SOURCEFIRE 3D SYSTEM
RELEASE NOTES
Version 4.10.3.7
Original Publication: January 30, 2014
Last Updated: March 13, 2014
These release notes are valid for Version 4.10.3.7 of the following platforms in the
Sourcefire 3D System:
•
Series 2 sensors (the 3D500, 3D1000, 3D2000, 3D2100, 3D2500, 3D3500,
3D4500, 3D6500, and the 3D9900)
•
Series 2 Defense Centers or Master Defense Centers (the DC500, DC1000,
and the DC3000)
•
Series 3 sensors (the 3D7010, 3D7020, 3D7030, 3D7110, 3D7120, 3D8120,
3D8130, 3D8140, 3D8250, 3D8260, 3D8270, and the 3D8290)
•
Series 3 Defense Centers or Master Defense Centers (the DC750, DC1500,
and the DC3500)
•
64-bit Virtual Defense Centers and Virtual 3D Sensors
•
3D Sensor Software for Crossbeam Systems X-Series Platform (XOS
Versions 9.5.1 and later, 9.6.2 and later, and 9.7.0 and later)
Even if you are familiar with the update process, make sure you thoroughly read
and understand the release notes, which describe supported platforms and
functionality, known and resolved issues, and product and web browser
compatibility. They also contain detailed information on prerequisites, warnings,
and specific installation and uninstallation instructions.
For more information, see the following sections:
Version 4.10.3.7
•
Updates to Sourcefire Documentation on page 2
•
Changed Functionality on page 2
•
Important Update and Compatibility Notes on page 3
•
Product and Web Browser Compatibility on page 5
•
Issues Resolved in Version 4.10.3.7 on page 6
Sourcefire 3D System Release Notes
1
Updates to Sourcefire Documentation
•
Updating Existing Appliances and Software Sensors on page 21
•
Uninstalling the Update on page 33
•
Known Issues on page 40
•
Features Introduced in Previous Versions on page 43
•
For Assistance on page 50
Updates to Sourcefire Documentation
In Version 4.10.3.7, the following documents were updated to reflect the addition
of new features and changed functionality and to address reported
documentation issues:
•
Sourcefire 3D System User Guide and Online Help
•
Sourcefire 3D System 3D Sensor Installation Guide
•
Sourcefire 3D System Defense Center Installation Guide
•
Sourcefire 3D System Virtual Defense Center and 3D Sensor Installation
Guide
You can download all updated documentation from the Sourcefire Support site.
Changed Functionality
The following list describes changed features and functionality:
•
Version 4.10.3.7
When configuring high availability, you designate one Defense Center as the
primary Defense Center and one as the secondary. When appliances switch
from active to inactive (and vice versa), they now retain their original primary
and secondary designations.
Sourcefire 3D System Release Notes
2
Important Update and Compatibility Notes
Important Update and Compatibility Notes
The following sections list important points you must keep in mind before you
begin the update process, as well as any possible consequences or compatibility
issues you may encounter during or after the update process:
•
Before You Begin on page 3
•
Virtual Appliance Operating Environments on page 5
Before You Begin
Before you begin the update process for Version 4.10.3.7, you should keep the
following important points in mind:
•
Sourcefire strongly recommends that you back up event and configuration
data to a local computer before you perform the update; this data is not
backed up as part of the update process.
For information on the backup and restore feature, including the types of
backups that are supported for your appliance, see the Sourcefire 3D
System User Guide.
Version 4.10.3.7
•
Do not install the Version 4.10.3.7 update on appliances with a STIG hotfix
installed; it renders the web interface unusable. Uninstall the STIG hotfix
before proceeding with the update. To reinstall the STIG hotfix (build 15 or
later) after completing the Version 4.10.3.7 update, see the Sourcefire 3D
System STIG Hotfix Release Notes for Version 4.10.3.7.
•
Sourcefire does not support updating appliances with more than one hard
drive. You must remove additional hard drives before beginning the update.
•
Note that Version 4.10.x of the Sourcefire 3D System is not supported on
the APM-8600 or the single-CPU APM-8650 with XOS 9.6.5, 9.6.6, 9.6.7,
and 9.7.0.
Sourcefire 3D System Release Notes
3
Important Update and Compatibility Notes
•
The Version 4.10.3.7 update includes a full upgrade of the MySQL database.
WARNING! Disruptions in the update during the database upgrade could
leave the Sourcefire 3D System in an unusable state that may require you to
restore the appliance to factory defaults. Note, however, that error
messages may appear in the update interface during the database upgrade.
These errors are expected and you can safely ignore them.
Error messages may appear in the update interface during the database
upgrade. These errors are expected and you can safely ignore them.
•
When you install or uninstall this update on 3D Sensors, the interface set
type on the sensing interfaces determines how and when traffic inspection,
link state, and traffic flow are affected. How network traffic is interrupted
depends on whether the sensor’s interface sets are configured as inline,
inline with fail open, or passive. The following table describes the possible
outcomes:
Interface Set Type
Network Traffic Interrupted?
Passive
Network traffic is not interrupted, but also is not
inspected during the update.
Inline
Network traffic is blocked throughout the update.
Inline with fail
open
Network traffic is interrupted at two points during
the update.
At the beginning of the update process, traffic is
briefly interrupted while link goes down and up
(flaps) and the network card switches into hardware
bypass. Traffic is not inspected during hardware
bypass.
After the update finishes, traffic is again briefly
interrupted while link flaps and the network card
switches out of bypass. After the endpoints
reconnect and reestablish link with the sensor
interfaces, traffic is inspected again.
In scenarios where traffic will be interrupted, Sourcefire recommends that
you either remove affected 3D Sensors from their inline placement, or plan
the update for a maintenance window or other time when the interruption
will have the least impact on your deployment.
Version 4.10.3.7
Sourcefire 3D System Release Notes
4
Product and Web Browser Compatibility
Virtual Appliance Operating Environments
Sourcefire packages Virtual appliances for three hosting environments:
•
vSphere version 4.1 or 5.0 from VMware
•
Xen Hypervisor 3.3.2 or 3.4.2 distribution from Xen.org with Ubuntu 8.04
Long Term Support (LTS) or CentOS 5.5 Dom0 (server version
recommended)
•
RHEV version 3.0 using RHEL 6.2 (64-bit) as the supported hypervisor base
For more information on Virtual appliances, including hardware compatibility,
packaging, deployment considerations, and configuration, see the Sourcefire 3D
System Virtual Defense Center and 3D Sensor Installation Guide.
Product and Web Browser Compatibility
You must use Version 4.10.3 or later of the Defense Center to manage Version
4.10.3.7 sensors.
You must use Version 4.10.3 or later of the Master Defense Center to manage
Version 4.10.3.7 of the Defense Center, including the Virtual Defense Center.
Version 4.10.3.7 of the Master Defense Center and Defense Center (including the
Virtual Defense Center) can also manage the appliances listed in the following
table.
Version 4.10.3.7
Version 4.10.3.7 of the...
Can manage
these versions...
Of the...
Master Defense Center
4.9.x and 4.10.x
Defense Center
Defense Center
4.10.x
3D Sensor — 7000 Series and
8000 Series
Defense Center
4.9.x and 4.10.x
3D Sensor — 3D9900
Defense Center
4.9.x
3D Sensor — 3Dx800
Defense Center
4.9.x and 4.10.x
other 3D Sensors
Defense Center
4.9.x and 4.10.x
3D Sensor Software for
Crossbeam X-Series
Defense Center
4.9.x
RNA on Red Hat Linux
Sourcefire 3D System Release Notes
5
Issues Resolved in Version 4.10.3.7
Version 4.10.3.7 of the web interface for the Sourcefire 3D System has been
tested on the browsers listed in the following table.
Browser
Required Enabled Options and Settings
Firefox 26
JavaScript, cookies, Secure Sockets Layer (SSL) v3
Microsoft Internet
Explorer 9.0
JavaScript, cookies, Secure Sockets Layer (SSL) v3,
128-bit encryption, Active scripting security setting,
Compatibility View, set Check for newer versions of
stored pages to Automatically
Microsoft Internet
Explorer 10.0
JavaScript, cookies, Secure Sockets Layer (SSL) v3,
128-bit encryption, Active scripting security setting,
Compatibility View, set Check for newer versions of
stored pages to Automatically
Issues Resolved in Version 4.10.3.7
The following issues are resolved in Version 4.10.3.7:
Version 4.10.3.7
•
Resolved an issue where widgets on the Status Dashboard page failed to
populate with data after many failed logins to the web interface. (115970)
•
The system now uses Coordinated Universal Time (UTC) to generate time
stamps on audit log entries. (126038)
•
Resolved an issue where you could not generate troubleshoot files for
3D Sensor Software running Version 4.10.3.4 or later. (126368)
•
Resolved an issue where, in rare cases, the system did not populate the
intrusion event packet view with data due to a memory issue. (126619)
•
Security Issue Updated OpenSSH to version 6.6 to eliminate the
CVE-2010-5107 vulnerability on Sourcefire appliances. (126988, 135945)
•
Resolved an issue where editing your network settings (Operations > System
Settings > Network) caused the system to reset your Network Time Protocol
(NTP) settings. (127577)
•
Resolved an issue where, if you altered the default time window on a health
module alert graph, the displayed data did not reflect the custom time
window. (127652)
•
Resolved an issue where you could not log in to an appliance via the
command line interface (CLI) if your LDAP username contained a capitalized
character. (128098)
•
Resolved an issue where third-party queries to the database returned
incorrect data. (128210)
•
Resolved an issue where, in some cases, configuring SNMP in a system
policy and applying the policy to a sensor caused memory problems.
(128586)
Sourcefire 3D System Release Notes
6
Issues Resolved in Version 4.10.3.7
•
Resolved an issue where Defense Centers experienced communication
issues with their sensors. (128801)
•
Resolved an issue where excluding specific Original Client IP addresses from
an intrusion event search improperly constrained the data. (131106)
•
Resolved an issue where, in some cases, the system generated incorrect
intrusion event timestamps. (131830)
Issues Resolved in Previous Updates
Because you can update some of your appliances from Version 4.10.0 to Version
4.10.3.7, this update also includes the changes in updates from Version 4.10.0
through Version 4.10.3.6. The issues that were resolved in each are listed by
version.
4.10.3.6
•
Security Issue Eliminated a vulnerability that could allow a remote attacker to
execute unauthorized IPMI commands if Lights-Out Management was
enabled on a Series 3 appliance. For more information, log in to the
Customer Center and access the KB article at
https://na8.salesforce.com/articles/Informational/000002045. (130978)
•
Security Issue Resolved an issue where the Sourcefire 3D System web
server had the potential to execute system commands as root. Special
thanks to Detmar Liesen and Christian Rahmen at Information und Technik
Nordrhein-Westfalen (IT.NRW) for reporting this issue. (131737)
•
Security Issue Eliminated a vulnerability that could allow an attacker to
execute linux commands via the filter search field on the System Log page.
For more information, log in to the Customer Center and access the KB
article at https://na8.salesforce.com/articles/Informational/000002058.
(131738)
4.10.3.5
Version 4.10.3.7
•
Resolved an issue where SNMP alert messages longer than 255 characters
caused SNMP trap logging to fail. (100057)
•
Resolved an issue where, on Defense Centers in a high availability
configuration, changes to traffic profile names did not save. (100686)
•
Resolved an issue where SMTP data caused user identity error messages
to display in the system log (Operations > Monitoring > Syslog). (101932)
•
Resolved an issue where you could not switch the roles of a high availability
pair of Defense Centers registered to a Master Defense Center. (102286)
•
Resolved an issue where an outdated IP address appeared on the primary
Defense Center’s Sensors page after you changed the IP address of a
sensor managed by Defense Centers in a high availability configuration.
(103781)
•
Resolved an issue where you could not export a system policy if the default
user role was a custom user role. (108088)
Sourcefire 3D System Release Notes
7
Issues Resolved in Version 4.10.3.7
Version 4.10.3.7
•
Resolved an issue where, in rare cases, appliances that automatically
update downloaded redundant or non-applicable patches. (108436)
•
The Defense Center now uses fully qualified domain names to send all
email notifications from the system policy. (111038)
•
Resolved an issue where generated reports displaying SEU import log data
improperly constrained the data if you selected a time range. (116201)
•
Resolved an issue where, after using a high availability pair of Defense
Centers to import an intrusion policy to a Defense Center, the secondary
Defense Center synced incorrectly. (117839)
•
Improved the performance of the Sourcefire Data Correlator. (118131)
•
Resolved an issue where, in some cases, jumbo frames on a Crossbeam
sensor running XOS Version 9.6.5 overwhelmed the system and dropped
packets. You must update to Crossbeam XOS Version 9.6.7 to take
advantage of this fix. (118313, 122835)
•
Resolved an issue where, in rare cases, the xvnim driver incorrectly
released buffers, causing the system to drop packets and lose connectivity.
(118572)
•
LDAP usernames can now contain tildes (~), periods (.), and dollar signs ($).
