Product Updates

Released: 2025-01-21We are happy to announce the following enhancements to NQE as part of release 25.1.0.See also the full release notes for Forward Enterprise version 25.1.0.What’s Newendpoints of type NetworkEndpoint is now a field of Network. peerDeviceName and peerVrf are now fields of BgpNeighbor. isIPv4 is now a function. isIPv6 is now a function. The fromTo function now has an overload that accepts two values of type IpAddress. A value of type IpAddress can be inverted via -.ImprovementsThe field uptime of System is now populated for the OS value ARUBA_CX_SWITCH. The Command with CommandType value CONFIG was modified for the OS value F5 by adding 13 additional commands among various cases in the Outputs of a Device. The Command with CommandType value F5_AFM_CONFIG was modified for the OS value F5 by adding 3 additional commands among various cases in the Outputs of a Device.DeprecationsSome fields and functions are deprecated and will be removed in a future major release.Fields CloudAccount: publicUnallocatedIps Cve: criteria description severity Ethernet: negotiatedPortSpeed ExternalSources: cliSources snmpSources System: uptimeSeconds VpcData: cloudType FunctionsThe built-in functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated. They will be removed in a major release. For each function, use the version without the _alpha1 suffix instead.

API Updates for Version 25.1.0Released: 2025-01-21We’re pleased to announce the following updates to the Forward Networks API as part of release 25.1.0.See also the full release notes for Forward Enterprise version 25.1.0.Scheduled Breaking Changes Network Snapshots: The collectionFailures and parsingFailures properties of SnapshotMetrics have been removed. Use deviceCollectionFailures and deviceProcessingFailures instead. These properties were deprecated in release 24.10.0. Affected operations: GET /api/snapshots/{snapshotId}/metrics The numParsingFailureDevices property of SnapshotMetrics has been removed. Use numProcessingFailureDevices instead. This property was deprecated in release 24.10.0. Affected operations: GET /api/snapshots/{snapshotId}/metrics Network Setup: The optional type property of DeviceCredentialUpdate has been removed. It was deprecated in release 24.10.0. Affected operations: PATCH /api/networks/{networkId}/deviceCredentials/{credentialId} New OperationsUser Accounts: GET /api/users POST /api/users GET /api/users/{userId} PATCH /api/users/{userId} DELETE /api/users/{userId} Model Changes Device: Added platform value aruba_cx_switch Affected operations: GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName} DeviceCredentialUpdate: Removed the optional type property Affected operations: PATCH /api/networks/{networkId}/deviceCredentials/{credentialId} DeviceSource, DeviceSourcePatch: Added type value aruba_cx_switch_ssh Affected operations: GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName} JumpServer, JumpServerUpdate: Added commandFormat value PANORAMA Affected operations: GET /api/networks/{networkId}/jumpServers POST /api/networks/{networkId}/jumpServers PATCH /api/networks/{networkId}/jumpServers/{jumpServerId} MissingDevice: Added type and possibleTypes value aruba_cx_switch_ssh Affected operations: GET /api/snapshots/{snapshotId}/missingDevices SnapshotMetrics: Removed the collectionFailures and parsingFailures properties Removed the numParsingFailureDevices property Affected operations: GET /api/snapshots/{snapshotId}/metrics Vulnerability: Added os value aruba_cx_switch Affected operations: GET /api/snapshots/{snapshotId}/vulnerabilities

