2.4 upgrade |
|
TelemetryApp process keeps exiting every minute after upgrading the FMC |
|
KP2140-HA, reloaded primary unit not able to detect the peer unit |
|
FTD/Lina - ZMQ issue OUT OF MEMORY. due to less Msglyr pool memory in low end platforms |
|
ASA generating traceback with thread-name: DATAPATH-53-18309 after upgrade to 9.16.4.19 |
|
Health Monitoring to NOT collect route stats for transparent mode FTD |
|
FMC needs to properly validate QoS policy rules before allowing deployment to FTD |
|
FTDv Single-Arm Proxy behind AWS GWLB drops due to geneve-invalid-udp-checksum. |
|
Unable to list down the interface under the device exclude policy |
|
Cisco ASA and FTD ACLs Not Installed upon Reload |
|
FTD Lina engine may traceback, due to assertion, in datapath |
|
Avoid both the devices in HA sends events to FMC |
|
FTD is dropping GRE traffic from WSA due to NAT failure |
|
Include a warning during break HA when secondary unit is active |
|
ASA appliance mode - 'connect fxos [admin]' will get ERROR: failed to open connection. |
|
FMC 1600 process ssp_snmp_trap_fwdr high memory utilization |
|
FTD: Firepower 3100 Dynamic Flow Offload showing as Enabled |
|
Unable to configure and deploy IPv6 DNS server for RAVPN in FMC 7.2.4 |
|
Policy deployment fails when a route same prefix/metric is configured in a separate VRF. |
|
Disable TLS 1.1 permanently for sftunnel communication |
|
[Snort 3] IPS Policy Overrides not working on Chained Intrusion Policies |
|
FMC GUI | ACP page gets blank and hang while doing search in rules and moving to last pages |
|
Copy of Policy causes all devices to be marked as dirty |
|
ASA/FTD: Traceback and reload due to NAT L7 inspection rewrite |
|
Cisco Firepower Management Center Software SQL Injection Vulnerability |
|
EOStore failed error is outputted after deleting shared rule layer. |
|
Encrypted Visibility Engine (EVE) dashboard tab and widgets not added to FMC GUI upon upgrade |
|
The authentication object names should not contain white spaces |
|
FTD - Issue with the LSP package code during deploy rollback. |
|
Unable to save intrusion policy after upgrade to 7.x as the name exceeds 40 characters |
|
Rule update filter in Intrusion policy shows inconsistent results |
For Assistance
Upgrade Guides
In Firewall Management Center deployments, the Firewall Management Center must run the same or newer maintenance (third-digit) release as its managed devices. Upgrade the Firewall Management Center first, then devices. Use the upgrade guide for the version you are currently running—not your target version.
Platform |
Upgrade Guide |
Link |
---|---|---|
Firewall Management Center |
Firewall Management Center version you are currently running. |
https://cisco.com/go/fmc-upgrade |
Firewall Threat Defense with Firewall Management Center |
Firewall Management Center version you are currently running. |
https://cisco.com/go/ftd-fmc-upgrade |
Firewall Threat Defense with device manager |
Firewall Threat Defense version you are currently running. |
https://cisco.com/go/ftd-fdm-upgrade |
Firewall Threat Defense with Cloud-Delivered Firewall Management Center |
Cloud-Delivered Firewall Management Center. |
Install Guides
If you cannot or do not want to upgrade, you can freshly install major and maintenance releases. This is also called reimaging. You cannot reimage to a patch. Install the appropriate major or maintenance release, then apply the patch. If you are reimaging to an earlier Firewall Threat Defense version on an FXOS device, perform a full reimage—even for devices where the operating system and software are bundled.
Platform |
Install Guide |
Link |
---|---|---|
Firewall Management Center hardware |
Getting started guide for your Firewall Management Center hardware model. |
|
Firewall Management Center Virtual |
Getting started guide for the Firewall Management Center Virtual. |
|
Firewall Threat Defense hardware |
Getting started or reimage guide for your device model. |
|
Firewall Threat Defense Virtual |
Getting started guide for your Firewall Threat Defense Virtual version. |
|
FXOS for the Firepower 4100/9300 |
Configuration guide for your FXOS version, in the Image Management chapter. |
|
FXOS for the Firepower 1000/2100 and Secure Firewall 3100/4200 |
Troubleshooting guide, in the Reimage Procedures chapter. |
More Online Resources
Cisco provides the following online resources to download documentation, software, and tools; to query bugs; and to open service requests. Use these resources to install and configure Cisco software and to troubleshoot and resolve technical issues.
-
Documentation: https://cisco.com/go/threatdefense-74-docs
-
Cisco Support & Download site: https://cisco.com/c/en/us/support/index.html
-
Cisco Bug Search Tool: https://tools.cisco.com/bugsearch/
-
Cisco Notification Service: https://cisco.com/cisco/support/notifications.html
Access to most tools on the Cisco Support & Download site requires a Cisco.com user ID and password.
Contact Cisco
If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:
-
Email Cisco TAC: tac@cisco.com
-
Call Cisco TAC (North America): 1.408.526.7209 or 1.800.553.2447
-
Call Cisco TAC (worldwide): Cisco Worldwide Support Contacts