Solved: Re: Firepower MCv Device License

telesymbol · ‎08-04-2022

Hi All,

Under Firepower MCv Device License, It shows 100000 as the purchased license while i purchased for only 2 firewalls, can anyone explain why the quantity is 100000??

Marvin Rhoads · ‎08-04-2022

You're right the Smart Account listing is very misleading.

That number (100,000) is the number of hosts that are discoverable (i.e., by the network discovery policy). We sometime see customers have issues with exceeding the number when they leave a default discovery policy which tries to discover 0.0.0.0/0 and then connect the firewall to the Internet - meaning every Internet host ever connecting via the firewall is profiled.

View solution in original post

Marvin Rhoads · ‎08-04-2022

You're right the Smart Account listing is very misleading.

That number (100,000) is the number of hosts that are discoverable (i.e., by the network discovery policy). We sometime see customers have issues with exceeding the number when they leave a default discovery policy which tries to discover 0.0.0.0/0 and then connect the firewall to the Internet - meaning every Internet host ever connecting via the firewall is profiled.

Marius Gunnerud · ‎08-04-2022

As @Marvin Rhoads has mentioned this value is the number of hosts that can be discovered by the Firepower device. When this value is exceeded, the new connections will not be able to pass through the firewall. This is why it is important to tune the discovery to be the exact subnets that your company uses or at the very least limit it to private IP address space RFC1918.

If the number of hosts reaches the limit you only need to purge the hosts to get things back up and running, but it is an unnecessary headache.

--
Please remember to select a correct answer and rate helpful posts