Release Date: 2024-12-17We’re excited to announce the availability of Forward Enterprise 24.12.0. This release includes significant enhancements in performance monitoring, security analysis, topology management, and platform usability.Network Performance: Alerting on IntentBuilding on the performance monitoring for intents introduced in version 24.10, we’re now adding alerting capabilities for devices and interfaces involved in an intent check when thresholds are exceeded. Key FeaturesAlerting OptionsReceive in-app notifications or email alerts when thresholds (medium or high) are crossed. Manage alert subscriptions through intent check directories under SNMP settings: Subscribing to the medium threshold includes alerts for the high threshold. Users can opt out of performance alerts and only receive connectivity alerts, preserving earlier behavior. Per-User, Per-Check NotificationsNotifications are concise and summarize multiple checks exceeding thresholds. Alerts are triggered for escalations (e.g., medium to high) but not for downgrades (e.g., high to medium). A 24-hour cool-down period ensures users are not over-notified for the same severity level.Real-Time AlertingAlerts are generated in real time during data ingestion as NPM data is received from the collector. This feature enhances control, clarity, and responsiveness for intent-based performance monitoring.Security: Vulnerabilities - CVEThe release extends config-based vulnerability analysis to include Checkpoint devices, broadening support for security insights.Topology: Hide Geographical Links by TypeUsers can now filter location-to-location links on the geographical map by type, including:IPSec links GRE links Management linksThis feature reduces clutter in network topologies, making it easier to analyze critical connections.User preferences for link visibility are stored locally in the browser. The topology link visibility setting has been removed from personal settings.Platform: Network Setup24.12 introduces a simplified workflow for adding devices, decoupling the device addition process from discovery functionality.ModelingF5: Added support for F5OS on BIG-IP Next (R-Series). 

Release Date: 2024-12-17We’re pleased to announce the following updates to the Forward Networks API as part of release 24.12.0.See also the full release notes for Forward Enterprise version 24.12.0.Scheduled Breaking ChangesNetwork SnapshotsThe following properties are deprecated and scheduled for removal in release 25.1. Use the updated properties instead:collectionFailures → Use deviceCollectionFailures parsingFailures → Use deviceProcessingFailures numParsingFailureDevices → Use numProcessingFailureDevicesAffected operation:GET /api/snapshots/{snapshotId}/metricsNetwork SetupThe type property of DeviceCredentialUpdate is deprecated and will be removed in release 25.1.Affected operation:PATCH /api/networks/{networkId}/deviceCredentials/{credentialId}Model ChangesDeviceAdded platform value: versa_switchAffected operations:GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName}DeviceSource, DeviceSourcePatchAdded type values:cisco_ndo_api versa_switch_sshAffected operations:GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName}MissingDeviceAdded type and possibleTypes value: versa_switch_sshAffected operation:GET /api/snapshots/{snapshotId}/missingDevicesVulnerabilityAdded OS value: versa_switchAffected operation:GET /api/snapshots/{snapshotId}/vulnerabilitiesNotable Changes to Unpublished APIsThe following change affects unpublished APIs (no stability guarantees):Removed GET /api/networks/{networkId}/external-sources?v=1.Alternative operations:GET /api/networks/{networkId}/end-host-scanners GET /api/networks/{networkId}/external-sources?v=2

Release Date: 2024-12-17We are happy to announce the following enhancements to NQE as part of release 24.12.0.See the full release notes for Forward Enterprise version 24.12.0.Improvements The Command with CommandType value CONFIG was updated for the OS value F5 to now use the following commands in specific cases: show running-config auth; list sys global-settings; list sys httpd; list sys log-config; list sys syslog; list security log (for CommandType value F5_AFM_CONFIG). These commands are now used in the Outputs of a Device. New CommandType values added: POLICY_TRAFFIC_SELECTORS TUNNELS_STATUS The uptime field in System is now populated for the following OS values: DELL_OS6 DELL_OS9 DELL_OS10 DeprecationsThe following fields and functions have been deprecated and are scheduled for removal in a future major release.FieldsCloudAccount: publicUnallocatedIps Cve: criteria description severity Ethernet: negotiatedPortSpeed System: uptimeSeconds VpcData: cloudType FunctionsThe following built-in functions are deprecated and will be removed in a major release. Use the corresponding functions without the _alpha1 suffix instead:blockDiff_alpha1 blockMatches_alpha1 hasBlockMatch_alpha1

 Released: 2024-11-19We’re excited to announce the release of 24.11.0, introducing impactful updates to enhance operational efficiency, streamline compliance, and bolster network security workflows. See the full release notes for Forward Enterprise version 24.11.0. What’s New:Data Analysis - End of Life data in NQE​ Topology - OSPF layer​ Security - STIGs Export in CKLB Format Security - STIGs for Palo Alto devices​ Security - CVE base score and published date​ Data Analysis - End of Life data in NQE​Understanding the lifecycle of your network infrastructure is critical for risk management and cost optimization. The first iteration of in-app EOL analysis focuses on identifying outdated operating systems for the following vendors and OSs:Cisco: IOS, IOS-XE, IOS-XR, NX-OS Arista: EOS Juniper: Junos OS Palo Alto: PAN-OSConducting a robust end-of-life (EOL) data analysis on network infrastructure can deliver significant business value:Risk Mitigation: Identify outdated OS versions and reduce potential vulnerabilities. Enhanced Security Posture: Prioritize upgrades for unsupported systems. Cost Efficiency: Optimize budgets by addressing aging infrastructure.This feature is available as a dedicated table in the Inventory+ app. Future updates will expand the analysis to additional vendors and hardware components.  Topology - OSPF layer​Visualizing network topology by protocol layers provides a focused view for enhanced troubleshooting and collaboration. The OSPF layer topology visualization is now available, with support for:Vendors: Cisco (ASA, NX-OS, IOS/IOS-XE, IOS-XR), Arista, SilverPeak, Dell SONiC, HPE, and Palo Alto.Key Benefits:Faster Troubleshooting: Isolate and resolve protocol-specific issues. Improved Visibility: Gain a clearer understanding of OSPF-specific network operations. Enhanced Collaboration: Support cross-team workflows and training with targeted views.  Security - STIGs Export in CKLB FormatCompliance with DISA’s Security Technical Implementation Guides (STIGs) is crucial for securing networks and achieving Authorization to Operate (ATO). This release introduces the ability to export STIG results in the cklb format, simplifying compliance workflows.Key Features:Automates STIG check verifications for supported devices. Exports results enriched with device-specific data (e.g., name, IP address, MAC address). Bundles results as a ZIP archive with individual cklb files for each device.The exported files are compatible with DISA’s STIG Viewer and eMASS system, streamlining the compliance process from verification to reporting.  Security - STIGs for Palo Alto devices​The release 24.11 introduces hundreds of new STIG checks in support of the STIG benchmarks for the Palo Alto devices. The specific new STIGs supported are as follows:Palo Alto Networks ALG (Application Layer Gateway) Palo Alto Networks IDPS (Intrusion Detection and Prevention System) Palo Alto Networks NDM (Network Device Management)  Security - CVE base score and published date​ Adding CVE Published Dates and CVSS Base Scores to NQE makes vulnerability management easier. These updates help security teams prioritize vulnerabilities based on severity and recency.CVE Published Date: Highlights recent vulnerabilities for prioritization. CVSS Base Score: Displays the highest available CVSS score (e.g., v4, v3, or v2).Forward Library Additions at /Forward Library/Security/CVEs/Vendorforeach cve in network.cveDatabase.cvesforeach vendorInfo in cve.vendorInfosselect { "CVE ID": cve.cveId, Vendor: vendorInfo.vendor, "Publication Date": vendorInfo.publicationDate, Severity: vendorInfo.severity, "Base Score": vendorInfo.baseScore, "Base Score V2": vendorInfo.baseScoreV2, "Base Score V3": vendorInfo.baseScoreV3, "Base Score V4": vendorInfo.baseScoreV4, Description: vendorInfo.description} 

