cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2045
Views
0
Helpful
12
Replies

Firepower 6.1 version - no hosts discovered on passive discovery

carlo_monc07
Level 1
Level 1

I setup network discovery policy with a settings of discovering our LAN network, any zones, source & destination port inclusions none and Actions to discover are hosts, users and applications. 

Unfortunately, I do not see any hosts discovered except IPv6 even I removed any IPv6 on the discovered network.

Please see attachment

12 Replies 12

Eric York
Level 1
Level 1

Any Luck? Same problem here. 

I escalated this to Cisco TAC, and they said that I need to upgrade my SFR module boot and package to 6.1.

When performing upgrading and reimaging of new boot image, I encountered a problem that I stuck only in recovery state and error happen.

Mod  Status             Data Plane Status     Compatibility

---- ------------------ --------------------- -------------

   0 Up Sys             Not Applicable

ips Unresponsive       Not Applicable

cxsc Unresponsive       Not Applicable

sfr Recover            Not Applicable

 

 

pb2-core2-fw# session sfr console

ERROR: Failed opening console session with module sfr. Module is in "Recover" state.

Please try again later.

pb2-core2-fw#

 

pb2-core2-fw# show module sfr log console

 

Displaying Console Log Information for Module sfr:

- will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

I just upgraded my sensor last night. Did you upgrade through Firepower Management or through CLI? There was quite an upgrade path so if you didn't follow that, maybe that is the issue. There were a couple of Pre-Install packages that I had to go through. 

hoffa2000
Level 3
Level 3

Same here. 6.1 on FMC and 6.0.1.2 on the SFR

You should upgrade your SFR to 6.1 the same as FMC and magically the passive discovery will be successful.

carlo_monc07
Level 1
Level 1

We already resolved the issue.

There is a version mismatch of the Firepower management and the SFR.

After upgrading the SFR, another problem encountered because the Cisco ASA Software version is not compatible.

So the cause of the issue is compatibility.

Good to hear. Have you had any issues with FMC not recognizing users in the "Initiator" field. 

Hi Eric

Funny that you mention it. This is one of the things that has bothered me after my push to 6.1. While I ran 6.1 on the FMC and 5.4 on the SFRs I had user initiator visibility and could even have a dashboard widget for top users. I run passive user detecting through AD/LDAP by the way. I still have a few SFRs left at 6.0.1 but not event those at 6.1 show the initiating user for a connection.

If I go to a host detail I do see the last associated user so it feels the information is there somewhere.

/Fredrik

Same problem exactly here. I have a ticket open and have had it open for a while.  My 5.4 FMC has no issue with using the User Agent Application. I'll keep you all updated.Thanks.

- Eric

i have same porblem   initiator user =unknown   after upgerade  6.1.0 -> 6.1.0.1 cleaning the base configuration of the new AD, no effect

ki_fredrik
Level 1
Level 1

I've just upgraded our FMC to 6.1.0.1 with the SFR still on 6.0.1.2 and that solved our issue with no hosts registering in the Network Discovery policy..

Could be a solution if you don't have the possibility to upgrade your sensors..

I back to 6.1.0 ,   revert VM and uninstal on sensors all username in status =unknown   . 6.1.0.1 not work stable for me 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: