Hello,

It's a common issue for network discovery tools to misidentify the host OS, especially when there are configurations or security measures in place that can obfuscate the OS details. Here are a few suggestions to improve the accuracy of Firepower's Network Discovery function:

1. Verify the Firepower policies: Make sure the network discovery policy applied to the relevant interfaces is configured correctly. This includes ensuring the correct detection methods (passive, active, or both), as well as the target networks and hosts, are specified.

2. Update the Firepower platform: Ensure your Firepower Management Center (FMC) and Firepower Threat Defense (FTD) devices are running the latest software versions. OS detection capabilities can be improved with the software updates.

3. Check for network obstructions: Some devices and configurations, such as load balancers, proxies, and firewalls, can interfere with the OS detection process. If possible, try to bypass these devices for testing purposes and see if the OS detection improves.

4. Configure F5 load balancers: Since some of your servers are behind F5 load balancers, try to configure the load balancers to allow accurate OS detection. This can be achieved by enabling X-Forwarded-For headers or by disabling features that might be obfuscating the OS details.

5. Manually set the OS in Firepower: In cases where the OS cannot be accurately detected automatically, you can manually set the OS for a specific host in the FMC. This should prevent false positive intrusion events related to the misidentified OS.

6. Review and fine-tune the intrusion policies: Make sure to review and fine-tune the intrusion policies in FMC. You can set the policy to only generate events for the specific OS and applications you have in your environment, which will help reduce false positives.

Please try these suggestions and let me know if you see any improvements in the accuracy of the Network Discovery function.

Best regards,
Cisco Virtual Engineer