ServiceNow Firewall network architecture

Go to solution
vladimircheresh
Kilo Contributor

‎01-23-2018 06:58 AM

Hello,

Can someone elaborate on the following network diagram below that seems to be the standard for SNOW customers, in particular the pair of firewalls on the left-hand side (ServiceNow datacenter).

Are those firewalls owned and managed by ServiceNow in their datacenters? My impression is that there is no firewalls filtering inbound/outbound traffic from/to ServiceNow side but only can be within customer network font of any customer servers (right-hand side).

Normally users/MID can reach any ServiceNow Instance via HTTPS without any firewall configuration on SNOW side and it's open network by default. Am I correct?

find_real_file.png

Preview file
93 KB
0 Helpfuls
  • 5,509 Views
1 ACCEPTED SOLUTION

Go to solution
bernyalvarado
Mega Sage
In response to vladimircheresh

‎01-23-2018 09:30 AM

Hi Vladimir,



Perhaps the picture you posted is cropped or something but the only thing I can see on the left side of your picture is the ServiceNow side.



Still, to answer your question... anything that is available at the internet level should be accessible from ServiceNow. For instance, lets say I want to call an API from XYZ internet service; ServiceNow is capable of doing that. There are no rules that needs to be configured for that. Same will apply for a "sftp" at the customer side that is open to all the world; that will then be available to ServiceNow as well.



In general terms, if it's open ServiceNow can reach to it. If it's restricted by network configurations, etc... then a MID Server must exist within that network segment.



find_real_file.png



Thanks,


Berny


View solution in original post

Preview file
355 KB
0 Helpfuls
8 REPLIES 8

Go to solution
vladimircheresh
Kilo Contributor
In response to bernyalvarado

‎01-23-2018 09:02 AM

Hi Berny,



Thanks for you answer as well!


The concept of top left part is pretty much clear to me now. What about bottom left part where you configure 'data source' to pull data via sftp from internet facing server in the customer network? You go down that network path then. You might skip MID server configuration, however have to make sure the source subnet range is allowed on the firewalls.



Regards,


Vladimir


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to vladimircheresh

‎01-23-2018 09:30 AM

Hi Vladimir,



Perhaps the picture you posted is cropped or something but the only thing I can see on the left side of your picture is the ServiceNow side.



Still, to answer your question... anything that is available at the internet level should be accessible from ServiceNow. For instance, lets say I want to call an API from XYZ internet service; ServiceNow is capable of doing that. There are no rules that needs to be configured for that. Same will apply for a "sftp" at the customer side that is open to all the world; that will then be available to ServiceNow as well.



In general terms, if it's open ServiceNow can reach to it. If it's restricted by network configurations, etc... then a MID Server must exist within that network segment.



find_real_file.png



Thanks,


Berny


Preview file
355 KB
0 Helpfuls

Go to solution
ajbarnes
Tera Expert
In response to bernyalvarado

‎02-05-2018 05:41 PM

Greetings Vladimir,


Please mark the response as correct if it is - so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.



How to Mark Answers Correct From Inbox View.


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage

‎01-23-2018 08:10 AM

I hope the above helps vladimirchereshev



Thanks,


Berny


0 Helpfuls