24.5.0 Product Updates 

We’re excited to share the latest enhancements in the Forward platform with you! Our 24.5.0 release brings several powerful features designed to give you deeper insights, greater flexibility, and improved security for managing your network. Let’s dive into the new updates in this release:

Network Performance Dashboard

The new Network Performance Dashboard provides a detailed and interactive view of network performance metrics collected via SNMP. This dashboard enhances the digital twin of the network by integrating performance data with existing configuration and state information.

The Network Performance Dashboard includes five sub-tabs displaying critical performance metrics for devices and interfaces:

• Interface Utilization
• Interface Packet Loss
• Interface Errors
• Device CPU Utilization
• Device Memory Utilization

This comprehensive view allows for identifying and optimizing network efficiency, quick diagnosis and proactive problem resolution, and efficient resource management. Proactively detecting and addressing potential problems maintains a high-performance, reliable network infrastructure and guarantees optimal network conditions.

If you would like more information, please refer to the Dashboards page in the product document.

Custom HTTP Sources and Profiles

Previously known as External Sources, Custom HTTP Sources enhance network performance by monitoring specific data sources and profiles for HTTP data collection. This flexibility enables network operators to tailor their data collection processes to meet specific needs and optimize network performance.

Custom HTTP Sources allow operators to configure specific endpoints for HTTP data collection, ensuring that only relevant and targeted data is gathered. This results in more precise monitoring and actionable insights, making addressing network issues easier and improving overall performance.

Custom HTTP Profiles enable the creation of profiles with defined parameters and settings for data collection. These profiles allow for targeted monitoring, ensuring the data collected is pertinent to specific performance metrics and scenarios. This customization level helps optimize data collection efforts and provides a more detailed understanding of network health.

By using Custom HTTP Sources and Profiles, network operators can collect more accurate and relevant data, leading to better network optimization, proactive problem resolution, and a more reliable network infrastructure. This feature ensures that performance data is tailored to specific needs, providing actionable insights for maintaining high-performance network conditions.

For more detailed instructions, refer to the Custom Sources and Custom Profiles pages in the product documentation.

Host Security Zone Discovery

The new Host Security Zone Discovery feature enhances network security by mapping inferred end-hosts and other IP addresses to security zones based on the gateway ports they connect to. This mapping is visible in host cards, blast radius analysis, and the Network Query Engine (NQE) data model.

This feature automates the mapping process, allowing network operators to quickly identify and manage the security zones of hosts, improving security management and incident response. Understanding the security zone of each host enables more effective monitoring and protection of network segments, leading to a more secure and manageable network environment. This results in better threat detection and a stronger overall network defense strategy.

STIGs Compliance DISA CY24Q1 Update

The 24.5 release updates more than 1,400 Cisco and Juniper STIGs queries to match the Defense Information Systems Agency (DISA) January 2024 quarterly maintenance release. STIGs (Security Technical Implementation Guides) are crucial guidelines established by DISA to secure information systems and software. Following STIGs ensures that the network adheres to rigorous security standards, reduces vulnerabilities, and bolsters defenses against potential cyber threats.

This update is not just about meeting compliance requirements; it signifies a proactive strategy to protect sensitive data, maintain operational continuity, and enhance overall cybersecurity. With these latest STIGs updates, network operators can ensure their systems stay secure and robust against emerging threats.

Intent Check History Improvements

The 24.5 release significantly improves the user experience for Intent verification history. The workflow and data presentation have been enhanced to provide a more intuitive and efficient experience.

Key enhancements include:

• Searchable Timeline: Users can now search through a timeline of snapshots where the check has been enabled.
• Visual Indication: A clear visual indication of the current snapshot is provided.
• Streamlined Diffs View: The diffs view has been streamlined to focus on configuration changes, reducing noise.
• Hyperlinks: Each snapshot in the check's history includes a hyperlink for easy access. Additionally, there is a hyperlink to the Diffs application for a full Diffs view.

These improvements allow for more efficient tracking and analysis of Intent verification history, making it easier for network operators to monitor changes and ensure network integrity.

If you would like more information, please refer to the Intent Verification page in the product documentation.

Improved UX Workflow for Workspace Creation

The 24.5 release introduces improved user experience for workspace creation, particularly for troubleshooting workspaces generated from path analysis results. Workspaces created from path analysis will be retained for 1 day by default, while those created from the network dropdown will be retained for 7 days. Users can modify these retention settings at creation, including opting for a permanent status.

The “Workspace network auto-deletion days” org-wide setting has been moved to a per-workspace configuration and removed from the UI and API. This change means existing settings will automatically apply to current workspaces, ensuring they are deleted when they expire. API-created workspaces must now include a retentionDays property, or they will be considered permanent. Each workspace in the network dropdown now shows a retention countdown timer or a permanent status.

24.5.0 API Updates

Model Changes

• CreateWorkspaceNetworkRequest
  • Added optional retentionDays property.
  • Affected operation: POST /api/networks/{networkId}/workspaces
• Device
  • Added platform values: dell_os9, dell_os10.
  • Affected operations:
    • GET /api/networks/{networkId}/devices
    • GET /api/snapshots/{snapshotId}/devices
    • GET /api/snapshots/{snapshotId}/devices/{deviceName}
• DeviceSource, DeviceSourcePatch
  • Renamed type value dell_switch_ssh to dell_os6_switch_ssh.
  • Added type values: dell_os9_switch_ssh, dell_os10_switch_ssh.
  • Affected operations:
    • GET /api/networks/{networkId}/deviceSources
    • POST /api/networks/{networkId}/deviceSources
    • GET /api/networks/{networkId}/deviceSources/{deviceSourceName}
    • PUT /api/networks/{networkId}/deviceSources/{deviceSourceName}
    • PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName}
• MissingDevice
  • Renamed type and possibleTypes value dell_switch_ssh to dell_os6_switch_ssh.
  • Added type and possibleTypes values: dell_os9_switch_ssh, dell_os10_switch_ssh.
  • Affected operation: GET /api/snapshots/{snapshotId}/missingDevices
• Network, NetworkSnapshots
  • Added retentionDays property (for workspace networks only).
  • Added lastAccessedAt property.
  • Affected operations:
    • GET /api/networks
    • GET /api/networks/{networkId}/snapshots
• NetworkUpdate
  • Added retentionDays property (for workspace networks only).
  • Affected operation: PATCH /api/networks/{networkId}
• PathSearchResponse
  • Added new CO_LOCATED value for srcIpLocationType and dstIpLocationType.
  • Affected operations:
    • GET /api/networks/{networkId}/paths
    • POST /api/networks/{networkId}/paths-bulk
    • POST /api/networks/{networkId}/paths-bulk-seq
• Vulnerability
  • Added v4Score.
  • Affected operation: GET /api/snapshots/{snapshotId}/vulnerabilities

Notable Changes to Unpublished APIs

• Slack Integration Operations
  • Moved operations:
    • Removed:
      • GET /api/orgs/current/integrations/slack
      • POST /api/orgs/current/integrations/slack?test=incoming
      • POST /api/orgs/current/integrations/slack?test=outgoing
      • PATCH /api/orgs/current/integrations/slack
      • DELETE /api/orgs/current/integrations/slack
      • GET /api/orgs/current/integrations/slack/commands
      • POST /api/orgs/current/integrations/slack/commands
      • PATCH /api/orgs/current/integrations/slack/commands/{commandId}
      • DELETE /api/orgs/current/integrations/slack/commands/{commandId}
    • Added:
      • GET /api/integrations/slack
      • POST /api/integrations/slack?test=incoming
      • POST /api/integrations/slack?test=outgoing
      • PATCH /api/integrations/slack
      • DELETE /api/integrations/slack
      • GET /api/integrations/slack/commands
      • POST /api/integrations/slack/commands
      • PATCH /api/integrations/slack/commands/{commandId}
      • DELETE /api/integrations/slack/commands/{commandId}
• SNMP Integration Operations
  • Moved operations:
    • Removed:
      • GET /api/orgs/current/integrations/smtp
      • GET /api/orgs/current/integrations/smtp?view=minimal
      • POST /api/orgs/current/integrations/smtp?action=sendTestEmail
      • PUT /api/orgs/current/integrations/smtp
      • PATCH /api/orgs/current/integrations/smtp
      • DELETE /api/orgs/current/integrations/smtp
    • Added:
      • GET /api/integrations/smtp
      • GET /api/integrations/smtp?view=minimal
      • POST /api/integrations/smtp?action=sendTestEmail
      • PUT /api/integrations/smtp
      • PATCH /api/integrations/smtp
      • DELETE /api/integrations/smtp
• Custom Banner Operations
  • Moved operations:
    • Removed:
      • GET /api/orgs/current/custom-banners
      • POST /api/orgs/current/custom-banners
      • PUT /api/orgs/current/custom-banners/{bannerId}
      • DELETE /api/orgs/current/custom-banners/{bannerId}
    • Added:
      • GET /api/custom-banners
      • POST /api/custom-banners
      • PUT /api/custom-banners/{bannerId}
      • DELETE /api/custom-banners/{bannerId}
• Access Control Group Operations
  • Moved operations:
    • Removed:
      • GET /api/orgs/current/accessControlGroups
      • GET /api/orgs/current/accessControlGroups?view=names
      • POST /api/orgs/current/accessControlGroups
      • POST /api/orgs/current/accessControlGroups/{id}
      • DELETE /api/orgs/current/accessControlGroups/{id}
    • Added:
      • GET /api/access-control-groups
      • GET /api/access-control-groups?view=names
      • POST /api/access-control-groups
      • POST /api/access-control-groups/{id}
      • DELETE /api/access-control-groups/{id}

For more detailed information, refer to the 24.5.0 API Release Notes.

24.5.0 NQE Updates

What's New

• Device and DeviceHost
  • securityZones with type List<DeviceSecurityZone> is now a field.
• CloudAccount
  • The id field is now always present.
• IfaceIpv4Info and IfaceIpv6Info
  • multicastMode with type MulticastMode is now a field.
• Configuration Retrieval
  • sourceConfigText is now a function that returns the configuration linked from a value.

Improvements

• Command Modifications
  • The Command with CommandType value VERSION was modified for the OS value AVI_VANTAGE to use the command GET /api/serviceengine in the Outputs of a Device in some cases.

What’s Fixed

• SwitchedVlan
  • The value of the field accessVlan of SwitchedVlan used to be -4 in some cases. This value is now absent in those cases.

Deprecations

• VpcData
  • The field cloudType on the record VpcData is deprecated. Use the field cloudType on the record CloudAccount instead. This field will be removed in a major release.
• Built-in Functions
  • The functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated. Use the functions without the _alpha1 suffix instead. These functions will be removed in a major release.

For more detailed information, refer to the 24.5.0 NQE Release Notes .