Map Fortinet CIs and relationships

  • Release version: Australia
  • Updated June 23, 2026
  • 3 minutes to read

    • Use the Service Graph Connector (SGC) for Fortinet SD-WAN to map discovered physical and logical network resources to telecom-aligned configuration item (CI) classes in the Configuration Management Database (CMDB). Service Graph Connectors support consistent service modeling, provide visibility into chassis-level components, and automate the creation of logical and physical relationships.

    To confirm accurate CI classification and insertion, the connector uses the Robust Transform Engine (RTE) and Identification and Reconciliation Engine (IRE).

    The connector classifies and relates discovered CIs using telecom-specific models based on device type, function, and chassis structure. This organization helps maintain a clean and normalized CMDB across vendors. Discovered model names from Fortinet are automatically transformed into ServiceNow AI Platform standard model identifiers and categories for slot and subslot components.

    CI mapping and relationships

    The following table lists the CI object types in the CMDB that can be discovered, along with their representations in the CMDB and how they relate to one another.
    Table 1. CMDB CI Mapping and Relationships (Physical Layer)
    CMDB CI Class CMDB CI Table CMDB Hierarchy Object types/models Description and Relationships
    Network site cmdb_ci_ni_site CI → Site →Network Site Organization network
    • Represents the physical location of IP routers according to their longitude, latitude, and address.
    • Network site contains IP routers and network interfaces.
    • Network site is a member of a group.
    IP router cmdb_ci_ip_router CI → HW →NG → IP router SD-WAN Edge/ network or service router is represented by the IP router
    • Represents the FortiGate device.
    • Contains network interface CIs.
    • Contained by network sites and network service instances.
    • IP router is a member of a group.
    Slot cmdb_ci_container_slot HW → Equipment → holder → Slot Slot
    • Slot is the main device in the network hierarchy.
    • Contains slots for IP routers, IP switches, power supply units, and fans.
    Subslot cmdb_ci_container_subslot HW → Equipment → holder → Slot Subslot
    • Network card is the main device in the network hierarchy.
    • Contains IP router, IP switch sublots (small form-factor pluggable or child cards).
    Network Interface CI cmdb_ci_ni_interface Port → Network Port → Network interface The list of support port models is defined in the vendor-specific network physical information.
    • IP router, IP switch, or wireless access point is the main device in the network hierarchy.
    • Network card within the IP router or IP switch is the primary component.
    • Represents the physical ports contained within the device (IP router).
    Network service instance cmdb_ci_network_service_instance CI → Service instance → Network service instance Network service instance
    • Network service instance includes IP routers and network interfaces.
    • Network site is a member of a group.
    Group cmdb_ci_group CI → Group Represents organization Network sites and network service instance are members.
    IP Address CI cmdb_ci_ip_address CI → IP address Represents discovered IP addresses for CIs. Owned by the corresponding CI.

    Discovered logical interfaces

    In addition to physical ports, the SGC discovers logical interfaces, such as tunnel and VPN interfaces (for example, Hub1-inetVPN, inetVPN, and mplsVPN), from the Fortinet inventory. Each logical interface is created as a network interface CI (cmdb_ci_ni_interface) and related to its parent device (IP router) CI.

    Because a CMDB CI exists for each logical interface, metrics that report against a logical interface name are mapped to the corresponding logical interface CI rather than to the parent device CI. This mapping enables interface-level metric correlation and reporting for tunnel and VPN interfaces.

    Firmware version calculation

    When the SGC discovers an IP router, it sets the firmware version on the cmdb_ci_ip_router CI by joining the device os_ver, mr, and patch fields from the Fortinet inventory with periods. For example, a device with os_ver=7, mr=4, and patch=11 resolves to 7.4.11, matching the value shown in the Fortinet GUI. If any of these fields is missing, the firmware version is left empty.

    To calculate the firmware version differently, override the default with the sn_sgc_fortinet.FortinetCustomizedFirmwareVersion extension point. Create an implementation that defines a formatFirmwareVersion(device) handler, where device is the Fortinet device object returned by the API. Return your own version string from the handler, or return null to use the default calculation.