Forward Networks | Community

Product Updates
Events
Support
FWD.app

Discussions

Recently active
Help others

joe

The Paddock 💬 👋

Security Certifications

For those interested in security certifications, I wanted to pass along this hidden gem of certification training.Ben Malisow is an excellent technical editor and trainer, and is the guy behind the wannabea.. certification training programs. I would highly recommend his trainings for CISM, CISSP, CCSP, and SSCP for anyone interested in these certifications. - https://www.wannabeacism.com/

2 days ago

kevinbrasherCommunity Manager

External Data - Paginated Collection

The 24.1 release of Forward Enterprise introduces paginated collection support for external endpoints, simplifying the import and integration of external data through REST GET requests. This feature is particularly useful for handling large datasets accessed via paginated endpoints, where clients must issue multiple requests to retrieve all items. With this enhancement, Forward Enterprise becomes even more versatile, seamlessly accommodating various data sources.This update enhances the Forward Platform's ability to parse imported data, infer its structure, and incorporate it into the NQE data model. Users can now configure pagination parameters directly through the Forward UI, improving usability and expanding the platform's capabilities. Overall, these improvements streamline data management processes and enhance the user experience within Forward Enterprise. To learn more about External Sources, visit the documentation page

10 days ago

kevinbrasherCommunity Manager

Security - Enhanced STIGs Coverage

We are excited to announce significant enhancements to Forward Enterprise's security compliance capabilities with our 23.12 and 24.1 release! Security Technical Implementation Guides (STIGs), developed by the Defense Information Systems Agency (DISA), are crucial guidelines for securing IT networks and systems. Adhering to STIGs ensures that networks meet stringent security standards, minimizing vulnerabilities and fortifying defenses against cyber threats.In the 23.12 release, Forward Enterprise introduced over 600 STIGs-based NQE queries in the NQE Library, adding 108 new rules for Cisco devices and 98 new rules for Juniper devices. This release significantly expanded the toolkit for verifying security compliance across diverse network environments.Building on this, the 24.1 release provides an addition of over 1,440 STIGs-based NQE queries in the NQE Library, providing full coverage of Cisco and Juniper STIGs rules. Users can now effortlessly validate network compliance and verify

10 days ago

kevinbrasherCommunity Manager

Security - Vulnerability Management - CVEs Risk Scores and Publish Dates

Vulnerability Management is a cornerstone of network infrastructure security, playing a vital role in safeguarding against potential threats. Chief Information Security Officers (CISOs) recognize the critical importance of regularly assessing and addressing vulnerabilities in network devices. Identifying and remedying these vulnerabilities is essential to prevent potential exploits that could compromise the confidentiality, integrity, and availability of your network. Forward Enterprise offers a proactive Vulnerability Management functionality, empowering users to proactively address emerging threats, thereby reducing the risk of data breaches and service disruptions.The 24.1 release provides additional details into the Vulnerability page, specifically the CVE (Common Vulnerabilities and Exposures) CVSS (Common Vulnerability Scoring System) score and the CVE publish date. These enhancements further assist in prioritizing remediation efforts by providing comprehensive insights into the

10 days ago

kevinbrasherCommunity Manager

BDrinkardRamping Up

NQE

Using NQE to Verify Network Intent

As network engineers, we have few tools that can help us correlate the actual state of our network devices, and our intent. In many cases maybe our intent is not clearly defined: How many EIGRP neighbors is the set of core switches really supposed to have? How many neighbors should I be learning a specific prefix from? How many entries should I have for prefix x in my EIGRP Topology or my OSPF Database? Is my intent to have all the entries installed in the Route Table as ECMP paths or should I only ever have 1 next-hop that only changes if a path becomes unavailable? In the network engineering realm specifically, even with automation tools like Ansible - without structuring your playbook logic very specifically - there are assumptions being made about the current state of the network. Even if your Ansible repos & playbooks are structured in a declarative and idempotent fashion, they are not exactly a consumable way for a network engineer to learn about the network - and you are re

16 days ago

djhoward12Ramping Up

NQE

Ansible Dynamic Inventory with Forward Networks

Forward Networks Dynamic Inventory This discussion contains the attached file ansible-fn-inventory.py and a description on how each portion of the inventory works. This was developed for our organization to use with Ansible and AWX to perform automated STIG or non-standard configuration remediation. The file ansible-fn-inventory.py is configured to query Forward Network’s most recent snapshot and is triggered by a configured webhook in forward networks once a snapshot completes successfully. Get all devices The get_devices function returns a json list of all the devices that were collected on during the most recent snapshot. Also included with each device are the model, manufacturer, os version, platform and managementIps from the collection. This function is called to add all of the devices into ansible so playbooks can be designed to make configuration changes to networking devices.def get_devices() -> list: """Returns all devices found in the latest snapshot from fwd-networks.

16 days ago

cariddirDriver

NQE

Enhancing Inventory with NQE

I have put together a query to enhance inventory by adding LDoS dates and ‘approved software’. It has greatly improved our Life Cycle Mgmt. conversations. The CSV Files reside separately in a ‘standards’ folder. (there are just too many fields to keep in the same script).The resulting output provides:Vendor | Hostname | Model | Location | Vendor LDoS Date | HW Compliance Date | Current OS | Approved OS | Compliance to OS | Replacement Mode | And more /** * @intent Inventory of all devices in FN * @description Take inventory and then cross check them against the CSV Files for SW/HW info**/ import "Home/Network Standards/01_NetworkVars/99_Support_Detailed";foreach device in network.deviceslet platform = device.platformlet snapshotInfo = device.snapshotInfoforeach entry in deviceSupportDetailwhere entry.Model == platform.modellet LDOS = entry.HW_LDoSlet STATUS = entry.LCMlet comma = ", "let ApprovedSW = entry.SW_N + comma + entry.SW_N1 + comma + entry.SW_N2let Replacement = entry.HW_Repl

16 days ago

BDrinkardRamping Up

NQE

NQE Check EC2 Instance for 'default' Security Group

Morning folks! We recently got the opportunity to leverage Forward Networks NQE for a Cyber Security ask. They want to verify that EC2 Instances are not being assigned the default Security Group. This should be a simple enough task. AWS creates the security group with the name ‘default’ so all we need to do is create an NQE Query that checks our Cloud Objects with a type of ‘instance’ and verify that the list (I’m assuming it is a list type) of security groups does not contain ‘default’. However, after reviewing the NQE Data Model I’m not convinced the ‘Cloud Objects’ are exposed in such a way we can correlate instance to security group. Can someone confirm or deny this?I do see that the instance tags are exposed as part of the ComputeInstance data model, so a workaround would be for us to edit our Terraform code so that security groups assigned to the instance are also created as tags on the instance so we can expose that correlation for consumption in NQE.

18 days ago

BDrinkardRamping Up

Product Discussions

Has anyone modeled corporate VPN?

Hey Folks!I’m looking to find out if anyone has modeled their corporate VPN access - maybe using Synthetic Devices - in such a way that allows you to search for user workflows to determine if they are allowed, and have them properly modeled as coming in through the VPN Firewall instead of at the switch VLAN. We are looking to create intent checks for access through our VPN. Happy NQEing!

1 month ago

rrogers33Ramping Up

NQE

NQE for confirming configuration within Cisco switch interfaces

Hi! Looking for help with an NQE to scan/identify configuration for all Cisco switches within a workspace that contain one of two QOS policy maps within at least one of the device interfaces. For example interface gigabitethernet1/1 service-policy output 1P7Q3T orservice-policy output 1P7Q1T Thanks

2 months ago

ebalaRamping Up

NQE

BGP advertised and received routes for Arista EOS and NXOS devices

I am trying to get the BGP advertised and received prefixes for Arista EOS and Cisco NXOA devices. I tried the below two queries and they only work for IOS and IOS-XE. devicesBGP Received routes ----------------------------------------------------------foreach device in network.devices// where device.name == "jcdwans01"where isPresent(device.bgpRib)let bgpRib = device.bgpRibforeach afiSafi in bgpRib.afiSafisforeach neighbor in afiSafi.neighborswhere isPresent(neighbor.adjRibInPost)let adjRibInPost = neighbor.adjRibInPostselect { deviceName: device.name, platform: device.platform.os, afiSafiAfiSafiName: afiSafi.afiSafiName, neighborNeighborAddress: neighbor.neighborAddress, routesCount: length(adjRibInPost.routes)}BGP advertised routes -foreach device in network.deviceswhere isPresent(device.bgpRib)let bgpRib = device.bgpRibforeach afiSafi in bgpRib.afiSafisforeach neighbor in afiSafi.neighborswhere isPresent(neighbor.adjRibOutPost)let adjRibOutPost = neighbor.adjRibOutPostforeach

3 months ago

fwd.scott.aEmployee

The Paddock 💬 👋

Is adding AI to robots a good idea?

This is both incredibly amazing and absolutely frightening. The cat is extremely out of the bag now.Boston Dynamics put a generative AI into the robot dog Spot. And there are different personalities.

3 months ago

Leaderboard

Show full leaderboard

Employee Leaderboard

Community Guidelines Cookie settings

Sign up

Already have an account? Login

Select a login option:

Welcome to the Forward Networks Community

Select a login option:

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.