Released: 2024-11-19We are happy to announce the following enhancements to NQE as part of release 24.11.0.See the full release notes for Forward Enterprise version 24.11.0.What's NewosSupport: Added as a field of type OsSupport in Platform. vendorInfos: Added as a field of type VendorCveInfo in Cve. Additionally, the fields criteria, description, and severity in CveProductCriteria.vendor are now deprecated. VendorCveInfo Enhancements: Added fields to provide the publication date and base severity scores of a Cve for specific vendors. accessLabelNames: Added as a field of Device. Function Updates: date: Now supports an overload from Timestamp to Date. timestamp: Now supports an overload from Duration to Timestamp. ImprovementsThe Command with CommandType value VXLAN_STATE has been updated for the OS value NXOS. It now uses the command show nve ethernet-segment in the Outputs of a Device.DeprecationsSeveral fields and functions are deprecated and will be removed in a future major release:Fields CloudAccount: publicUnallocatedIps Cve: criteria description severity Ethernet: negotiatedPortSpeed System: uptimeSeconds VpcData: cloudType FunctionsThe built-in functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated. Use the corresponding functions without the _alpha1 suffix.

We’re excited to share the latest updates and improvements in the Forward Networks API, now available in the 24.11.0 release. For complete release details, see the full release notes. Scheduled Breaking Changes Network Snapshots: The collectionFailures and parsingFailures properties have been deprecated and will be removed in release 25.1. Use deviceCollectionFailures and deviceProcessingFailures instead.Affected operations: GET /api/snapshots/{snapshotId}/metrics The numParsingFailureDevices property has been deprecated and will be removed in release 25.1. Use numProcessingFailureDevices instead.Affected operations: GET /api/snapshots/{snapshotId}/metrics Network Setup: The optional type property of DeviceCredentialUpdate is deprecated and will be removed in release 25.1.Affected operations: PATCH /api/networks/{networkId}/deviceCredentials/{credentialId}  Model Changes Device: Added collectionError value API_SERVER_FAILED_TO_RESPOND for collection from AWS. Added platform value f5_os_hypervisor.Affected operations: GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName} DeviceSource, DeviceSourcePatch: Added type value f5_os_hypervisor.Affected operations: GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName} InterfaceFunction: Added securityZone property.Affected operations: GET /api/networks/{networkId}/paths POST /api/networks/{networkId}/paths-bulk POST /api/networks/{networkId}/paths-bulk-seq InternetNodePatch: Added translations property.Affected operation: PATCH /api/networks/{networkId}/internet-node MissingDevice: Added type and possibleTypes value f5_os_hypervisor_ssh.Affected operation: GET /api/snapshots/{snapshotId}/missingDevices Vulnerability: Added os value f5_os_hypervisor.Affected operation: GET /api/snapshots/{snapshotId}/vulnerabilities  Notable Changes to Unpublished APIsThis section describes changes to API operations that are not published in the Forward Networks API documentation and therefore have no stability guarantees. It is included as a courtesy to those who may be interested.Added the deviceName property back to each connectivity test result JSON object. This property was mistakenly removed in release 24.10.Affected operation: GET /api/networks/{networkId}/connectivityTests

