Not a user yet?
Log in Register for free Suggest a product
The manufacturer Cisco has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

Cisco Secure Firewall Threat Defense Release Notes, Version 7.7.x

Firepower 1000 Series FirewallsFirepower 1000 Series Firewalls
Cisco
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

Cisco Secure Firewall Threat Defense Release Notes, Version 7.7.10

  • Feature: Features from Earlier Maintenance Releases
  • Minimum Management Center: Feature dependent
  • Minimum Threat Defense: Feature dependent
  • Details: Version 7.7.10 also has:
  1. Migrate select Firepower 4100/9300 models to Secure Firewall 3100/4200. (7.6.1)
  2. Umbrella integration with Firewall Management Center over a proxy. (7.6.1)
  • Feature: Universal Zero Trust Network Access (universal ZTNA).
  • Minimum Management Center: 7.7.10
  • Minimum Threat Defense: 7.7.10
  • Details: Universal Zero Trust Network Access (universal ZTNA) is a comprehensive solution that provides secure access to internal network resources based on user identity, trust, and posture. It ensures that access to one application does not implicitly grant access to the entire network, as with remote access VPN.
  • New/modified screens: Policies > Zero Trust Application
  • Requires: Cisco Secure Access and Security Cloud Control.
  • Deployment restrictions: Not supported with clustered devices, container instances, or transparent mode.
  • Supported platforms: Secure Firewall 1150, 3100, 4100, 4200, and Firewall Threat Defense Virtual.
  • See: Zero Trust Access