(118830)
•
Resolved an issue where, in rare cases, 3D9900 sensors required additional
rebooting after a reboot in order to resume traffic. (118856)
•
Security Issue Resolved an issue where, in some cases, the system did not
process user identity data or host input updates and logged error messages
to the Defense Center system log. (119550)
•
Resolved a database externalization issue where, in some cases, users
could not access the database. (119602)
•
Resolved an issue where, after shutting down a Defense Center in a high
availability pair, intrusion events that occurred during the restart logged only
on the primary Defense Center. (120086)
•
Resolved an issue where, in some cases, the Intrusion Events widget
displayed data incorrectly. (120136)
•
Resolved an issue where 3D71xx fiber interface passive mode link lights did
not illuminate when connected to an endpoint. (120470)
•
Resolved an issue where, after updating to Version 4.10.3.4, eStreamer
requests with the Version 1 metadata request flag set did not return
intrusion policy metadata. (120807)
•
Resolved an issue where, if a Master Defense Center managed a high
availability pair of Defense Centers, the system did not apply the intrusion
policy to all sensors during a scheduled or automated policy apply. (121437)
•
Resolved an issue where, in some cases, the system incorrectly displayed
intrusion events after completing the Version 4.10.3.4 update. (121748)
•
Improved the memory usage stability of the Sourcefire Data Correlator.
(122149)
Sourcefire 3D System Release Notes
8
Issues Resolved in Version 4.10.3.7
•
Resolved an issue with the Crossbeam software sensor pruner
configuration that, in some cases, decreased sensor performance. (122446)
•
Resolved an issue where, in some cases, completing an update or uninstall
to Version 4.10.3.4 of the Sourcefire 3D System required up to 3 hours to
complete on a 3D7110 or 3D7120 sensor. (123754)
4.10.3.4
Version 4.10.3.7
•
The system now prevents you from importing intrusion rules with a list of
destination ports that is longer than 64 characters. (107148)
•
Resolved an issue where, in some cases, intrusion rule actions set from the
packet view or context menu were set in the wrong intrusion policy.
(108551)
•
Resolved an issue where, in some cases, newly created RNA detectors
incorrectly detected patterns when evaluating packet captures. (108756)
•
Resolved an issue where unknown web browsers were incorrectly
identified as SSH. (109528)
•
Resolved an issue where, in some cases, Custom Analysis dashboard
widgets failed to load. (109584)
•
Improved reliability of the Sourcefire Data Correlator. (110869)
•
Resolved an issue where, in some cases, health blacklist data on the
secondary Defense Center of a high availability pair failed to synchronize
with the data on the primary Defense Center. (110870)
•
Resolved an issue where viewing intrusion event graphs with a large time
range could hide samples that occurred during times with sparse data.
(110990)
•
Resolved an issue where, in some cases, graphs did not appear in PDF
reports that took over 30 minutes to generate. (110997)
•
In the web interface, detection engine and interface set list pages are now
compatible with Internet Explorer 10. (111186)
•
Resolved an issue where, in some cases, compliance rules generated
events during inactive periods. (111309)
•
Resolved an issue where, in some cases, RNA event logging sent
unsolicited updates to ArcSight clients. (111373)
•
Resolved an issue where, in some cases, compliance policies that included
the Default White List compliance rule did not generate compliance events.
(111645)
•
MySQL was updated on appliances to address CVE vulnerabilities. (111738)
•
Resolved issues with the documentation. (111942)
•
Resolved an issue where physical appliances experienced system problems
after running continuously for a minimum of 208 days. (112556)
•
Resolved an issue where, in some cases, the packet view failed to display
and caused excessive system memory usage. (113458)
•
Improved reliability of communications between Sourcefire appliances.
(113665)
Sourcefire 3D System Release Notes
9
Issues Resolved in Version 4.10.3.7
•
Updated the Perl package on appliances to address CVE vulnerabilities.
(113929, 113930)
•
Resolved an issue where, when you removed the Save as Private
designation from a saved search, the search did not become available for
users with read-only permissions. (113967)
•
Passwords for Cisco remediations can now contain special characters.
(114090)
•
Resolved an issue where, in some cases, VLAN and network filtered
intrusion policies failed to apply from the Master Defense Center. (114292)
•
Improved the task queue’s reliability when displaying system tasks. (114744)
•
Resolved an issue that, in some cases, caused RNA detection policy apply
to fail. (114879)
•
Resolved an issue where, in some cases, custom compliance policies could
contain self-referencing rules. (115125)
•
Resolved an issue where setting warning threshold values on a health
module to 1 or 2 could trigger inaccurate health alerts. (115126)
•
Resolved an issue where, in some cases, menu options throughout the
system failed to update. (115135)
•
Resolved an issue where, in some cases, dashboard widgets did not display
intrusion events correctly. (115524)
•
Resolved an issue where you could not edit compliance policies or rules
after deleting a sensor whose detection engines were referenced by a
compliance rule. (115660)
•
Resolved an issue where, in some cases, compliance rules could not
reference detection engines on stacked sensors. (116145)
•
The show-network-modules command line interface command now
functions correctly on 7000 Series and 8000 Series sensors. (117962)
4.10.3.3
No issues were resolved in Version 4.10.3.3.
4.10.3.2
The following issues were resolved in Version 4.10.3.2:
Version 4.10.3.7
•
Resolved several issues affecting the 40G network module (NetMod) on
3D8250 sensors. (111315, 112439)
•
Resolved an issue that, in some cases, prevented log rotation from
occurring. (112010)
Sourcefire 3D System Release Notes
10
Issues Resolved in Version 4.10.3.7
4.10.3.1
The following issue was resolved in Version 4.10.3.1:
•
Resolved an issue where after you installed a new SEU on an appliance, the
Modified By column on that appliance's Intrusion Policy page sometimes
showed an incorrect user as the user who applied the update. (100468)
4.10.3
The following issues were resolved in Version 4.10.3:
Version 4.10.3.7
•
Improved performance of the system integrity check utility. (92756, 92759,
92762)
•
Resolved an issue where RNA processes did not appear in the processes
list on the Statistics page (Operations > Monitoring > Statistics). (92928)
•
Resolved several issues with the documentation. (95438, 98628, 104029,
104680, 104748, 105420, 106185, 106268, 106537, 107138, 107290, 107590,
108066, 108921, 109049)
•
Bookmarked RNA searches that are constrained by Confidence now load
correctly. (96937)
•
Resolved an issue where, after you changed the system time zone, the
syslog incorrectly reported dates one year earlier. (97586)
•
Resolved an issue that caused invalid RNA policy recommendations to
appear. (98498)
•
Resolved an issue where, when you saved changes to a scheduled task
created in a previous year, the original year was incorrectly changed to the
current year. (98568)
•
Resolved an issue where, when you exported a dashboard from a Defense
Center to a Master Defense Center or a 3D Sensor, widgets unavailable
because they were unsupported on the new appliance could incorrectly
appear with the “You are not authorized to view this widget” error
message. (98944)
•
Resolved an issue where setting an odd-numbered maximum frame size on
inline interface sets of 8000 Series sensors could cause link loss. You can
no longer set this value to an odd number. (99452)
•
Resolved an issue where you could not simultaneously apply intrusion
policies from a Master Defense Center to multiple 3D Sensors if the
sensors' managing Defense Centers required SEU updates. (100143)
•
Resolved an issue where an externally authenticated RADIUS or LDAP user
with the username admin conflicted with the local admin user. The
Sourcefire 3D System no longer supports the username admin for
externally authenticated users. (100677)
•
Resolved an issue where, in some cases, the Defense Center task status
page reported a successful VDB installation after a failed VDB update on a
managed sensor. (100776)
Sourcefire 3D System Release Notes
11
Issues Resolved in Version 4.10.3.7
Version 4.10.3.7
•
Resolved an issue where scheduled “install latest update” tasks that
completed successfully did not generate correct task status messages in
the system log. (101406)
•
Improved performance of dashboard widgets that perform queries
constrained on user data. (101459)
•
Hotfix updates no longer appear in the Product Updates dashboard widget
under Latest Product Updates. (101526)
•
Improved reliability of the Sourcefire Data Correlator. (101692, 103038)
•
Improved system performance of database tables and RNA event database
queries. (101851, 103954)
•
Resolved an issue where, in some cases, enabled compliance rules caused
system problems with the Sourcefire Data Correlator. (102788)
•
Resolved an issue where some fields in generated PDF-format reports
appeared in HTML format. (103439)
•
Resolved an issue on the Defense Center where clicking Run All Modules in
the health monitor could cause an error page to appear. (103503)
•
Resolved an issue on some 8000 Series sensors that caused health alerts
to report power supply loss when no problem existed. (105552)
•
Resolved an issue on appliances sending email where the SMTP mail
process would hang indefinitely if certain errors occurred. The process now
correctly times out in case of error. (105714)
•
Resolved an issue where IPS performance graphs of blocked packets
reported incorrect data. (105802)
•
Resolved an issue with the Sourcefire Data Correlator where multiple
packets associated with the same event that had identical event ID, sensor
ID, event seconds, packet seconds, and packet nanoseconds data were
incorrectly dropped as duplicates. (106117)
•
Resolved an issue where synchronization tasks (such as those relating to
high availability, clustered, and stacked configurations) did not run after
system upgrades. (106327)
•
Resolved an issue where, when you rolled back the secondary Defense
Center in a high availability pair to the same software version as the primary
Defense Center (the primary having been rolled back earlier), variable
definitions on the primary Defense Center were overwritten. (106559)
•
Security Issue Removed a possibility of injecting arbitrary HTML in the event
viewer. (CVSS Base Score: 3.3)
•
Security Issue Removed possibilities of redirection away from the host user
interface. (107407, 107409) (CVSS Base Scores: 3.3)
•
External database queries that contain numeric functions no longer cause
problems with Crystal Reports. (107779)
Sourcefire 3D System Release Notes
12
Issues Resolved in Version 4.10.3.7
4.10.2.7
The following issues were resolved in Version 4.10.2.7:
•
Resolved an issue with the Sourcefire Data Correlator that could, in rare
cases, cause it to stop responding. (106960)
•
Security Issue Resolved a cross-site scripting vulnerability (XSS) in the
intrusion event packet view when the Log URI option is enabled for the HTTP
inspect preprocessor. This option is not enabled by default. (107245)
4.10.2.6
The following issues were resolved in Version 4.10.2.6:
•
Master Defense Centers now correctly display information about detection
engines and interface sets for 3D Sensors that have been moved between
the Master Defense Center’s managed Defense Centers. (103493)
•
Resolved an issue where you could not apply policies to 3D8260 sensors in
a stacked configuration from a Master Defense Center. (103879)
•
Resolved an issue where memory use of the Sourcefire Data Correlator
gradually increased, eventually requiring a restart of the Data Correlator.
(104261)
4.10.2.5
The following issues were resolved in Version 4.10.2.5:
Version 4.10.3.7
•
You can now use an access control list (Operations > System Settings >
Database) to filter access to ports that you use for external database access.
(95577)
•
Resolved an issue that caused a delay of several minutes when a
RADIUS-authenticated admin user accessed a Defense Center via SSH.
