Discussions | Community

Responding to CISA Emergency Directive 26-01: What It Means for F5 BIG-IP Devices — and How Forward Can Help

CISA issued Emergency Directive 26-01 on October 15, 2025, following the discovery of a nation-state breach involving F5 BIG-IP source code and vulnerabilities. Federal agencies must take immediate action to inventory, patch, and secure affected devices before key October and December deadlines. This post outlines what the directive requires and how Forward Enterprise helps organizations meet those requirements through network visibility, automation, and compliance verification. Who should read this postSecurity and Network Operations teams managing F5 Networks BIG-IP hardware or virtual appliances Network engineers responsible for external-facing application delivery infrastructure Risk and compliance professionals working in public-sector or enterprise environments subject to federal advisoriesWhat is covered in this postSummary of CISA Emergency Directive 26-01 and its significance Key actions required by the directive (and associated deadlines) How Forward Networks helps ag

440

5 days ago

devecisEmployee

Clean Networks Start with Clean IPs: Why IPAM is Step Zero in Network Automation

It always starts the same way. A team decides it’s time to get serious about network automation. They want to move fast, be resilient, eliminate toil, and reduce outages. Everyone’s on board. There’s talk of Python scripts, intent-based networking, even AI-powered predictions. But then someone finally asks the most basic question: “Do we actually know what IPs are in use?” Cue the awkward silence. Someone eventually mutters, “We’ve got a spreadsheet.”Honestly, I get it. I’ve been there. Most of us have. If you’ve got a few dozen devices and a small team, tracking IP allocations in Excel or Google Sheets might be enough. But once your environment scales—even modestly—that house of cards starts to wobble. Multiple admins start making updates. File shares go down. Local versions get out of sync. And suddenly, nobody knows what’s actually live in the network.Before you even think about automation, you need a reliable source of truth for your IPs. That’s where proper IP Address Management (

160

7 days ago

daveteeCommunity Manager

Scheduled Maintenance for Forward Quest

Date: 10/14/2025Time: 6:00 PM – 6:30 PM Pacific (9:00 PM – 9:30 PM Eastern)Duration: Approximately 30 minutesForward Quest will undergo scheduled maintenance this evening to improve platform performance. During this time, the site may be temporarily unavailable.Please note: Avoid starting a new Quest challenge during the maintenance window. Any active sessions may be interrupted. Thanks for competing and leveling up in Forward Quest!

11 days ago

MullersEmployee

Vulnerability Management

Graphing CVEs over time using Grafana

In this tutorial we are going to graph CVE numbers over time using the Forward API, a python script and some open-source tool. Why would you want to do this? In summary, your boss wants to see PROGRESS! He wants to see progress towards expunging CVEs from network devices. He’s a simple guy and likes a graph. Let’s see how we can go about this. At the time of writing (release 25.9) Forward Enterprise’s CVE count is based on the current CVE database. If you pull up a snapshot from a month ago, the snapshot is compared with today’s CVE database. So going back to the vulnerability pages on old snapshots will not allow you to see how many CVEs you’ve squashed as a result of all those late-night maintenance windows. In the screenshot below we can see that 8 devices are vulnerable:To solve this conundrum we need to pull data out of the API into another application for storage and graphing. We are going to use:Prometheus - a ‘time-series’ database Grafana - an observability tool. (That’s dashb

691

Integrating Forward Networks with SharePoint and/or Grafana in the cloud.

SteveBamfordDriver

Integrations

As part of my onboarding with Forward Networks, I’ve been exploring its native dashboarding capabilities. While the built-in dashboards offer useful insights, I’m not fully convinced they’ll meet the specific reporting needs of our leadership team.To address this, I’m evaluating two integration options:SharePoint: Using the Forward API to retrieve and transform data, then render dashboards tailored to our requirements directly within SharePoint. Grafana Cloud: If SharePoint proves limiting, I’ll explore leveraging our existing Grafana Cloud instance for more flexible visualization.Has anyone integrated Forward with either platform? I’d really appreciate any experiences, suggestions, or recommendations.Below is the format I think supports the SLT teams requirements.Thanks for any feedback.

842

MullersEmployee

Closing the Gaps: How Configuration Compliance Strengthens Security and Reliability

The Framework Regional Variations Determining a Device’s Region Changing Variables Based on Region Knowing the Collection State Anatomy of a test Imports Pattern Matching Function Exceptions Report Putting Tests Together Making NQE Verifications Creating Scorecards Summary Ok, so you make all your configs using Ansible or Netbox Config Templates and are feeling good that you’ve got a consistent configuration everywhere - nice! Having a solid templating system to produce standardized configs is a great first step. But once the devices have been made live on the network, how can we run in-life tests to make sure their configurations have not drifted away from the ‘golden’ one they started out with? Two general approaches might be used for this: Regenerate configs periodically and compare them with the live config. Write specific tests for parts of the configuration (security hardening measures for example) and leave the remainder unchecked. Option 1 is a fairly simple approach

210

ChristopherEmployee

Using Pattern Matching with a Regex Expression to Filter Results

You may often want to find all pattern matches within the device configuration and filter the results based on a regular expression.The following NQE query uses a regex filter as part of a two step process in the getMatch(device) function.First, we find peer-group names in a Cisco BGP configuration and stores each match in a string called groupName by matching on the pattern defined at the top of the query.Second, we iterate through each each pattern match and filter the groupName based on the regex `^PUBLIC.*(?:-4|-X)$`The regex matches a string that starts with the word “PUBLIC” and end with either “-4” or “-X”.The main foreach loop at the bottom of the query applies the function getMatch to output a list of devices along with all the matching peer group names pattern = ```router bgp {number} neighbor {groupName: string} peer-group```;getMatch(device) =foreach match in blockMatches(device.files.config, pattern)let validRegex = re`^PUBLIC.*(?:-4|-X)$`let groupName = match.data.groupNa

