Next-Generation Fortinet Network Firewall SNMP-based discovery

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Next-Generation Fortinet Network Firewall SNMP-based discovery

    The Next Generation Fortinet Network Firewall SNMP-based discovery is a feature within the Discovery and Service Mapping Patterns application of ServiceNow, designed to identify Fortinet firewalls using SNMP calls. To utilize this feature, users may need to update the Discovery and Service Mapping Patterns application from the ServiceNow Store. It's important to note that while this method effectively discovers many Fortinet devices, it does not support the discovery of FortiGate Virtual Domains (VDOMs), which require a REST-based discovery method.

    Show full answer Show less

    Key Features

    • SNMP-Based Discovery: Utilizes SNMP calls to discover Fortinet firewalls.
    • Horizontal Discovery: Runs horizontal discovery to populate the CMDB with firewall data.
    • CMDB Population: Collects critical information such as hostname, IP address, model number, and operational status of the firewalls.

    Prerequisites

    • Ensure the Discovery and Service Mapping Patterns application is up to date.
    • Verify CMDB CI Class Models are configured correctly.
    • Confirm SNMP access is enabled on the Fortinet firewall device.
    • Configure SNMP credentials on your ServiceNow instance.
    • Add the SNMP system OID record for the Fortinet device to the ServiceNow instance.

    Key Outcomes

    Upon successful discovery, the following data is populated in the CMDB:

    • Fortinet Firewall Cluster: Includes fields like hostname, IP address, manufacturer, and operating system version.
    • Fortinet Firewall Device: Captures device-specific information such as serial number, firmware version, and operational status.
    • IP Address and Network Adapter: Details related to the IP addresses and network adapters associated with the firewall devices.

    Additionally, configuration item (CI) relationships are established to support the mapping of Fortinet devices and their respective clusters, enhancing visibility and management within IT operations.

    The Discovery and Service Mapping Patterns application uses the Next Generation Fortinet Network Firewall pattern to find Fortinet firewalls through a series of SNMP calls. Discovering some of these resources requires updating the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The Next Generation Fortinet Network Firewall pattern uses a set of SNMP calls to find the Fortinet firewalls. Discovery uses the pattern to run horizontal discovery.

    Note:
    Only the REST-based Fortinet firewall discovery method finds FortiGate VDOMs. The SNMP-based Fortinet firewall discovery method doesn't discover them. For information on REST-based Fortinet firewall and FortiGate Virtual Domains (VDOMs) discovery, see Fortinet firewall and FortiGate VDOM REST-based discovery.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    To learn about Fortinet firewalls and their versions that you can discover, refer to Detailed information on products discovered by ITOM Visibility.

    Prerequisites

    Verify the applications are up to date
    • Discovery and Service Mapping Patterns
    • CMDB CI Class Models
    Ensure SNMP access
    Ensure that your Fortinet firewall device has SNMP access.
    Configure SNMP credentials
    On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    Add SNMP system OID record to ServiceNow instance
    Add the SNMP system OID record for the Fortinet device to the ServiceNow instance. Update the following:
    • Classifier: Fortinet Firewall
    • Class: Fortinet Firewall Device
    Run a horizontal discovery
    For more information, see Running discoveries in your network.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next Generation Fortinet Network Firewall Pattern.

    Table 1. Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet]
    Field Description
    Name [name] Hostname.
    Fully qualified domain name [fqdn] Fully qualified domain name.
    IP address [ip_address] IP address.
    Manufacturer [manufacturer] Device manufacturer.
    Description [short_description] Short description of the Fortinet firewall cluster.
    Model Number [model_number] Device model number.
    Hardware Operating System [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Table 2. Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Field Description
    Name [name] Hostname.
    Serial Number [serial_number] Serial number of the device.
    Fully qualified domain name [fqdn] Fully qualified domain name.
    Operational Status [operational_status] Indicates if the device is in active state.
    IP address [ip_address] IP address.
    Manufacturer [manufacturer] Device manufacturer.
    Description [short_description] Short description of the device.
    Model Number [model_number] Device model number.
    Firmware [firmware_version] Firmware version.
    Hardware Operating System [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Table 3. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Fortinet firewall.
    Netmask [netmask] Netmask of the Fortinet firewall.
    Table 4. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    Alias [alias] User-assigned name for the network adapter.
    MAC Address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Table 5. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Name of the Domain Name System (DNS).
    IP Address [ip_address] IP address of the DNS.
    This Dependency Views map on the Fortinet Firewall Device CI shows the Fortinet Firewall Cluster to which it belongs.
    CIs and connections on a Dependency Views map

    CI relationships

    These relationships are created to support Fortinet firewall discovery.

    CI Relationship CI
    Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] Extends from Firewall Cluster [cmdb_ci_firewall_cluster]
    Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] Hosted on::Hosts Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Extends from Firewall Device [cmdb_ci_firewall_device]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] Uses::Used by Router Interface [dscy_router_interface]
    IP Address [cmdb_ci_ip_address] References Network Adapter [cmdb_ci_network_adapter]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Network Adapter [cmdb_ci_network_adapter] References Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Router Interface [dscy_router_interface] References Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]
    Serial Number [cmdb_serial_number] References Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet]