Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
140
Views
0
Helpful
1
Comments

Cisco Secure Firewall - Default Network Discovery Policy for Apps

vagner.araujo
Level 1
Level 1
‎02-04-2025 10:08 AM

The Cisco Secure Firewall comes with a default Network Discovery Policy which is configured for 0.0.0.0 discovering applications.

I'm commonly seeing some people doing 2 configurations:

- Edit default Network Discovery Rule:
 . Delete 0.0.0.0 and put RFC 1918
 . Add Host discovery

What I have learned it's the default rule should not be changed, because it will affect layer 7 capabilities:

Network_Discovery_Keep_Enabled.png

 

So, I instruct customers to create a new rule for host discovery only internal networks. 

Network_Discovery.png

 

You can also add a rule for exclusions Guest network, NAT devices, Proxies, partners coming through VPN.

I'd like to know what are you doing guys? What is your Best Practice? Are you trashing/changing the default rule 0.0.0.0 for application?

 

Obs:
I know if you configure host for 0.0.0.0 it will affect FMC host discovery limit, but I'm not talking about host discovery in the default, I'm talking about application discovery.

0 Helpful
1 Comment
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents