Solved: 0 out of 50000 FireSIGHT host licenses remaining

confused_guy45 · ‎06-06-2016

Philip D'Ath · ‎06-06-2016

It means you don't have user discovery enabled.

Go Policies/Network Discovery.

If you have a "local" network defined, and clock on the "pencil" or double click. Next to "Action" at the top, click on "Users". Save and deploy.

If you don't have a "local" network defined, add a network like "IPV4-Private-All-RFC1918" and then repeat the steps above.

View solution in original post

Philip D'Ath · ‎06-06-2016

It means you don't have user discovery enabled.

Go Policies/Network Discovery.

If you have a "local" network defined, and clock on the "pencil" or double click. Next to "Action" at the top, click on "Users". Save and deploy.

If you don't have a "local" network defined, add a network like "IPV4-Private-All-RFC1918" and then repeat the steps above.

confused_guy45 · ‎06-07-2016

I see 0.0.0.0/0 and ::/0 listed as networks, and users was already checked. IPV4-Private-All-RFC1918 already existed as well.

Based on both answers I see, I should delete 0.0.0.0/0 ::/0 because that was the problem and just add in IPV4-Private-All-RFC1918?

Edit: I did it. The message hasn't went away yet, but I'll give it some time. I did get a new message popping up with Cisco-Intelligence-Feed received code (Unable to download file)

I'll update the post if I can figure it out.

Update: I followed directions here http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117997-technote-firesight-00.html and the warning message went away. It still says 0 out of 50,000 hosts but I'm hoping that'll go away soon.

Last update: It went away! Thank you!

Philip D'Ath · ‎06-07-2016

Leave 0.0.0.0/0 there, but untick users.

confused_guy45 · ‎06-09-2016

I appreciate the help! Would you mind explaining to me why I should change it to 0.0.0.0/0 and untick users? I'm very curious

Philip D'Ath · ‎06-09-2016

Because it will try and identify every remote person accessing your site from the Internet, which counts against your 50,000 limit.

confused_guy45 · ‎06-10-2016

It swapped it back. Thanks for the help!

Jetsy Mathew · ‎06-06-2016

Hello,

To perform the network discovery , you should create a network discovery policy and allow the specific network that you want to perform the network discovery. Specifying the required networks will make sure that it wont exceed the host license of 50000 users. Dont specify any (0.0.0.0) in the network since it will exceed the host limit soon.

Once after enabling the network discovery it will create the host profile and thus you can create any co-relation policy or do as per your requirements.

Rate if this answer helps you.

Regards

Jetsy

rahulbhardwaj1205 · ‎08-23-2024

Hi @Philip D'Ath ,

I am getting the same error and now a bit confused reading this thread . In the first post you have asked to check "users" if we have local network defined .

But later you asked to keep 0.0.0.0/0 with users unchecked . Could you please help to clarify as i am getting same error of "0 out of 50000 FireSIGHT host licenses remaining".

Thanks for the help !!!

Regards

Rahul