Readme Document for Cisco Security Manager 4.6 Service Pack 1 ============================================================= This readme document contains instructions for downloading and installing service pack 1 for Cisco Security Manager 4.6. It also provides a list of the bugs that are fixed by this service pack. For additional information about Cisco Security Manager 4.6, please view the documentation at http://www.cisco.com/c/en/us/support/security/security-manager/tsd-products-support-series-home.html. In addition to the resolved bugs listed below, this service pack also provides support for Cisco IPS 7.3(2)E4 on the following platforms: IPS 4345 IPS 4360 IPS 4510 IPS 4520 IPS 4520-XL ASA 5512-X IPS SSP ASA 5515-X IPS SSP ASA 5525-X IPS SSP ASA 5545-X IPS SSP ASA 5555-X IPS SSP ASA 5585-X IPS SSP-10 ASA 5585-X IPS SSP-20 ASA 5585-X IPS SSP-40 ASA 5585-X IPS SSP-60 Security Manager 4.6 Service Pack 1 Download and Installation Instructions -------------------------------------------------------------------------- NOTE: You must install the Cisco Security Manager 4.6 FCS build on your server before you can apply this service pack. IMPORTANT: Before installing this service pack, please back up the following files: MDC\ips\etc\sensorupdate.properties MDC\eventing\config\communication.properties If you have previously modified these files, you will need to reconfigure them after installing the service pack. 1) Go to http://www.cisco.com/go/csmanager, and then click "Download Software for this Product" under the Support heading on the right side of the screen. 2) Enter your user name and password to log in to Cisco.com. 3) Click "Security Manager (CSM) Software", expand the 4.6 folder under All Releases, and then click "4.6sp1". 4) Download the file fcs-csm-460-sp1-win-k9.exe. 5) To install the service pack, close all open applications, including the Cisco Security Manager Client. 6) If Cisco Security Agent is installed on your server, manually stop the Cisco Security Agent service from Start > Settings > Control Panel > Administrative Tools > Services. 7) Run the fcs-csm-460-sp1-win-k9.exe file that you previously downloaded. 8) In the Install Cisco Security Manager 4.6 Service Pack 1 dialog box, click "Next" and then click "Install" in the next screen. 9) After the updated files have been installed, click "Finish" to complete the installation. 10) On each client machine that is used to connect to the Security Manager server, you must perform the following steps to apply the service pack before you can connect to the server using that client: a) If Cisco Security Agent is installed on the client, manually stop the Cisco Security Agent service from Start > Settings > Control Panel > Administrative Tools > Services. b) Launch the Security Manager client. You will be prompted to “Download Service Pack”. c) Download the service pack and then launch the downloaded file to apply the service pack. 11) (Optional) Go to the client installation directory and clear the cache, for example, /cache. 12) (Optional) Configure SSL Certificates or self-signed certificates for Open SSL: a) Stop the CSM Daemon service [net stop crmdmgtd] b) If you have your own SSL certificates configured, you can reconfigure the certificates as per the steps outlined in the link below: http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/admin/admin/appendixcli.html#wp1016314 c) For self-signed certificates, from the command prompt navigate to the \MDC\Apache directory, and then execute the gencert.bat file. (where is your installation directory) d) Start the CSM Daemon service [net start crmdmgtd] Bug Fixes in Cisco Security Manager 4.6 Service Pack 1 ------------------------------------------------------ CSCue13911-CSM 4.3 w/ASA 8.3+ - No error when interface IP's have overlapped subnet CSCum03347-CSM: Deployment Validation Fails if ASA nameif Contains \"(\" or \")\" Chars CSCum92428-CSM should handle NPE in ServiceSplitter.java CSCun00643-CSM reports hitcounts not for all ACE in FWSM CSCun13807-CSM trying to negate unmanaged VPN config CSCun29381-CSM 4.5: Raw ACE table content does not match with the selected ACL CSCun55888-CSM does not deploy changed Network object name in Shared policy CSCun91276-CSM remove prefix-lists used in the route-map Note: Security Manager will not remove the prefix-list while removing the ospf filter configuration on the device. CSCun93812-Refresh hitcount shows wrongly after rule add in middle and deploy CSCun94108-Renaming A BB with Overriddes and changing data in a single Session CSCuo03654-CSM 4.5 Wrong src/dst address ACEs show up in \"Show HitCount Details\" CSCuo50557-CSM Negates NAT Policies on ASA device after CSV file discovery CSCuo55452-CSM4.6 fails to parse interface-specific dhcprelay config on ASASM CSCuo55625-FWSM : hitcount fails with internal error for sepecific configuration CSCuo56467-Cisco Security Manager wrongly negates 'mac-address auto' command on ASA CSCuo56533-\"Originate-Only\" setting is missing in CSM UI VPN management CSCuo66187-CSM approving activity cause Server Busy or Unavailable CSCuo87643-IPS 7.3.2 Support CSCup01683-CSM 4.6 incorrectly requires cluster IP pool for spanned-etherchannel CSCup04627-4.7 ER03 Perf:VPN Deployment Degrade-HnS, RA VPN Connection and Extranet CSCup06795-CSM 4.6 Deploys management-only under none management interface CSCup09973-TP:- ips 731 device for sig update is grayed out when client is remote CSCup10456-DOC-CSM Run CSM client with \"run as administrator\" when UAC is enabled CSCup13423-CSM usage of DM_INLINE_NETWORK_ objects CSCup22582-CSM - Multiple Vulnerabilities in OpenSSL - June 2014 CSCup44842-CSM: CsmReportServer Process Maximum Heap Size Info Incorrect in Doc CSCup46226-Applicable device grayed out during 7.3.2 sensor upgrade CSCup48662-Any applied Threat profile changes to NONE after submit in share policy