"Palo Alto - Firewall Manager" Discovery Pattern Error

Hayden Reid
Tera Guru

Hello,

We're encountering issues while setting up an OOB serverless execution pattern for our Palo Alto Firewalls to populate the CMDB with device data from Panorama.

We're getting two specific errors:
"Pattern exit because Graceful Termination, reason: Panorama manager information is empty. Please check Mid Server logs for more information. Failed Condition(s): [(${panorama_system_info} : value=) IS NOT EMPTY ]"

 

From Pattern Designer Debugging:
Pattern does not lead to the creation of any CI, please check the correctness of the identification sections. (immediately follows the previous message).

The pattern's javascript that throws the error is:
var panoramaSysInfoUrl = ${panoramaUrl} + "?key=" + ${apiKey} + encodeURI("&type=op&cmd=");
rtrn = firewallMgmtUtils.fetchPanoramaInfo(panoramaSysInfoUrl, trustInsecureHosts);

step { name = "Exit if panorama manager info is empty"

match { is_not_empty {get_attr {"panorama_system_info"}} terminate_op = graceful terminate_msg = "Panorama manager information is empty. Please check Mid Server logs for more information."

}

}


Here are some of the steps we've already taken:

1. Authenticated the API key

2. Confirmed network connectivity to the firewall

 

3. Verified Firewall extension classes are properly installed

 

4. Review MID server logs (found no additional information)

 

5. Reviewed the docs on serverless patterns.

 

What exactly does panorama manager information missing mean? Why might our pattern not be creating ny CI's despite following the standard docs? Any assistance would be greatly appreciated.

HaydenReid_0-1742394880247.png

 

 

5 REPLIES 5

Hayden Reid
Tera Guru

After further debugging the pattern, it appears that this may be an issue related to the REST API owner OR how the uri is being constructed within ServiceNow.

I have already made successful calls to the REST API outside of ServiceNow, so I doubt its a credential related issue. Any idea how can I more closely examine the firewallMgmtUtils to see how the uri is being constructed?

HaydenReid_0-1742401216532.png

 

Hi, 

Have you find any solution? We are stuck in the same issue. 

Hi, we're working with ServiceNow support on this. I suspect this is an issue with how the out of the box pattern invokes the endpoint within the pattern logic or, with the way objects are being handled from the payload.

We got around this error by double checking the certificate chain from the mid server, installing the right certificates if necessary, and then having the network team whitelist the MID server's IP address. You're likely experiencing this error due to authentication issues/certificate validation.