Palo Alto Networks firewall discovery

  • Release version: Yokohama
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Palo Alto Networks firewall discovery

    The ServiceNow Discovery application leverages the Next-Generation Palo Alto Firewall pattern to identify Palo Alto Networks firewalls within your environment. This pattern performs horizontal discovery using SNMP queries to detect firewall devices and populate the Configuration Management Database (CMDB) with detailed information. To use this feature effectively, ensure your network devices allow SNMP access and that appropriate SNMP credentials and system OID records are configured on your ServiceNow instance.

    Show full answer Show less

    Key Features

    • Discovery Pattern: Utilizes SNMP calls for horizontal discovery of Palo Alto Networks firewalls.
    • CMDB Integration: Introduces a new CI class Palo Alto Firewall Device [cmdbcifirewalldevicepaloalto] extending existing firewall device classes to accurately represent Palo Alto firewalls.
    • Data Collection: Automatically captures key device details such as IP address, serial number, FQDN, manufacturer, model ID, operational status, hardware OS and version, description, and firmware version.
    • Network Components: Discovers associated network adapters, IP addresses, and DNS names, establishing relationships between devices and their network interfaces.
    • CI Relationships and References: Creates ownership and usage relationships between firewall devices, network adapters, IP addresses, and router interfaces to provide a comprehensive network topology view.
    • ServiceNow Store Apps: Requires downloading and installing the Firewall extension classes and discovery pattern apps from the ServiceNow Store, and syncing them with the appropriate MID Server.

    Prerequisites and Setup

    • Ensure SNMP access is enabled on Palo Alto Networks firewall devices.
    • Configure SNMP credentials and add the Palo Alto Networks SNMP system OID in ServiceNow.
    • Download and install the necessary Firewall extension classes and discovery pattern apps from the ServiceNow Store.
    • Sync the discovery pattern with the MID Server to enable network scanning.

    Key Outcomes

    By implementing this discovery pattern, ServiceNow customers can expect automated and accurate identification of Palo Alto Networks firewalls, enriched CMDB records with detailed device and network information, and clear mapping of relationships among firewalls, network adapters, IP addresses, and router interfaces. This enhances network visibility, supports effective configuration management, and lays the foundation for improved security and operational workflows.

    The ServiceNow Discovery application uses the Next-Generation Palo Alto Firewall pattern to find Palo Alto Networks firewalls. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The discovery pattern uses a set of SNMP calls to find the Palo Alto Networks firewalls. Discovery uses the pattern to run horizontal discovery.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Palo Alto Networks firewall data model

    The Next-Generation Palo Alto Firewall pattern introduces the following CI class that extends an existing CMDB class.

    Table 1. CI class introduced by this pattern
    CI class Extends from
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Firewall Device [cmdb_ci_firewall_device]

    Prerequisites

    • Ensure that your network firewall device has SNMP access.
    • On the ServiceNow instance, configure SNMP credentials. For more information, see SNMP credentials.
    • Add the SNMP system OID record for the Palo Alto Networks device to the ServiceNow instance. Update the following:
      • Classifier: Palo Alto Firewall
      • Class: Palo Alto Firewall Device
    • Deploy the pattern as follows:
      1. Download and install Firewall extension classes from the ServiceNow Store. The app adds the new CMDB classes required for network firewall discovery.
      2. Download and install the discovery pattern from the ServiceNow Store.
      3. Sync the pattern with the appropriate MID Server.

    Data collected by Discovery during horizontal discovery

    Discovery populates the data in the CMDB when running the Next-Generation Palo Alto Firewall Pattern.

    Table 2. Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Field Description
    IP Address [ip_address] IP address of the Palo Alto device.
    Serial number [serial_number] Serial number of the Palo Alto device.
    Fully qualified domain name [fqdn] Fully qualified domain name (FQDN) of the Palo Alto device.
    Manufacturer [manufacturer] Palo Alto device manufacturer.
    Model ID [model_id] Model ID of the Palo Alto device.
    Operational status [operational_status] Indicates whether the Palo Alto device is in active state.
    Hardware OS [hardware_os] OS running on the hardware.
    Hardware OS Version [hardware_os_version] OS version running on the hardware.
    Description [short_description] Short description of the Palo Alto device.
    Firmware version [firmware_version] Palo Alto device firmware version.
    Table 3. Network Adapter [cmdb_ci_network_adapter]
    Field Description
    IP Address [ip_address] IP address of the network adapter.
    Alias [alias] The user-assigned name for the network adapter.
    Netmask [netmask] Netmask of the network adapter.
    MAC address [mac_address] MAC address of the network adapter.
    Name [name] Name of the network adapter.
    Configuration Item [cmdb_ci] References the Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] table.
    Table 4. IP Address [cmdb_ci_ip_address]
    Field Description
    IP Address [ip_address] IP address of the Palo Alto firewall.
    Netmask [netmask] Netmask of the Palo Alto firewall.
    Nic [nic] References the Network Adapter [cmdb_ci_network_adapter] table.
    Table 5. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Domain Name System (DNS) name of the Palo Alto firewall device.
    IP Address [ip_address] Host IP address.

    CI relationships

    The Next-Generation Palo Alto Firewall pattern creates the following relationships and references to support Palo Alto Networks firewall discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.

    Table 6. CI relationships
    CI Relationship CI
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Owns::Owned by Network Adapter [cmdb_ci_network_adapter]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto] Uses::Used by Router Interface [dscy_router_interface]
    Network Adapter [cmdb_ci_network_adapter] Owns::Owned by IP Address [cmdb_ci_ip_address]
    Table 7. CI references
    CI Field Referenced CI
    Serial Number [cmdb_serial_number] Configuration item [configuration_item] Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Network Adapter [cmdb_ci_network_adapter] Configuration Item [cmdb_ci] Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    Router Interface [dscy_router_interface] Configuration Item [cmdb_ci] Palo Alto Firewall Device [cmdb_ci_firewall_device_palo_alto]
    IP Address [cmdb_ci_ip_address] Nic [nic] Network Adapter [cmdb_ci_network_adapter]