Discover firewall policies

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • As a member of a security team, you can discover firewall devices, policies, and owner groups, allowing a central view of the footprint. This data is updated in the ServiceNow CMDB. Set up a schedule to discover your firewall policies to help you keep track of your company's valuable information.

    Vorbereitungen

    For the Panorama integration, you must have a Superuser (Read only) role.

    Role required: discovery_admin or admin

    Warum und wann dieser Vorgang ausgeführt wird

    Administrators in charge of Discovery can establish a recurring schedule for Palo Alto Networks firewall policy discovery. This schedule utilizes the serverless pattern, connecting with the Palo Alto Firewall Manager to discover and update information for the following four Configuration Items (CIs) in the CMDB.
    • Panorama Firewall Manager [cmdb_ci_firewall_manager_panorama]
    • Palo Alto Firewall Devices [cmdb_ci_firewall_device_palo_alto]
    • Panorama Firewall Device Group [cmdb_ci_firewall_device_group_panorama]
    • Panorama Firewall Security Policies [cmdb_ci_firewall_sec_policy_panorama]

    Prozedur

    1. Create a new credential alias of type API Key Credentials and Submit the credential.
    2. Enter the Panorama API key.
      For more information, see Credential aliases for Discovery.
    3. To create a Discovery schedule, perform the following steps.
      1. Select Discover: Serverless.
      2. Select the appropriate MID Server.
      3. Right-click the header and select Save.
      For more information on Discovery schedule, see Schedule a horizontal discovery.
    4. From the tab at the bottom of the screen, select the Serverless Execution pattern and then select New.
    5. In the Serverless Execution pattern, perform the following steps.
      1. Enter a name.
      2. Select PaloAlto - Firewall Manager.
      3. Select Run Child Patterns.
      4. Select Submit.
    6. Navigate to Discovery Pattern Launcher Parameters and set the following three parameters.
      • credentialAlias: Provide the new credential alias name created in step 1.
      • trustInsecureHosts: Set to true to turn off hostname verification and enable self-signed certificates to be accepted as trusted.
      • url: Enter the base URL of the Panorama device.

        For example, https:// <PANORAMA_HOST>/api.

    7. Right-click the header and select Save.