Limitations and Precautions for Security Situation Awareness

Read this section carefully to learn the limitations and precautions before you configure security situation awareness.

All models except for the USG6510E/6510E-POE support security situation awareness.

The security situation awareness function is not license-controlled.

Security situation awareness does not support IPv6.
Virtual systems support manual adding but not asset scanning.
The configuration commands of security situation awareness support hot standby, but the asset scanning results are not synchronized. The active and standby devices perform scanning separately.

The FW must use a Layer 3 interface to initiate detection packets on the target network segment for asset scanning. When the FW uses Layer 2 interfaces to transparently access the network, asset scanning cannot be performed through service interfaces.
If a Layer 3 device is deployed between the FW and assets, the FW cannot obtain the actual MAC addresses of the assets during scanning. In this case, Configuring Across-Layer-3 MAC Identification is required.
After proactive asset scanning is enabled on the FW .the FW continuously sends detection packets to a specified host. The FW at the egress of the host may consider the packets as attack packets and block them. In this case, the FW with proactive asset scanning enabled cannot receive response packets from the host and therefore cannot obtain certain information about the host.
To improve the identification rate of device types and vendors when scanning for devices such as IPCs and network video recorders, you are advised to enable the video gateway mode. Otherwise, the scanning result may be inaccurate or cannot be obtained.
The active scan function cannot ensure 100% accuracy of the scanning result. In the IPC security management solution scenario, the scanning result for undesired information may be inaccurate or the two scanning results may be inconsistent.