Discussions | Community

Integrating Forward Networks with SharePoint and/or Grafana in the cloud.

SteveBamfordDriver

Integrations

As part of my onboarding with Forward Networks, I’ve been exploring its native dashboarding capabilities. While the built-in dashboards offer useful insights, I’m not fully convinced they’ll meet the specific reporting needs of our leadership team.To address this, I’m evaluating two integration options:SharePoint: Using the Forward API to retrieve and transform data, then render dashboards tailored to our requirements directly within SharePoint. Grafana Cloud: If SharePoint proves limiting, I’ll explore leveraging our existing Grafana Cloud instance for more flexible visualization.Has anyone integrated Forward with either platform? I’d really appreciate any experiences, suggestions, or recommendations.Below is the format I think supports the SLT teams requirements.Thanks for any feedback.

762

MullersEmployee

Closing the Gaps: How Configuration Compliance Strengthens Security and Reliability

The Framework Regional Variations Determining a Device’s Region Changing Variables Based on Region Knowing the Collection State Anatomy of a test Imports Pattern Matching Function Exceptions Report Putting Tests Together Making NQE Verifications Creating Scorecards Summary Ok, so you make all your configs using Ansible or Netbox Config Templates and are feeling good that you’ve got a consistent configuration everywhere - nice! Having a solid templating system to produce standardized configs is a great first step. But once the devices have been made live on the network, how can we run in-life tests to make sure their configurations have not drifted away from the ‘golden’ one they started out with? Two general approaches might be used for this: Regenerate configs periodically and compare them with the live config. Write specific tests for parts of the configuration (security hardening measures for example) and leave the remainder unchecked. Option 1 is a fairly simple approach

100

ChristopherEmployee

Using Pattern Matching with a Regex Expression to Filter Results

You may often want to find all pattern matches within the device configuration and filter the results based on a regular expression.The following NQE query uses a regex filter as part of a two step process in the getMatch(device) function.First, we find peer-group names in a Cisco BGP configuration and stores each match in a string called groupName by matching on the pattern defined at the top of the query.Second, we iterate through each each pattern match and filter the groupName based on the regex `^PUBLIC.*(?:-4|-X)$`The regex matches a string that starts with the word “PUBLIC” and end with either “-4” or “-X”.The main foreach loop at the bottom of the query applies the function getMatch to output a list of devices along with all the matching peer group names pattern = ```router bgp {number} neighbor {groupName: string} peer-group```;getMatch(device) =foreach match in blockMatches(device.files.config, pattern)let validRegex = re`^PUBLIC.*(?:-4|-X)$`let groupName = match.data.groupNa

2 days ago

MullersEmployee

Forward API

Making calls to Forward API from behind a proxy

Just posting up a simple Python script that allows you to make API calls from behind a proxy that also requires authentication.I have capitalised things that you need to customise. Of course it isn’t good practice to have usernames and passwords in your script so this is just for illustrative purposes.import requestsimport base64api_user = "YourApiUser"api_pass = "YourApiPassword"api_creds = api_user + ":" + api_passapi_bytes = api_creds.encode("ascii")api_encoded = base64.b64encode(api_bytes)print(api_encoded)api_string = api_encoded.decode("ascii")proxies = { "http": "http://YourProxyUser:YourProxyPassword@ProxyServerIp:ProxyPort", "https": http://YourProxyUser:YourProxyPassword@ProxyServerIp:ProxyPort",}try: response = requests.get("https://fwd.app/api/networks", proxies=proxies, headers={"Authorization" : "Basic " + api_string}) print(response.json())except requests.exceptions.ProxyError as e: print("Proxy error:", e)

2 days ago

chrisnaishEmployee

CISA Emergency Directive 25‑03: Cisco ASA / Firepower Vulnerabilities

CISA just issued Emergency Directive 25‑03 mandating actions to identify and mitigate a campaign exploiting zero‑day vulnerabilities in Cisco ASA / Firepower devices. While the directive is written for federal agencies, the threat is relevant to any organization using those platforms. Below is a summary, risk assessment, and recommended mitigations — along with what Forward Networks is doing to support customers. What’s Going OnCampaign targets Cisco ASA and Firepower / FTD appliances Exploits include unauthenticated RCE and privilege escalation Persistence observed via ROM manipulation Linked to 'ArcaneDoor' activity CVEs: CVE‑2025‑20333 (RCE) and CVE‑2025‑20362 (privilege escalation) Directive mandates inventory, forensic dumps, patching, and reporting Why This Matters to Forward CustomersIf you rely on Cisco ASA, ASAv, or Firepower/FTD appliances in your network perimeter or DMZ, your infrastructure may be at risk of compromise, persistent code injections, or deeper intrusion. Becau

640

8 days ago

ChristopherEmployee

Using the NQE Group Function to Group Rows with Multiple Matching Columns

You can use the NQE group function to collapse rows that have multiple matching columns.In the following example, we make a list of all devices in the network (and store in a list called data), and group all the devices in data together that have matching values for Vendor, Model, OS, and OS Version. The matching values are grouped by attributes.Note that list stored in data just has device names. We don’t actually list all the device names within the select statement. The device is the identifier for each unique element that is hidden when you use the group function. We access the list of devices in each group (within the list data) with a foreach loop in order to count the unique items and provide a total in the last column./** * @intent List devices grouped by matching Vendor, Model, OS, and Version and the total number of devices in each group. * @description List devices grouped by matching Vendor, Model, OS, and Version and the total number of devices in each group. */foreach dev