(96920)
•
You can now successfully activate a compliance policy with custom rules
that fire on specific intrusion event rule messages. (98609)
•
When you use a Master Defense Center to manage Defense Centers in a
high availability configuration, the Defense Centers now appear in the
Operations > Appliances list regardless of changes to their primary/secondary
status. (98708)
•
When you configure RADIUS authentication, you can now use
non-sequential ports for authentication and accounting. For more
information, see the Sourcefire 3D System User Guide. (98820)
•
Security Issue Upgraded MySQL version to 5.1.61 to address multiple
vulnerabilities. (99528, 103105)
•
If it has sufficient memory (4GB), you can now deploy up to 6 detection
engines on a Virtual 3D Sensor. (99781)
•
Improved system performance of Defense Centers that receive large
amounts of RNA or RUA events. (100025, 100027, 100028)
•
Resolved an issue where Defense Center backups could stall in the
“Verifying Backup” stage. (100030)
Sourcefire 3D System Release Notes
13
Issues Resolved in Version 4.10.3.7
•
Resolved an issue where external database access queries could fail due to
non-unique internal query IDs. (100597)
•
On Virtual 3D Sensors, 7000 Series sensors, and 8000 Series sensors,
resolved an issue where users with Configuration-level access to the
command line interface could not log into the web interface. (100683)
•
Resolved an issue where performance graphs of blocked packets
(Operations > Monitoring > Performance) displayed no data. (101802)
•
On the Master Defense Center, resolved an issue where, when you moved
a managed 3D Sensor from one high availability Defense Center pair to
another, its detection engine information could be inaccurate. (101943)
•
The default threshold for automatic application bypass is increased to
3000ms (previously 750ms). (102280)
•
Decreased latency on 7000 Series sensors that run two or more detection
engines. (102620)
•
Resolved an issue where dashboard widgets that displayed IP addresses or
host names failed to load when DNS lookup of hosts failed. (102797)
•
The detection engine variables page (Operations > Configuration > Detection
Engines > Variables) now loads correctly. (102951)
•
Resolved several issues with the documentation. (102971)
4.10.2.4
The following issues were resolved in Version 4.10.2.4:
Version 4.10.3.7
•
Resolved an issue where, when restoring a backup that you created with
remote storage enabled, the restore would fail if remote storage was not
enabled at the time of the restore. (90143)
•
Resolved an issue where authentication objects using group access could
lose configuration information when you upgraded from Version 4.9.1 to
Version 4.10.1. (90560)
•
Resolved an issue where RNA detection policies could fail to reapply after a
previous failed policy apply. (92430)
•
Compliance rules based on flow events that use the Total Bytes condition
now trigger successfully. (93608)
•
Resolved an issue where, in some cases, NetFlow configuration was not
received by 3D Sensors, causing NetFlow monitoring to fail. (93658)
•
Automatic SEU import tasks on a Defense Center in a high availability pair
are no longer propagated to the peer appliance. SEU installations are
already automatically synchronized by the high availability synchronization
process. (93797)
•
Resolved an issue where, in some cases, the Memory Usage health
module could alert even when sufficient memory was available. (94039)
•
Improved accuracy of intrusion event rate graphs in the Custom Analysis
dashboard widget. (94335)
Sourcefire 3D System Release Notes
14
Issues Resolved in Version 4.10.3.7
Version 4.10.3.7
•
Resolved an issue where, if remote storage was enabled, intrusion event
email alerts were sent as MIME-encoded email attachments instead of plain
text. (95862)
•
The Interface Traffic dashboard widget now correctly reports rates of
received and transmitted traffic. Previously, a scaling issue could cause one
traffic rate to display as zero when the values for Rx and Tx differed by
orders of magnitude. (95887)
•
Resolved an issue where data in the HTTP URI field of HTML-format event
reports was not HTML-encoded. (95993)
•
Decreased the amount of available disk space required on the Defense
Center to download packets to a local computer from the intrusion event
packet view. (96351)
•
Resolved an issue where drilling down on specific intrusion events in a
workflow would result in no events displaying. (96992)
•
If a scheduled update task fails to run, a message detailing the specific
reason for failure is now displayed. (97028)
•
Resolved an issue where you could not connect to an appliance using SSH
after a system policy apply. (97081)
•
Resolved an issue where removing a 7000 Series sensor's power cable
caused the Serial over LAN connection on the appliance to drop. (97550)
•
Resolved an issue where uploading Sourcefire Rule Updates (intended only
for Version 5.0 and above of the Sourcefire 3D System) to an appliance
running an earlier Sourcefire software version caused the Update page to
stop working. You can no longer upload Rule Updates to incompatible
appliances. (98240)
•
You can now successfully generate 2048-bit HTTPS certificates from the
web interface. (98416)
•
Improved synchronization of intrusion rule classifications between paired
Defense Centers in a high availability configuration. (98522)
•
Improved performance of the Sourcefire Data Correlator. (98626)
•
Resolved an issue that caused incomplete display of HTML packet data in
PDF-format event reports. (98854)
•
The system now correctly sends email notifications for intrusion events that
are pruned from the database. (99059)
•
Improved query engine support for Crystal Reports. (99209)
•
Resolved an issue where, when the Send Audit Log to Syslog option was
enabled on an appliance (under Audit Log Settings in the system policy),
malformed UDP packets were sent to the syslog server in addition to the
syslog packets. (99302)
•
RNA flows generated from NetFlow data and the RNA network map now
display the TOS and interface values from NetFlow. (99632)
•
Resolved an issue where enabling Adaptive Profiling could prevent Snort
from starting. (100003)
•
Resolved an issue where 3D9900 sensors could eventually stop passing
traffic. (100055)
Sourcefire 3D System Release Notes
15
Issues Resolved in Version 4.10.3.7
•
Resolved an issue where vulnerability database information did not sync
correctly between paired Defense Centers in a high availability
configuration. (100213)
•
Resolved an issue where the RNA process on 3D Sensors could cause
excessive memory use on the sensor. (101035)
4.10.2.3
The following issues were resolved in Version 4.10.2.3:
•
Security Issue Resolved an issue where unauthenticated users could
download configuration information stored in the web server document root
from the web interface. (101302) (CVSS Base Score: 4.7)
•
Security Issue Resolved an issue where unauthenticated users could
download arbitrary files that are readable by the www user. (101306) (CVSS
Base Score: 6.7)
•
Resolved an issue with ack.cgi by removing it from the system. (101308)
(CVSS Base Score: 2.8)
•
Security Issue Resolved an issue on the Defense Center that granted excess
database permissions to hosts where you installed RUA agents. (101309)
(CVSS BASE Score: 7.0)
•
Security Issue Resolved a cross-site scripting vulnerability in the dashboard.
(101310) (CVSS Base Score: 2.8)
4.10.2.2
The following issues were resolved in Version 4.10.2.2:
Version 4.10.3.7
•
Improved efficiency of the Custom Analysis dashboard widget. (94581)
•
Resolved an issue where you could not edit the permissions of externally
authenticated users on 8000 Series sensors. (95610)
•
On 3D Sensors, the audit log now shows the full commands that users
execute in the command line interface. (95981)
•
Resolved an issue where 3D8140 and 3D8250 sensors could incorrectly
report loss of power supply. (96069)
•
Improved RNA stability. (96564)
•
Resolved an issue where, on 3D7110, 3D7120, 3D8120 and 3D8130
sensors, PEP rules that you configured as Drop w/Reset could still allow IP
traffic to pass through. (96668)
•
Resolved an issue where, after upgrading a Defense Center to Version
4.10.2 or Version 4.10.2.1, it was not possible to view HTTPS certificates or
create new certificate signing requests. (96783)
•
Improved reliability of automatic update downloading. (97291)
•
Resolved an issue where backups with events could fail on a Defense
Center that was processing a high number of flows per second. (97307)
•
Resolved an issue where, when the system SSH daemon was manually
disabled, it would not reactivate after a system policy apply. (97369)
Sourcefire 3D System Release Notes
16
Issues Resolved in Version 4.10.3.7
•
You can now manually configure the MTU for management interfaces in the
web interface. (97416)
•
Resolved an issue where Master Defense Centers did not properly receive
impact level 5 events. (97851)
•
Resolved an issue where, in some cases, 3D9900 sensors did not pass or
process traffic. (97967)
•
Resolved an issue that could cause data gaps to appear in sensor
performance graphs. (98001)
•
VDB installations including or following SEU 74 will no longer cause backups
with events to fail (when the VDB is installed during or after upgrading to
Version 4.10). (98427)
•
Resolved an issue where enabling TAP mode on a 3D8250 sensor would
cause all VLAN traffic to be dropped. (98921, 99086)
4.10.2.1
The following issue was resolved in Version 4.10.2.1:
•
Resolved an issue where, in some cases, changes to system settings (such
as device registration or the enabling/disabling of eStreamer) could fail to
take effect. (97548)
•
The Hardware Alarms health module now runs correctly on all 7000 Series
and 8000 Series sensors. (97637, 97778)
4.10.2
The following issues were resolved in Version 4.10.2:
Version 4.10.3.7
•
Resolved an issue where LDAP shell authentication would fail if the total
combined length of the base filter and shell filter was greater than 512
characters. (89552)
•
The Defense Center no longer sends health monitor alert emails for a
blacklisted sensor. (90006)
•
Resolved an issue so that RADIUS login authentication objects can use
ports other than 1812. (90061)
•
Resolved an issue where, in high availability environments, health monitor
alert emails were sent every five minutes regardless of the value that you
set in Threshold Timeout. (90506)
•
Improved the reliability of health monitoring for 3D9900 sensors. (90847)
•
Resolved an issue where, in rare cases, the SFDataCorrelator process
would not shut down properly when it was stopped or restarted, thereby
preventing events from being sent to the Defense Center. (91099)
•
External database schema verification queries generated from Crystal
Reports now work correctly on Virtual Defense Centers. (91406)
•
Resolved an issue where you could not use SNMP to poll sensing interfaces
on an 8000 Series sensor. (92213)
•
Compliance rules that specify intrusion events with a value of would have
dropped now function properly. (92484)
Sourcefire 3D System Release Notes
17
Issues Resolved in Version 4.10.3.7
•
Resolved an issue where, in rare cases, interfaces in a passive interface set
on the 3D9900 and 8000 Series sensors could retransmit traffic. (94372)
•
Resolved an issue where RNA could pass invalid information to the adaptive
profiles feature. (95040).
4.10.1.4
The following issues were resolved in Version 4.10.1.4:
•
Resolved a cross-site scripting issue on the system policy creation page.
(92758)
•
Improved the quality of recommendations based on services by the RNA
Recommended Rules feature. (93657)
4.10.1.3
The following issues were resolved in Version 4.10.1.3:
Version 4.10.3.7
•
Resolved an issue where using special characters in the descriptions of
compliance policies, detection engines, and interface sets could cause
errors. (88014, 88019)
•
Resolved an issue where IPS email alerting did not function correctly when
the default frequency was changed on appliances with a web interface.
(89206)
•
Resolved an issue where port-based user-defined custom service detectors
could be overridden by RNA’s service identification in some cases. (89220)
•
Resolved an issue where, in some cases, 8000 Series sensors would
incorrectly report very large numbers of dropped packets. (90433, 90584)
•
Resolved several issues with the documentation. (89793, 90026)
•
Resolved an issue where secondary sensors in a stack would generate
health events for nonexistent interface sets. (89826)
•
The Analysis & Reporting > Custom Workflow menu option now properly
appears on all applicable sensors. (88851)
•
Resolved an issue where Custom Analysis dashboard widgets based on the
Flow Summary table did not accurately display information if Aggregate was
set to Traffic (KB/s). (89038)
•
Resolved an issue where tasks that you scheduled to run hourly at specific
time intervals would not obey the Start Time setting. (89845)
Sourcefire 3D System Release Notes
18
Issues Resolved in Version 4.10.3.7
4.10.1.2
The following issue was resolved in Version 4.10.1.2:
•
Resolved an issue where, in some cases, RNA could abnormally use up to
100% of CPU resources and cause problems with traffic inspection. (89606)
4.10.1.1
The following issues were resolved in Version 4.10.1.1:
Version 4.10.3.7
•
Resolved an issue where running the update-keyfob.sh script in Version
4.10.0 would result in an error. (87500)
•
The packet view of intrusion events now indicates IPv4 addresses that
contain IPv6 encapsulated security payloads. (87527)
•
PEP Analyze rules applied to passive interface sets no longer prevent
inspection of matching traffic. (87533)
•
Resolved an issue where, when your Sourcefire 3D System was configured
for Server Message Block (SMB) remote storage, you would not receive any
emailed reports (such as event or comparison reports) from your system.
(87615)
•
The syslog displayed in the web interface now displays the correct time
when the time zone is set to Europe/Lisbon (GMT +1). (87701)
•
Resolved several issues with the documentation. (87825, 87838,88521,
88647, 88617)
•
Resolved an issue where, in rare cases, dashboard widgets would not load
for Intrusion Event Analyst (Read Only) users. (87862)
•
Resolved an issue where, when both IPv4 and IPv6 were enabled on the
management interface of a 3D Sensor, any failure to obtain an IPv6 address
would cause errors with IPv4 connections. (87945)
•
The Authentication Profiles menu in the system policy now correctly
displays check box values in Internet Explorer 8. (87992)
•
Resolved an issue where installing VDB 64 would cause abnormally fewer
RNA recommendations in the intrusion policy. (88029)
•
Event backup to remote SMB storage now works correctly. (88065)
•
Resolved an issue where emailed reports (such as event or comparison
reports) would not honor the From address defined in the system policy
unless authentication was configured. (88113)
•
Resolved an issue where the IDS Event Processor would send duplicate
events to the Defense Center while an intrusion policy was applied to the
IPS detection engine. (88409)
Sourcefire 3D System Release Notes
19
Issues Resolved in Version 4.10.3.7
4.10.1
The following issues were resolved in Version 4.10.1:
Version 4.10.3.7
•
Resolved an issue where using wildcard characters (such as $ and *) when
searching for intrusion events in the SnortID field would yield unexpected
results. The system now notifies you when you include an invalid character
in your search. (83908)
•
Resolved an issue where entering an extremely large number of values
when searching for intrusion events would produce an error. There is now a
maximum of 8000 characters per search. (83909)
•
The web interface now correctly indicates whether a compliance policy is
active, even in cases where activating the policy has failed. (84059)
•
The Combine Flows for Out-of-Network Responders RNA setting combines flow
summaries that involve a host on your monitored network and one or more
hosts not on your monitored network. The Defense Center displays
external instead of an IP address for the aggregated external hosts in the
flow summary. Previously, if the networks to monitor in your RNA detection
policy were set to Auto-detect, external hosts’ IP addresses would appear
individually and internal IP addresses would appear as external. These IP
addresses now appear correctly. (84471)
•
Improved the accuracy of IPS performance graphs of percent packets
dropped. (84478)
•
You can now automatically reapply an intrusion policy to a high availability
peer after a scheduled SEU import on the other peer. (84496)
•
Resolved an issue where creating Nmap remediations with both the Fast
Port Scan and Port Ranges and Scan Order options would cause an error. The
Fast Port Scan and Port Ranges and Scan Order options are mutually exclusive;
it is now impossible to select both options when you create an Nmap
remediation. (85145)
•
You can now base any type of event report on a custom workflow. (85319)
•
Resolved an issue where you could not use aliased columns in ORDER BY
and GROUP BY functions when querying the Defense Center database
using the database access feature. (85965)
•
Resolved an issue where the Network Interface system settings page was
unavailable on the Master Defense Center. (86073)
•
Resolved an issue where the links to email Sourcefire Support and to
access the Sourcefire Support site from the Operations > Help page did not
function correctly. (86075, 86078)
•
Resolved an issue where DC750, DC1500, and DC3500 Defense Centers
would not successfully execute Cisco PIX Shun remediations. (86080)
•
Separating a stacked pair of sensors no longer causes problems with their
managing Master Defense Center. (86345)
•
Resolved an issue where Custom Analysis dashboard widgets that
displayed data from the Flow Summary Data table would not load if
constrained by a payload type search using payload type. (86368)
Sourcefire 3D System Release Notes
20
Updating Existing Appliances and Software Sensors
•
Resolved an issue where appliances upgraded directly from Version 4.9.1.7
to Version 4.10 did not respond to ICMP (ping) requests if the management
interface on the appliance was not eth0. (86402)
•
Resolved an issue where multiple intrusion policy sync jobs could be
pending in the action queue at one time. (86992)
•
Resolved an issue where LDAP authentication could fail if the server was
configured to expect spaces in the CN field. (87002)
•
Resolved an issue where compliance rules that searched for nonexistent
strings in intrusion rule messages could not be edited after they were
initially saved. (87131)
Updating Existing Appliances and Software Sensors
The following sections help you prepare for and install the Version 4.10.3.7 update
on your existing appliances:
•
Planning for the Update on page 21
•
Updating a Defense Center or Master Defense Center on page 24
•
Updating Managed 3D Sensors on page 27
•
Updating Unmanaged 3D Sensors on page 29
•
Using the Shell to Update an Appliance on page 32
Planning for the Update
This section outlines how to plan for and perform the Version 4.10.3.7 update for
the Sourcefire 3D System.
