Network Juniper Firewall Discovery

Nisha30 · Friday

Hello Experts,

Need advice please

we are using ITOM discovery for Network devices (Firewalls) based on SNMPv3

Issue: the device is discovered but it does not put the record in 'FIrewall' table instead we cna see SErviceNow has classified as IP ROUTER/ IP SWITCH.

This might not be wrong but we are wondering what has to be for ServiceNow to classify as Firewall , as there is a separate table -Firewall.

Can someone assist if my assumption is correct or they are okay as discovered because System -CLassify OID has received based on the configuration on network end.

Thanks

ayushraj7012933 · Friday

Hi @Nisha30 ,

This behavior is actually expected when using SNMP-based discovery.

In ServiceNow Discovery, device classification is primarily driven by the SNMP sysObjectID (OID) and how it maps to entries in the SNMP Classification table. If your firewall is getting classified as an IP Router or IP Switch, it means the OID returned by the device is mapped to those classes rather than to a firewall class.

Many firewall devices (such as Cisco ASA, Fortinet, etc.) also perform routing functions, and their OIDs often align more closely with router/switch classifications. So from a discovery standpoint, this is not incorrect behavior.

If you specifically want the CI to be created under the Firewall table (cmdb_ci_firewall), you can consider the following options:

Update or create an entry in the SNMP Classification table to map the device OID to the Firewall class
Review and, if needed, customize the relevant Discovery Pattern to set the CI class as Firewall
As an alternative, implement a post-discovery reclassification logic (e.g., Business Rule or Flow), though this is less preferred

Vishnu-K · Friday

Hey Nisha! What you're seeing is actually expected behavior — ServiceNow classifies devices based on the sysObjectID (OID) returned via SNMP, and if that OID is mapped to IP Router/Switch in the SNMP Classification table, that's where the CI lands.

To get it into the Firewall table (cmdb_ci_firewall), just go to All → Discovery Definition → CI Classification → SNMP System OIDs, find your Juniper device's OID From the Payload which you can find in the ecc queue and update the mapping to point to the Firewall class. If the OID isn't there yet, create a new entry for it.

These two docs should help:

Devices Misclassified as Router/Switch instead of Firewall – KB2528608 (this is your exact scenario)
Create a Discovery CI Classification – KB1844653

Screenshot 2026-04-17 at 6.32.23 PM.png

Hope that clears it up

If it helped you please do mark it as helpful and accept the solution

Thanks,

Vishnu