Next-Generation Cisco Firewall discovery

  • Release version: Xanadu
  • Updated May 27, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Next-Generation Cisco Firewall discovery

    The Next-Generation Cisco Firewall discovery pattern in ServiceNow Discovery enables automated detection and inventory of Cisco firewall devices within your network. This pattern uses SNMP calls to identify Cisco firewalls and populates detailed information into the Configuration Management Database (CMDB), supporting effective firewall management and visibility.

    Show full answer Show less

    The discovery pattern requires the Discovery and Service Mapping Patterns application (available from the ServiceNow Store) and is compatible with the ServiceNow AI Platform® starting from the Madrid release.

    Prerequisites and Setup

    • Ensure SNMP access is enabled on your Cisco firewall devices.
    • Configure SNMP credentials on your ServiceNow instance to allow secure device discovery.
    • Add the Cisco device’s SNMP system OID record to your instance for accurate classification.
    • Download and install the Firewall extension classes app from the ServiceNow Store, which adds necessary CMDB classes for firewall devices.
    • Install the Discovery and Service Mapping Patterns application from the Store.
    • Synchronize the discovery pattern with an appropriate MID Server to perform horizontal discovery.

    Data Collected and CMDB Integration

    The discovery populates multiple CMDB tables with comprehensive Cisco firewall information:

    • Cisco Firewall Device [cmdbcifirewalldevicecisco]: Captures device-specific details such as serial number, name (usually FQDN), IP address, firmware and hardware OS versions, manufacturer, model, operational and hardware status, and a short description.
    • IP Address [cmdbciipaddress]: Stores the firewall’s IP address, netmask, and links to network adapters.
    • Network Adapter [cmdbcinetworkadapter]: Includes adapter IP, alias, netmask, MAC address, name, and association to the firewall device.
    • DNS Name [cmdbcidnsname]: Records DNS names and corresponding IP addresses related to the device.

    CI Relationships

    To maintain accurate dependency views and relationships, the following CI relationships are established during discovery:

    • Cisco Firewall Device owns IP Addresses and Network Adapters.
    • Cisco Firewall Device uses Router Interfaces.
    • IP Addresses reference Network Adapters, and vice versa.
    • Router Interfaces and Serial Numbers reference the Cisco Firewall Device.

    Practical Benefits for ServiceNow Customers

    By implementing this discovery pattern, customers gain automated, detailed visibility into Cisco firewall devices, enabling improved asset management, operational insights, and accurate dependency mapping within the ServiceNow CMDB. This supports better change management, security posture, and network troubleshooting capabilities.

    The ServiceNow Discovery application uses the Next Generation Cisco Firewall pattern to find Cisco firewalls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The discovery pattern uses a set of SNMP calls to find the Cisco firewalls. Discovery uses the pattern to run horizontal discovery.

    You can use this pattern on the ServiceNow AI Platform® using the Madrid release or later.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Ensure that your network firewall device has SNMP access.
    • On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    • Add the SNMP system OID record for the Cisco device to the ServiceNow instance. Update the following:
      • Classifier: Cisco Firewall
      • Class: Cisco Firewall Device
    • Deploy the pattern as follows:
      1. Download and install Firewall extension classes from the ServiceNow Store. The app adds the new CMDB classes required for network firewall discovery.
      2. Download and install the Discovery and Service Mapping Patterns application from the ServiceNow Store.
      3. Sync the pattern with the appropriate MID Server.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next Generation Cisco Firewall pattern.

    Table 1. Cisco Firewall Device [cmdb_ci_firewall_device_cisco]
    Field Description
    Serial number [serial_number] Serial number of the device.
    Name [name] Administratively assigned name for this managed node. By convention, this is the node's fully qualified domain name (FQDN).
    IP Address [ip_address] IP address of the device.
    Firmware version [firmware_version] Firmware version.
    Fully qualified domain name [fqdn] FQDN of the device.
    Manufacturer [manufacturer] Device manufacturer.
    Model ID [model_id] Device model name.
    Harware OS [hardware_os] Operating system (OS) running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Description [short_description] Short description of the Cisco device.
    Operational status [operational_status] Indicates if the device is in active state.
    Hardware Status [hardware_status] Detailed description of the current status of the resource.
    Table 2. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Cisco firewall.
    Netmask [netmask] Netmask of the Cisco firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.
    Table 3. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Alias [alias] User-assigned name for the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    MAC Address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Cisco Firewall Device [cmdb_ci_firewall_device_cisco] table.
    Table 4. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Name of the Domain Name System (DNS).
    IP Address [ip_address] IP address of the DNS.
    This Dependency Views map on the Cisco Firewall Device CI shows the Cisco Firewall Device.
    CIs and connections on a Dependency Views map

    CI relationships

    These relationships are created to support Cisco firewall discovery.

    CI Relationship CI
    Cisco Firewall Device [cmdb_ci_firewall_device_cisco] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Cisco Firewall Device [cmdb_ci_firewall_device_cisco] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Cisco Firewall Device [cmdb_ci_firewall_device_cisco] Uses::Used by Router Interface [dscy_router_interface]
    IP Address [cmdb_ci_ip_address] References Network Adapter [cmdb_ci_network_adapter]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Network Adapter [cmdb_ci_network_adapter] References Cisco Firewall Device [cmdb_ci_firewall_device_cisco]
    Router Interface [dscy_router_interface] References Cisco Firewall Device [cmdb_ci_firewall_device_cisco]
    Serial Number [cmdb_serial_number] References Cisco Firewall Device [cmdb_ci_firewall_device_cisco]