11-12-2016 07:29 AM - edited 03-12-2019 06:11 AM
I setup network discovery policy with a settings of discovering our LAN network, any zones, source & destination port inclusions none and Actions to discover are hosts, users and applications.
Unfortunately, I do not see any hosts discovered except IPv6 even I removed any IPv6 on the discovered network.
Please see attachment
11-15-2016 10:18 AM
Any Luck? Same problem here.
11-17-2016 04:56 AM
I escalated this to Cisco TAC, and they said that I need to upgrade my SFR module boot and package to 6.1.
When performing upgrading and reimaging of new boot image, I encountered a problem that I stuck only in recovery state and error happen.
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Unresponsive Not Applicable
cxsc Unresponsive Not Applicable
sfr Recover Not Applicable
pb2-core2-fw# session sfr console
ERROR: Failed opening console session with module sfr. Module is in "Recover" state.
Please try again later.
pb2-core2-fw#
pb2-core2-fw# show module sfr log console
Displaying Console Log Information for Module sfr:
- will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.
DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.
DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.
DB error - will retry: Cannot connect to DB at /usr/local/sf/lib/perl/5.10.1/SF/SFDBI.pm line 588.
11-17-2016 05:17 AM
I just upgraded my sensor last night. Did you upgrade through Firepower Management or through CLI? There was quite an upgrade path so if you didn't follow that, maybe that is the issue. There were a couple of Pre-Install packages that I had to go through.
11-24-2016 03:04 AM
Same here. 6.1 on FMC and 6.0.1.2 on the SFR
12-03-2016 08:11 AM
You should upgrade your SFR to 6.1 the same as FMC and magically the passive discovery will be successful.
12-03-2016 08:08 AM
We already resolved the issue.
There is a version mismatch of the Firepower management and the SFR.
After upgrading the SFR, another problem encountered because the Cisco ASA Software version is not compatible.
So the cause of the issue is compatibility.
12-03-2016 08:15 AM
Good to hear. Have you had any issues with FMC not recognizing users in the "Initiator" field.
12-06-2016 11:49 PM
Hi Eric
Funny that you mention it. This is one of the things that has bothered me after my push to 6.1. While I ran 6.1 on the FMC and 5.4 on the SFRs I had user initiator visibility and could even have a dashboard widget for top users. I run passive user detecting through AD/LDAP by the way. I still have a few SFRs left at 6.0.1 but not event those at 6.1 show the initiating user for a connection.
If I go to a host detail I do see the last associated user so it feels the information is there somewhere.
/Fredrik
12-07-2016 02:18 AM
Same problem exactly here. I have a ticket open and have had it open for a while. My 5.4 FMC has no issue with using the User Agent Application. I'll keep you all updated.Thanks.
- Eric
12-07-2016 02:08 AM
i have same porblem initiator user =unknown after upgerade 6.1.0 -> 6.1.0.1 cleaning the base configuration of the new AD, no effect
12-07-2016 07:40 AM
I've just upgraded our FMC to 6.1.0.1 with the SFR still on 6.0.1.2 and that solved our issue with no hosts registering in the Network Discovery policy..
Could be a solution if you don't have the possibility to upgrade your sensors..
12-08-2016 01:01 AM
I back to 6.1.0 , revert VM and uninstal on sensors all username in status =unknown . 6.1.0.1 not work stable for me
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide