If you have a proxy between your SCOM Management servers and your ServiceNow instances you will need to configure a proxy. The ServiceNow connector picks up your proxy settings from "Internet Options" configured on your server in most cases (see here for a how-to guide).
Specific proxy settings
Added in 188.8.131.5221
In some cases, Alert sync and Discovery need their own proxy settings. These are set in the registry of each SCOM Management Server (if your Management Group contains multiple servers, you will need to configure this on each server).
ConnectionProxyUri – the URI of the proxy to connect to
ConnectionProxyBypassLocal – Optional, defaults to false, used when creating the proxy
Added in 184.108.40.206
You may already have an edge server/network device that has the ability to connect out to your ServiceNow instance. A computer hosting a ServiceNow Mid Server for example. You can implement a port proxy on a single port to enable one or more management servers to communicate to your instance.
Configuring port proxy on Windows using netsh
The following command sets up your Windows server to listen on 10.10.0.55:22000 and direct the traffic to cookdown.service-now.com:443. This can be run from an elevated command prompt or PowerShell instance.
Next, we need to configure the local firewall to accept connections from the management server. In this example, we will open up the port to a pair of management servers using PowerShell.
Configuring port proxy on Linux using FirewallD
See also: Red Hats documentation for rich rules
The following command sets up a Linux server to accept connections from a management server on port 51000 and direct the traffic to the IP address of our ServiceNow instance. At the time of writing FirewallD does not support the use of hostnames in this capacity.
The following Ansible playbook uses the firewalld module to set up a Linux server to do the same for the other management server using optional additional logging.
Apply the registry keys to enable the host header override
ServiceNow requires the host header on the request to match the instance name (not your internal port proxy server). We enable this using a string registry value 'UsePortProxyHeader' on each management server in the Cookdown resource pool.
UsePortProxyHeader - String set to true
Updating the ServiceNow connector to point to the port proxy
Both AlertSync and Discovery configurations need to be pointed at the newly opened port proxy address using the IP or DNS name of the server hosting the port proxy. Make sure to keep the rest of the URL the same and only change the host portion. The ServiceNow instance name must be set to the destination instance.
You should now be ready to use and test the port proxy.