Good to hear. Have you had

carlo_monc07 · ‎11-12-2016

I setup network discovery policy with a settings of discovering our LAN network, any zones, source & destination port inclusions none and Actions to discover are hosts, users and applications.

Unfortunately, I do not see any hosts discovered except IPv6 even I removed any IPv6 on the discovered network.

Please see attachment

Eric York · ‎11-15-2016

Any Luck? Same problem here.

carlo_monc07 · ‎11-17-2016

I escalated this to Cisco TAC, and they said that I need to upgrade my SFR module boot and package to 6.1.

When performing upgrading and reimaging of new boot image, I encountered a problem that I stuck only in recovery state and error happen.

Mod Status Data Plane Status Compatibility

---- ------------------ --------------------- -------------

0 Up Sys Not Applicable

ips Unresponsive Not Applicable

cxsc Unresponsive Not Applicable

sfr Recover Not Applicable

pb2-core2-fw# session sfr console

ERROR: Failed opening console session with module sfr. Module is in "Recover" state.

Please try again later.

pb2-core2-fw#

pb2-core2-fw# show module sfr log console

Displaying Console Log Information for Module sfr:

- will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.

Eric York · ‎11-17-2016

I just upgraded my sensor last night. Did you upgrade through Firepower Management or through CLI? There was quite an upgrade path so if you didn't follow that, maybe that is the issue. There were a couple of Pre-Install packages that I had to go through.

hoffa2000 · ‎11-24-2016

Same here. 6.1 on FMC and 6.0.1.2 on the SFR

carlo_monc07 · ‎12-03-2016

You should upgrade your SFR to 6.1 the same as FMC and magically the passive discovery will be successful.

carlo_monc07 · ‎12-03-2016

We already resolved the issue.

There is a version mismatch of the Firepower management and the SFR.

After upgrading the SFR, another problem encountered because the Cisco ASA Software version is not compatible.

So the cause of the issue is compatibility.

Eric York · ‎12-03-2016

Good to hear. Have you had any issues with FMC not recognizing users in the "Initiator" field.

hoffa2000 · ‎12-06-2016

Hi Eric

Funny that you mention it. This is one of the things that has bothered me after my push to 6.1. While I ran 6.1 on the FMC and 5.4 on the SFRs I had user initiator visibility and could even have a dashboard widget for top users. I run passive user detecting through AD/LDAP by the way. I still have a few SFRs left at 6.0.1 but not event those at 6.1 show the initiating user for a connection.

If I go to a host detail I do see the last associated user so it feels the information is there somewhere.

/Fredrik

Eric York · ‎12-07-2016

Same problem exactly here. I have a ticket open and have had it open for a while. My 5.4 FMC has no issue with using the User Agent Application. I'll keep you all updated.Thanks.

- Eric

jacek99111 · ‎12-07-2016

i have same porblem initiator user =unknown after upgerade 6.1.0 -> 6.1.0.1 cleaning the base configuration of the new AD, no effect

ki_fredrik · ‎12-07-2016

I've just upgraded our FMC to 6.1.0.1 with the SFR still on 6.0.1.2 and that solved our issue with no hosts registering in the Network Discovery policy..

Could be a solution if you don't have the possibility to upgrade your sensors..

jacek99111 · ‎12-08-2016

I back to 6.1.0 , revert VM and uninstal on sensors all username in status =unknown . 6.1.0.1 not work stable for me

Firepower 6.1 version - no hosts discovered on passive discovery