
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2025 07:53 AM
In our setup, the mid server is located in an admin network, that can reach any server via its admin interface. The configuration files for applications usually use the public interface for communications. The public network and admin network are separated, so the admin server cannot reach the public interfaces of the targets.
Both public and admin IP address for the servers are discovered by horizontal discovery. Is there a way to "re-map" the public IP to the Admin IP of the same server before continuing the discovery of the connections.
Example is a SAP CI application linked to a HANA database via the public IP 10.1.2.3, whereas the admin address of the HANA DB server might be 100.4.5.6. Pinging 10.1.2.3 fails from MID-Server, but pinging 100.4.5.6 works. Connection via 100.4.5.6 may allow Mid-Server to gather the necessary information.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2025 01:35 AM
Hi, may be network team can grant access to public IP addresses of concerned CIs? it might be a most straight forward solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2025 08:42 AM
Hi, thank you for your clarification and detailed feedback! Well, I still believe an approach, where traffic from MID server to public IPs whitelisted on firewall/router level, is a solution here. Network team should be less concerned since Allow rule will have strictly defined src ip (= ip of MID server in Admin zone) and traffic will be routed over loopback interface or so. Not sure if OOTB functionality of ServiceNow ITOM can address the use case you explained, for me it is not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2025 01:35 AM
Hi, may be network team can grant access to public IP addresses of concerned CIs? it might be a most straight forward solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2025 01:46 AM
Hi Appli,
thanks for the suggestion. but company policy restricts ssh usage to the admin interface. So having access to the public interface for Mid-Server will not really help. It would fail as soon as ssh is tried on the public IP, even if network traffic would be allowed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2025 04:08 AM
Hi, thank you. Apparently one IP is set as ip_address attribute of CI, another IP referenced over CI IPs tab of the same CI. What I can recommend - may be introduce BR that swaps IP addresses after CI is created/updated. Like if ip_address STARTS with 10., swaps it with the one that has 100. .

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2025 04:37 AM
Hi Appli,
not sure I understand what you're getting at. CMDB documentation ip_address field is not filled, the IPs in use are documented via NIC records related to the server CI.
I understand service discovery uses IP addresses or endpoint names from config files to build the connections. So these config files are the source. I also have read that for PROXY environments, an Admin address can be added for service discovery to use instead of the endpoint address.
I wonder if there is a similar functionality available for any endpoint beside proxies, and how to configure it (assign admin addresses to IP addresses). One of the options in "handle error" is to add an admin address, but using it has no effect.