How to get discovery to classify a palo alto networks device

HugoFirst · ‎10-29-2019

Discovery does not classify a palo alto networks device.

Here's the pertinent information:

1. The mid-server has access to the IP address.

2. Discovery runs several probes on the IP:
- Shazzam
- UNIX CLassify ( which fails due to no credentials )
- SNMP Classify returns 146 OIDs
- HTTPCLASSY returns a URL https://<IP_ADDRESS>:443/mgmt/tm/ltm

Of the OIDs, returned by SNMP Classify , this is a couple that look promising:
<mib-2 oid="1.3.6.1.2.1">
<system oid="1.3.6.1.2.1.1">
<sysName oid="1.3.6.1.2.1.1.5" type="SnmpOctetString">dsdc-panorama</sysName>
<sysUpTime oid="1.3.6.1.2.1.1.3" type="SnmpTimeTicks">54329514</sysUpTime>
<sysDescr oid="1.3.6.1.2.1.1.1" type="SnmpOctetString">Palo Alto Networks M-Series Appliance</sysDescr>
<sysObjectID oid="1.3.6.1.2.1.1.2" type="SnmpObjectId">.1.3.6.1.4.1.25461.2.3.40</sysObjectID>

Yet no CI is created in the CMDB.

FWIW: I have added an entry in the OID table, but it has no effect.

I would appreciate any advice.

HugoFirst · ‎12-09-2019

FYI: I wanted to follow up to answer my own question with the action that ultimately worked.

I had to add an OID to the SNMP OID Classification table ( discovery_snmp_oid ).

The value of the OID is 1.3.6.1.4.1.25461.2.3.40

This matches the value from one of the OID's returrned by the device:

<sysObjectID oid="1.3.6.1.2.1.1.2" type="SnmpObjectId">.1.3.6.1.4.1.25461.2.3.40</sysObjectID>

Note that I removed the leading dot ( "." ) from the value in the OID table.

Here's what the entry looks like:

View solution in original post

HugoFirst · ‎12-09-2019

FYI: I wanted to follow up to answer my own question with the action that ultimately worked.

I had to add an OID to the SNMP OID Classification table ( discovery_snmp_oid ).

The value of the OID is 1.3.6.1.4.1.25461.2.3.40

This matches the value from one of the OID's returrned by the device:

<sysObjectID oid="1.3.6.1.2.1.1.2" type="SnmpObjectId">.1.3.6.1.4.1.25461.2.3.40</sysObjectID>

Note that I removed the leading dot ( "." ) from the value in the OID table.

Here's what the entry looks like:

Community Alums · ‎01-05-2020

Hi Hugo,

We need to integrate ServiceNow and Palo Alto.

The current set up has discovery jobs running that updates the cmdb.

How can I access Palo Alto firewalls to discover virtual CI's?

Do you have any documentation or can you please guide.

Which plugin should I activate here?