390

8 days ago

devecisEmployee

Automation

Confident Networks Don’t Happen by Accident — They’re AutomatedBeginner

When I first started working as a network engineer and later as a NOC chief, I thought the stress was just part of the job. At the time, we didn’t have network automation in place. Everything was done by hand, device by device, ACL by ACL, line by line. On paper, that sounds manageable. In practice, it was chaos.I was dealing with a global backbone—100 to 150 routers and other devices across multiple global regions and security enclaves. A single misstep could create ripple effects that spanned continents. I would triple-check my work, then pull in another engineer to look it over, then check it again before pressing “enter.” Even then, there were moments when I had no choice but to push the change and hope for the best. There’s a phrase we used back then: “full send.” It basically meant, “we’ve done everything we can—now let’s see what happens.” That’s not exactly the kind of confidence you want running critical infrastructure. But it was the reality of operating without automation. L

180

9 days ago

Squirrel0saurusRexEmployee

FBI ICS Alert - Cisco CVE-2018-0171 is actively exploited by Russian-sponsored hackers

Flagging an important warning from the FBI / IC3, and sharing resources to help you assess and reduce risk. Alert Number: I-082025-PSA - Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure The High-LevelThe FBI is alerting that Russian FSB cyber actors (aka Center 16 / “Berserk Bear” / “Dragonfly”) are actively exploiting a known vulnerability in Cisco Smart Install (SMI) — CVE-2018-0171 — to target networking devices globally. These actors are using SNMP (especially older/insecure versions v1 and v2) and unpatched / end-of-life devices to:Collect configuration files. Modify configs to insert or enable unauthorized access. Do reconnaissance inside victim networks, with particular interest in protocols & applications used in critical infrastructure / industrial control systems.The vulnerability and use of legacy/unsecured protocols make aging equipment especially risky. Even if a device is not directly breached, weak practices may allow attackers in

120

15 days ago

AricaFNEmployee

Using NQE to Ensure Explicit Deny is the Final Statement on Cisco ACLs

This NQE extracts the config for each ACL, accounting for all syntaxes used in Cisco devices. The order is determined by the line number, which is used to compare the line of the deny statement with the last line of the ACL config and returns the failures by device and ACL name.standard(config) = foreach match in patternMatches(config, `access-list {aclName:string} {!"remark"}`) group match.line as config by match.data.aclName as name select { name, config };nested(config) = foreach match in patternMatches(config, `ip access-list {string} {name:string}`) let config = (foreach line in match.line.children where !hasMatch(line.text, re`.*remark.*`) select line) select { name: match.data.name, config };foreach device in network.devicesforeach acl in standard(device.files.config) + nested(device.files.config)let maxLine = max(foreach line in acl.config select line.lineNumber)foreach line in acl.configwhere hasMatch(line.text, re`.*deny\s*ip any any.*`) &&

532

18 days ago

SteveBamfordDriver

Integrations

Integrating Forward Networks with SharePoint and/or Grafana in the cloud.

762

wenshuoRamping Up

I have created the Forwords Network account .Why I can not login this vis this link.Forward Enterprise | Forward Networks Docs

Rajesh vDriver

I see the filter function and count function shows as unknown functions in NQE query. Please help with appropriate functions for these two. I need to count the total number of interfaces in a devices and interfaces operational status DOWN in state.

322

1 month ago

Rajesh vDriver

NQE on custom command

I am running a custom command(show interface status) against all Cisco Nexus routers which will show the interface hardware SFP type.How do I get this SFP info through NQE? I am not getting the SPF printed, tried multiple was. Can anyone help me on this. foreach cliCommandResponse in endpoint.cliCommandResponsescliCommandResponse.command == "show interface status"select {endpointName: endpoint.name,command: cliCommandResponse.command,response: cliCommandResponse.response}

475

1 month ago

DarshanRamping Up

Simulate feature - BGP Peer and Route Path Changes

Could you help simulate the staging of new BGP peers, route-maps, and new routes to understand how they might impact route path behavior? I am planning to stage a change that involves adding a new link and BGP peer, with the expectation that routes will prefer the new path after the change. Can this scenario be simulated in the forward network to validate the expected behavior? So far, I’ve attempted to simulate the changes, and I can see the new/modified interfaces and the transit IPs. However, I don’t see the BGP peer. Am I missing something in the simulation process? Any guidance would be appreciated. Are there any limitation with the simulation feature.

441

2 months ago

john_hayesRamping Up

Forward NQE to Identify Unused Firewall Rules

Is it possible to write a Forward NQE query that will produce a list of firewall rules that have not been used in the last 90 / 180 / 365 days (based on hit count)? It would be helpful to have firewall name, the rule ID numbers, and last used date/time if possible.

741

3 months ago

gbaronSpotter

OS Support NQE (Forward Library)

After some digging and working with other FN personnel, it appears that the above mentioned NQE is missing all 17.12, and all 03. IOS versions in the data model for the OS Support NQE report. This was determined first by modifying an NQE to run a check against the OS Support and return violations for those IOS that are no longer supported, which would come back as failed. Good IOS would report as pass. However, the above mentioned IOSs all returned a value of “Indeterminate”. Which then made us look at the OS Support NQE itself and the devices associated with the above/below IOS versions are not listed on the report, but they are in the regular inventory. Known Affected IOS (from our known devices):03.01.0103.07.04E03.11.03a03.11.0503.11.0817.12.0317.12.0417.12.04a17.12.04b

583

3 months ago

Rohit_809 KumarSpotter

Custom Commands

Custom command format for Foritnet

we are using below format to collect the data from Fortinet firewall for custom command. endconfig globalshow system dnsshow system ntp can anyone check and confirm ,these will not impact anything ,if i remove config gloabl , than command will not run.

1239

4 months ago

Rajesh vDriver

Learn NQE

what scripting language NQE use?

863

4 months ago

john_hayesRamping Up