Anomaly Detection not detecting host machines (learned OS)
I have an ASA5540X firewall with the internal (software based) IPS module. The module has the up-to-date signatures and seems to be running correctly. However, after enabling anomaly detection (ad0), and specifying the internal zones, I don't see any "Learned OS" in IME
My settings are pretty basic for the sensor
access-list ips_traffic extended permit ip any any
access-list ips_traffic extended permit udp any any
I realized that the problem was a failover issue--the ASAs are in a pair, and after a failover, the IPS policies had been applied to the wrong (failover) IPS module. Once I applied them on the correct module, I could see all the learned OSs.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...