Duplicate network adapter created
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2025 03:48 AM
We are discovering the "Fortinet Firewall Device" using SNMP. After discovering it network adapter is discovered but rather then updating the same it is creating a new record. I check the identifier and the cmdb_rel_ci table there is a correct dependency existed between the Fortinet Firewall device and to the network adapter. Then what would be the possible reason for this duplicate record creation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2025 06:12 AM
Hi @Adarsh_raj ,
As per my understanding what’s Happening
* Your Fortinet Firewall CI is being discovered via SNMP.
* Network Adapters (cmdb_ci_network_adapter) are created as related CIs.
* Instead of updating the existing adapter, new ones are being inserted.
* Even though the cmdb_rel_ci relationship to the Firewall looks correct, Discovery is not matching the existing adapter → so the Identification & Reconciliation Engine (IRE) treats it as a new CI.
Common Causes of Duplicate Network Adapter Records
1. Identifier Rule mismatch
* The IRE for cmdb_ci_network_adapter uses MAC Address (and sometimes IP Address) as the primary identity field.
* If Discovery is retrieving:
* A different MAC address format (e.g., uppercase vs lowercase, missing leading zeros, colons vs dashes).
* Or blank/empty MAC manufacturer field (as seen in your screenshot).
→ It won’t match the existing record, so a new CI is inserted.
2. Multiple IPs on same adapter
* If SNMP reports multiple IPs bound to the same adapter, Discovery may treat them as different interfaces, creating duplicates unless the identifier rule is tuned.
3. SNMP data inconsistency
* Some firewalls expose logical interfaces that appear as “new” adapters during every discovery run.
4. Incorrect reconciliation precedence
* If another data source (manual entry, integration, etc.) populated network adapters earlier, but Discovery source is not set with higher precedence, IRE may reject updates.
Solution Steps which might helps you -
1. Check the Identifier Rule
* Go to Identification Rules → search for Network Adapter [cmdb_ci_network_adapter].
* Confirm that it uses MAC Address as the unique identifier.
* Ensure Discovery is actually populating mac_address consistently.
If mac_address is empty for some adapters (like in your screenshot), IRE cannot reconcile → duplicates are created.
2. Normalize MAC Address Format
* Use a Transform Map / ECC Queue Probe Rule / Post-processing script to normalize MACs to a consistent format (e.g., 00:09:0F:09:46:1B).
* You can also extend the Network Adapter Identification Rule to ignore case and delimiters.
3. Adjust Reconciliation Rules
* Go to Reconciliation Definition for cmdb_ci_network_adapter.
* Ensure Discovery has highest precedence for mac_address, ip_address, etc.
* This prevents other sources from blocking Discovery’s update.
4. Handle Virtual/Logical Interfaces
* On Fortinet devices, many virtual interfaces appear with duplicated or missing MACs.
* Best practice: filter out non-physical adapters in your Discovery Pattern or post-processing.
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025
