Fortinet firewall and FortiGate VDOM REST-based discovery

  • Release version: Yokohama
  • Updated March 12, 2026
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Fortinet firewall and FortiGate VDOM REST-based discovery

    The Fortinet firewall and FortiGate VDOM REST-based discovery leverages the Next Generation Fortinet Network Firewall - REST pattern within ServiceNow’s Discovery and Service Mapping Patterns application. This approach uses REST API calls to identify Fortinet firewall devices and FortiGate Virtual Domains (VDOMs). It supports only multi-VDOM mode and requires the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Show full answer Show less

    This REST-based method uniquely discovers FortiGate VDOMs, unlike the SNMP-based discovery method which does not support VDOM detection.

    Key Features

    • REST API Integration: Uses specific Fortinet REST APIs to retrieve detailed firewall and VDOM information.
    • Multi-VDOM Support: Enables discovery of FortiGate devices operating in multi-VDOM mode.
    • Comprehensive CMDB Integration: Introduces new CI classes extending existing CMDB models for detailed representation of Fortinet firewalls, clusters, interfaces, policies, and VDOMs.
    • Data Model Extensions: Captures detailed attributes including hostname, serial number, IP addresses, firmware versions, interfaces, and firewall policies for enriched asset management.
    • CI Relationships: Establishes relationships between clusters, devices, interfaces, IP addresses, VDOMs, and policies to reflect accurate network topology and ownership.

    Prerequisites and Setup

    • Ensure the Discovery and Service Mapping Patterns application is updated to the latest version.
    • Create an API Token in Fortinet and verify sufficient API permissions for data retrieval.
    • Verify MID Server connectivity to Fortinet APIs.
    • Disable SNMP-based discovery to avoid conflicts with REST-based discovery.
    • Create an alias for API key credentials and configure serverless discovery schedules as needed.

    Practical Benefits for ServiceNow Customers

    This discovery pattern enables ServiceNow customers to accurately detect and map Fortinet firewall devices and VDOMs within their IT infrastructure. The enriched CMDB data supports improved visibility into Fortinet security assets, detailed network topology understanding, and better governance of firewall policies and configurations.

    By integrating Fortinet firewall details into the CMDB with appropriate relationships, customers can enhance incident, change, and asset management workflows tied to firewall infrastructure.

    Data Collected

    The discovery process collects key configuration and status information such as:

    • Device identification: hostname, serial number, model, firmware, OS version
    • Network details: IP addresses, MAC addresses, interface types, VLAN IDs
    • Firewall policies: policy IDs, source/destination interfaces and addresses, services managed
    • VDOM-specific data: VDOM names, descriptions, indexes, associated IP addresses

    CI Class Extensions and Relationships

    The solution extends the CMDB with specific Fortinet-related classes (firewall devices, clusters, interfaces, policies, VDOMs) and models important relationships such as:

    • Clusters hosting firewall devices
    • Devices owning network adapters and IP addresses
    • VDOMs containing interfaces and policies
    • Interfaces belonging to network topologies (e.g., VLANs)

    This structured data model supports comprehensive discovery and mapping of Fortinet firewall environments.

    The Discovery and Service Mapping Patterns application uses the Next Generation Fortinet Network Firewall - REST pattern to find Fortinet firewalls through REST API calls. Additionally, the pattern extension VDOM Discovery finds FortiGate Virtual Domains (VDOMs). Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The Next Generation Fortinet Network Firewall - REST pattern uses a set of REST API calls to find the Fortinet firewalls. For FortiGate VDOM discovery, only multi-VDOM mode is supported.

    Note:
    Only the REST-based Fortinet firewall discovery method finds FortiGate VDOMs. The SNMP-based Fortinet firewall discovery method doesn't discover them. For information about the default SNMP-based Fortinet firewall discovery, see Next-Generation Fortinet Network Firewall SNMP-based discovery.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    To learn about Fortinet Firewalls and their versions that you can discover, refer to Detailed information on products discovered by ITOM Visibility.

    Fortinet firewall and FortiGate VDOM data model

    The Next Generation Fortinet Network Firewall - REST pattern and VDOM Discovery extension introduce the following CI classes that extend existing CMDB classes.

    Table 1. CI classes introduced by these patterns
    CI class Extends from
    Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] Firewall Cluster [cmdb_ci_firewall_cluster]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Firewall Device [cmdb_ci_firewall_device]
    Fortinet Firewall Interface [cmdb_ci_fortinet_firewall_interface] Network Interface [cmdb_ci_ni_interface]
    Fortinet Firewall Policy [cmdb_ci_fortinet_firewall_policy] Firewall Security Policy [cmdb_ci_firewall_sec_policy]
    Fortinet Virtual Domain [cmdb_ci_fortinet_vdom] IP Firewall [cmdb_ci_ip_firewall]

    Prerequisites

    Verify that the applications are up to date
    • Discovery and Service Mapping Patterns
    • CMDB CI Class Models
    Create API Token
    Create an API Token in Fortinet. For instructions on creating an API Token, go to the Fortinet Document Library and search for the "Connect FortiGate device via API Token - Online Help" article under the FortiConverter Tool product family.
    Verify API access and permissions
    • Verify that the MID Server can access the Fortinet APIs.
    • Verify that the API Token has sufficient permissions to retrieve the required information from the Fortinet devices.
    Required Fortinet APIs:
    • v2/cmdb/system/global
    • api/v2/monitor/system/status
    • api/v2/cmdb/system/ha
    • api/v2/cmdb/router/static
    • /api/v2/cmdb/firewall/policy
    • api/v2/cmdb/system/vdom-property
    • api/v2/cmdb/system/interface
    • /api/v2/monitor/system/interface/select
    Disable SNMP-based Fortinet firewall discovery
    For more information, see Disable SNMP-based Fortinet firewall discovery.
    Create an alias for the API Key Credentials
    For more information, see Create an alias for the API key credential for Fortinet firewall REST-based discovery.
    Create a serverless discovery schedule
    For more information, see Create a serverless schedule for Fortinet firewall REST-based discovery.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next Generation Fortinet Network Firewall - REST pattern.

