topic Questions about network discovery in FTD 7.4.2.2 (build 28) and FMC7.6 in Network Security

Questions about network discovery in FTD 7.4.2.2 (build 28) and FMC7.6

Ditter — Sun, 09 Mar 2025 11:08:46 GMT

Hi to all,

i have activated network discovery policy for some vlans that are in the inside network off the FTD.

However when i add these vlans as part of the discovery process i get an FTD warning that you can see in the attached png.

It is like that you can not have routable IPv4s and/or IPv6 as part of the discovery process and only for RFC1918 you do not get warnings.

Why is this warning?

In addition when i add all these vlans as part of the discovery process and then go to Analysis--> Network Map it shows a fake number of hosts 10K hosts (there are not so many hosts) , and in addition it shows for every class C subnet that there are 255 , 256 hosts which is not true. Please refer to the second png to see what i mean.

Any ideas how i can improve Network Discovery for my existing hosts? And get real results?

Thanks

Ditter.

Re: Questions about network discovery in FTD 7.4.2.2 (build 28) and FM

Marvin Rhoads — Tue, 11 Mar 2025 13:31:11 GMT

Are you adding the actual subnets or a supernet? My network map appears correct when discovering the actual subnets inside my firewall (directly attached or otherwise).

Re: Questions about network discovery in FTD 7.4.2.2 (build 28) and FM

Ditter — Tue, 11 Mar 2025 14:00:39 GMT

Hi Marvin!

No i am adding them as different subnets (that is objects that i have created) . I haven't tried to add them as a supernet.

Strange to get this warning , it is as it not advisable to hav real subnets in your inside zones and only RFC1918 are "acceptable".

Re: Questions about network discovery in FTD 7.4.2.2 (build 28) and FM

Marvin Rhoads — Wed, 12 Mar 2025 15:54:09 GMT

I agree the warning language could be improved. I added a test public /24 in my FMC discovery policy and did not see any hosts added in the network map. Is it possible that you have an NMAP scan configured?

Re: Questions about network discovery in FTD 7.4.2.2 (build 28) and FM

Ditter — Thu, 13 Mar 2025 14:36:35 GMT

Hi Marvin,

so what i discovered about the "existence" of non existent discovered hosts:

The so called "discovered" hosts were not real because i noticed that the MAC address was not belonging to a specific host but it was the mac address of the upstream GW of the FTD. I really do not know the reason about it.

So i decided to start with a new discovery after purging all discovery events. Now i seem to get the correct results.

Thanks again Marvin,

Ditter