We’re excited to announce the release of Forward Enterprise 24.10.0! This release brings powerful features and updates to improve network performance monitoring, troubleshooting, data collection, and security compliance. For complete release details, see the full release notes. Network Performance - Monitoring on IntentWith this release, network performance monitoring is enhanced to offer Intent-based health monitoring, initially available only for Existence verifications. Users can now collect and correlate SNMP data with network configuration and state information to gain critical insights into network health, efficiency, and reliability.This monitoring tracks device and link health along paths defined in Intent verifications, alerting users when performance issues such as errors or high utilization exceed configured thresholds. By highlighting affected Intent paths, users can troubleshoot more effectively, focusing on critical areas rather than sifting through extensive device data.  By clicking on the health status, the user can explore the details for the path:  Stay tuned for alerting capabilities in the upcoming 24.11 release, which will automatically notify users when Intent health checks fail. Learn more about Performance Data collection by visiting the documentation page. Troubleshooting - Path Analysis DiffsWith Path Analysis Diffs, users can compare path search results across different snapshots to see how specific paths have evolved. This historical view allows operators to troubleshoot network changes by viewing configuration, device presence, and status differences between two snapshots.Path Analysis Diffs are especially useful in identifying unexpected changes that might impact network performance or security. By viewing side-by-side comparisons, operators gain better visibility into how their network behavior is evolving over time.  To learn more about Path Analysis, read the documentation documentation page. Dashboards - Customizable Insights DashboardThe Customizable Insights Dashboard introduces a highly personalized dashboard experience, allowing users to create dashboards tailored to specific roles, such as network engineers, security teams, or executives. Users can now:Build role-specific dashboards with panels from Forward's pre-built widgets and user-defined Scorecards. Customize layouts by resizing, rearranging, and pinning panels to match specific monitoring workflows. Save and pin multiple dashboard views to quickly access key insights from the Dashboard page.  To learn more about Dashboards, read the documentation page Integrations - Webhooks for VerificationsThe 24.10 release extends webhook support by adding notifications for Intent and NQE verifications. Users will now receive real-time updates on verification status changes, such as from pass to fail, helping to detect and address issues as soon as they arise.Additionally, this update introduces custom key-value pairs for webhooks, allowing users to add metadata such as application names, priority levels, and other classifications, making webhook notifications easier to process and organize. For more information on our system webhooks, visit the documentation page Security - STIGs Verification - Q3 update​STIGs (Security Technical Implementation Guides) are essential for aligning with Defense Information Systems Agency (DISA) security standards. This update ensures that Forward Enterprise's STIGs verification aligns with the latest Q3 DISA guidelines, helping organizations maintain compliance with stringent security measures. Data Analysis - Regex Capability for NQE Queries​Regex support in NQE enables advanced text processing within queries, adding flexibility to handle complex data extraction and pattern matching. This enhancement provides more control over data queries by enabling character-level pattern matching and capturing typed data directly within regex matches.Key Features:Regex Matching: Use regex for detailed, character-level matching to validate fields such as device names. Typed Capture Groups: Directly capture and process typed data (e.g., numbers, strings) in regex matches for greater query efficiency.For the NQE-specific release notes, click here. Collection – Custom Encryption Keys for SaaS CollectorsCollection secrets, i.e., sensitive fields in credentials such as password, SSH key, etc., are always encrypted usingAES-256 and securely stored by Forward Enterprise. Until the 24.9 release, the secrets were encrypted with ahard-coded encryption key and stored in the collector installation directory. The 24.10 release introduces support forcustom encryption keys that are unique to each collector. With the 24.10 release, the encrypted secrets are storedwithin fwd.app, and the on-premises collectors store only the unique encryption key that is used to encrypt thecollection secrets. The collection secrets are migrated to the new format transparently upon collector upgrade witha unique auto-generated encryption key for each upgraded collector. The encryption key is now user-configurable andsupports key-rotation. The 24.10.0 release also introduces native support for backup collectors via a shared encryption key with the primarycollector. Modeling​Huawei: Partial support for Huawei devices - (Interface parsing, Basic L3, and L2). Juniper: Mist AccessPoint support (no setup wizard). Additional Features​Topology - Ability to override links between port channel members. Operations - Workspace Network Setup: Optimized network setup flows  based on selected device types in workspaces. Collection - Cloud Setup: - Region-specific Internet proxy support in cloud setup. NQE Analysis - Collection and backfill times are now visible in NQE.