To update your Sourcefire 3D System appliances:
1.
Read these release notes.
Even if you are familiar with the update process, make sure you thoroughly
read and understand the release notes, which describe supported platforms,
new features and functionality, known and resolved issues, and product and
web browser compatibility. They also contain detailed information on
prerequisites, warnings, and specific installation and uninstallation
instructions.
2.
Make sure your appliances (including software sensors) are running the correct
version of the Sourcefire 3D System.
To update to Version 4.10.3.7, your appliances must be running at least
Version 4.10.0. Note that 3D71xx sensors must be running at least Version
4.10.2, and 3D70xx sensors must be running at least Version 4.10.3. To push
and install the update, and to manage a Version 4.10.3.7 3D Sensor, your
Defense Center must be running at least Version 4.10.3.
If you are running an earlier version, you can obtain updates from the
Sourcefire Support Site.
Version 4.10.3.7
Sourcefire 3D System Release Notes
21
Updating Existing Appliances and Software Sensors
3.
Make sure the computers or appliances where you installed software sensors are
running the correct versions of their operating systems.
For 3D Sensor Software for Crossbeam X-Series, the X-Series Platform must
be running XOS Version 9.5.1 or later, 9.6.2 or later, or 9.7.0 or later. If you are
using an earlier version of the operating system, contact Blue Coat Support.
Note that Version 4.10.x of the Sourcefire 3D System is not supported on the
APM-8600 or the single-CPU APM-8650 with XOS 9.6.5, 9.6.6 and 9.7.0.
4.
Back up current event and configuration data to an external location.
Sourcefire strongly recommends that you back up current event and
configuration data to an external location. This data is not backed up as part of
the update process.
For more information on the backup and restore feature, including the types
of backups that are supported for your appliance, see the Sourcefire 3D
System User Guide.
5.
Make sure you have enough free disk space and allow enough time for the update.
The following table provides guidelines for the disk space and time required
for the Version 4.10.3.7 update.
Appliance/Sensor Software
Disk Space on /
Disk Space on /Volume
Reboot?
Estimated Time
Physical Series 3 Defense
Centers
109MB
8223MBplus twice
the size of the
largest database
table (up to 4GB)
Yes
31
minutesplus
30 mins for
each 10 million
events
Other physical and virtual
Defense Centers
81MB
8154MB plus twice
the size of the
largest database
table (up to 4GB)
Yes
35
minutesplus
30 mins for
each 10 million
events
Master Defense Centers
81MB
8154MB plus twice
the size of the
largest database
table (up to 4GB)
Yes
35 minutes
plus 30 mins
for each 10
million events
Physical Series 3 non-Geryon
3D Sensors
119MB
15422MB plus twice
the size of the
largest database
table (up to 4GB)
Yes
58 minutes
plus 30 mins
for each 10
million events
Physical Series 3 Geryon
3D Sensors
66MB
14046MB plus twice
the size of the
largest database
table (up to 4GB)
Yes
43 minutes
plus 30 mins
for each 10
million events
Version 4.10.3.7
Sourcefire 3D System Release Notes
22
Updating Existing Appliances and Software Sensors
Appliance/Sensor Software
Disk Space on /
Disk Space on /Volume
Reboot?
Estimated Time
Physical 3D9900 3D Sensors
76MB
9926MB plus twice
the size of the
largest database
table (up to 4GB)
Yes
45 minutes
plus 30 mins
for each 10
million events
Other physical and virtual
3D Sensors
79MB
8994MB plus twice
the size of the
largest database
table (up to 4GB)
Yes
35 minutes
plus 45 mins
for each 10
million events
3D Sensor Software for
Crossbeam X-Series
5286MB on / and 1MB on
/mnt/aplocaldisk
Yes
36 minutes
When you update a managed sensor to Version 4.10.3.7, your Defense
Center must be running at least Version 4.10.3. In addition, the update
requires additional disk space on the Defense Center’s /Volume partition.
The following table provides guidelines for the required disk space.
6.
Managed Sensor/Software
Additional Disk
Space on Defense
Center
Series 3 3D Sensors
1.5GB
3D9900 3D Sensors
986MB
Other Series 2 and all virtual 3D Sensors
928MB
3D Sensor Software for Crossbeam X-Series
739MB
Update your Master Defense Centers.
Always update Master Defense Centers first; see Updating a Defense Center
or Master Defense Center on page 24.
7.
Update your Defense Centers.
After you update any Master Defense Centers in your deployment, you can
update the Defense Centers they manage. For more information, see
Updating a Defense Center or Master Defense Center on page 24.
Note that when you begin to update one Defense Center in a high availability
pair, the other Defense Center in the pair becomes the primary, if it is not
already. In addition, the paired Defense Centers stop sharing configuration
information; paired Defense Centers do not receive software updates as part
of the regular synchronization process. To ensure continuity of operations, do
not update paired Defense Centers at the same time. First, complete the
update procedure for one of the Defense Centers, then update the second
Defense Center.
Version 4.10.3.7
Sourcefire 3D System Release Notes
23
Updating Existing Appliances and Software Sensors
8.
Update your managed 3D Sensors.
After you update the Master Defense Centers and Defense Centers in your
deployment, you can update your managed sensors (including software
sensors). Sourcefire strongly recommends that you use your Defense Centers
to update the sensors they manage; see Updating Managed 3D Sensors on
page 27.
Updating the Sourcefire Software for Crossbeam Systems X-Series reloads
the affected VAPs. If your Sourcefire Software for Crossbeam Systems
X-Series is deployed inline and you are using multi-member VAP groups,
Sourcefire recommends that you update the VAPs one at a time. This allows
the other VAPs in the group to inspect network traffic while the VAP that is
being updated reloads. If you are using single-VAP VAP groups in an inline
deployment, reloading the VAP causes an interruption in network traffic.
Make sure you plan the update for a maintenance window or other time
when it will have the least impact on your deployment.
Note that you must update members of a stacked sensor pair at the same
time; you cannot manage policies on a stacked pair unless both sensors in
the pair are running the same version of the Sourcefire 3D System.
For the Version 4.10.3.7 update, all 3D Sensors automatically reboot. See
Important Update and Compatibility Notes on page 3 for information about
interruptions in network traffic and traffic inspection.
9.
Update your unmanaged 3D Sensors.
See Updating Unmanaged 3D Sensors on page 29.
For the Version 4.10.3.7 update, all 3D Sensors automatically reboot. See
Important Update and Compatibility Notes on page 3 for information about
interruptions in network traffic and traffic inspection.
Updating a Defense Center or Master Defense Center
Use the procedure in this section to update your Defense Centers and Master
Defense Centers, including Virtual Defense Centers. If your deployment includes
Master Defense Centers, you must update them before you update the Defense
Centers that they manage.
Note that when you begin to update one Defense Center in a high availability pair,
the other Defense Center in the pair becomes the primary, if it is not already. In
addition, the paired Defense Centers stop sharing configuration information;
paired Defense Centers do not receive software updates as part of the regular
synchronization process. To ensure continuity of operations, do not update paired
Version 4.10.3.7
Sourcefire 3D System Release Notes
24
Updating Existing Appliances and Software Sensors
Defense Centers at the same time. First, complete the update procedure for one
of the Defense Centers, then update the second Defense Center.
WARNING! Do not install the Version 4.10.3.7 update on appliances with a STIG
hotfix installed; it renders the web interface unusable. Uninstall the STIG hotfix
before proceeding with the update. To reinstall the STIG hotfix (build 15 or later)
after completing the Version 4.10.3.7 update, see the Sourcefire 3D System STIG
Hotfix Release Notes for Version 4.10.3.7.
WARNING! Do not reboot or shut down your appliances during the update until
after you see the login prompt. The system may appear inactive during the
pre-checks portion of the update; this is expected behavior and does not require
you to reboot or shut down your appliances. You can monitor the update’s
progress in the Defense Center’s task queue (System > Monitoring > Task Status).
To update the Defense Center or Master Defense Center:
1.
Read these release notes and complete any required pre-update tasks.
For more information, see Important Update and Compatibility Notes on
page 3 and Planning for the Update on page 21.
2.
Download the appropriate update from the Sourcefire Support Site:
•
for Series 3 Defense Centers:
Sourcefire_3D_Defense_Center_S3_Patch-4.10.3.7-18.sh
•
for other Defense Centers and Master Defense Centers:
Sourcefire_3D_DC_Patch-4.10.3.7-18.sh
IMPORTANT! Download the update directly from the Sourcefire Support
Site. If you transfer an update file by email, it may become corrupted.
3.
Make sure that the appliances in your deployment are successfully
communicating and that there are no issues being reported by the health
monitor.
4.
Select Operations > Monitoring > Task Status to view the task queue and make
sure that there are no jobs in process.
Tasks that are running when the update begins are stopped and cannot be
resumed; you must manually delete them from the task queue after the
update completes. The task queue automatically refreshes every 10 seconds.
You must wait until any long-running tasks are complete before you begin the
update.
5.
Select Operations > Update.
The Update page appears.
Version 4.10.3.7
Sourcefire 3D System Release Notes
25
Updating Existing Appliances and Software Sensors
6.
Click Upload Update to browse to the update you downloaded, then click
Upload.
The update is uploaded to the Defense Center. The Update page shows the
type of update you just uploaded, its version number, the date and time it
was generated, and whether a reboot is required as part of the update. For
the Version 4.10.3.7 update, Defense Centers reboot.
7.
Click Install next to the update you just uploaded.
The Install Update page appears.
8.
Under Selected Update, select the Defense Center and click Install.
9.
Confirm that you want to install the update and reboot the Defense Center.
The update process begins. You can monitor the update's progress in the
task queue (Operations > Monitoring > Task Status).
WARNING! Do not use the web interface to perform any other tasks until the
update has completed and the Defense Center reboots. Before the update
completes, the web interface may become unavailable and the Defense
Center may log you out. This is expected behavior; log in again to view the
task queue. If the update is still running, do not use the web interface until the
update has completed. If you encounter issues with the update (for example,
if the task queue indicates that the update has failed or if a manual refresh of
the task queue shows no progress), do not restart the update. Instead,
contact Sourcefire Support.
10. After the update finishes, clear your browser cache and force a reload of the
browser. Otherwise, the user interface may exhibit unexpected behavior.
11. Log into the Defense Center.
12. Select Operations > Help > About and confirm that the software version is listed
correctly: Version 4.10.3.7. Also note the versions of the SEU and VDB on the
Defense Center; you will need this information later.
13. Verify that all managed sensors are successfully communicating with the
Defense Center.
14. If the SEU available on the Sourcefire Support Site is newer than the SEU on
your Defense Center, Sourcefire strongly recommends that you import the
newer SEU.
Note that after you import the SEU, applying an intrusion policy from the
Defense Center to a detection engine on a managed sensor does not install
the SEU on the sensor. However, applying the policy provides the detection
engine with any new rules or other features that you enable in the policy even
though the new rules or other features you enable are not accessible from
the sensor’s web interface.
