https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518456#M1085778 <P>Query regarding <A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" target="_blank" rel="noopener">Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021</A></P><P>As per the above critical advisory, I was looking at new Intrusion rule in the older FMC&nbsp; that we have (running version 6.1.0.5) and noticed that download of the new rules have been failing due to certificate issue.&nbsp;</P><P>“Download updates failed: Peer certificate cannot be authenticated with known CA certificates”</P><P>Is it possible to download the specific new rules manually, if so how?</P><P>If this is not possible, I’ve found that upgrading the FMC to 6.2.0 fixes the certificate issue affecting download from FMC.</P><P>In order to upgrade from 6.1.0.5 to 6.2.0, can I double check that:</P><UL><LI>Direct upgrade from 6.1.0.5 to 6.2.0 is supported?</LI><LI>Managed ASA5555 FirePOWER module is ver 6.0.1.4 and this is compatible with FMC ver 6.2.0?</LI></UL><P>We are looking to replace this ASA to FPR2140 which is managed on the newer build FMC so want to spend as little time and effort as possible.&nbsp;</P><P>&nbsp;</P><P>Please advise.</P><P>&nbsp;</P><P>Many thanks,</P> Tue, 14 Dec 2021 09:00:24 GMT atsukane 2021-12-14T09:00:24Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518456#M1085778 <P>Query regarding <A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" target="_blank" rel="noopener">Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021</A></P><P>As per the above critical advisory, I was looking at new Intrusion rule in the older FMC&nbsp; that we have (running version 6.1.0.5) and noticed that download of the new rules have been failing due to certificate issue.&nbsp;</P><P>“Download updates failed: Peer certificate cannot be authenticated with known CA certificates”</P><P>Is it possible to download the specific new rules manually, if so how?</P><P>If this is not possible, I’ve found that upgrading the FMC to 6.2.0 fixes the certificate issue affecting download from FMC.</P><P>In order to upgrade from 6.1.0.5 to 6.2.0, can I double check that:</P><UL><LI>Direct upgrade from 6.1.0.5 to 6.2.0 is supported?</LI><LI>Managed ASA5555 FirePOWER module is ver 6.0.1.4 and this is compatible with FMC ver 6.2.0?</LI></UL><P>We are looking to replace this ASA to FPR2140 which is managed on the newer build FMC so want to spend as little time and effort as possible.&nbsp;</P><P>&nbsp;</P><P>Please advise.</P><P>&nbsp;</P><P>Many thanks,</P> Tue, 14 Dec 2021 09:00:24 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518456#M1085778 atsukane 2021-12-14T09:00:24Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518462#M1085780 <P>Ah, I'm guessing 'Update Intrusion Rules' is the bit I need to understand</P><P>&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/system_software_updates.html#Cisco_Concept.dita_7a4949fd-7dc1-43bc-8187-3124694c7aad" target="_blank" rel="noopener">Firepower Management Center Configuration Guide, Version 6.4 - System Updates [Cisco Firepower Management Center] - Cisco</A></P> Tue, 14 Dec 2021 09:13:22 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518462#M1085780 atsukane 2021-12-14T09:13:22Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518572#M1085786 <P>So updating to the latest Intrusion rules has worked and I can see the Log4j drop rules are in the policy.</P><P>&nbsp;</P> Tue, 14 Dec 2021 13:14:04 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518572#M1085786 atsukane 2021-12-14T13:14:04Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518675#M1085792 <P>6.1.0.5 to 6.2.0 is a direct upgrade that is supported:</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/important_update_notes.html#id_38002" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/important_update_notes.html#id_38002</A></P> <P>FMC 6.2.0 cannot manage an ASA Firepower service module running 6.0.1.4.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#reference_A0CAB7C28A2B440F8F901D316D6684F4" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#reference_A0CAB7C28A2B440F8F901D316D6684F4</A></P> Tue, 14 Dec 2021 15:21:27 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4518675#M1085792 Marvin Rhoads 2021-12-14T15:21:27Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4519620#M1085823 <P>hey mate</P><P>&nbsp;</P><P>How do you see the events for those "Log4j" logs?&nbsp;</P> Wed, 15 Dec 2021 23:21:19 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4519620#M1085823 Heino Human 2021-12-15T23:21:19Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4520463#M1085846 <P>Thank you&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;Not sure how I missed that 6.2.0 is not compatible with 6.0.1.4!</P> Fri, 17 Dec 2021 11:13:30 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4520463#M1085846 atsukane 2021-12-17T11:13:30Z https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4520465#M1085847 <P>hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/178811">@Heino Human</a>&nbsp;</P><P>This might be of your interest:</P><P><A href="https://blogs.cisco.com/security/protecting-against-log4j-with-secure-firewall-secure-ips" target="_blank">https://blogs.cisco.com/security/protecting-against-log4j-with-secure-firewall-secure-ips</A></P> Fri, 17 Dec 2021 11:16:04 GMT https://community.cisco.com/t5/network-security/query-regarding-snort-rule-fmc-upgrade-against-log4j/m-p/4520465#M1085847 atsukane 2021-12-17T11:16:04Z