Solved: Thank you for the detailed

hoffa2000 · ‎10-28-2016

Hi

I noticed I was starting to get "No host record found" when trying to "View Host Profile" for some internal IPv4 addresses. We're an IPv4 shop by the way. When I looked at the Network Map I see the Hosts [IPv6] table is filling up and the discovered entries looks really weird.

Is there some way to tell the whole Firepower system, modules and all to skip IPv6 entirely and only use IPv4?

Regards

Fredrik

Oliver Kaiser · ‎10-29-2016

You have to go to Policies > Network Discovery. There you should find one or multiple different rules for network discovery.

Those rules define in what network segments discovery is enabled. In the default configuration you will see ::/0 which stands for all IPv6 addresses. I have attached a screenshot on how to remove the IPv6 addresses from a rule.

In case ::/0 is not in your discovery rule, let me know your FMC version because you might hit the bug i mentioned earlier.

View solution in original post

Oliver Kaiser · ‎10-28-2016

Hi Fredrik,

You can configure your network discovery policy to only match on IPv4 traffic. Check your policy to verify if IPv6 is enabled (default). If it is indeed disabled you might hit the following bug CSCuw51866 which has been fixed in 6.1

kind regards

Oliver

hoffa2000 · ‎10-28-2016

Hi Kaisero

Could you give me some pointers how I go about disabling IPv6 in network discovery? I might have missed something.

/Fredrik

Oliver Kaiser · ‎10-29-2016

You have to go to Policies > Network Discovery. There you should find one or multiple different rules for network discovery.

Those rules define in what network segments discovery is enabled. In the default configuration you will see ::/0 which stands for all IPv6 addresses. I have attached a screenshot on how to remove the IPv6 addresses from a rule.

In case ::/0 is not in your discovery rule, let me know your FMC version because you might hit the bug i mentioned earlier.

hoffa2000 · ‎10-30-2016

Thank you for the detailed description. I have already taken those steps and even made an exclude rule for all-IPv6. The only result now is that my IPv4 network map is totally empty.

The bug description isn't very informative and lists 5.4.0.9 as a fixed release and I have 5.4.0.8 on half of my modules and 5.4.0.9 on the other half and neither is making any IPv4 network discoveries.

/Fredrik

Oliver Kaiser · ‎11-08-2016

I think the bug might be related to FMC version not sensor, however I would recommend contacting TAC to verify and create an action plan to mitigate the issue.

hoffa2000 · ‎11-29-2016

Hi

A status update and input. I pushed one of my modules to 6.1 and after putting the module back into production it discovers everything just fine. Same FMC as before, just upgraded module

/Fredrik

Oliver Kaiser · ‎12-01-2016

Glad to hear it is working now. The other day I have discovered the following bug: CSCvb61156 which matches your problem description excatly. Updating seems to be the only workaround atm.

hoffa2000 · ‎11-01-2016

I feel there is something else going on. I pushed one of my Firepower modules to 6.0.1.2, which is in the bug list of resolved versions, and now my network map is populated of MAC addresses only. No IPv4 and no IPv6. Not even an NMAP scan of one of my local subnets will show any IPv4 addresses

/Fredrik

sjarchung · ‎11-03-2016

Kaisero,

Can you please let me know what the bug is you are referring to? I am also experiencing this issue and my settings are correct.

hoffa2000 · ‎11-03-2016

Hi

It's the CSCuw51866 bug. In my case though I'm not even sure I'm hitting that bug, the description isn't very informative and I'm not getting any IPs at all in my network map at the moment.

Regards

/Fredrik

Disable FMC 6.1 IPv6 network discovery