We’re excited to share the latest updates and improvements for NQE, now available in the 24.10.0 release. For complete release details, see the full release notes. What's New Regular Expression Support NQE now supports regular expressions, providing greater flexibility for data queries. For more details, refer to the regular expression guide. New Fields for DeviceSnapshotInfo The fields collectionTime and backfillTime have been added to DeviceSnapshotInfo, providing more granular tracking of device data collection.  Improvements NQE now includes a Command with CommandType values DEVICE_HARDWARE_INFO and INVENTORY for GENERAL_DYNAMICS_ENCRYPTOR and VIASAT_ENCRYPTOR in the Outputs of a Device. The F5_AFM_STATE command has been updated for the OS value F5 to use the bash -c 'arp -n -i mgmt'; command in the Outputs of a Device. The CONFIG command for the OS value F5 has been modified to use list sys management-route; in certain cases within the Outputs of a Device. TRANSIENT_SLOW_READ_RATE_DETECTED and SOME_OID_FAILED have been added as possible values for DeviceCollectionError to improve error reporting. Fixes Fixed an issue where some membership checks for IPv6 addresses and subnets in ipAddressSet were incorrectly returning true. These checks now correctly return false, aligning with the function’s intended support for IPv4 addresses only. Enhanced the ipv4Address pattern to parse IPv4 addresses correctly, even if an octet contains a leading zero. For example, both patternMatch("01.02.03.04", "{ipv4Address}") and patternMatch("1.2.3.4", "{ipv4Address}") now behave as expected.  Deprecations Use cloudType in CloudAccount instead of the cloudType field in VpcData. The blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 functions are deprecated. Use their counterparts without the _alpha1 suffix. The negotiatedPortSpeed field in Ethernet is deprecated. The uptimeSeconds field in System is deprecated. The publicUnallocatedIps field in CloudAccount is deprecated.

We’re excited to share the latest updates and improvements in the Forward Networks API, now available in the 24.10.0 release. For complete release details, see the full release notes. Specification ChangesOpenAPI Specification Update: Updated the OpenAPI specification from version 3.0.1 to 3.1.0. The primary change is that example values for parameters and properties are now in an examples array instead of the example property. This update also allows for improved descriptions and examples in many model properties (details here).Scheduled Breaking ChangesThe following breaking changes are scheduled for upcoming releases: Network Setup: Removed the optional decommission query parameter. Devices no longer require manual decommissioning and will stop counting toward the licensed device limit 30 days after their most recent successful collection. Affected operation: DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName} Network Snapshots: Deprecated collectionFailures and parsingFailures properties, scheduled for removal in release 25.1. Use deviceCollectionFailures and deviceProcessingFailures instead. Affected operation: GET /api/snapshots/{snapshotId}/metrics Network Snapshots: Deprecated the numParsingFailureDevices property, scheduled for removal in release 25.1. Use numProcessingFailureDevices instead. Affected operation: GET /api/snapshots/{snapshotId}/metrics Network Setup: Deprecated the optional type property of DeviceCredentialUpdate, scheduled for removal in release 25.1. Affected operation: PATCH /api/networks/{networkId}/deviceCredentials/{credentialId} New ModelsSynthetic Devices: Added SyntheticNatEntry for use with InternetNode.Model ChangesThe following models have been updated to enhance API functionality: Device Added: collectionError values TRANSIENT_SLOW_READ_RATE_DETECTED and SOME_OID_FAILED Added: platform value huawei_switch and vendor value HUAWEI Added: platform value mist_ap Removed: Extraneous platform values such as vcenter_api, nsx_t, and bluecat Affected operations: GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName} DeviceCredentialUpdate Deprecated: The type property is now optional and deprecated for removal in release 25.1. Affected operation: PATCH /api/networks/{networkId}/deviceCredentials/{credentialId} DeviceSource, DeviceSourcePatch Added: type values huawei_switch_ssh and mist_dashboard_api Affected operations: GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName} Encryptor Updated: Made the underlayConnection property optional. Affected operations: GET /api/networks/{networkId}/encryptors PUT /api/networks/{networkId}/encryptors GET /api/networks/{networkId}/encryptors/{deviceName} PUT /api/networks/{networkId}/encryptors/{deviceName} PATCH /api/networks/{networkId}/encryptors/{deviceName} InternetNode Added: translations property. Affected operations: GET /api/networks/{networkId}/internet-node PUT /api/networks/{networkId}/internet-node MissingDevice Added: type and possibleTypes values huawei_switch_ssh Removed: Extraneous type and possibleTypes values, such as vcenter_api, aws_api, and bluecat_https Affected operation: GET /api/snapshots/{snapshotId}/missingDevices NewNetworkCheck, NetworkCheckResult, NetworkCheckResultWithDiagnosis Added: perfMonitoringEnabled property. Affected operations: GET /api/snapshots/{snapshotId}/checks POST /api/snapshots/{snapshotId}/checks GET /api/snapshots/{snapshotId}/checks/{checkId} SnapshotMetrics Added: deviceCollectionFailures and deviceProcessingFailures properties Deprecated: collectionFailures and parsingFailures properties, scheduled for removal in release 25.1 Added: endpointCollectionFailures, endpointProcessingFailures, and numProcessingFailureDevices properties Deprecated: numParsingFailureDevices property, scheduled for removal in release 25.1 Affected operation: GET /api/snapshots/{snapshotId}/metrics Vulnerability Added: os value huawei_switch and vendor value HUAWEI Added: os value mist_ap Removed: Extraneous os values, such as unknown, aws_subnet, and nsx_t Affected operation: GET /api/snapshots/{snapshotId}/vulnerabilities

