Discover firewall policies

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • As a member of a security team, you can discover firewall devices, policies, and owner groups, allowing a central view of the footprint. This data is updated in the ServiceNow CMDB. Set up a schedule to discover your firewall policies to help you keep track of your company's valuable information.

    始める前に

    For the Panorama integration, you must have a Superuser (Read only) role.

    Role required: discovery_admin or admin

    このタスクについて

    Administrators in charge of Discovery can establish a recurring schedule for Palo Alto Networks firewall policy discovery. This schedule utilizes the serverless pattern, connecting with the Palo Alto Firewall Manager to discover and update information for the following four Configuration Items (CIs) in the CMDB.
    • Panorama Firewall Manager [cmdb_ci_firewall_manager_panorama]
    • Palo Alto Firewall Devices [cmdb_ci_firewall_device_palo_alto]
    • Panorama Firewall Device Group [cmdb_ci_firewall_device_group_panorama]
    • Panorama Firewall Security Policies [cmdb_ci_firewall_sec_policy_panorama]

    手順

    1. Create a new credential alias of type API Key Credentials and Submit the credential.
    2. Enter the Panorama API key.
      For more information, see Credential aliases for Discovery.
    3. To create a Discovery schedule, perform the following steps.
      1. Select Discover: Serverless.
      2. Select the appropriate MID Server.
      3. Right-click the header and select Save.
      For more information on Discovery schedule, see Schedule a horizontal discovery.
    4. From the tab at the bottom of the screen, select the Serverless Execution pattern and then select New.
    5. In the Serverless Execution pattern, perform the following steps.
      1. Enter a name.
      2. Select PaloAlto - Firewall Manager.
      3. Select Run Child Patterns.
      4. Select Submit.
    6. Navigate to Discovery Pattern Launcher Parameters and set the following three parameters.
      • credentialAlias: Provide the new credential alias name created in step 1.
      • trustInsecureHosts: Set to true to turn off hostname verification and enable self-signed certificates to be accepted as trusted.
      • url: Enter the base URL of the Panorama device.

        For example, https:// <PANORAMA_HOST>/api.

    7. Right-click the header and select Save.