question Discovery of Firewall in ITOM forum

Discovery of Firewall

nikhilagr20 — Tue, 11 Jun 2013 13:33:03 GMT

Hi,

I have some Firewalls in our environment. I tried to discover them. These devices are discovered as IP Router. Is there any way to discover them as Firewall ?

Re: Discovery of Firewall

Community Alums — Wed, 12 Jun 2013 20:34:50 GMT

Check out these pages:

http://wiki.servicenow.com/index.php?title=Discovery_Classification_Parameters

http://wiki.servicenow.com/index.php?title=Device_Classifications

Easiest way I've found is to find what value is in the 'sysdescr' portion of the SNMP query and use that to trigger the Firewall classifier and whatever probes you select. Doug has a how-to video on it here:

http://community.servicenow.com/blog/dougschulze/build-simple-snmp-classifier

You may have to create an additional SNMP OID in the system to get it to launch properly though.

Re: Discovery of Firewall

doug_schulze — Tue, 18 Jun 2013 18:13:39 GMT

To add to that you would want to absolutely add the SNMP System OID that calls the classifier Peyton references above. We are calling it a "router" because it told us it has routing capabilities.

*geeks can look at the Shazzam Sensor to see what we look for in a routing capability*

By adding the SNMP System OID we will basically "ignore" its capability and do what you tell it to do...

This will guide you for sure!

http://tinyurl.com/l42bf83

Re: Discovery of Firewall

Will Patterson — Mon, 16 Dec 2019 21:22:52 GMT

Doug,

Is there an updated version of the http://tinyurl.com/l42bf83 link you'd provided? It seems that link is dead, and I'm having this same thing happen in our environment.

Thanks,

Will P.

Re: Discovery of Firewall

doug_schulze — Tue, 17 Dec 2019 02:40:51 GMT

Will, my best guess is that I was probably referencing the videos I did here..Well the first one..

Re: Discovery of Firewall

Ashutosh Munot1 — Tue, 17 Dec 2019 20:36:09 GMT

Hi,

This is expected behavior right because if the firewall is hopping from one IP to other and it has routing capability then it will be treated as IP Router.

I just confirmed with Network guy and he said it is expected behavior. Even in activity log or history of IP field you can see the IP will be changing always.

Thanks,
Ashutosh

Re: Discovery of Firewall

Oneimus — Tue, 21 Jul 2020 12:56:10 GMT

We are in the beginning phases of integrating and testing the Next Generation Firewall patterns, so we are using the OOB Firewall Classifier. We ran into the same issue during discovery where a couple firewalls were being discovered as IP Routers. Our thought process or belief is that this shouldn't be expected behavior. Although firewalls can and do participate with routing the primary function of a firewall is to apply security policy to and from networks.

The OOB classifier uses DNS for Exploration,SNMP-Identity trigger probes and sysdescr contains firewall classification criteria. We also have populated all the SNMP OID Classifications as pointed out in other Community. We have also added the sysdescr does not contain firewall to the Standard Network Router classifier. Why does it bypass and where does it bypass the steps to kick-off the Router Pattern?

Do we need to modify the Network Router pattern to include that the description does not contain firewall? Or create an isFirewall variable like the Create isRouter?

1.2 Create isRouter variable

1.12 Create shouldRunRouterLogic variable

1.38 Set isRouter variable

1.40 If it is a router, isPrinter should be false

1.52 Set shouldRunRouterLogic variable

A walk in the pattern,

Kevin