Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Discovery - IP Ranges

akarumuri
Tera Contributor

3 weeks ago

I’m having an issue where Discovery continues to scan a firewall that should be excluded. I’ve configured both IP range and IP list exclusions, and also inactivated the IP range, but none of these changes have worked. Has anyone run into this before or know how to properly stop Discovery from scanning a specific IP?

0 Helpfuls
  • 483 Views
5 REPLIES 5

Vishnu-K
Kilo Sage

3 weeks ago

Hi @akarumuri ,

If you have already created ip ranges and you want to exclude the ip's from a specific ip range list then go discovery_range_item table and open the IP Range in which you have the exclusion IP's and add them in the Discovery Range Item Excludes as shown in below image.

 
 

Screenshot 2026-04-07 at 11.36.28 AM.png

But if you have IP's you want to exclude from different IP range Lists and From same discovery schedule you can go to the discovery schedule where you have to exclude the IP's and add them in the Global IP Exclusion.
Screenshot 2026-04-07 at 11.47.20 AM.png

 

Any of the above methods will help you out .

 

If this helped you please do mark it as helpful and accept the solution 

 

Thanks,

Vishnu

0 Helpfuls

akarumuri
Tera Contributor
In response to Vishnu-K

3 weeks ago

Thanks for the reply, Vishnu. I excluded the IP in both sections, but Discovery is still scanning the firewall.

Here’s what I’ve done so far:

  1. Added the IP address to the global IP exclusions list.

  2. Discovery Schedules → Rapid 7DSC: Range is 172.19.0.1–172.19.0.254 (includes 172.19.0.145), but I added the exclusion here.

  3. Discovery Schedules → Rapid : Same range, and the exclusion was added here as well.

  4. MID Server: → IP Ranges: Added exclusion for 172.19.0.145.

  5. Checked Discovery Affinity and couldn’t find 172.19.0.145 listed.

Discovery still attempts to scan it despite these exclusions

0 Helpfuls

Vishnu-K
Kilo Sage
In response to akarumuri

3 weeks ago

Hi @akarumuri ,

 

Most likely the issue will be :

 

Another device in 172.19.0.x is returning the firewall IP in its ARP/routing table → Discovery auto

queues it → your schedule exclusion is bypassed entirely here.

 

Verification steps :

  • Open the Discovery Status log for the scan hitting 172.19.0.145
  • Look at the Source  was it queued from a schedule, or from a parent CI's probe result?
  • If triggered by a neighbor device, you need to suppress it at the Network, not the schedule level

If this helped you please do mark it as helpful and accept the solution 

 

Thanks,

Vishnu

 

0 Helpfuls

akarumuri
Tera Contributor
In response to Vishnu-K

3 weeks ago

Thanks for the reply, Vishnu. I excluded the IP in both sections, but Discovery is still scanning the firewall.

Here’s what I’ve done so far:

  1. Added the IP address to the global IP exclusions list.

  2. Discovery Schedules → Rapid 7DSC: Range is 172.19.0.1–172.19.0.254 (includes 172.19.0.145), but I added the exclusion here.

  3. Discovery Schedules → Rapid GOC: Same range, and the exclusion was added here as well.

  4. MID Server: mid.prod.disc.goc → IP Ranges: Added exclusion for 172.19.0.145.

  5. MID Server: mid.prod.disc.socc → IP Ranges: Added exclusion for 172.19.0.145.

  6. Checked Discovery Affinity and couldn’t find 172.19.0.145 listed.

Discovery still attempts to scan it despite these exclusions

0 Helpfuls