Resolved Functional Bugs in Version 7.7.10

  • CSCvx66624: Write cache is disabled on some FMC M5 appliances
  • CSCwc77650: FMC action_queue.log cosmetic defect "synchronization" misspelled, Expected "Synchronization"
  • CSCwd80348: FMC does not support Umbrella with proxy setting
  • CSCwe28608: Snort returns "Blocked by SSL" with no SSL policy.
  • CSCwe89818: External Auth on FMC may throw err "Can't use string ("") as a HASH ref while "strict refs" in use"
  • CSCwf25454: Stale anyconnect entries causing issues with routing
  • CSCwf61982: Edit search page and unified event viewer very slow to load due to high number of search-related EOs
  • CSCwh05126: FDM HA Switch : Peer fails to get into Active state due to Interface check
  • CSCwh08441: ENH: Add a command or a script to regenerate CA Certificate on FTD
  • CSCwh53745: ASA: unexpected logs for initiating inbound connection for DNS query response
  • CSCwk42676: Virtual ASA/FTD may traceback and reload in thread PTHREAD
  • CSCwm63648: Set Weight option missing in UI when FTD sensor reverted and re-upgraded
  • CSCwm63890: FMC GUI does not allow saving ECMP configuration when there is a route leak for a VRF
  • CSCwm74289: NAT traps have to be rate-limited
  • CSCwm77055: FMC/FTD: Policy Deployment Fails For Existing FTDv Deployments on Cloud with VNI interfaces
  • CSCwm80082: Alert user that FDM is not Supported for FTDv in Openstack if they try to enable it
  • CSCwm80580: snort "exits normally" in loop every 1 min resulting in complete outage
  • CSCwm82566: FMC displays VPN tunnel status as unknown even when the tunnels are up
  • CSCwm87669: Discrepency in the unused object count between the FMC UI and API results
  • CSCwm96652: Cluster assigning wrong nat for unit, traffic not being forwarded properly back to unit
  • CSCwn00475: Memory Blocks 80 and 9344 leak due to priority-queue
  • CSCwn06645: FIPS self-test failure message needed
  • CSCwn07008: Use of Named interface in SLA Monitor causing cdFMC migration failure
  • CSCwn13421: Scale cdFMC:Policy deploy fails when Audit log to Syslog is configured with invalid ipv6 syslog host
  • CSCwn27872: Big chunk of Memory of around 25KB is being allocated on Stack in "eigrp_interface_ioctl" API
  • CSCwn35495: Primary FTD instance MAC address is not updated correctly in FXOS during failover
  • CSCwn39081: SNMP walk results in ASCII value for IPSEC Peer instead of an IP address.
  • CSCwn39777: Unreachable Hosts and URLs of syslog configuration Block Device Management Page Loading
  • CSCwn40572: MI: Vlan info is not applied at FXOS level when Virtual MAC is configured
  • CSCwn40702: ASA traceback and reload in freeb_core_local_internal
  • CSCwn44527: Intrusion policy having same name in different Domains causes IPS policy corruption
  • CSCwn45510: S2S VPN tunnel Child SA unsuccessful renegotiation
  • CSCwn49391: Frequent traceback after upgrading FTD HA
  • CSCwn49611: Remove the File Capture Disk Manager SILO to prevent captured files from overwhelming the Disk Mgr
  • CSCwn50245: On FMC, Backend server JVM is running out of memory when policies and objects are huge
  • CSCwn50961: Send Virtual Tunnel Interface enabled by default on SVTI
  • CSCwn51136: Mount EFS using NFSv4.1
  • CSCwn51845: Tracebacks observed in a cluster member running ASA 9.20.3.4
  • CSCwn60836: FTD: deploy failure when configured L2 access-list. "Cannot mix different types of access lists."
  • CSCwn63839: Traceback in thread name Lina on configuring arp permit-nonconnected with BVI
  • CSCwn64992: FMC1600-K9 PDF download failed in deploy tab
  • CSCwn65415: ASA: floating-conn not closing UDP conns if conn was created without ARP entry for next hop
  • CSCwn69340: cdFMC - Unable to save network group object
  • CSCwn71426: Clearing all non applicable alerts post license registration success
  • CSCwn71946: show blocks old core local can lead to unexpected reload.
  • CSCwn73351: Asia/Bangkok timezone option not listed in ASA running on firepower1k
  • CSCwn75667: Banner motd does not display when configured
  • CSCwn76079: SSH works in admin context but doesn't work in any user context after changing ssh key-exchange
  • CSCwn76475: Event-list not deployed when using Enable All Syslog Messages
  • CSCwn76548: Block S2S and remote access configurations for public cloud cluster
  • CSCwn76740: FMC UI login fails with "Unable to authorize access."
  • CSCwn77091: SFDataCorrelator cores after purging orphan hosts
  • CSCwn80419: Need the SVC Rx/Tx queue as a configurable option
  • CSCwn80762: FMC does not remove community list override when this is modified.
  • CSCwn80765: ISA3000 with ASA Refuses SSH Access If CiscoSSH is Enabled
  • CSCwn83268: Realm with greater than 16 directories cannot be deployed in RA-VPN for LDAP
  • CSCwn84557: Lina traceback and reload due to "spin_lock_fair_mode_enqueue"
  • CSCwn85765: ipv6 ping Vrf name changed after xml processing
  • CSCwn87249: snort3 : FMC connection event logs do not show URL in DNS query using TCP
  • CSCwn89243: Identity NAT should not throw error due to exceeding threshold if destination only objects expand
