Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
1
Helpful
1
Replies

Search in access policy with FMC

seahorse
Level 1
Level 1

‎05-08-2024 05:14 AM

Hi,

I have a question regarding different search results on FMC in an access control policy.

I want to search for all hosts within a network. What will be the best search expression?

When I search for 111.111.111. I will receive 72 results.

When I search for 111.111.111.0/24 I will receiv 112 results.

My expectation was the other way as "111.111.111." is part of "111.111.111.0/24".

Any explanation for that result and advice how to search best?

Thanks for your feedback.

 

0 Helpful
1 Reply 1

patrick521
Level 1
Level 1

‎05-08-2024 06:23 AM - edited ‎05-08-2024 10:03 PM

@seahorseaarpmahjongg wrote:

Hi,

I have a question regarding different search results on FMC in an access control policy.

I want to search for all hosts within a network. What will be the best search expression?

When I search for 111.111.111. I will receive 72 results.

When I search for 111.111.111.0/24 I will receiv 112 results.

My expectation was the other way as "111.111.111." is part of "111.111.111.0/24".

Any explanation for that result and advice how to search best?

Thanks for your feedback.

 

Hello, @seahorse 

The search results you’re getting in the Firepower Management Center (FMC) for the access control policy seem counterintuitive at first glance, but there could be a few reasons for this behavior.

When you search for 111.111.111., you’re likely using a wildcard search that matches any host with an address starting with those octets. This search might not include all possible hosts within the 111.111.111.0/24 subnet if the FMC’s search functionality interprets the trailing dot as a literal character rather than a wildcard or if there are specific search limitations.

On the other hand, when you search for 111.111.111.0/24, you’re specifying the entire subnet, which should include all hosts within that range. The reason you’re seeing more results with the subnet search could be because this expression encompasses the entire network range, including any network or broadcast addresses that might be defined within the FMC’s database.

Here are a few tips for improving your search:

Use Exact Match: If the FMC supports it, try using an exact match without wildcards to see if it yields the correct number of hosts.
Check Search Syntax: Ensure that you’re using the correct syntax for wildcard searches. Some systems might require a specific character or pattern to represent any number of characters.
Review Search Documentation: Look into the FMC documentation or community forums for guidance on search expressions. The community discussions suggest that FMC might not support more advanced search expressions like regex or boolean logic.

 

I hope my suggestion is helpful for you.

 

Best Regard,
patrick521

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card