Hello Aleksander,

Aleksandr Ilyin · ‎06-09-2016

Hello.
I have the Firepower version 6.0.1 on ASA5525-X. The traffic is mirrored on the ASA. In Firesight device added, the policy created, intrusion detected.
If the policy of incursions in the section "Firepower Recommended Rules Configuration" select "Generate Recommendations", I receive an error: "Error generating recommendations: You have no Firepower hosts".
What is it and how to fix?

yogdhanu · ‎06-09-2016

Hi

To generate firesight recommendation, the Firesight does network discovery and based on the host information found it generates recommendation. So it doesn't have any host info and so it can't generate recommendation.

Things to check.

>Check if network discovery is enabled or no? if yes, make sure hosts are checked.

With this if the traffic is sent to firepower, it should be able to learn host info and generate recommendation.

You can check host info under, Analysis>hosts>hosts

Rate if helps.

Yogesh

Aleksandr Ilyin · ‎06-15-2016

Thank you.
I set too great a filter mask. Now I have exceeded the limit of hosts. I adjusted the mask. But the hosts are not removed. The system reports "Host (s) deleted successfully", but the hosts remain.
How to remove all the hosts?

yogdhanu · ‎06-15-2016

Purge host information from system>tools >Data purge

Purge only host and network discovery events info.

Rate if helps.

Yogesh

Aleksandr Ilyin · ‎06-17-2016

Thank you.

Jetsy Mathew · ‎06-10-2016

Hello Aleksander,

Please make sure that you have the Firesight host license purchased from Cisco Global Licensing team.

Once after having the Firesight host license, make sure you have network discovery policy enabled only with required networks added. In network discovery policy dont 0.0.0.0/0 as this will exceed the host license limit soon. Once if the network discovery is enabled with hosts it should generate the recommendation.

Rate if this answer helps you.

Regards

jetsy