FireMon Asset Manager 5.4
Release Date: 16 June 2025
Summary
FireMon is pleased to provide this overview of the new features and enhancements made for this Asset Manager 5.4 release, which is recommended for all users.
| FireMon Asset Manager Edition 5.4 | |
|---|---|
|
The upgrade file is now available in FireMon User Center > Downloads. |
For the upgrade procedure, see Upgrading Asset Manager. |
We recommend upgrading your Scouts whenever you upgrade your Command Center. However, Scouts 5.2.x and 5.3.x are compatible with Command Center version 5.4.
The Security Manager Integration does not work with SIP version 2025.2 or later. This will be fixed in Asset Manager release 5.5.
There is a known issue with OSPF scanning. To use OSPF scanning, a file's permissions must be changed. Please contact support for assistance in updating permissions.
Database Schema
The database schema provides a visual representation of the database. You can request the 5.3 database schema from Asset Manager Support.
CLI Commands
The Asset Manager CLI is a powerful hierarchical menu-driven interface that provides virtually all administrative functionality in the browser interface.
To administer your system using the command-line interface, see System Administration via CLI.
Security Updates & STIG
5.4 resolves Common Vulnerabilities & Exposures (CVEs) and incorporates a variety of security-related (and non-security-related) enhancements. See Security Advisories 5.3 for a list of CVEs resolved in this release.
Highlights
The interface IP address column has been added to the Device Details screen.
OT Profiling Enhancements: Added more OT vendors and improved the classification field definitions.
Added Infoblox IPs and Extensible Attributes to Connect: Use Asset Manager to create devices from your Infoblox IPAM. Asset Manager can then add the Infoblox IPs to your FireMon Connect Database to utilize in dynamic lists for firewall configuration.
Data at Rest Encryption: Protect database, spool files, and log files with LUKS encryption (aes-xts-plain64)
Encrypted DNS and Secure Syslog Support: Speak with your Support team for steps to update DNS Scanner to use DNS over HTTPS. Also speak with support for guidance on uploading secure syslog certificate files.
UI Improvements: User experience improvements across multiple aspects: scrolling, report alignments, Zone Names, and widget tool tips.
Noteworthy Resolved Issues
-
DNS Discovery using default System DNS Servers bug has been fixed.
-
Support Level 2 for private interfaces in Azure enhancement has been added.
-
Resolved SNMP Issues where Asset Manager could not collect Level 2 Hosts from FortiSwitch and Routes from FortiNet.
-
Resolved a scanning issue where Asset Manager was not processing all Received Certificates.
Change Log
Improvements
|
Key |
Summary |
|---|---|
|
LUM-5380 |
Manufacture 5.4 Images for AWS and Azure by 5/23 to give time for any issues before GA |
|
LUM-5378 |
Customer requests that we support secure syslog |
|
LUM-5372 |
CLI system sshproxy setting have disabled by default |
|
LUM-5356 |
Create a hotfix jar to test at customer |
|
LUM-5344 |
Not gathering L2 information via 1.3.6.1.2.1.17.4.3 (dot1dTpFdbTable) on Fortinet |
|
LUM-5335 |
ot vendor table needs updates |
|
LUM-5329 |
Containers: Make it easier to log to CEF speaking devices; environment variables and timestamps |
|
LUM-5326 |
SPIKE: Cloud Scanner pull in AWS Security Groups and Elastic IPs |
|
LUM-5322 |
OVA Deploy via VMware wizard tool: No option to set manager password. |
|
LUM-5318 |
Add Comments to Core Discovery Metrics Dashboard Widgets |
|
LUM-5317 |
[5.4] Security Updates |
|
LUM-5316 |
Uptick RPMs for 5.4 release (not related to CVEs) |
|
LUM-5308 |
Operating System Detail Report: Standardize Column Order |
|
LUM-5307 |
Vendor Summary Detail Report: Standardize Column Order |
|
LUM-5306 |
Unknown Devices Report: Standardize Column Order and Syntax |
Resolved Issues
|
Key |
Summary |
|---|---|
|
LUM-5386 |
Profiling of Devices found via AZ cloud Scanner. Vendor Default is Microsoft with No Confidence Value. Cannot Override Vendor with PPB |
|
LUM-5331 |
system.ot_vendor table refresh of categories to handle a more broader range |
|
LUM-5330 |
system.ot_vendor table Category field has Misspellings and Grammar mistakes |
|
LUM-5328 |
system.ot_vendor table has 13 vendors duplicated as IT and OT |
|
LUM-5327 |
Duplicate entries in system.ot_vendor table in same category class |
|
LUM-5325 |
With DEBUG Level On seeing ERROR: READER Messages in CLI. Users unable to perform actions |
|
LUM-5292 |
Dashboard/Deployment Health Key Indicators Widget not Loading at customer Site; 5 minutes to load on Internal Lab System |
|
LUM-5284 |
Scout deployed in Azure not support 2 private only interfaces |
|
LUM-5051 |
Update query WMI Devices by Operating System Summary to exclude Null |
|
LUM-3897 |
Zones Main Page. If Description is too long there is now word wrap or hovering available to read full description |
|
LUM-3497 |
Editing SNMP Discovery clears the "Skip BGP Routes" checkbox |
|
LUM-2241 |
Dashboard 'Discovery Data Metrics' >> Overlapping text on Incoming Messages by Collector and Incoming Messages by Scan Type widgets horizontal axis |
|
LUM-1828 |
Saving CEF Notifications: UI is very slow to respond or can error out |
|
LUM-1210 |
Output of CLI command "collector list name <CollectorName>" does not show prefix length for IPv6 CIDRs |