  • CSCwn90900: High ASA/FTD memory usage due to polling of RA VPN related SNMP OIDs
  • CSCwn92507: FMC Not listing the any connect images in RAVPN Wizard and FMT tool
  • CSCwn92894: Occasionally, 'show chunkstat top-usage' output does not show all entries
  • CSCwn93319: ASA/FTD may traceback and reload in Thread Name "DATAPATH"
  • CSCwn95719: Create report option should be hidden from Health Events Page on CDFMC
  • CSCwn95939: Generate syslog if received CRL is older than cached CRL
  • CSCwn95945: Generate syslog if received CRL signature validation fails
  • CSCwn96928: URL getting allowed even with block rule in place.
  • CSCwn96929: ASA: Traceback and Reload Under Thread Name SSH
  • CSCwn97341: MonetDB Monitor should detect missing columns in stats partitions
  • CSCwo00102: Snort3 trimming packets with invalid sequence number due to bad window size information received
  • CSCwo00225: VNI source MTU is not IPv6 aware after upgrade if configured prior to upgrade
  • CSCwo00702: Community lists should not throw an error until the last item in the list is being deleted
  • CSCwo01014: Unable to Form HA with Domain Containing "." While Registering FMC
  • CSCwo01616: sfipproxy prometheus configuration is attempted for not supported models and replaces sfipproxy.conf
  • CSCwo06044: Exclude perf monitoring files from device backup
  • CSCwo07498: QUIC: LINA crash in timer with stress test
  • CSCwo08042: ASAv reloaded unexpectedly with traceback on Unicorn Proxy Thread
  • CSCwo08306: Command authorization fallback to Local only works for priv 15 users.
  • CSCwo08449: "Add Device(wizard)" is not working as expected.
  • CSCwo09060: SSL trustpoint with 4096 bit RSA keys not allowed by ASA if renewed via CLI
  • CSCwo09195: Traceback and reload during the deployment after disabling FQDNs.
  • CSCwo09618: Enabling debugs with EEM fails
  • CSCwo12801: Detectors sync issue on FMC upgraded to 7.7
  • CSCwo13863: Snort3 crashed because don't fragment bit was set and it did not treat ipv4 fragments as fragments
  • CSCwo14722: Prune the older files in /ngfw/var/cisco/deploy/pkg/var/cisco/packages
  • CSCwo14737: FTD - LSP Installation/ Deployment Failure
  • CSCwo15715: IKEv2 Rekeys fail due to fragmentation during the IKE Rekey
  • CSCwo16016: Users from legacy radius server can login to Standby FMC domain when MA is enabled
  • CSCwo16049: False alert "Terminating long running backup" on FMC due to UI backup timeout error.
  • CSCwo18838: ASA/FTD may traceback and reload in Thread Name 'lina_exec_startup_thread'
  • CSCwo18883: FMC removes prefix-list overides used for BGP and installs defaults values by itself.
  • CSCwo19762: Unable to rejoin data node in cluster after re-enabling mac-address auto in multi-context mode
  • CSCwo19986: FTD TS is collecting duplicated data
  • CSCwo20629: Better handling of invalid/bad data in fleet upgrade workflow.
  • CSCwo21767: Port scan alerts not getting generated for custom configuration
  • CSCwo21830: Reduce TS package size
  • CSCwo24772: debug packet-condition does not work as expected
  • CSCwo25271: Empty snapshot being sent when when auth-daemon restarts causing user logout
  • CSCwo25478: auth-daemon process restarts due to race condition
  • CSCwo25786: REST Api allows to create a realm without a directory configuration
  • CSCwo26286: Management1 Gateway Configuration Should Be Optional on FPR 4200 Series
  • CSCwo26725: FMC Site-to-Site Monitoring Dashboard is not working at all
  • CSCwo31467: TLS.- Outlook only supports TLS 1.2 and not 1.3- FMC uses TLS 1.3 by default
  • CSCwo32030: LSP upload/download + auto-deploy is failing
  • CSCwo32845: Disable Reverse Path Filter for Dual Management Interfaces on FPR 4200 Series
  • CSCwo32943: Active FMC - False alerts of FMC HA in degraded sync state
  • CSCwo34220: Random QOS policies are getting negatted and added with subsequent deployment
  • CSCwo34833: cdFMC: Chassis is always seen as " Not synced" in CDO page even though it is connected and up
  • CSCwo35585: AMP related health alert during upgrade and typo in the alert message
  • CSCwo35783: Enhance Debugging for add/update/withdraw of routes with neighbors
  • CSCwo35788: Serviceability Enhancement - New 'show bgp internal' command for advanced debugging
  • CSCwo35810: show bgp update-group a.b.c.d displays "no such neighbor" when there is a valid neighbor
  • CSCwo37055: FMC: Media type displayed on the FMC's FCM is not matching CLI after swapping sfps
  • CSCwo41250: Traceback & Reload in thread named: DATAPATH-1-23988 during low memory condition
  • CSCwo42102: show tech-support fprm detail command is getting stuck for longer duration
  • CSCwo42139: Snort3 traceback and deployment failure with VDB upgrade
  • CSCwo42230: Memory leak leading to split brain
  • CSCwo45848: SecGW: Data node fails to join the cluster with cluster_ccp_make_rpc_call failed to clnt_call error
  • CSCwo47978: ASA may traceback and reload in Thread Name 'fover_parse'
