Next-Generation Fortinet Network Firewall SNMP-based discovery
Summarize
Summary of Next-Generation Fortinet Network Firewall SNMP-based discovery
The Next-Generation Fortinet Network Firewall SNMP-based discovery pattern, available through the Discovery and Service Mapping Patterns application, enables ServiceNow customers to identify Fortinet firewall devices in their network using SNMP calls. This method supports horizontal discovery to populate the Configuration Management Database (CMDB) with detailed firewall information. It is important to note that SNMP-based discovery does not detect FortiGate Virtual Domains (VDOMs); for that, the REST-based discovery method must be used.
Show less
Prerequisites
- Ensure the Discovery and Service Mapping Patterns application and CMDB CI Class Models are updated to the latest versions.
- Confirm SNMP access is enabled on the Fortinet firewall devices.
- Configure SNMP credentials within the ServiceNow instance.
- Add the appropriate SNMP system OID record for Fortinet devices to the instance, updating the Fortinet Firewall Classifier and Class accordingly.
Discovery Process and Data Collected
Running a horizontal discovery using this pattern collects comprehensive data on Fortinet firewall clusters and devices, including hostname, IP address, fully qualified domain name (FQDN), manufacturer, model number, firmware version, hardware OS and its version, operational status, and serial numbers. It also gathers network-related details such as IP addresses, netmasks, network adapters (with MAC addresses and aliases), and DNS names associated with the firewalls.
Configuration Items (CIs) and Relationships
The discovery populates several CI classes in the CMDB, such as Fortinet Firewall Cluster, Fortinet Firewall Device, IP Address, Network Adapter, and DNS Name. Relationships are created to reflect the network topology accurately—for example, firewall devices belong to firewall clusters, own IP addresses and network adapters, and have dependencies like router interfaces. These relationships support dependency mapping and provide a clear view of the firewall infrastructure within ServiceNow.
Practical Benefits for ServiceNow Customers
- Automated discovery and accurate population of Fortinet firewall details into the CMDB.
- Improved visibility of firewall clusters and devices, aiding in network management and security operations.
- Support for dependency mapping through established CI relationships enhances impact analysis and troubleshooting.
- Clear distinction between SNMP-based and REST-based discovery methods, guiding customers on choosing the appropriate technique based on their needs, especially regarding VDOM discovery.
The Discovery and Service Mapping Patterns application uses the Next Generation Fortinet Network Firewall pattern to find Fortinet firewalls through a series of SNMP calls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
The Next Generation Fortinet Network Firewall pattern uses a set of SNMP calls to find the Fortinet firewalls. Discovery uses the pattern to run horizontal discovery.
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
To learn about Fortinet firewalls and their versions that you can discover, refer to Detailed information on products discovered by ITOM Visibility.
Prerequisites
- Verify the applications are up to date
-
- Discovery and Service Mapping Patterns
- CMDB CI Class Models
- Ensure SNMP access
- Ensure that your Fortinet firewall device has SNMP access.
- Configure SNMP credentials
- On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
- Add SNMP system OID record to ServiceNow instance
- Add the SNMP system OID record for the Fortinet device to the ServiceNow instance. Update the following:
- Classifier: Fortinet Firewall
- Class: Fortinet Firewall Device
- Run a horizontal discovery
- For more information, see Running discoveries in your network.
Data collected by Discovery during horizontal discovery
Discovery populates the data in the CMDB when running the Next Generation Fortinet Network Firewall Pattern.
| Field | Description |
|---|---|
| Name [name] | Hostname. |
| Fully qualified domain name [fqdn] | Fully qualified domain name. |
| IP address [ip_address] | IP address. |
| Manufacturer [manufacturer] | Device manufacturer. |
| Description [short_description] | Short description of the Fortinet firewall cluster. |
| Model Number [model_number] | Device model number. |
| Hardware Operating System [hardware_os] | OS running on the hardware. |
| Hardware OS Version [hardware_os_version] | OS version running on the hardware. |
| Field | Description |
|---|---|
| Name [name] | Hostname. |
| Serial Number [serial_number] | Serial number of the device. |
| Fully qualified domain name [fqdn] | Fully qualified domain name. |
| Operational Status [operational_status] | Indicates if the device is in active state. |
| IP address [ip_address] | IP address. |
| Manufacturer [manufacturer] | Device manufacturer. |
| Description [short_description] | Short description of the device. |
| Model Number [model_number] | Device model number. |
| Firmware [firmware_version] | Firmware version. |
| Hardware Operating System [hardware_os] | OS running on the hardware. |
| Hardware OS Version [hardware_os_version] | OS version running on the hardware. |
| Field | Description |
|---|---|
| IP Address [ip_address] | IP address of the Fortinet firewall. |
| Netmask [netmask] | Netmask of the Fortinet firewall. |
| Field | Description |
|---|---|
| IP Address [ip_address] | IP address of the network adapter. |
| Netmask [netmask] | Netmask of the network adapter. |
| Alias [alias] | User-assigned name for the network adapter. |
| MAC Address [mac_address] | MAC address of the network adapter. |
| Name [name] | Name of the network adapter. |
| Field | Description |
|---|---|
| Name [name] | Name of the Domain Name System (DNS). |
| IP Address [ip_address] | IP address of the DNS. |
CI relationships
These relationships are created to support Fortinet firewall discovery.
| CI | Relationship | CI |
|---|---|---|
| Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] | Extends from | Firewall Cluster [cmdb_ci_firewall_cluster] |
| Fortinet Firewall Cluster [cmdb_ci_firewall_cluster_fortinet] | Hosted on::Hosts | Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] |
| Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] | Extends from | Firewall Device [cmdb_ci_firewall_device] |
| Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] | Owns::Owned by | IP Address [cmdb_ci_ip_address] |
| Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] | Owns::Owned by | Network Adapter [cmdb_ci_network_adapter] |
| Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] | Uses::Used by | Router Interface [dscy_router_interface] |
| IP Address [cmdb_ci_ip_address] | References | Network Adapter [cmdb_ci_network_adapter] |
| Network Adapter [cmdb_ci_network_adapter] | Owns::Owned by | IP Address [cmdb_ci_ip_address] |
| Network Adapter [cmdb_ci_network_adapter] | References | Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] |
| Router Interface [dscy_router_interface] | References | Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] |
| Serial Number [cmdb_serial_number] | References | Fortinet Firewall Device [cmdb_ci_firewall_device_fortinet] |