120

23 days ago

MullersEmployee

Forward API

Making calls to Forward API from behind a proxy

Just posting up a simple Python script that allows you to make API calls from behind a proxy that also requires authentication.I have capitalised things that you need to customise. Of course it isn’t good practice to have usernames and passwords in your script so this is just for illustrative purposes.import requestsimport base64api_user = "YourApiUser"api_pass = "YourApiPassword"api_creds = api_user + ":" + api_passapi_bytes = api_creds.encode("ascii")api_encoded = base64.b64encode(api_bytes)print(api_encoded)api_string = api_encoded.decode("ascii")proxies = { "http": "http://YourProxyUser:YourProxyPassword@ProxyServerIp:ProxyPort", "https": http://YourProxyUser:YourProxyPassword@ProxyServerIp:ProxyPort",}try: response = requests.get("https://fwd.app/api/networks", proxies=proxies, headers={"Authorization" : "Basic " + api_string}) print(response.json())except requests.exceptions.ProxyError as e: print("Proxy error:", e)

100

23 days ago

chrisnaishEmployee

CISA Emergency Directive 25‑03: Cisco ASA / Firepower Vulnerabilities

CISA just issued Emergency Directive 25‑03 mandating actions to identify and mitigate a campaign exploiting zero‑day vulnerabilities in Cisco ASA / Firepower devices. While the directive is written for federal agencies, the threat is relevant to any organization using those platforms. Below is a summary, risk assessment, and recommended mitigations — along with what Forward Networks is doing to support customers. What’s Going OnCampaign targets Cisco ASA and Firepower / FTD appliances Exploits include unauthenticated RCE and privilege escalation Persistence observed via ROM manipulation Linked to 'ArcaneDoor' activity CVEs: CVE‑2025‑20333 (RCE) and CVE‑2025‑20362 (privilege escalation) Directive mandates inventory, forensic dumps, patching, and reporting Why This Matters to Forward CustomersIf you rely on Cisco ASA, ASAv, or Firepower/FTD appliances in your network perimeter or DMZ, your infrastructure may be at risk of compromise, persistent code injections, or deeper intrusion. Becau

950

28 days ago

SteveBamfordDriver

Integrations

Integrating Forward Networks with SharePoint and/or Grafana in the cloud.

842

wenshuoRamping Up

I have created the Forwords Network account .Why I can not login this vis this link.Forward Enterprise | Forward Networks Docs

Rajesh vDriver

I see the filter function and count function shows as unknown functions in NQE query. Please help with appropriate functions for these two. I need to count the total number of interfaces in a devices and interfaces operational status DOWN in state.

372

2 months ago

Rajesh vDriver

NQE on custom command

I am running a custom command(show interface status) against all Cisco Nexus routers which will show the interface hardware SFP type.How do I get this SFP info through NQE? I am not getting the SPF printed, tried multiple was. Can anyone help me on this. foreach cliCommandResponse in endpoint.cliCommandResponsescliCommandResponse.command == "show interface status"select {endpointName: endpoint.name,command: cliCommandResponse.command,response: cliCommandResponse.response}

505

2 months ago

DarshanRamping Up

Simulate feature - BGP Peer and Route Path Changes

Could you help simulate the staging of new BGP peers, route-maps, and new routes to understand how they might impact route path behavior? I am planning to stage a change that involves adding a new link and BGP peer, with the expectation that routes will prefer the new path after the change. Can this scenario be simulated in the forward network to validate the expected behavior? So far, I’ve attempted to simulate the changes, and I can see the new/modified interfaces and the transit IPs. However, I don’t see the BGP peer. Am I missing something in the simulation process? Any guidance would be appreciated. Are there any limitation with the simulation feature.

451

3 months ago

john_hayesRamping Up

Forward NQE to Identify Unused Firewall Rules

Is it possible to write a Forward NQE query that will produce a list of firewall rules that have not been used in the last 90 / 180 / 365 days (based on hit count)? It would be helpful to have firewall name, the rule ID numbers, and last used date/time if possible.

761

4 months ago

gbaronSpotter

OS Support NQE (Forward Library)

After some digging and working with other FN personnel, it appears that the above mentioned NQE is missing all 17.12, and all 03. IOS versions in the data model for the OS Support NQE report. This was determined first by modifying an NQE to run a check against the OS Support and return violations for those IOS that are no longer supported, which would come back as failed. Good IOS would report as pass. However, the above mentioned IOSs all returned a value of “Indeterminate”. Which then made us look at the OS Support NQE itself and the devices associated with the above/below IOS versions are not listed on the report, but they are in the regular inventory. Known Affected IOS (from our known devices):03.01.0103.07.04E03.11.03a03.11.0503.11.0817.12.0317.12.0417.12.04a17.12.04b

623

4 months ago

Rohit_809 KumarSpotter

Custom Commands

Custom command format for Foritnet

we are using below format to collect the data from Fortinet firewall for custom command. endconfig globalshow system dnsshow system ntp can anyone check and confirm ,these will not impact anything ,if i remove config gloabl , than command will not run.

1289

4 months ago

Rajesh vDriver

Learn NQE

what scripting language NQE use?

953

5 months ago

john_hayesRamping Up