    Table 2. Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Field Description
    Name [name] Hostname field of the Fortinet device.
    Serial number [serial_number] Serial number of the Fortinet device.
    Fully qualified domain name [fqdn] Fully qualified domain name of the Fortinet device.
    Operational status [operational_status] Indicates whether the Fortinet device is in active state.
    IP Address [ip_address] IP address of the Fortinet device.
    Manufacturer [manufacturer] Fortinet device manufacturer.
    Description [short_description] Short description of the Fortinet device.
    Model Number [model_number] Fortinet device model number.
    Firmware version [firmware_version] Fortinet device firmware version.
    Hardware OS [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Table 3. Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet]
    Field Description
    Name [name] Hostname field of the Fortinet firewall cluster.
    Fully qualified domain name [fqdn] Fully qualified domain name of the firewall cluster.
    IP address [ip_address] IP address of the firewall cluster.
    Manufacturer [manufacturer] Device manufacturer.
    Description [short_description] Short description of the firewall cluster.
    Model Number [model_number] Device model number.
    Hardware OS [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Table 4. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    Alias [alias] User-assigned name for the network adapter.
    MAC Address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] table.
    Table 5. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Fortinet firewall.
    Netmask [netmask] Netmask of the Fortinet firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.

    Discovery populates the data in the CMDB when running the Next Generation Fortinet Network Firewall - REST pattern extension VDOM Discovery.

    Table 6. Fortinet Virtual Domain [cmdb_ci_fortinet_vdom]
    Field Description
    Vdom Index [vdom_index] Index of the VDOM in the list.
    Name [name] Name of the VDOM.
    Description [short_description] Description of the VDOM property that provides additional context or information about the purpose of the property.
    IP Address [ip_address] IP address of the Fortinet device associated with this VDOM.
    Table 7. Fortinet Firewall Interface [cmdb_ci_fortinet_firewall_interface]
    Field Description
    ID [id] Unique identifier for the interface. For example: port1.
    Name [name] Name of the interface. For example: LAN.
    IP Address [ip_address] IP address assigned to the interface.
    Description [short_description] Description of the interface, often used for documentation or identification purposes. For example: Main LAN interface.
    MAC Address [mac_address] MAC address of the interface.
    Access Type [access_type] Type of interface. For example: physical, VLAN, or aggregate.
    Table 8. Network Topology [cmdb_ci_network_topology]
    Field Description
    Name [name]

    Virtual LAN (VLAN) ID associated with the interface, if applicable.

    The format is: VLAN-{Vlan ID}. For example: VLAN-310.
    Table 9. Fortinet Firewall Policy [cmdb_ci_fortinet_firewall_policy]
    Field Description
    Policy ID [policy_id] Unique ID assigned to the policy in VDOM or device level.
    UUID [uuid] Global unique identifier (GUID) for the firewall policy.
    Name [name] Name of the policy.
    Source interface [source_interface] Network interface from which the traffic originates.
    Destination interface [destination_interface] Network interface to which the traffic is directed.
    Source address [source_address] Source address or address group from which traffic originates.
    Destination address [destination_address] Destination address or address group to which traffic is directed.
    Internet Service [internet_service] Service or application being managed by the policy, often represented by a service group or name.

    CI relationships

    The Next Generation Fortinet Network Firewall - REST pattern creates the following relationships and references to support Fortinet firewall discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.

    Table 10. CI relationships
    CI Relationship CI
    Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] Hosted on::Hosts Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Uses::Used by Router Interface [dscy_router_interface]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Table 11. CI references
    CI Field Referenced CI
    Serial Number [cmdb_serial_number] Configuration item [configuration_item] Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Network Adapter [cmdb_ci_network_adapter] Configuration Item [cmdb_ci] Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Router Interface [dscy_router_interface] Configuration Item [cmdb_ci] Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    IP Address [cmdb_ci_ip_address] Nic [nic] Network Adapter [cmdb_ci_network_adapter]

    The VDOM Discovery extension creates the following relationships to support FortiGate VDOM discovery.

    Table 12. CI relationships
    CI Relationship CI
    Fortinet Virtual Domain [cmdb_ci_fortinet_vdom] Contains::Contained by Fortinet Firewall Interface [cmdb_ci_fortinet_firewall_interface]
    Fortinet Virtual Domain [cmdb_ci_fortinet_vdom] Contains::Contained by Fortinet Firewall Policy [cmdb_ci_fortinet_firewall_policy]
    Fortinet Virtual Domain [cmdb_ci_fortinet_vdom] Hosted on::Hosts Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Fortinet Firewall Interface [cmdb_ci_fortinet_firewall_interface] Members::Member of Network Topology [cmdb_ci_network_topology]