Palo Alto Firewall Discovery

Alex150
Mega Sage

Hello,

I'm trying to discover Palo Alto Firewall devices using OOTH patterns. During the discovery process I'm getting the error

Identification Engine: Discovery status is FAILURE, CI Type cmdb_ci_firewall_device_palo_alto cannot be created since there are no attributes defined. Debug pattern to understand why no attributes have been assigned.

I see that CI Class Manager Palo Alto configured to use "Hardware Identification Rule" for identification.
What am I missed? Or what customizations are required additionally?

find_real_file.png
1 ACCEPTED SOLUTION

Alex150
Mega Sage

The issue was resolved by support.

Was added a failover step to populate name at step11 and I have made the MakeAndModelJS script include to be accessible from all scope. Also added filter step at step 19.

They claim that this is already fixed in Paris and in Orlando patch.

View solution in original post

6 REPLIES 6

Ashutosh Munot1
Kilo Patron
Kilo Patron

Hi,

Even if the rule is configured check the payload which you get, are you getting all the attributes required in that payload or not.



Thanks,
Ashutosh

Hi,

HorizontalDiscoveryProbe Input payload doesn't contains required attributes, but as I can see, pattern collects all data successfully:

find_real_file.png

Abhishek Kuma11
ServiceNow Employee
ServiceNow Employee

Hi Alex,

Just to make sure the source of issue. Kindly debug the pattern till 'Step.18 i.e Create Reference between Serial Number and Palo Alto Firewall Device'. Now check the number of records in Palo Alto Firewall Device Table. If there are 2 records, then you will notice that one of the record is empty, and have no attributes populated.

In order to filter this add a New step at position of Step 18 (i.e right after step 17:Populate Palo Alto Firewall Device table). This step will filter the Palo Alto Firewall Device Table and will remove records which has empty Serial Number attribute.

 

PFA the screenshot of the step. Kindly debug the pattern again after adding this step to make sure that after execution of the newly added step, we have only 1 record in Palo Alto Firewall Device table. once this is verified, kindly save and publish the pattern, and perform sync pattern to mid. Run the discovery.find_real_file.png

Hope this helps.

 

Thanks

Hi Abhishek,

Thank you for reply.

There are no any records on Palo Alto Firewall Device table created. 

As I can see on 16th step generates Temporary table and there is result on the 17th step.

find_real_file.png

 

All required data were collect and the system must create a new record for specific device, but it happends nothing. If it possible that there are table security restriction or maybe I should populate cmdb_ci_firewall_device_palo_alto table with another operation?