For information on importing the SEU, see the Sourcefire 3D System User
Guide.
Version 4.10.3.7
Sourcefire 3D System Release Notes
26
Updating Existing Appliances and Software Sensors
15. Reapply intrusion policies to the IPS detection engines on your managed
3D Sensors.
Unless you enabled the Inspect Traffic During Policy Apply option when you
created your IPS detection engines (this option is supported on many sensor
models), applying an intrusion policy causes IPS detection engines to restart.
This may cause a short pause in processing and, for most detection engines
with inline interface sets, may cause a few packets to pass through the
sensor uninspected.
16. If your deployment includes RADIUS-based external user authentication and
uses custom user roles, you must reapply your system policy to the Defense
Center and any sensors it manages.
17. If the VDB available on the Sourcefire Support Site is newer than the VDB on
your Defense Center, Sourcefire strongly recommends that you install the
latest VDB on the Defense Center and on the 3D Sensors with RNA that it
manages.
For information on installing the latest VDB, see the Sourcefire 3D System
User Guide.
Updating Managed 3D Sensors
After you update your Defense Centers to Version 4.10.3.7, Sourcefire strongly
recommends that you use them to update the sensors they manage. Because
they do not have a web interface, you must use the Defense Center to update
3D Sensor Software for Crossbeam X-Series and Virtual 3D Sensors.
Updating managed sensors is a two-step process. First, download the update
from the Sourcefire Support Site and upload it to the managing Defense Center.
Next, install the software. You can update multiple 3D Sensors at once, but only if
they use the same update file.
For the Version 4.10.3.7 update, all 3D Sensors automatically reboot. See
Important Update and Compatibility Notes on page 3 for information about
interruptions in network traffic and traffic inspection.
If your 3D Sensor Software for Crossbeam X-Series is deployed inline and you are
using multi-member VAP groups, Sourcefire recommends that you update the
VAPs one at a time. This allows the other VAPs in the group to inspect network
traffic while the VAP that is being updated reloads. If you are using single-VAP
VAP groups in an inline deployment, reloading the VAP causes an interruption in
Version 4.10.3.7
Sourcefire 3D System Release Notes
27
Updating Existing Appliances and Software Sensors
network traffic. Make sure you plan the update for a maintenance window or
other time when it will have the least impact on your deployment.
WARNING! Do not install the Version 4.10.3.7 update on appliances with a STIG
hotfix installed; it renders the web interface unusable. Uninstall the STIG hotfix
before proceeding with the update. To reinstall the STIG hotfix (build 15 or later)
after completing the Version 4.10.3.7 update, see the Sourcefire 3D System STIG
Hotfix Release Notes for Version 4.10.3.7.
WARNING! Do not reboot or shut down your appliances during the update until
after you see the login prompt. The system may appear inactive during the
pre-checks portion of the update; this is expected behavior and does not require
you to reboot or shut down your appliances. You can monitor the update’s
progress in the Defense Center’s task queue (System > Monitoring > Task Status).
To update managed 3D Sensors:
1.
Read these release notes and complete any required pre-update tasks.
For more information, see Important Update and Compatibility Notes on
page 3 and Planning for the Update on page 21.
2.
Update the Sourcefire software on the sensors’ managing Defense Center as
described in Updating a Defense Center or Master Defense Center on
page 24.
3.
Download the appropriate update from the Sourcefire Support Site:
•
for Series 3 3D Sensors:
Sourcefire_3D_Sensor_S3_Patch-4.10.3.7-18.sh
•
for 3D9900 3D Sensors:
Sourcefire_3D_Sensor_9900_Patch-4.10.3.7-18.sh
•
for other 3D Sensors and Virtual 3D Sensors:
Sourcefire_3D_Sensor_Patch-4.10.3.7-18.sh
•
for Sourcefire 3D Sensor Software for Crossbeam X-Series:
Sourcefire_3D_XOS_Sensor_Patch-4.10.3.7-18.sh
IMPORTANT! Download the update directly from the Support Site. If you
transfer an update file by email, it may become corrupted.
4.
Make sure that the appliances in your deployment are successfully
communicating and that there are no issues being reported by the health
monitor.
5.
On the managing Defense Center, select Operations > Update.
The Update page appears.
Version 4.10.3.7
Sourcefire 3D System Release Notes
28
Updating Existing Appliances and Software Sensors
6.
Click Upload Update to browse to the update you downloaded, then click
Upload.
The update is uploaded to the Defense Center. The Update page shows the
type of update you just uploaded, its version number, the date and time it
was generated, and whether a reboot is required as part of the update.
7.
Click Install next to the update you are installing.
The Install Update page appears.
8.
Select the sensors where you want to install the update, then click Install.
If you are updating a stacked pair, selecting one member of the pair
automatically selects the other. You must update members of a stacked pair
together; you cannot manage policies on a stacked pair unless both sensors
in the pair are running the same version of the Sourcefire 3D System.
9.
Confirm that you want to install the update and reboot the 3D Sensors.
The update process begins. You can monitor the update's progress in the
Defense Center’s task queue (Operations > Monitoring > Task Status).
For Sourcefire 3D Sensor Software for Crossbeam deployed inline, traffic is
interrupted while VAPs reload.
WARNING! If you encounter issues with the update (for example, if the task
queue indicates that the update has failed or if a manual refresh of the task
queue shows no progress), do not restart the update. Instead, contact
Support.
10. On the Defense Center, select Operations > Sensors and confirm that the
sensors you updated have the correct version listed: Version 4.10.3.7.
11. Verify that the sensors you updated are successfully communicating with the
Defense Center.
12. Reapply intrusion policies to the IPS detection engines on your managed
3D Sensors.
Unless you enabled the Inspect Traffic During Policy Apply option when you
created your IPS detection engines (this option is supported on many sensor
models), applying an intrusion policy causes IPS detection engines to restart.
This may cause a short pause in processing and, for most detection engines
with inline interface sets, may cause a few packets to pass through the
sensor uninspected.
13. If your deployment includes RADIUS-based external user authentication, you
must reapply your system policy to your sensors.
Updating Unmanaged 3D Sensors
Use the procedure in this section to update unmanaged 3D Sensors only;
Sourcefire strongly recommends that you update managed 3D Sensors using their
managing Defense Centers. For more information, see Updating Managed
3D Sensors on page 27.
Version 4.10.3.7
Sourcefire 3D System Release Notes
29
Updating Existing Appliances and Software Sensors
For the Version 4.10.3.7 update, all 3D Sensors automatically reboot. See
Important Update and Compatibility Notes on page 3 for information about
interruptions in network traffic and traffic inspection.
WARNING! Do not install the Version 4.10.3.7 update on appliances with a STIG
hotfix installed; it renders the web interface unusable. Uninstall the STIG hotfix
before proceeding with the update. To reinstall the STIG hotfix (build 15 or later)
after completing the Version 4.10.3.7 update, see the Sourcefire 3D System STIG
Hotfix Release Notes for Version 4.10.3.7.
WARNING! Do not reboot or shut down your appliances during the update until
after you see the login prompt. The system may appear inactive during the
pre-checks portion of the update; this is expected behavior and does not require
you to reboot or shut down your appliances. You can monitor the update’s
progress in the Defense Center’s task queue (System > Monitoring > Task Status).
To update an unmanaged 3D Sensor:
1.
Read these release notes and complete any required pre-update tasks.
For more information, see Important Update and Compatibility Notes on
page 3 and Planning for the Update on page 21.
2.
Download the appropriate update from the Sourcefire Support Site:
•
for Series 3 3D Sensors:
Sourcefire_3D_Sensor_S3_Patch-4.10.3.7-18.sh
•
for 3D9900 3D Sensors:
Sourcefire_3D_Sensor_9900_Patch-4.10.3.7-18.sh
•
for other 3D Sensors:
Sourcefire_3D_Sensor_Patch-4.10.3.7-18.sh
IMPORTANT! Download the update directly from the Sourcefire Support
Site. If you transfer an update file by email, it may become corrupted.
3.
Select Operations > Monitoring > Task Status to view the task queue and make
sure that there are no jobs in process.
Tasks that are running when the update begins are stopped and cannot be
resumed; you must manually delete them from the task queue after the
update completes. The task queue automatically refreshes every 10 seconds.
You must wait until any long-running tasks are complete before you begin the
update.
4.
Select Operations > Update.
The Update page appears.
Version 4.10.3.7
Sourcefire 3D System Release Notes
30
Updating Existing Appliances and Software Sensors
5.
Click Upload Update to browse to the update you downloaded, then click
Upload.
The update is uploaded to the 3D Sensor. The Update page shows the type
of update you just uploaded, its version number, the date and time it was
generated, and whether a reboot is required as part of the update.
6.
Click Install next to the update you just uploaded.
7.
Confirm that you want to install the update and reboot the 3D Sensor.
The update process begins. You can monitor the update's progress in the
task queue (Operations > Monitoring > Task Status).
WARNING! Do not use the web interface to perform any other tasks until the
update has completed and the 3D Sensor reboots. Before the update
completes, the web interface may become unavailable and the 3D Sensor
may log you out. This is expected behavior; log in again to view the task
queue. If the update is still running, do not use the web interface until the
update has completed. If you encounter issues with the update (for example,
if the task queue indicates that the update has failed or if a manual refresh of
the task queue shows no progress), do not restart the update. Instead,
contact Sourcefire Support.
8.
After the update finishes, clear your browser cache and force a reload of the
browser. Otherwise, the user interface may exhibit unexpected behavior.
9.
Log into the 3D Sensor.
10. Select Operations > Help > About and confirm that the software version is listed
correctly: Version 4.10.3.7. Also note the version of the SEU on the
3D Sensor; you will need this information for the next step.
11. If the SEU available on the Sourcefire Support Site is newer than the SEU on
your 3D Sensor, Sourcefire strongly recommends that you import the newer
SEU.
For information on importing the SEU, see the Sourcefire 3D System User
Guide.
12. Reapply intrusion policies to your IPS detection engines.
Unless you enabled the Inspect Traffic During Policy Apply option when you
created your IPS detection engines (this option is supported on many sensor
models), applying an intrusion policy causes IPS detection engines to restart.
This may cause a short pause in processing and, for most detection engines
with inline interface sets, may cause a few packets to pass through the
sensor uninspected.
Version 4.10.3.7
Sourcefire 3D System Release Notes
31
Updating Existing Appliances and Software Sensors
Using the Shell to Update an Appliance
Although Sourcefire strongly recommends that you use the web interface on your
appliance to perform updates, there may be rare situations where you need to
install the update from the bash shell.
IMPORTANT! Do not use the shell to update Sourcefire 3D Sensor Software for
Crossbeam. Instead, use the managing Defense Center as described in Updating
Managed 3D Sensors on page 27.
WARNING! Do not install the Version 4.10.3.7 update on appliances with a STIG
hotfix installed; it renders the web interface unusable. Uninstall the STIG hotfix
before proceeding with the update. To reinstall the STIG hotfix (build 15 or later)
after completing the Version 4.10.3.7 update, see the Sourcefire 3D System STIG
Hotfix Release Notes for Version 4.10.3.7.
WARNING! Do not reboot or shut down your appliances during the update until
after the appliance reboots automatically. The system may appear inactive during
the pre-checks portion of the update; this is expected behavior and does not
require you to reboot or shut down your appliances.
For the Version 4.10.3.7 update, all appliances automatically reboot. If you are
updating a 3D Sensor, see Important Update and Compatibility Notes on page 3
for information about interruptions in network traffic and traffic inspection.
To install the update via the shell:
1.
Read these release notes and complete any required pre-update tasks.
For more information, see Important Update and Compatibility Notes on
page 3 and Planning for the Update on page 21.
2.
Download the appropriate update from the Sourcefire Support Site:
•
for Series 3 Defense Centers:
Sourcefire_3D_Defense_Center_S3_Patch-4.10.3.7-18.sh
•
for other Defense Centers and Master Defense Centers:
Sourcefire_3D_DC_Patch-4.10.3.7-18.sh
•
for Series 3 3D Sensors:
Sourcefire_3D_Sensor_S3_Patch-4.10.3.7-18.sh
•
for 3D9900 3D Sensors:
Sourcefire_3D_Sensor_9900_Patch-4.10.3.7-18.sh
•
for other 3D Sensors and Virtual 3D Sensors:
Sourcefire_3D_Sensor_Patch-4.10.3.7-18.sh
IMPORTANT! Download the update directly from the Sourcefire Support
Site. If you transfer an update file by email, it may become corrupted.
Version 4.10.3.7
Sourcefire 3D System Release Notes
32
Uninstalling the Update
3.
Log into the appliance’s shell using an account with Administrator privileges.
For virtual appliances, log in using the virtual console in the VMware vSphere
Client. Note that on a Series 3 or virtual managed device, you must type
expert to display the shell prompt.
4.
At the prompt, run the update as the root user, providing your password
when prompted:
sudo install_update.pl /var/sf/updates/update_name
where update_name is the file name of the update you downloaded earlier.
The update process begins. When the update is complete, the appliance
reboots.
5.
