Cisco Cisco Firepower Management Center 4000
35-36
FireSIGHT System User Guide
Chapter 35 Introduction to Network Discovery
Creating a Network Discovery Policy
When Host Limit Reached
You can control how hosts are handled when the Defense Center reaches its host limit (as determined by
the FireSIGHT license) and the network map is full. This option is especially valuable if you want to
prevent spoofed hosts from taking the place of valid hosts in the network map. To drop old hosts, select
the FireSIGHT license) and the network map is full. This option is especially valuable if you want to
prevent spoofed hosts from taking the place of valid hosts in the network map. To drop old hosts, select
Drop hosts
from the
When Host Limit Reached
drop-down list.To drop new hosts, select
Don’t insert new hosts
from the
When Host Limit Reached
drop-down list. For more information, see
.
Host Timeout
The amount of time that passes, in minutes, before the system drops a host from the network map due to
inactivity. The default setting is 10080 minutes (7 days). Individual host IP and MAC addresses can time
out individually, but a host does not disappear from the network map unless all of its associated addresses
have timed out.
inactivity. The default setting is 10080 minutes (7 days). Individual host IP and MAC addresses can time
out individually, but a host does not disappear from the network map unless all of its associated addresses
have timed out.
To avoid premature timeout of hosts, make sure that the host timeout value is longer than the update
interval in the network discovery policy. For more information on the update interval, see
interval in the network discovery policy. For more information on the update interval, see
.
Server Timeout
The amount of time that passes, in minutes, before the system drops a server from the network map due
to inactivity. The default setting is 10080 minutes (7 days).
to inactivity. The default setting is 10080 minutes (7 days).
To avoid premature timeout of servers, make sure that the service timeout value is longer than the update
interval in the network discovery policy. For more information, see
interval in the network discovery policy. For more information, see
Client Application Timeout
The amount of time that passes, in minutes, before the system drops a client from the network map due
to inactivity. The default setting is 10080 minutes (7 days).
to inactivity. The default setting is 10080 minutes (7 days).
You should make sure that the client timeout value is longer than the update interval in the network
discovery policy. For more information, see
discovery policy. For more information, see
To update data storage settings:
Access:
Admin/Discovery Admin
Step 1
Click the edit icon (
) next to
Data Storage Settings
.
The Data Storage Settings pop-up window appears.
Step 2
Update the settings as needed.
Step 3
Click
Save
to save the data storage settings and return to the Advanced tab of the network discovery
policy.
Note
You must apply the network discovery policy for your changes to take effect. For more
information, see
information, see
.
Configuring Discovery Event Logging
License:
FireSIGHT