Palo Alto Networks firewall discovery

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Palo Alto Networks Firewall Discovery

    The ServiceNow Discovery application utilizes the Next-Generation Palo Alto Firewall pattern to detect Palo Alto Networks firewalls. Employing SNMP calls, this pattern facilitates horizontal discovery of these devices. To enhance functionality, updates from the ServiceNow Store may be necessary.

    Show full answer Show less

    Key Features

    • SNMP Access: Ensure your network firewall device has SNMP access and configure SNMP credentials in your ServiceNow instance.
    • CMDB Population: Discovery populates the Configuration Management Database (CMDB) with essential details such as IP address, serial number, and operational status of the firewall device.
    • Installation Requirements: Download and install the Firewall extension classes and discovery pattern from the ServiceNow Store, and sync with the appropriate MID Server.

    Key Outcomes

    Implementing the Palo Alto Networks Firewall discovery allows customers to:

    • Automatically gather crucial device information for better management.
    • Ensure accurate tracking of network firewall devices within the CMDB.
    • Establish CI relationships that support comprehensive visibility and operational insights.

    The ServiceNow Discovery application uses the Next-Generation Palo Alto Firewall pattern to find Palo Alto Networks firewalls. Discovering some of these resources requires updating the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The discovery pattern uses a set of SNMP calls to find the Palo Alto Networks firewalls. Discovery uses the pattern to run horizontal discovery.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Ensure that your network firewall device has SNMP access.
    • On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    • Add the SNMP system OID record for the Palo Alto Networks device to the ServiceNow instance. Update the following:
      • Classifier: Palo Alto Firewall
      • Class: Palo Alto Firewall Device
    • Deploy the pattern as follows:
      1. Download and install Firewall extension classes from the ServiceNow Store. The app adds the new CMDB classes required for network firewall discovery.
      2. Download and install the discovery pattern from the ServiceNow Store.
      3. Sync the pattern with the appropriate MID Server.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next-Generation Palo Alto Firewall Pattern.

    Table 1. Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Field Description
    IP Address [ip_address] IP address of the Palo Alto device.
    Serial number [serial_number] Serial number of the Palo Alto device.
    Fully qualified domain name [fqdn] Fully qualified domain name (FQDN) of the Palo Alto device.
    Manufacturer [manufacturer] Palo Alto device manufacturer.
    Model ID [model_id] Model ID of the Palo Alto device.
    Operational status [operational_status] Indicates whether the Palo Alto device is in active state.
    Hardware OS [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Description [short_description] Short description of the Palo Alto device.
    Firmware version [firmware_version] Palo Alto device firmware version.
    Table 2. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Alias [alias] The user-assigned name for the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    MAC address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] table.
    Table 3. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Palo Alto firewall.
    Netmask [netmask] Netmask of the Palo Alto firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.
    Table 4. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Domain Name System (DNS) name of the Palo Alto firewall device.
    IP Address [ip_address] Host IP address.

    CI relationships

    These relationships are created to support Palo Alto Networks firewall discovery:

    CI Relationship CI
    IP Address [cmdb_ci_ip_address] References Netwrk Adapter [cmdb_ci_network_adapter]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Netwrk Adapter [cmdb_ci_network_adapter] References Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Extends from Firewall Device [cmdb_ci_firewall_device]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Owns::Owned by Netwrk Adapter [cmdb_ci_network_adapter]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Uses::Used by Router Interface [dscy_router_interface]
    Router Interface [dscy_router_interface] References Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Serial Number [cmdb_serial_number] References Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]