Monitor the update and complete any post-update steps as listed in:
•
Updating a Defense Center or Master Defense Center on page 24
•
Updating Managed 3D Sensors on page 27
•
Updating Unmanaged 3D Sensors on page 29
Uninstalling the Update
The following sections help you uninstall the Version 4.10.3.7 update from your
appliances:
•
Important Uninstallation Notes on page 33
•
Uninstalling the Update from 3D Sensors on page 35
•
Uninstalling the Update from Virtual 3D Sensors on page 36
•
Uninstalling the Update from Crossbeam Systems X-Series on page 36
•
Uninstalling the Update from Defense Centers on page 37
•
Uninstalling the Update from Master Defense Centers on page 38
IMPORTANT! Before you uninstall the update for any reason, make sure you read
and understand Important Uninstallation Notes on page 33.
Important Uninstallation Notes
There are several points you must keep in mind when uninstalling the update, as
described below.
Uninstallation Methods
For most appliances (Defense Centers and Master Defense Centers, including
Virtual Defense Centers, as well as most 3D Sensor models), you must uninstall
the update using the local web interface.
For sensors that do not have a web interface (Virtual 3D Sensors and Sourcefire
3D Sensor Software for Crossbeam), you must use the command line interface
(CLI) to uninstall the update.
Version 4.10.3.7
Sourcefire 3D System Release Notes
33
Uninstalling the Update
You cannot use a Defense Center to uninstall the update from a managed
3D Sensor, nor can you use a Master Defense Center to uninstall the update from
a managed Defense Center.
Order of Uninstallation
Uninstall the update in the reverse order that you installed it. That is, first uninstall
the update from any unmanaged 3D Sensors, then managed 3D Sensors
(including software sensors), then Defense Centers, and finally Master Defense
Centers.
Note that if you uninstall the update from the Master Defense Center before the
Defense Center, you must reapply the update to the Master Defense Center,
uninstall the update from the Defense Center, then uninstall the update from the
Master Defense Center.
You must uninstall updates from members of a stacked sensor pair at the same
time; you cannot manage policies on a stacked pair unless both sensors in the
pair are running the same version of the Sourcefire 3D System.
Special Note: Uninstalling the Update from Paired Defense Centers
When you begin to uninstall the update from one Defense Center in a high
availability pair, the other Defense Center in the pair becomes the primary, if it is
not already. In addition, the paired Defense Centers stop sharing configuration
information; paired Defense Centers do not uninstall software updates as part of
the regular synchronization process. To ensure continuity of operations, do not
uninstall the update from paired Defense Centers at the same time. First,
complete the uninstallation procedure for one of the Defense Centers, then
uninstall the update from the second Defense Center.
Special Note: Uninstalling the Update from 3D Sensors Deployed Inline
If your 3D Sensor uses IPS detection engines with inline interface sets and the
sensor does not have a fail-open network card, or if you are uninstalling the
update from a Virtual 3D Sensor deployed inline, traffic is interrupted as described
in Important Update and Compatibility Notes on page 3.
Special Note: Uninstalling the Update from Crossbeam Systems X-Series
Uninstalling the Version 4.10.3.7 update of the 3D Sensor Software reloads the
affected VAP. If your 3D Sensor Software is deployed inline and you are using
multi-member VAP groups, Sourcefire recommends that after you uninstall the
update from a VAP, you allow that VAP to reload before you uninstall the update
from additional VAPs. This allows the other VAPs in the group to inspect network
traffic while the affected VAP reloads. If you are using single-VAP VAP groups in
an inline deployment, reloading the VAP causes an interruption in network traffic.
Make sure to plan the uninstallation for a maintenance window or other time
when it will have the least impact on your deployment.
Special Note: Uninstalling the Update and Online Help
Note that uninstalling the Version 4.10.3.7 update does not revert the online help
to its previous version. If the version of your online help does not match that of
Version 4.10.3.7
Sourcefire 3D System Release Notes
34
Uninstalling the Update
your Sourcefire 3D System, your online help may contain documentation for
unavailable features and may have problems with context sensitivity and link
functionality.
Uninstalling the Update from 3D Sensors
The following procedure explains how to use the local web interface to uninstall
the Version 4.10.3.7 update from 3D Sensors, regardless of whether the sensors
are managed or unmanaged. You cannot use a Defense Center to uninstall the
update from a managed 3D Sensor.
Uninstalling the Version 4.10.3.7 update results in a 3D Sensor running Version
4.10.3.6. For information on uninstalling a previous version, refer to the release
notes for that version.
To uninstall the update:
1.
Read and understand Important Uninstallation Notes on page 33.
2.
Select Operations > Monitoring > Task Status to view the task queue and make
sure that there are no jobs in process.
Tasks that are running when the uninstallation begins are stopped and cannot
be resumed; you must manually delete them from the task queue after the
uninstallation completes. The task queue automatically refreshes every 10
seconds. You must wait until any long-running tasks are complete before you
begin the uninstallation.
3.
Select Operations > Update.
The Update page appears.
4.
Click Install next to the uninstaller that matches the update you want to
remove.
5.
Confirm that you want to uninstall the update and reboot the 3D Sensor.
The update is removed and the sensor reboots. You can monitor the
uninstallation progress in the task queue (Operations > Monitoring > Task Status).
Note that some traffic may pass through inline interface sets uninspected
while the sensor reboots, as explained in Important Update and Compatibility
Notes on page 3.
WARNING! Do not use the web interface to perform any other tasks until the
uninstallation has completed and the sensor reboots. Before the update
completes, the web interface may become unavailable and the sensor may
log you out. This is expected behavior; log in again to view the task queue. If
the uninstallation is still running, do not use the web interface until the
uninstallation has completed. If you encounter issues with the uninstallation
(for example, if the task queue indicates that the uninstallation has failed or if
a manual refresh of the task queue shows no progress), do not restart the
uninstallation. Instead, contact Sourcefire Support.
Version 4.10.3.7
Sourcefire 3D System Release Notes
35
Uninstalling the Update
6.
After the uninstallation finishes, clear your browser cache and force a reload
of the browser. Otherwise, the user interface may exhibit unexpected
behavior.
7.
Log into the 3D Sensor.
8.
Select Operations > Help > About and confirm that the software version is listed
correctly: Version 4.10.3.6.
9.
If you uninstalled the update from a managed sensor, make sure the sensor
is successfully communicating with the Defense Center.
Uninstalling the Update from Virtual 3D Sensors
Use the following procedure to uninstall the Version 4.10.3.7 update from Virtual
3D Sensors. You cannot use a Defense Center to uninstall the update.
Uninstalling the Version 4.10.3.7 update results in a Virtual 3D Sensor running
Version 4.10.3.6. For information on uninstalling a previous version, refer to the
release notes for that version.
To uninstall the update:
1.
Read and understand Important Uninstallation Notes on page 33.
2.
Log into the appliance’s shell using an account with Administrator privileges.
For virtual appliances, log in using the virtual console in the VMware vSphere
Client. Note that on a Series 3 or virtual managed device, you must type
expert to display the shell prompt.
3.
At the prompt, run the update as the root user, providing your password
when prompted:
sudo install_update.pl /var/sf/updates/update_name
where update_name is the file name of the update you downloaded earlier.
The update process begins. When the update is complete, the appliance
reboots.If the sensor is deployed inline, this causes an interruption in network
traffic.
The update is removed.
4.
To disconnect from the 3D Sensor, type exit and press Enter.
5.
On the managing Defense Center, select Operations > Sensors and confirm
that the sensor where you uninstalled the update has the correct version
listed: Version 4.10.3.6.
6.
Verify that the sensor is successfully communicating with the Defense
Center.
Uninstalling the Update from Crossbeam Systems X-Series
Use the following procedure to uninstall the Version 4.10.3.7 update from the
3D Sensor Software for Crossbeam Systems X-Series. You cannot use a Defense
Center to uninstall the update.
Version 4.10.3.7
Sourcefire 3D System Release Notes
36
Uninstalling the Update
Uninstalling the update results in the 3D Sensor Software running Version
4.10.3.6. For information on uninstalling a previous version, refer to the release
notes for that version.
To uninstall the update:
1.
Read and understand Important Uninstallation Notes on page 33.
2.
Log into a VAP where you want to uninstall the update.
For example, to log into the first VAP in the intrusion VAP group:
CBS# unix su
[root@machine admin]# rsh intrusion_1
3.
At the prompt, run the following command to configure your session
environment to run Sourcefire scripts:
source /opt/sf/profile
4.
At the prompt, type the following on a single line and press Enter:
install_update.pl /var/sf/updates/
Sourcefire_3D_XOS_Sensor_Patch_Uninstaller4.10.3.7-18.sh
The update is removed and the VAP reloads. If your Sourcefire Software for
Crossbeam is deployed inline, traffic to that VAP is interrupted while the VAP
reloads. Note, however, that if there are other VAPs in the VAP group, traffic
is load balanced among the other VAPs.
5.
On the managing Defense Center, select Operations > Sensors and confirm
that the software sensor where you uninstalled the update has the correct
version listed: Version 4.10.3.5.
6.
Verify that the software sensor is successfully communicating with the
Defense Center.
7.
Repeat steps 1 through 6 for each VAP in the VAP group.
Uninstalling the Update from Defense Centers
Use the following procedure to uninstall the Version 4.10.3.7 update from your
Defense Centers and Virtual Defense Centers.
Uninstalling the Version 4.10.3.7 update results in a Defense Center running
Version 4.10.3.6. For information on uninstalling a previous version, refer to the
release notes for that version.
To uninstall the update:
Version 4.10.3.7
1.
Read and understand Important Uninstallation Notes on page 33.
2.
Make sure that the appliances in your deployment are successfully
communicating and that there are no issues being reported by the health
monitor.
Sourcefire 3D System Release Notes
37
Uninstalling the Update
3.
Select Operations > Monitoring > Task Status to view the task queue and make
sure that there are no jobs in process.
Tasks that are running when the uninstallation begins are stopped and cannot
be resumed; you must manually delete them from the task queue after the
uninstallation completes. The task queue automatically refreshes every 10
seconds. You must wait until any long-running tasks are complete before you
begin the uninstallation.
4.
Select Operations > Update.
The Update page appears.
5.
Click Install next to the uninstaller that matches the update you want to
remove.
The Install Update page appears.
6.
Under Selected Update, select the Defense Center and click Install.
7.
Confirm that you want to uninstall the update and reboot the Defense Center.
The update is removed and the Defense Center reboots. You can monitor the
uninstallation progress in the task queue (Operations > Monitoring > Task Status).
WARNING! Do not use the web interface to perform any other tasks until the
uninstallation has completed and the Defense Center reboots. Before the
update completes, the web interface may become unavailable and the
Defense Center may log you out. This is expected behavior; log in again to
view the task queue. If the uninstallation is still running, do not use the web
interface until the uninstallation has completed. If you encounter issues with
the uninstallation (for example, if the task queue indicates that the
uninstallation has failed or if a manual refresh of the task queue shows no
progress), do not restart the uninstallation. Instead, contact Sourcefire
Support.
8.
After the uninstallation finishes, clear your browser cache and force a reload
of the browser. Otherwise, the user interface may exhibit unexpected
behavior.
9.
Log into the Defense Center.
10. Select Operations > Help > About and confirm that the software version is listed
correctly: Version 4.10.3.6.
11. Verify that all managed sensors are successfully communicating with the
Defense Center.
Uninstalling the Update from Master Defense Centers
Use the following procedure to uninstall the Version 4.10.3.7 update from your
Master Defense Centers.
Uninstalling the Version 4.10.3.7 update results in a Master Defense Center
running Version 4.10.3.6. For information on uninstalling a previous version, refer
to the release notes for that version.
Version 4.10.3.7
Sourcefire 3D System Release Notes
38
Uninstalling the Update
To uninstall the update:
1.
Read and understand Important Uninstallation Notes on page 33.
2.
Make sure that the appliances in your deployment are successfully
communicating and that there are no issues being reported by the health
monitor.
3.
Select Operations > Monitoring > Task Status to view the task queue and make
sure that there are no jobs in process.
Tasks that are running when the uninstallation begins are stopped and cannot
be resumed; you must manually delete them from the task queue after the
uninstallation completes. The task queue automatically refreshes every 10
seconds. You must wait until any long-running tasks are complete before you
begin the uninstallation.
4.
Select Operations > Update.
The Update page appears.
5.
Click Install next to the uninstaller that matches the update you want to
remove.
The Install Update page appears.
6.
Under Selected Update, select the Master Defense Center and click Install.
7.
Confirm that you want to uninstall the update and reboot the Master Defense
Center.
The update is removed and the Master Defense Center reboots. You can
monitor the uninstallation progress in the task queue (Operations > Monitoring >
Task Status).
WARNING! Do not use the web interface to perform any other tasks until the
uninstallation has completed and the Master Defense Center reboots. Before
the update completes, the web interface may become unavailable and the
Master Defense Center may log you out. This is expected behavior; log in
again to view the task queue. If the uninstallation is still running, do not use
the web interface until the uninstallation has completed. If you encounter
issues with the uninstallation (for example, if the task queue indicates that
the uninstallation has failed or if a manual refresh of the task queue shows no
progress), do not restart the uninstallation. Instead, contact Sourcefire
Support.
