Map Fortinet CIs and relationships

  • Release version: Australia
  • Updated June 16, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Map Fortinet CIs and relationships

    The Service Graph Connector (SGC) for Fortinet SD-WAN enables ServiceNow customers to automatically discover and map physical and logical network resources into telecom-aligned configuration item (CI) classes within the Configuration Management Database (CMDB). This connector supports consistent service modeling, enhances visibility into chassis-level components, and automates creation of logical and physical relationships, helping maintain a clean and normalized CMDB across multiple vendors.

    Show full answer Show less

    Key Features

    • Automated CI Classification and Mapping: Uses the Robust Transform Engine (RTE) and Identification and Reconciliation Engine (IRE) to accurately classify and insert discovered CIs based on device type, function, and chassis structure.
    • Comprehensive CI Types and Relationships: Maps multiple Fortinet components such as network sites, IP routers (FortiGate devices), slots, subslots (network cards), network interfaces, network service instances, groups, and IP addresses into corresponding CMDB classes, preserving hierarchical and membership relationships.
    • Logical Interface Discovery: Supports discovery of logical interfaces like tunnels and VPNs, creating individual network interface CIs for each, allowing interface-level metric correlation and reporting.
    • Firmware Version Handling: Automatically calculates firmware versions for IP routers by combining osver, mr, and patch fields from Fortinet inventory. Customers can customize this calculation via an extension point to define their own version format if needed.
    • Model Normalization: Transforms Fortinet-discovered model names to ServiceNow AI Platform standard model identifiers and categories, ensuring consistent data across devices and vendors.

    Practical Benefits for ServiceNow Customers

    • Enables accurate and automated population of Fortinet SD-WAN physical and logical infrastructure data into the CMDB.
    • Maintains a normalized and organized CMDB that reflects detailed device hierarchies and relationships, essential for telecom-aligned service modeling.
    • Improves operational visibility and supports precise metric reporting at the interface level, including tunnels and VPN interfaces.
    • Provides flexibility to adapt firmware version reporting to organizational standards through an easy-to-implement extension.
    • Enhances cross-vendor CMDB consistency by adhering to ServiceNow’s standardized model identifiers and categories.

    Use the Service Graph Connector (SGC) for Fortinet SD-WAN to map discovered physical and logical network resources to telecom-aligned configuration item (CI) classes in the Configuration Management Database (CMDB). Service Graph Connectors support consistent service modeling, provide visibility into chassis-level components, and automate the creation of logical and physical relationships.

    To confirm accurate CI classification and insertion, the connector uses the Robust Transform Engine (RTE) and Identification and Reconciliation Engine (IRE).

    The connector classifies and relates discovered CIs using telecom-specific models based on device type, function, and chassis structure. This organization helps maintain a clean and normalized CMDB across vendors. Discovered model names from Fortinet are automatically transformed into ServiceNow AI Platform standard model identifiers and categories for slot and subslot components.

    CI mapping and relationships

    The following table lists the CI object types in the CMDB that can be discovered, along with their representations in the CMDB and how they relate to one another.
    Table 1. CMDB CI Mapping and Relationships (Physical Layer)
    CMDB CI Class CMDB CI Table CMDB Hierarchy Object types/models Description and Relationships
    Network site cmdb_ci_ni_site CI → Site →Network Site Organization network
    • Represents the physical location of IP routers according to their longitude, latitude, and address.
    • Network site contains IP routers and network interfaces.
    • Network site is a member of a group.
    IP router cmdb_ci_ip_router CI → HW →NG → IP router SD-WAN Edge/ network or service router is represented by the IP router
    • Represents the FortiGate device.
    • Contains network interface CIs.
    • Contained by network sites and network service instances.
    • IP router is a member of a group.
    Slot cmdb_ci_container_slot HW → Equipment → holder → Slot Slot
    • Slot is the main device in the network hierarchy.
    • Contains slots for IP routers, IP switches, power supply units, and fans.
    Subslot cmdb_ci_container_subslot HW → Equipment → holder → Slot Subslot
    • Network card is the main device in the network hierarchy.
    • Contains IP router, IP switch sublots (small form-factor pluggable or child cards).
    Network Interface CI cmdb_ci_ni_interface Port → Network Port → Network interface The list of support port models is defined in the vendor-specific network physical information.
    • IP router, IP switch, or wireless access point is the main device in the network hierarchy.
    • Network card within the IP router or IP switch is the primary component.
    • Represents the physical ports contained within the device (IP router).
    Network service instance cmdb_ci_network_service_instance CI → Service instance → Network service instance Network service instance
    • Network service instance includes IP routers and network interfaces.
    • Network site is a member of a group.
    Group cmdb_ci_group CI → Group Represents organization Network sites and network service instance are members.
    IP Address CI cmdb_ci_ip_address CI → IP address Represents discovered IP addresses for CIs. Owned by the corresponding CI.

    Discovered logical interfaces

    In addition to physical ports, the SGC discovers logical interfaces, such as tunnel and VPN interfaces (for example, Hub1-inetVPN, inetVPN, and mplsVPN), from the Fortinet inventory. Each logical interface is created as a network interface CI (cmdb_ci_ni_interface) and related to its parent device (IP router) CI.

    Because a CMDB CI exists for each logical interface, metrics that report against a logical interface name are mapped to the corresponding logical interface CI rather than to the parent device CI. This mapping enables interface-level metric correlation and reporting for tunnel and VPN interfaces.

    Firmware version calculation

    When the SGC discovers an IP router, it sets the firmware version on the cmdb_ci_ip_router CI by joining the device os_ver, mr, and patch fields from the Fortinet inventory with periods. For example, a device with os_ver=7, mr=4, and patch=11 resolves to 7.4.11, matching the value shown in the Fortinet GUI. If any of these fields is missing, the firmware version is left empty.

    To calculate the firmware version differently, override the default with the sn_sgc_fortinet.FortinetCustomizedFirmwareVersion extension point. Create an implementation that defines a formatFirmwareVersion(device) handler, where device is the Fortinet device object returned by the API. Return your own version string from the handler, or return null to use the default calculation.