  • CSCwo48607: Installation of Hotfix may fail at 800_post/998_expire_ac_policy.pl on the standby FMC
  • CSCwo48630: Deployment is failing due to the policy changes report request in progress
  • CSCwo49425: Logging recipient-address not overriding the logging mail message severity levels
  • CSCwo49744: DNS and default gateway are removed on FTD managed through data interface
  • CSCwo50885: /mnt/disk0/log folder duplicated on troubleshooting package
  • CSCwo53892: FTD health metrics show "No data available" on the FMC
  • CSCwo55662: FMC Rest API returns only the first 1000 network object entries
  • CSCwo57744: Overrides not working on chained/inherited custom IPS policies
  • CSCwo58130: Duplicate entries in EventCatalog can cause incorrect unified2 id to be sent
  • CSCwo58260: Add "built" and "teardown" messages for the GRE | IPinIP connections to the Lina syslog
  • CSCwo61240: After renewal FMC CA, the certificate cannot be used for ArcSight integration
  • CSCwo62543: Default Pass action for rules in Snort 3 local rule groups may cause blank error in IPS policies
  • CSCwo63951: FMC/FDM Client side certificate used to communicate to Talos did not auto-renew correctly
  • CSCwo66307: cdFMC: Deployment failed due to the deployment manager is not initialized properly
  • CSCwo70260: /objects/fqdn filter paramaters not working
  • CSCwo71835: The NAS-IP-Address attribute is missing from the Access-Request in FMC
  • CSCwo74265: FTD Upgrade Retry failure (Unable to execute Retry after failure in FTD while upgrading to 7.7.10)
  • CSCwo74305: Deployment Failure in Hub and Spoke VTI Topology with DHCP Configured VPN Interfaces
  • CSCwo75810: SNMP configuration is not applied consistently across same FTDs type and version
  • CSCwo76436: 3100 Marvell 4.3.14 CPSS patch for the interface mac stuck issue seen with peer switch reloads
  • CSCwo76537: UEV breaks with duplicate event indexes
  • CSCwo76554: TLS handshake fails with reverse SSL flow and TSID (TLS Server Identity) or TSID enabled
  • CSCwo77662: Certain special characters or spaces in RADIUS user passwords cause login failure in FMC
  • CSCwo77937: minidump core file not generating in MI mode
  • CSCwo79114: Post reposition or move operation fails then if user saves, it would to lead loss of rules & may cause an outage
  • CSCwo83087: Manual router ID does'nt get displayed in UI for BGP general settings
  • CSCwo85252: FMC page may get stuck in loading state while trying to fetch BGP configuration
  • CSCwo86835: SMB remote FMC backups are failing due to relam sync
  • CSCwo91053: fover_trace.log not rotating and growing to a massive size
  • CSCwo94360: Do not fail parallel write API call from same user session. Retry should be done internally before failing
  • CSCwo96941: The total disk keep on increasing on the disk status wizard on the Health Monitor page.
  • CSCwp00618: Devices show offline due to "Appliance unreachable" due to HMS deadlock inserting to DB
  • CSCwp02255: Snort2 crashes in loop after FMC upgrade
  • CSCwp03056: Getting VNI int cannot be configured with proxy enabled error during model migration when proxy is disabled on VNI int
  • CSCwp03910: Subsequent DNS packets are dropped in a single flow if one domain hits the custom DNS SI block list
  • CSCwp04040: AMP vault credentials are not persisted after cdFMC upgrade
  • CSCwp08291: cdFMC DR - cdFMC_Snapshot generation failing while trying to copy sftunnel related files.
  • CSCwp11985: Deployment is mandatory after FMC upgrade condition should be included in Upgrade code
  • CSCwp15886: Unable to change few IPS rule actions after upgrading from snort2 to snort3
  • CSCwp15949: The "Module run errors" alert on the FMC GUI should be updated to a more contextually relevant message
  • CSCwp16546: Tunnel Status shows "No Active Data" when spoke behind NAT on S2S Monitoring UI
  • CSCwp26878: cdFMC returns 403 forbidden error while configuring webhook alerts
  • CSCwp32097: Domain filter is non-functional under ACP on cisco-jagan-test
  • CSCwp83566: SSL - Issues with DND a particular site after FTD upgrade on Chrome and Edge post upgrade
  • CSCwp92489: SFDataCorrelator_user_id_mismatch.log overconsumption of disk
  • CSCwp96945: Required Horizontal scroll bar in admin/sensor/remote_backup.cgi
  • CSCwp98782: Internal error when saving local rules in Rule Overrides section of IPS policy
  • CSCwq18259: cdfmc user-preference issue
  • CSCwq19928: Vault slowness might cause Auth-Daemon deadlock if lease is denied
  • CSCwq20009: Scrolling in AC Policy UI may result in UI refreshing and displaying blank page if Mandatory Section is empty
  • CSCwq27820: cdFMC 7.7.10 email notification stopped working
  • CSCwq30335: Backup Timeout is not sufficient when FTD backups are huge and low bandwidth
  • CSCwq46783: FMC Authentication Fails with freeradius, "Invalid NAS IP Address" Error Displays Unexpected IP
    -
Version: 7.7.10 Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Cisco Firepower 1000 Series Firewalls updates

More from the IT Infrastructure section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad