Next-Generation Cisco Firewall discovery

  • Release version: Yokohama
  • Updated May 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Next-Generation Cisco Firewall discovery

    The Next Generation Cisco Firewall discovery pattern in the ServiceNow Discovery application enables customers to identify and collect detailed information about Cisco firewall devices in their network. It uses SNMP calls to perform horizontal discovery, populating the Configuration Management Database (CMDB) with comprehensive firewall data. This pattern is compatible with the ServiceNow AI Platform® starting with the Madrid release and later.

    Show full answer Show less

    Prerequisites

    • Ensure SNMP access is enabled on the Cisco firewall devices.
    • Configure SNMP credentials on the ServiceNow instance to authenticate and communicate with the devices.
    • Add the Cisco device’s SNMP system OID record to the ServiceNow instance.
    • Update the Classifier and Class to include Cisco Firewall Device entries.

    Deployment Steps

    • Download and install the Firewall extension classes app from the ServiceNow Store to add necessary CMDB classes for firewall discovery.
    • Download and install the Discovery and Service Mapping Patterns application from the ServiceNow Store to obtain the latest discovery patterns.
    • Synchronize the discovery pattern with the appropriate MID Server to enable discovery execution.

    Key Features and Data Collected

    The discovery pattern gathers detailed attributes about Cisco firewall devices and related components, which it records in specific CMDB tables:

    • Cisco Firewall Device [cmdbcifirewalldevicecisco]: Serial number, name (usually FQDN), IP address, firmware version, manufacturer, model ID, hardware OS and version, description, operational and hardware status.
    • IP Address [cmdbciipaddress]: IP address and netmask of the firewall, with references to network adapters.
    • Network Adapter [cmdbcinetworkadapter]: IP address, alias, netmask, MAC address, name, and linkage to the firewall device.
    • DNS Name [cmdbcidnsname]: DNS name and corresponding IP address.

    Configuration Item (CI) Relationships

    The pattern creates relationships between discovered CIs to reflect the network topology and device hierarchy, such as:

    • Cisco Firewall Device owns IP Address and Network Adapter CIs.
    • The firewall device uses Router Interface CIs.
    • Network Adapters reference both IP Addresses and the Cisco Firewall Device.
    • Router Interfaces and Serial Numbers reference the Cisco Firewall Device.

    Benefits for ServiceNow Customers

    By implementing this discovery pattern, customers can automate the identification and detailed configuration capture of Cisco firewall devices, ensuring accurate and up-to-date CMDB records. This enhances visibility into firewall assets, supports impact analysis, and improves security and operational management within the ServiceNow platform.

    The ServiceNow Discovery application uses the Next Generation Cisco Firewall pattern to find Cisco firewalls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The discovery pattern uses a set of SNMP calls to find the Cisco firewalls. Discovery uses the pattern to run horizontal discovery.

    You can use this pattern on the ServiceNow AI Platform® using the Madrid release or later.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Ensure that your network firewall device has SNMP access.
    • On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    • Add the SNMP system OID record for the Cisco device to the ServiceNow instance. Update the following:
      • Classifier: Cisco Firewall
      • Class: Cisco Firewall Device
    • Deploy the pattern as follows:
      1. Download and install Firewall extension classes from the ServiceNow Store. The app adds the new CMDB classes required for network firewall discovery.
      2. Download and install the Discovery and Service Mapping Patterns application from the ServiceNow Store.
      3. Sync the pattern with the appropriate MID Server.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next Generation Cisco Firewall pattern.

    Table 1. Cisco Firewall Device [cmdb_ci_firewall_device_cisco]
    Field Description
    Serial number [serial_number] Serial number of the device.
    Name [name] Administratively assigned name for this managed node. By convention, this is the node's fully qualified domain name (FQDN).
    IP Address [ip_address] IP address of the device.
    Firmware version [firmware_version] Firmware version.
    Fully qualified domain name [fqdn] FQDN of the device.
    Manufacturer [manufacturer] Device manufacturer.
    Model ID [model_id] Device model name.
    Harware OS [hardware_os] Operating system (OS) running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Description [short_description] Short description of the Cisco device.
    Operational status [operational_status] Indicates if the device is in active state.
    Hardware Status [hardware_status] Detailed description of the current status of the resource.
    Table 2. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Cisco firewall.
    Netmask [netmask] Netmask of the Cisco firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.
    Table 3. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Alias [alias] User-assigned name for the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    MAC Address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Cisco Firewall Device [cmdb_ci_firewall_device_cisco] table.
    Table 4. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Name of the Domain Name System (DNS).
    IP Address [ip_address] IP address of the DNS.
    This Dependency Views map on the Cisco Firewall Device CI shows the Cisco Firewall Device.
    CIs and connections on a Dependency Views map

    CI relationships

    These relationships are created to support Cisco firewall discovery.

    CI Relationship CI
    Cisco Firewall Device [cmdb_ci_firewall_device_cisco] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Cisco Firewall Device [cmdb_ci_firewall_device_cisco] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Cisco Firewall Device [cmdb_ci_firewall_device_cisco] Uses::Used by Router Interface [dscy_router_interface]
    IP Address [cmdb_ci_ip_address] References Network Adapter [cmdb_ci_network_adapter]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Network Adapter [cmdb_ci_network_adapter] References Cisco Firewall Device [cmdb_ci_firewall_device_cisco]
    Router Interface [dscy_router_interface] References Cisco Firewall Device [cmdb_ci_firewall_device_cisco]
    Serial Number [cmdb_serial_number] References Cisco Firewall Device [cmdb_ci_firewall_device_cisco]