Palo Alto Networks firewall discovery
Summarize
Summary of Palo Alto Networks firewall discovery
The ServiceNow Discovery application enables automated detection of Palo Alto Networks firewalls using the Next-Generation Palo Alto Firewall pattern. This pattern utilizes SNMP calls during horizontal discovery to identify and collect detailed information about Palo Alto firewall devices and their network components. Customers should ensure they have the latest Discovery and Service Mapping Patterns application from the ServiceNow Store to leverage these capabilities fully.
Show less
Prerequisites and Setup
- Ensure SNMP access is enabled on your Palo Alto firewall devices.
- Configure SNMP credentials on your ServiceNow instance to allow secure communication.
- Add the SNMP system OID record specific to Palo Alto Networks devices in ServiceNow.
- Update relevant classifiers and classes in ServiceNow to recognize Palo Alto Firewall Devices.
- Download and install the Firewall extension classes and the Next-Generation Palo Alto Firewall discovery pattern from the ServiceNow Store.
- Synchronize the discovery pattern with the appropriate MID Server to enable execution in your environment.
Data Model and Discovered Information
The discovery pattern introduces a new CI class Palo Alto Firewall Device [cmdbcifirewalldevicepaloalto] extending existing firewall device classes. It collects and populates essential device attributes into the CMDB, including:
- IP address, serial number, fully qualified domain name (FQDN)
- Manufacturer, model ID, operational status
- Hardware OS and version, firmware version
- Short description of the device
Additionally, related network components such as network adapters, IP addresses, and DNS names are discovered and linked to the firewall device, capturing attributes like MAC addresses, netmasks, aliases, and DNS names.
CI Relationships and References
The pattern establishes key relationships in the CMDB to represent ownership and usage among discovered components, such as:
- Palo Alto Firewall Device owns Network Adapters and IP Addresses
- Palo Alto Firewall Device uses Router Interfaces
- Network Adapters own IP Addresses
These relationships enable a comprehensive and connected view of firewall infrastructure in the CMDB, supporting impact analysis and operational management.
Benefits for ServiceNow Customers
By implementing Palo Alto Networks firewall discovery, customers can automate the accurate and up-to-date population of firewall device data within their CMDB. This improves asset visibility, supports security and compliance efforts, and enhances network management through integrated discovery data. Leveraging the ServiceNow Store for pattern and class updates ensures customers remain aligned with the latest capabilities and device support.
The ServiceNow Discovery application uses the Next-Generation Palo Alto Firewall pattern to find Palo Alto Networks firewalls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
The discovery pattern uses a set of SNMP calls to find the Palo Alto Networks firewalls. Discovery uses the pattern to run horizontal discovery.
Request apps on the Store
Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Palo Alto Networks firewall data model
The Next-Generation Palo Alto Firewall pattern introduces the following CI class that extends an existing CMDB class.
| CI class | Extends from |
|---|---|
| Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] | Firewall Device [cmdb_ci_firewall_device] |
Prerequisites
- Ensure that your network firewall device has SNMP access.
- On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
- Add the SNMP system OID record for the Palo Alto Networks device to the ServiceNow instance. Update the following:
- Classifier: Palo Alto Firewall
- Class: Palo Alto Firewall Device
- Deploy the pattern as follows:
- Download and install Firewall extension classes from the ServiceNow Store. The app adds the new CMDB classes required for network firewall discovery.
- Download and install the discovery pattern from the ServiceNow Store.
- Sync the pattern with the appropriate MID Server.
Data collected by Discovery during horizontal discovery
Discovery populates the data in the CMDB when running the Next-Generation Palo Alto Firewall Pattern.
| Field | Description |
|---|---|
| IP Address [ip_address] | IP address of the Palo Alto device. |
| Serial number [serial_number] | Serial number of the Palo Alto device. |
| Fully qualified domain name [fqdn] | Fully qualified domain name (FQDN) of the Palo Alto device. |
| Manufacturer [manufacturer] | Palo Alto device manufacturer. |
| Model ID [model_id] | Model ID of the Palo Alto device. |
| Operational status [operational_status] | Indicates whether the Palo Alto device is in active state. |
| Hardware OS [hardware_os] | OS running on the hardware. |
| Hardware OS Version [hardware_os_version] | OS version running on the hardware. |
| Description [short_description] | Short description of the Palo Alto device. |
| Firmware version [firmware_version] | Palo Alto device firmware version. |
| Field | Description |
|---|---|
| IP Address [ip_address] | IP address of the network adapter. |
| Alias [alias] | The user-assigned name for the network adapter. |
| Netmask [netmask] | Netmask of the network adapter. |
| MAC address [mac_address] | MAC address of the network adapter. |
| Name [name] | Name of the network adapter. |
| Configuration Item [cmdb_ci] | References the Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] table. |
| Field | Description |
|---|---|
| IP Address [ip_address] | IP address of the Palo Alto firewall. |
| Netmask [netmask] | Netmask of the Palo Alto firewall. |
| Nic [nic] | References the Network Adapter [cmdb_ci_network_adapter] table. |
| Field | Description |
|---|---|
| Name [name] | Domain Name System (DNS) name of the Palo Alto firewall device. |
| IP Address [ip_address] | Host IP address. |
CI relationships
The Next-Generation Palo Alto Firewall pattern creates the following relationships and references to support Palo Alto Networks firewall discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.
| CI | Relationship | CI |
|---|---|---|
| Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] | Owns::Owned by | Network Adapter [cmdb_ci_network_adapter] |
| Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] | Owns::Owned by | IP Address [cmdb_ci_ip_address] |
| Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] | Uses::Used by | Router Interface [dscy_router_interface] |
| Network Adapter [cmdb_ci_network_adapter] | Owns::Owned by | IP Address [cmdb_ci_ip_address] |
| CI | Field | Referenced CI |
|---|---|---|
| Serial Number [cmdb_serial_number] | Configuration item [configuration_item] | Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] |
| Network Adapter [cmdb_ci_network_adapter] | Configuration Item [cmdb_ci] | Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] |
| Router Interface [dscy_router_interface] | Configuration Item [cmdb_ci] | Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] |
| IP Address [cmdb_ci_ip_address] | Nic [nic] | Network Adapter [cmdb_ci_network_adapter] |