Next-Generation Fortinet Network Firewall SNMP-based discovery

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Next-Generation Fortinet Network Firewall SNMP-based discovery

    The Next-Generation Fortinet Network Firewall SNMP-based discovery pattern enables ServiceNow Discovery to identify Fortinet firewall devices using SNMP calls. This facilitates populating the Configuration Management Database (CMDB) with detailed firewall device and cluster information. It is important to note that this SNMP-based method doesnotdiscover FortiGate Virtual Domains (VDOMs); for those, the REST-based Fortinet firewall discovery method should be used.

    Show full answer Show less

    Customers should ensure they have the latest Discovery and Service Mapping Patterns application from the ServiceNow Store to use this pattern effectively.

    Prerequisites

    • Ensure Discovery and Service Mapping Patterns and CMDB CI Class Models applications are up to date.
    • Configure SNMP access on Fortinet firewall devices.
    • Set up SNMP credentials within the ServiceNow instance.
    • Add the Fortinet SNMP system OID record to the ServiceNow instance, updating the appropriate classifier and class for Fortinet Firewall Device.

    Key Features

    • Discovers Fortinet Firewall Clusters and Devices, extending existing CMDB classes for accurate representation.
    • Collects detailed device attributes such as hostname, IP address, manufacturer, model number, firmware version, operating system, and serial number.
    • Populates related CI classes including IP Address, Network Adapter, and DNS Name with relevant network and device data.
    • Establishes relationships between firewall clusters, devices, IP addresses, network adapters, and router interfaces to provide a holistic view of the firewall infrastructure.

    Data Collected

    The discovery populates multiple CI classes with key fields, including:

    • Fortinet Firewall Cluster: hostname, FQDN, IP address, manufacturer, model number, OS and its version, and description.
    • Fortinet Firewall Device: hostname, serial number, FQDN, operational status, IP address, manufacturer, model number, firmware, OS, and description.
    • IP Address and Network Adapter: IP addresses, netmask, MAC address, adapter name, and association to firewall devices.
    • DNS Name: DNS name and associated IP address.

    CI Relationships and References

    The pattern creates and manages relationships such as:

    • Firewalls hosted within clusters.
    • Devices owning IP addresses and network adapters.
    • Network adapters owning IP addresses.
    • Devices using router interfaces.

    These relationships enhance the CMDB's representation of the Fortinet firewall environment, supporting accurate dependency mapping and operational insights.

    Practical Outcomes for ServiceNow Customers

    By implementing this SNMP-based discovery pattern, customers can automate the detection and inventory of Fortinet firewall devices within their network, ensuring the CMDB reflects up-to-date and comprehensive firewall data. This supports improved network visibility, security management, and service impact analysis. Customers needing to discover FortiGate VDOMs must supplement this with the REST-based discovery method.

    The Discovery and Service Mapping Patterns application uses the Next Generation Fortinet Network Firewall pattern to find Fortinet firewalls through a series of SNMP calls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The Next Generation Fortinet Network Firewall pattern uses a set of SNMP calls to find the Fortinet firewalls. Discovery uses the pattern to run horizontal discovery.

    Note:
    Only the REST-based Fortinet firewall discovery method finds FortiGate VDOMs. The SNMP-based Fortinet firewall discovery method doesn't discover them. For information on REST-based Fortinet firewall and FortiGate Virtual Domains (VDOMs) discovery, see Fortinet firewall and FortiGate VDOM REST-based discovery.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    To learn about Fortinet firewalls and their versions that you can discover, refer to Detailed information on products discovered by ITOM Visibility.

    Fortinet Firewall data model

    The Next Generation Fortinet Network Firewall pattern introduces the following CI classes that extend an existing CMDB class.

    Table 1. CI classes introduced by this pattern
    CI class Extends from
    Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] Firewall Cluster [cmdb_ci_firewall_cluster]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Firewall Device [cmdb_ci_firewall_device]

    Prerequisites

    Verify the applications are up to date
    • Discovery and Service Mapping Patterns
    • CMDB CI Class Models
    Ensure SNMP access
    Ensure that your Fortinet firewall device has SNMP access.
    Configure SNMP credentials
    On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    Add SNMP system OID record to ServiceNow instance
    Add the SNMP system OID record for the Fortinet device to the ServiceNow instance. Update the following:
    • Classifier: Fortinet Firewall
    • Class: Fortinet Firewall Device
    Run a horizontal discovery
    For more information, see Running discoveries in your network.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next Generation Fortinet Network Firewall Pattern.

    Table 2. Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet]
    Field Description
    Name [name] Hostname.
    Fully qualified domain name [fqdn] Fully qualified domain name.
    IP address [ip_address] IP address.
    Manufacturer [manufacturer] Device manufacturer.
    Description [short_description] Short description of the Fortinet firewall cluster.
    Model Number [model_number] Device model number.
    Hardware Operating System [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Table 3. Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Field Description
    Name [name] Hostname.
    Serial Number [serial_number] Serial number of the device.
    Fully qualified domain name [fqdn] Fully qualified domain name.
    Operational Status [operational_status] Indicates if the device is in active state.
    IP address [ip_address] IP address.
    Manufacturer [manufacturer] Device manufacturer.
    Description [short_description] Short description of the device.
    Model Number [model_number] Device model number.
    Firmware [firmware_version] Firmware version.
    Hardware Operating System [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Table 4. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Fortinet firewall.
    Netmask [netmask] Netmask of the Fortinet firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.
    Table 5. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    Alias [alias] User-assigned name for the network adapter.
    MAC Address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] table.
    Table 6. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Name of the Domain Name System (DNS).
    IP Address [ip_address] IP address of the DNS.
    This Dependency Views map on the Fortinet Firewall Device CI shows the Fortinet Firewall Cluster to which it belongs.
    CIs and connections on a Dependency Views map

    CI relationships

    The Next Generation Fortinet Network Firewall pattern creates the following relationships and references to support Fortinet firewall discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.

    Table 7. CI relationships
    CI Relationship CI
    Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] Hosted on::Hosts Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Uses::Used by Router Interface [dscy_router_interface]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Table 8. CI references
    CI Field Referenced CI
    Serial Number [cmdb_serial_number] Configuration item [configuration_item] Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Network Adapter [cmdb_ci_network_adapter] Configuration Item [cmdb_ci] Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Router Interface [dscy_router_interface] Configuration Item [cmdb_ci] Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    IP Address [cmdb_ci_ip_address] Nic [nic] Network Adapter [cmdb_ci_network_adapter]