Palo Alto Networks firewall discovery

  • Release version: Xanadu
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Palo Alto Networks Firewall Discovery

    The ServiceNow Discovery application includes a Next-Generation Palo Alto Firewall pattern designed to identify Palo Alto Networks firewalls within your IT environment. This discovery process leverages SNMP calls and runs horizontal discovery to populate the Configuration Management Database (CMDB) with detailed firewall information. To ensure accurate discovery, it may be necessary to update to the latest versions of the Discovery and Service Mapping Patterns applications from the ServiceNow Store.

    Show full answer Show less

    Prerequisites and Setup

    • SNMP Access: Confirm that your Palo Alto firewall devices allow SNMP access.
    • Configure SNMP Credentials: Set up SNMP credentials within your ServiceNow instance to enable communication.
    • Add SNMP System OID: Add the Palo Alto Networks device’s SNMP system OID record to your instance for proper identification.
    • Deploy Required Components: Download and install the Firewall extension classes and the Palo Alto Networks discovery pattern from the ServiceNow Store. These components add necessary CMDB classes and discovery logic.
    • Sync with MID Server: Associate the discovery pattern with the appropriate MID Server to enable network communication during discovery.

    Data Collected

    When running the discovery pattern, ServiceNow collects and stores detailed information about Palo Alto firewalls, network adapters, IP addresses, and DNS names in the CMDB:

    • Palo Alto Firewall Device: Includes IP address, serial number, FQDN, manufacturer, model ID, operational status, hardware OS and version, firmware version, and a short description.
    • Network Adapter: Captures IP address, alias, netmask, MAC address, name, and links to the firewall device.
    • IP Address: Stores IP address and netmask, referencing the network adapter.
    • DNS Name: Records the DNS name and corresponding host IP address of the firewall device.

    Configuration Item (CI) Relationships

    The discovery pattern establishes meaningful CI relationships to represent the network and device structure, including:

    • Linking IP addresses to network adapters and vice versa.
    • Associating network adapters with the Palo Alto firewall device.
    • Extending Palo Alto firewall devices from the generic firewall device class.
    • Referencing router interfaces and serial numbers connected to the firewall device.

    Practical Benefits for ServiceNow Customers

    This discovery capability enables customers to reliably identify and map Palo Alto Networks firewalls within their environment, ensuring accurate and comprehensive CMDB records. With this data, organizations can improve asset management, streamline security operations, and support compliance efforts related to firewall infrastructure. The integration with the ServiceNow Store and MID Server infrastructure simplifies deployment and maintenance of the discovery process.

    The ServiceNow Discovery application uses the Next-Generation Palo Alto Firewall pattern to find Palo Alto Networks firewalls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The discovery pattern uses a set of SNMP calls to find the Palo Alto Networks firewalls. Discovery uses the pattern to run horizontal discovery.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Ensure that your network firewall device has SNMP access.
    • On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    • Add the SNMP system OID record for the Palo Alto Networks device to the ServiceNow instance. Update the following:
      • Classifier: Palo Alto Firewall
      • Class: Palo Alto Firewall Device
    • Deploy the pattern as follows:
      1. Download and install Firewall extension classes from the ServiceNow Store. The app adds the new CMDB classes required for network firewall discovery.
      2. Download and install the discovery pattern from the ServiceNow Store.
      3. Sync the pattern with the appropriate MID Server.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next-Generation Palo Alto Firewall Pattern.

    Table 1. Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Field Description
    IP Address [ip_address] IP address of the Palo Alto device.
    Serial number [serial_number] Serial number of the Palo Alto device.
    Fully qualified domain name [fqdn] Fully qualified domain name (FQDN) of the Palo Alto device.
    Manufacturer [manufacturer] Palo Alto device manufacturer.
    Model ID [model_id] Model ID of the Palo Alto device.
    Operational status [operational_status] Indicates whether the Palo Alto device is in active state.
    Hardware OS [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Description [short_description] Short description of the Palo Alto device.
    Firmware version [firmware_version] Palo Alto device firmware version.
    Table 2. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Alias [alias] The user-assigned name for the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    MAC address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] table.
    Table 3. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Palo Alto firewall.
    Netmask [netmask] Netmask of the Palo Alto firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.
    Table 4. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Domain Name System (DNS) name of the Palo Alto firewall device.
    IP Address [ip_address] Host IP address.

    CI relationships

    These relationships are created to support Palo Alto Networks firewall discovery:

    CI Relationship CI
    IP Address [cmdb_ci_ip_address] References Netwrk Adapter [cmdb_ci_network_adapter]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Netwrk Adapter [cmdb_ci_network_adapter] References Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Extends from Firewall Device [cmdb_ci_firewall_device]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Owns::Owned by Netwrk Adapter [cmdb_ci_network_adapter]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Uses::Used by Router Interface [dscy_router_interface]
    Router Interface [dscy_router_interface] References Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Serial Number [cmdb_serial_number] References Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]