For many organizations, the challenge of gaining full visibility into all devices connected to their network goes beyond traditional routers, switches, and firewalls. Non-network devices—such as power controllers, printers, terminal servers and security cameras—are often left out of inventory reports, even though they can pose operational and security risks if unmanaged.

This became a critical need for one of our large financial services customers. They required a way to inventory every device on their network, including thousands of non-network endpoints still accessible via SNMP. Their goal? Replace an existing NetBrain solution and consolidate into Forward Networks as their single source of truth.

The result is the Endpoints feature—engineered to discover and report on any device Forward can authenticate to via CLI, SNMP, or API. This guide walks you through setting up SNMP Endpoints using real-world configurations and examples. With this workflow, you can generate a comprehensive inventory report in under an hour.

Prerequisites

Before you begin, ensure:

• The Forward collector (on-prem or SaaS) has IP reachability to target SNMP endpoints
   
• You have SNMPv2 or SNMPv3 credentials
   
• Licensing - SNMP endpoints use a separate, lower-cost license tier compared to modeled network devices or cloud instances. If you haven’t activated an endpoint license yet, you can use up to 10 endpoints for free. Need more? Reach out to your account team.
   

Documentation: Endpoints Setup Guide

Configuring SNMP Endpoints

Step 1: Define SNMP Credentials

Navigate to Network → Collection → Credentials → SNMP and input your SNMP credentials.

This allows Forward to authenticate to any SNMP-enabled device in your environment.

Step 2: Define SNMP Profiles

The SNMP Endpoint profile is fully customizable, where the user can decide the name of the profile, what conditions a device needs to meet in order to be classified into the profile, and what information to collect from devices matching this profile during collection

SNMP profiles define:

• The classification rules for devices (e.g., vendor/model detection)
   
• The OIDs Forward collects for reporting

Documentation: Endpoint Profiles

It returns a vendor/model signature you can map to known devices using resources like: SysObjectID database.

Given the above information, the profiles I recommend use the sysObjectId (1.3.6.1.2.1.1.2.0) as the “Type Detection”.

First Profile -  SNMP Generic

The first profile that I recommend is a generic profile that will match any SNMP collected device. Just from this profile we can get very valuable information such as:

• Hostname (SysName/SNMPName)
• IP Address (the IP that responded to the SNMP request)
• Uptime
• SNMP Contact/Location
• Vendor (Derived from sysObjectId)
• Model (Derived from sysObjectId)

While the custom profiles can be arranged in order of priority, for the most part this is only relevant within a class of device (for example, check for Custom CLI Profile A before Custom CLI Profile B, or check for Custom SNMP Profile X before SNMP profile Y).

The below list is the order of priority:

• Classic Source (Modeled Device)
• Custom CLI
• Custom HTTP
• Custom SNMP

This means that when a device is accessible via both CLI and SNMP, Forward will always prioritize the Custom CLI profile over an SNMP profile, regardless of profile order. Similarly, if the device is detected as a Classic Device (e.g., router, switch, access point) that can be fully modeled, Forward will classify it as such instead of using a custom endpoint profile—since native modeling provides richer, more detailed data.

Navigate to Collection -> Collection Settings -> Endpoint Profiles and add a SNMP-GENERIC profile using the attached SNMP-GENERIC text file.

Step 3: Perform a Discovery

Whether you are attempting to discover network or endpoint devices, the discovery is launched from the same location Sources → Discover Sources. Forward will automatically detect the devices of all types (Classic, Custom CLI, SNMP or API Endpoint) and classify them accordingly.

Documentation: Network Discovery

Step 4: Add Discovered Devices to Forward

From the discovery results - see figure above - select your SNMP endpoints and click Add to bring them into Forward.

Step 5: Perform Connectivity Tests

A connectivity test is a prerequisite for collection and serves to identify valid credentials and profiles.

• If credentials and profile are set to autodetect, Forward tests all available combinations until a match is found—or all options are exhausted.
• If either the profile or credentials are explicitly set, only the specified values are tested.
  
   

Devices must show a Connected status for collection to proceed. If the connectivity test fails, you’ll need to troubleshoot the issue. You can click the ⋯ menu to view detailed connectivity logs. If further assistance is needed, you can open a support case at support.forwardnetworks.com.

Step 6: Upload sysObjectId Data File

The sysobjectid.csv (attached below) enables NQE queries to map sysObjectId values to human-readable vendor/model information.

1. Navigate to NQE → Data Files (Org Admin required)
    
2. Upload the provided sysobjectid.csv file and name it sysobjectid
    
3. Enable the file under Sources → Data Files for your network
    

Data Files are a new feature that allows you to upload a csv, json or other structured file that can then be referenced in an NQE. Read all about them in the documentation: Data Files

Step 7: Perform a Collection

From Sources, click Take Snapshot to collect endpoint data.

Step 8: Run the NQE Inventory Report

Import the attached “Devices” NQE file to view:

• Hostname (SysName)
   
• IP Address
   
• Vendor/Model (via sysObjectId)
   
• Uptime, SNMP Contact/Location
   
• Serial and Version (when available)
   

This provides a baseline inventory across all SNMP endpoints. You may notice that the SN (serial number) column is blank and the Version field is populated but generic. This is because the NQE is currently using the Generic profile, which doesn’t include the specific OIDs needed to retrieve version and serial information.

If the version for a particular device type is embedded in the sysDescr OID (1.3.6.1.2.1.1.1), you can modify the NQE logic to extract it accordingly.

Next Steps: Expand Your Inventory Insights

Once you’ve used this report to capture basic inventory data across your SNMP endpoints, you may want to dig deeper—gathering fields like version, serial number, or other key attributes.

To get started:

• Use the sysObjectId column in the basic report to group and count unique device types in your environment.
• Create custom profiles for each device family that shares common OIDs for the data you care about (e.g., version or serial number).
   

When building a new profile for a device type that isn’t yet covered, I recommend adding 1.3.6.1, debug to the list of collected OIDs. This acts as a lightweight alternative to an SNMP walk and can help uncover available fields.

Note: There’s a 512MB response limit and the larger files can take a long time to collect. If the device exceeds this, perform a full SNMP walk outside of Forward and analyze the results manually. You can then identify the relevant OIDs and incorporate them into your profiles and NQE logic.

Attached are the profiles that helped me with my customer and should be able to help get you started.

With SNMP Endpoints, Forward Networks gives you complete visibility into every device that touches your network—not just traditional infrastructure. This enhanced inventory capability enables:

• Better asset management
   
• Faster compliance reporting
   
• More informed security postures
   

By leveraging this workflow, you can consolidate tools and eliminate blind spots in your environments.

Questions? Ask below!

Attached Resources

• Prebuilt SNMP profile text files (import-ready)
   
• sysobjectid.csv for NQE Data Files
   
• Inventory_Devices_NQE.txt query (importable into your environment)