8.
After the uninstallation finishes, clear your browser cache and force a reload
of the browser. Otherwise, the user interface may exhibit unexpected
behavior.
9.
Log into the Master Defense Center.
10. Select Operations > Help > About and confirm that the software version is listed
correctly: Version 4.10.3.6.
11. Verify that all managed Defense Centers are successfully communicating
with the Master Defense Center.
Version 4.10.3.7
Sourcefire 3D System Release Notes
39
Known Issues
Known Issues
No new known issues are reported in Version 4.10.3.7.
•
In some cases after completing a scheduled intrusion rule update import
and subsequent intrusion policy reapply, Defense Centers in a high
availability configuration may incorrectly show intrusion policies as
out-of-date. (126670, 126820)
•
Remote storage connections using Server Message Block (SMB) fail if the
shared directory in the Share field contains a space character. (134997)
Known Issues Discovered in Previous Releases
The following is a list of known issues that were discovered in previous releases
of the Sourcefire 3D System:
Version 4.10.3.7
•
Performing an operation that consumes excessive memory on an appliance
(for example, generating a report based on a search query that returns
millions of events) may cause other operations on the appliance to fail.
(57114)
•
Impact flags for intrusion events generated using imported or local rules
that you created on a Master Defense Center may appear incorrectly on
managed Defense Centers. (75570)
•
If your Nmap scan target contains a large number of hosts, the scan may
take an extended period of time. As a workaround, scan fewer hosts at a
time. (75999)
•
The web interface does not accurately report the number of packets
dropped by a Virtual 3D Sensor. (76157)
•
The Intrusion Policy page incorrectly indicates that the currently applied
intrusion policy is out of date on the detection engine where you applied it if
you commit the policy without changing it. (76729)
•
An intrusion policy is reapplied without prompting you for confirmation if
you refresh the Policy Information page after applying the policy. The
workaround is to select Policy & Response > IPS > Intrusion Policy instead of
using your web browser to refresh the page. (76840)
•
To ensure that Virtual 3D Sensors can see VLAN traffic, you must modify
the promiscuous port group so that the VLAN ID is set to 4095. (76862)
•
Evaluating complex compliance rules that trigger on events that occur
frequently may degrade the performance of the Defense Center. (79099)
•
You cannot import a custom workflow onto an appliance if it has the same
name as an existing workflow on the appliance. Similarly, you cannot import
a custom table if one of its associated workflows has the same name as an
existing workflow on the appliance. (80878)
•
On an 8000 Series sensor, enabling the Allow reconfiguration of network
settings option on the Network page of the system settings unnecessarily
causes a temporary loss of link for the sensor’s management interface
when you click Save. (85008)
Sourcefire 3D System Release Notes
40
Known Issues
•
If network traffic overloads a 7000 Series or 8000 Series sensor that has tap
mode enabled on its inline interface sets, you may experience issues with
latency or packets arriving out of order. (86755)
•
On 8000 Series sensors, traffic running on UDP port 319 is dropped, rather
than forwarded, in inline deployments. (90129)
•
In some cases, the CPU usage health module may report artificially high
CPU usage for the 3D6500 sensor. Instead, you can use the IPS
Performance Statistics Graphs to report packets dropped by the Snort
process. Note that this procedure requires a user role with either Admin or
Maintenance privileges. See the following procedure for information on how
to generate this type of graph. (91146)
To generate the graph:
1. Select Operations > Monitoring > Performance > IPS.
2. From the Select Device list, select the detection engines whose data
you want to view.
3. From the Select Graph(s) list, select Percent Packets Dropped.
4. From the Select Time Range list, select the time range you would like to
use for the graph. You can choose from last hour, last day, last week, or
last month.
5. Click Graph.
The graph appears, displaying the percentage of packets that were
uninspected by the Snort process over the time period you specified.
Version 4.10.3.7
•
Non-primary 3D Sensors in a stacked configuration display errors in
/var/log/messages from the module TimeSeries. You can safely
ignore these errors. (91763)
•
In some cases, if the currently applied intrusion policy has been applied and
deleted several times, the policy does not appear on the Detection Engines
page (Operations > Detection Engines). As a workaround, reapply the policy.
(92885)
•
When you connect a 7000 Series sensor to a network switch that has
Spanning Tree Protocol enabled, the sensor has no Serial Over LAN
connectivity. As a workaround, disable Spanning Tree on the affected ports.
(97015)
•
Clicking Stop in the RHEV Manager does not properly shut down virtual
appliances. Instead, use the web interface or the bash shell on the Virtual
Defense Center, or the CLI on the Virtual 3D Sensor. As a last resort, you
can use the RHEV Manager to power off a virtual appliance and release its
resources. (97319)
•
PEP IPv4 Fast Path Rules do not fast path GRE (Generic Routing
Encapsulation) traffic. (99296)
•
You cannot set rule actions for the current intrusion policy in the intrusion
event packet view. (99522)
•
In some cases, if you apply an intrusion policy to a large group of detection
engines, the Intrusion Policy page does not display accurate policy apply
results. (99817)
Sourcefire 3D System Release Notes
41
Known Issues
•
After you manually change the system time on a 3D Sensor, you must
reapply its intrusion policy or restart the sensor. Otherwise, intrusion events
generated by that device do not reflect the new time setting. (99831)
•
When you click a dashboard widget link to view events in the event viewer,
the right-click context menu options for disabling an event’s corresponding
rule may error. As a workaround, use another link path to the event viewer.
(100773)
•
Detection engine names do not support the number sign character (#). Do
not use this character in detection engine names. (101749)
•
When you create a report profile (Analysis & Reporting > Report Profiles) for
RNA Services, RNA Hosts, Host Attributes, Client Applications, or White
List Violations, a time constraint appears. This constraint has no effect.
(101952)
•
When you query an 8000 Series sensor via SNMP, CPU statistics that
reflect system load or traffic throughput are inaccurately high. (102397)
•
The ipmitool commands chassis power off and chassis power
cycle do not function on 3D7010, 3D7020, or 3D7030 3D Sensors. To
restart these sensors using remote IPMI, enter the following command:
ipmitool -I lanplus -H <bmc-ip-address> -U <username> -P
<password> chassis power reset
where the italicized segments represent the data relevant to your
configuration. (104159)
•
You cannot configure email alerts with To or From addresses that include
apostrophes. (107561)
•
If you use the web interface to grant Lights-Out Management (LOM)
privileges to an existing user, that user cannot access LOM with their
password. You must manually enable the password from the command line
with the following command:
ipmitool user set password <user_id> <password>
where <user_id> and <password> represent the relevant user ID and
associated password, respectively. (108418)
Version 4.10.3.7
•
On the Master Defense Center, the secondary Defense Center in a high
availability configuration may not appear on the Appliances page (Operations
> Appliances) when you sort by Group or Manager. (108496)
•
On 3D7010, 3D7020, and 3D7030 sensors, the Interface Sets page
(Operations > Configuration > Interface Sets) does not display a correct LED
color for 10/100Mbps links. (110525)
•
When you change a sensor’s bandwidth capacity, the system may not
immediately display the new bandwidth. It should appear within 10 minutes
of your change. (111333)
Sourcefire 3D System Release Notes
42
Features Introduced in Previous Versions
•
If you use a Serial Over LAN (SOL) connection to restore a 3D7010, 3D7020,
or 3D7030 3D Sensor to factory settings, and a Lights-Out Management
(LOM) user is logged in when you begin the restore, the LOM user is not
deleted or disconnected. As a workaround, disconnect your SOL connection
after the restore process verifies the file image and indicates that you
should push Enter to reboot. (For most appliances, this takes approximately
40 minutes.) The LOM user is then deleted correctly. (113824)
•
If you create an inline interface set with both copper and fiber interfaces,
the system may block you from enabling link state propagation. (118138)
•
If you use a Defense Center running Version 4.10.3.4 or later to manage a
sensor running Version 4.10.3.3 or earlier, the system will not populate the
Intrusion Policy column in the intrusion event viewer. To view data in this
column, update your sensors to Version 4.10.3.4 or later. (125208)
•
In some cases, reports may not generate if you upload a logo file with a
particularly long filename or high resolution to the report template. (121878)
Features Introduced in Previous Versions
The following is a list of new features added in previous versions of the Sourcefire
3D System. Note that functionality described in previous versions may be
superseded by other new functionality or updated through resolved issues.
4.10.3.x
•
There were no new features introduced in Version 4.10.3.6.
•
Version 4.10.3.5 introduced the ability to select Defense Center-only
(DC-only) permissions when creating user roles on a Master Defense
Center.
Features associated with DC-only permissions are viewed and configured
only from a Defense Center; they do not display if the user logs into a
Master Defense Center.
•
Version 4.10.3.4 added a column in the table view of intrusion events for the
name of the intrusion policy associated with each event. This information is
also available through eStreamer.
•
Version 4.10.3.2 added support for the 3D7010, 3D7020, and 3D7030
3D Sensors. These three sensor models are 1U appliances, and are
delivered with eight 1GB copper interfaces, each with bypass capability.
Note that these sensors do not support stacking.
•
Version 4.10.3.1 introduced support for the 40G network module (NetMod)
on 3D8250 3D Sensors that have a 40G switch.
4.10.3
As of Version 4.10.3, you can configure remote access to the system console (via
VGA, physical serial port, or Serial Over LAN) from the appliance interface
(Operations > System Settings > Console Configuration).
Version 4.10.3.7
Sourcefire 3D System Release Notes
43
Features Introduced in Previous Versions
4.10.2.x
There were no new features introduced in Versions 4.10.2.7 through 4.10.2.1.
4.10.2
Version 4.10.2 of the Sourcefire 3D System introduced four new Series 3
3D Sensor models: the 3D7110, 3D7120, 3D8120, and 3D8130. Note that these
sensors do not support stacking.
In Version 4.10.2 and later, detection resources on Series 3 sensors use dynamic
load balancing, which considers CPU load when distributing traffic to available
CPUs. This reduces the risk of CPU core overload.
4.10.1.x
•
There were no new features introduced in Versions 4.10.1.5 and 4.10.1.4.
•
As of Version 4.10.1.3, users of 3D8250 appliances can add up to three
secondary sensors to a stacked sensor configuration, for a total of four
stacked sensors.
Some terminology related to multiple-appliance arrangements was
changed:
•
Prior to Version 4.10.1.3, the arrangement of two Defense Centers in a
primary/secondary pair was called clustering. It became high availability.
•
Prior to Version 4.10.1.3, the roles of managing and managed devices
were called master/slave in many contexts. They became
primary/secondary.
•
There were no new features introduced in Version 4.10.1.2.
•
In Version 4.10.1.1, the Clustering and High Availability feature names were
changed. Clustering became stacking; high availability became clustering.
Reflecting this change, the command line interface command show
clustering became show stacking.
4.10.1
The following features were introduced in Version 4.10.1.
Custom User Role Management
Custom user role management allows you to create and assign new user roles
with customized permissions, in addition to the Sourcefire predefined roles.
Custom User Role Escalation
You can give custom user roles the permission, with a password, to temporarily
gain the privileges of another, targeted user role in addition to those of the base
role. This allows you to easily substitute one user for another during an absence,
or to more closely track the use of advanced user privileges.
Version 4.10.3.7
Sourcefire 3D System Release Notes
44
Features Introduced in Previous Versions
Policy Comparison
You can compare health, PEP, RNA detection, and system policies in addition to
the existing intrusion policy comparison feature. You can also generate
comparison reports for all of these policy types. Both the policy comparison view
and the policy comparison report now appear in a more streamlined form, and
you can now specifically select the active policy when making a comparison.
Change Reconciliation
Change Reconciliation allows you to closely track changes to your system, both
with daily change reconciliation reports and in the audit log. When a user makes a
change to any part of the Sourcefire 3D System, information relating to the
change (time, nature of changes, username, and IP address) is saved to the audit
log, where you can view it in detail.
Miscellaneous Changes and Deprecations
In Version 4.10.1, the Restricted Event Analyst and Restricted Event Analyst (Read Only)
user roles were removed.
All users with those roles were converted to custom user roles with permissions
that are identical to those of their previous Restricted role. These custom roles
have the same names as their associated user accounts so that a user account
called Sample_Analyst will have a custom user role called Sample_Analyst after the
update.
4.10
The following features were introduced in Version 4.10.
New Defense Center Models
Three new Defense Center models, all Series 3 appliances, were introduced with
Version 4.10: the DC750, DC1500, and DC3500.
Along with the features supported by earlier-model Defense Centers, these
appliances support a feature called Lights-Out Management, which allows you to
use a Serial Over LAN (SOL) connection to remotely monitor or manage the
appliance, as well as perform limited tasks, such as viewing the chassis serial
number, monitoring conditions such as fan speed and temperature, and restarting
the appliance.
Additionally, Version 4.10 Defense Centers no longer require product licenses.
Feature licenses are still required.
New 3D Sensor Models
Two new 3D Sensor models were introduced with Version 4.10: the 3D8140 and
3D8250, also called 8000 Series sensors.
