Cisco Cisco Firepower Management Center 4000

35-28

FireSIGHT System User Guide

Chapter 35 Introduction to Network Discovery

Creating a Network Discovery Policy

For information on network monitoring, see

Understanding Monitored Networks, page 35-25

. For

information on adding network objects to the Available Networks list, see

Creating Network Objects,

page 35-28

. Note that If you modify a network object used in the network discovery policy, you must

reapply the policy for those changes to take effect for discovery.

Step 8

Optionally, to restrict the rule actions to traffic in specific zones, click

Zones

, select a zone or zones from

the

Available Zones

list, and click

Add

For information on selecting zones for monitoring, see

Understanding Zones in Network Discovery

Policies, page 35-26

Step 9

To exclude ports from monitoring, click

Port Exclusions

The Port Exclusions page appears.

Step 10

To exclude specific source ports from monitoring, you have two options:

•

Select a port or ports from the

Available Ports

list and click

Add to Source

•

To exclude traffic from a specific source port without adding a port object, under the

Selected Source

Ports

list, select the appropriate protocol from the

Protocol

drop-down list, type a port number from

1 to 65535 into the

Port

field, and click

Add

For information on excluding ports from monitoring, see

Understanding Port Exclusions,

page 35-26

. For information on adding port objects to the Available Ports list, see

Creating Port

Objects, page 35-29

. Note that if you modify a port object used in the network discovery policy, you

must reapply the policy for those changes to take effect for discovery.

Step 11

To exclude specific destination ports from monitoring, you have two options:

•

Select a port or ports from the

Available Ports

list and click

Add to Destination

•

To exclude traffic from a specific destination port without adding a port object, under the

Selected

Destination Ports

list, select the appropriate protocol from the

Protocol

drop-down list, type a port

number from 1 to 65535 into the

Port

field, and click

Add

Step 12

If you are finished editing the rule, click

Save

to return to the discovery policy rule list.

Note

You must apply the network discovery policy for your changes to take effect. For more
information, see

Applying the Network Discovery Policy, page 35-38

Creating Network Objects

License:

FireSIGHT

The list of available networks that appears in a discovery rule contains reusable network object and
groups that can be used anywhere in the FireSIGHT System. You can add new network objects to the
list. Note that when you modify an object referenced in a rule, you must reapply the network discovery
policy for those changes to take effect.

To create a new network object:

Access:

Admin/Discovery Admin

Step 1

Select

Policies > Network Discovery

The Network Discovery Policy page appears.