Version 4.10.3.7
Sourcefire 3D System Release Notes
45
Features Introduced in Previous Versions
Along with the features supported by earlier-model 3D Sensors, the 8000 Series
sensors also support:
•
PEP
•
clustering
•
automatic detection resource allocation for optimal performance, which
uses an intelligent resource algorithm that takes into consideration such
factors as aggregate link bandwidth of all interfaces in the interface set,
type of detection engine, and type of interface set
Note, however, that the 8000 Series sensors have a limited web interface. You
must manage and license them with a Defense Center.
Intrusion Detection and Prevention Features
Version 4.10 introduced a number of new features and improvements to help you
manage your IPS deployment more efficiently and effectively.
Original Client IP
For intrusion events, Version 4.10 added the ability to view the original client IP
address that is extracted from the X-Forwarded-For (XFF) or True-Client-IP HTTP
headers. To display a value for this field, you must enable the HTTP Inspect
preprocessor Extract Original Client IP Address option.
Inline Result
For intrusion events, the Inline Result field added a new value: would have
dropped. This value indicates that IPS would have dropped the packet in an inline
deployment if you had enabled the Drop when Inline intrusion policy option.
Reviewed Intrusion Events by User
For intrusion events, the ability to determine who (by user name) reviewed each
reviewed intrusion event.
RNA Features
Version 4.10 introduced a number of new features and improvements to help you
manage your RNA deployment more efficiently and effectively.
Support for User-Defined Service Detectors on Standard Ports
Version 4.10 introduced the ability to create and activate user-defined port-based
service detectors on ports used by Sourcefire-provided internal detectors. This
allows you to override some of Sourcefire’s service detection capabilities.
Support for Payload and Add-on Application Detectors in the VDB
Sourcefire uses the vulnerability database (VDB) update mechanism to provide
you with updated application and payload detectors. You can group, activate, and
deactivate add-on application detectors according to the needs of your
organization, using the RNA Detectors page (Policy & Response > RNA > RNA
Detectors).
Version 4.10.3.7
Sourcefire 3D System Release Notes
46
Features Introduced in Previous Versions
New Application and Service Detectors
There were many new operating system, service, application, and payload
detectors added for Version 4.10. Version 4.10 also included new application
types to help categorize the new application detectors. In addition, old application
types were consolidated.
As an example of application type consolidation, in previous versions of the
Sourcefire 3D System, each instant messaging application had its own application
type. In Version 4.10, these applications were categorized under a single “instant
messenger” application type.
Third-Party Vulnerabilities
If your organization has the resources to write scripts or create command line
import files to import network map data from third-party applications, you gained
the ability to use the host input feature to import third-party vulnerability data to
augment RNA’s vulnerability data. You can view and work with third-party
vulnerabilities in workflows (Analysis & Reporting > RNA > Third-Party Vulnerabilities)
or in the host profiles of hosts with associated third-party vulnerabilities.
Improved RNA Subnet Detection Interface
The web interface for RNA subnet detection was updated to enhance usability.
Nmap Improvements
Version 4.10 included support for Nmap v5.21, which offers better performance
and also includes richer service signatures, more scanning options for host
discovery, and advanced timing options.
PEP
As of Version 4.10, IPv4 and IPv6 packet filters are called fast path rules. You can
filter traffic by any protocol using either PEP rules or fast path rules. In addition,
you can customize initiator and responder settings in IPv6 PEP rules.
Finally, you can set a detection engine-specific action to process traffic that is
detected by different detection engine types differently.
The Version 4.10 update process also created two PEP rules to replace each PEP
rule that previously used the Bi-Directional option.
PEP is supported on the 3D9900 and on 8000 Series sensors.
System Management Features
Version 4.10 introduced a number of new features and improvements to help you
manage your Sourcefire 3D System deployment more efficiently and effectively.
Database Access
The database access feature allows you to query intrusion, network discovery,
user identity, compliance, vulnerability, and some system-level database tables on
either a Master Defense Center or Defense Center, using a third-party client that
supports JDBC SSL connections.
Version 4.10.3.7
Sourcefire 3D System Release Notes
47
Features Introduced in Previous Versions
You can use an industry-standard reporting tool such as Actuate BIRT, JasperSoft
iReport, or Crystal Reports to interactively design and submit queries. You can
also configure a standalone Java application to query Sourcefire data under
program control.
Command Line Interface
As a security enhancement, Version 4.10 deprecated the root user account. You
can, however, enable a feature called “expert mode,” which allows you to access
a shell where you can use sudo to perform tasks that require root privileges.
Note that you can also disable expert mode.
On 8000 Series sensors and virtual appliances, a command line interface with a
controlled set of commands and options became available. There are several CLI
modes with various permissions levels that you can configure on a per-user basis.
The Version 4.10 update process also changed the shell-access password for the
admin account to the password for the Version 4.9.x root account. For Virtual
appliances, the update process also replaced shell access with the CLI for the
admin user as well as for any externally authenticated shell users.
Security Improvements
•
Version 4.10 added the ability to use the system settings to configure your
appliances to use an authenticated web proxy when downloading updates
and rules.
•
You can use the system settings to replace the default SSL (Secure Sockets
Layer) certificate that you can use to initiate encrypted communications
between your web browser and a standalone-capable appliance. This allows
you to use a custom certificate signed by a globally known certificate
authority (CA).
•
Version 4.10 added support for encryption on the connection between your
appliance and the mail relay host (configured in the system policy).
•
Version 4.10 added support for encryption on the Defense Center-LDAP
server connection used by RUA, as well as the connection between RUA
agents and the Defense Center.
SNMP Polling Support
Version 4.10 added the ability to use the system policy to enable Simple Network
Management Protocol (SNMP) polling of an appliance, and thereby obtain access
to the appliance’s standard management information base (MIB).
Simplified LDAP Configuration
As of Version 4.10, the Defense Center helps you create LDAP authentication
objects by automatically filling in default settings based on the type of LDAP
server you are using.
Improved Troubleshooting Options
Version 4.10 added the ability to customize the troubleshooting data that the
health monitor reports, which reduces the size of any troubleshooting files that
you send to Sourcefire Support.
Version 4.10.3.7
Sourcefire 3D System Release Notes
48
Features Introduced in Previous Versions
New Host Input API Functions
The Host Input API added two new functions: AddScanResult, which adds scan
results from a third-party vulnerability scanner and maps each vulnerability to a
BugTraq or CVE ID, and DeleteScanResult, which deletes those results. You
view and work with third-party vulnerabilities in the Defense Center’s web
interface, as well as query them using the database access feature.
Improvements in the Major Update Process
As of Version 4.10, when a Defense Center is used to update the Sourcefire 3D
System or the VDB on managed sensors, you no longer have to push the update
to the sensors before you install it. Note, however, that scheduling updates still
requires that you schedule the push and update tasks in succession.
Miscellaneous Changes and Deprecations
Version 4.10.3.7
•
As of Version 4.10, users who want to continue sending responses out from
the management interface when packets trigger intrusion rules using the
resp keyword on a Version 4.9.x 3D3800 or 3D5800 sensor in tap mode
must include the command line config response: device ip in a
custom USER_CONF detection engine variable.
•
As of Version 4.10, the Defense Center lists up to 100 services per host. To
improve performance once that limit is reached, new service information
from any active or passive source is discarded until you delete a service
from the host or a service times out. When you upgrade to Version 4.10, if a
host is associated with more than 100 running services, the service list for
that host is pruned to 100.
•
Some detected application types were consolidated. If you have existing
compliance rules, searches, or other configurations that rely on an obsolete
application type, you must manually edit that configuration.
•
Some detected service names changed to accurately reflect RFCs and
other official documentation. Existing compliance rules are unaffected
because they rely on internal identification numbers for services, but you
may need to update saved searches that use the old service names.
•
A new Process Status health module replaced the Data Correlator Process,
Defense Center Status, eStreamer Status, IPS Process, and RNA Process
modules. However, in the background, the Defense Center retains any
custom settings that you configured for the legacy modules. If you apply a
health policy with Process Status enabled to an appliance running a version
earlier than 4.10, the legacy modules with your custom settings are enabled
and those modules report health status events for that appliance in place of
the Process Status module.
•
Version 4.10 removed support for Series 1 appliances and 3Dx800 sensors.
Similarly, there is no Version 4.10 release for RNA on Red Hat Linux. You
can, however, use a Version 4.10 Defense Center to manage Version 4.9x of
those appliances.
Sourcefire 3D System Release Notes
49
For Assistance
•
As of Version 4.10, the Sourcefire 3D System no longer contains built-in
support for using the Nessus scanner to perform active scans.
•
Version 4.10 also eliminated the need for the management virtual network,
as the Sourcefire 3D System no longer supports Version 4.10 Defense
Centers managing sensors running versions earlier than Version 4.9.
For Assistance
If you are a new customer, thank you for choosing Sourcefire. Please visit
https://support.sourcefire.com/ to download the Sourcefire Support Welcome Kit,
a document to help you get started with Sourcefire Support and set up your
Customer Center account.
If you have any questions or require assistance with the Sourcefire Defense
Center, 3D Sensor, or any of the software sensors, please contact Sourcefire
Support:
•
Visit the Sourcefire Support Site at https://support.sourcefire.com/.
•
Email Sourcefire Support at [email protected].
•
Call Sourcefire Support at 410.423.1901 or 1.800.917.4134.
If you have any questions or require assistance with the Crossbeam Systems
X-Series Platform, please visit the Blue Coat Support Site at:
https://www.bluecoat.com/support/contactsupport/
Thank you for using Sourcefire products.
Legal Notices
Cisco, the Cisco logo, Sourcefire, the Sourcefire logo, Snort, the Snort and Pig
logo, and certain other trademarks and logos are trademarks or registered
trademarks of Cisco and/or its affiliates in the United States and other countries.
To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the
property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company.
The legal notices, disclaimers, terms of use, and other information contained
herein (the "terms") apply only to the information discussed in this documentation
(the "Documentation") and your use of it. These terms do not apply to or govern
the use of websites controlled by Cisco or its subsidiaries (collectively, "Cisco") or
any Sourcefire-provided or Cisco-provided products. Sourcefire and Cisco
products are available for purchase and subject to a separate license agreement
and/or terms of use containing very different terms and conditions.
The copyright in the Documentation is owned by Cisco and is protected by
copyright and other intellectual property laws of the United States and other
countries. You may use, print out, save on a retrieval system, and otherwise copy
and distribute the Documentation solely for non-commercial use, provided that
you (i) do not modify the Documentation in any way and (ii) always include Cisco’s
Version 4.10.3.7
Sourcefire 3D System Release Notes
50
For Assistance
copyright, trademark, and other proprietary notices, as well as a link to, or print
out of, the full contents of this page and its terms.
No part of the Documentation may be used in a compilation or otherwise
incorporated into another work or with or into any other documentation or user
manuals, or be used to create derivative works, without the express prior written
permission of Cisco. Cisco reserves the right to change the terms at any time,
and your continued use of the Documentation shall be deemed an acceptance of
those terms.
© 2004 - 2014 Cisco and/or its affiliates. All rights reserved.
Disclaimers
THE DOCUMENTATION AND ANY INFORMATION AVAILABLE FROM IT MAY
INCLUDE INACCURACIES OR TYPOGRAPHICAL ERRORS. CISCO MAY
CHANGE THE DOCUMENTATION FROM TIME TO TIME. CISCO MAKES NO
REPRESENTATIONS OR WARRANTIES ABOUT THE ACCURACY OR
SUITABILITY OF ANY CISCO-CONTROLLED WEBSITE, THE DOCUMENTATION
AND/OR ANY PRODUCT INFORMATION. CISCO-CONTROLLED WEBSITES,
THE DOCUMENTATION AND ALL PRODUCT INFORMATION ARE PROVIDED
"AS IS" AND CISCO DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED
WARRANTIES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF TITLE AND
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE. IN NO EVENT SHALL CISCO BE LIABLE TO YOU FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR
CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF DATA, LOSS
OF PROFITS, AND/OR BUSINESS INTERRUPTIONS), ARISING OUT OF OR IN
ANY WAY RELATED TO CISCO-CONTROLLED WEBSITES OR THE
DOCUMENTATION, NO MATTER HOW CAUSED AND/OR WHETHER BASED
ON CONTRACT, STRICT LIABILITY, NEGLIGENCE OR OTHER TORTUOUS
ACTIVITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF CISCO IS ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME
STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE
LIMITATIONS MAY NOT APPLY TO YOU.
Version 4.10.3.7
Sourcefire 3D System Release Notes
51

How to Pair: Adidas miCoach (iOS 7)

Unive Mech ersity of C College anical Eng California of Engine

Self-Defense Basics

30th October 2014 PLACE: Center Sefarad-Israel

San Diego State-Fresno State Postgame Quotes

Bula Sensor F2L i

download PDF file

How to Pair: Strava Cycling (iOS 7)

Commissioning statement Freestyle libre

Susceptible Faba Bean (Vicia faba)

Power efficient wireless sensor networks using adaptive node function