We’re excited to introduce the release of Forward Enterprise version 24.9.0, which brings powerful new features and enhancements designed to streamline network operations, improve security analysis, and boost data processing capabilities. Here’s an in-depth look at the latest additions: Forward AI – NQE Doc and Summary AI AssistThis release marks a significant milestone in Forward’s AI journey with the general availability of NQE Documentation (Doc) AI Assist and NQE Summary AI Assist. NQE Doc AI Assist helps users quickly access information from the NQE documentation via a natural language interface. Just ask questions about any syntax or functions, and the AI will pull the relevant answers with reference links to the documentation. Users can also engage in a conversation by asking follow-up questions.     NQE Summary AI Assist breaks down complex NQE queries, explaining what each component of a query does in plain language. This feature helps users of all experience levels to better understand existing queries, ultimately speeding up query creation and optimization.    Note: These Forward AI features are available exclusively to SaaS customers. All data used by the AI Assist tools is kept secure and confidential, stored within Forward's AWS-hosted environment. Security - Vulnerability Analysis for Palo Alto DevicesProactive vulnerability management is critical for maintaining a secure network infrastructure. With version 24.9, Forward Enterprise extends its config-based vulnerability analysis to Palo Alto devices, building on its existing vulnerability management tools.The Vulnerability Management feature helps identify and prioritize security risks based on CVEs (Common Vulnerabilities and Exposures), but it goes a step further by analyzing device configurations. This helps distinguish between potential vulnerabilities and real ones based on actual device configurations, providing a more accurate assessment of network risks. Security - STIGs Verification for Juniper DevicesSTIGs (Security Technical Implementation Guides) are essential for ensuring compliance with DISA’s stringent security guidelines. In this release, Forward Enterprise introduces the ability to use tag-based overrides for STIGs verification on Juniper devices.This is valuable for devices that might be performing non-standard roles. By using tags, users can modify the STIG verification process to align with a device's actual operational role, improving compliance and security accuracy. Data Analysis – NQE Date and Time Datatypes24.9 enhances NQE's data processing capabilities by introducing new date and time datatypes:Duration: An interval of time. Date: A calendar date. Timestamp: A down to the second record of the time of occurrence of a particular event.These new datatypes make it easier to handle time-based data in queries, providing more detailed insights into network behavior over time.

We are happy to announce the following enhancements to NQE as part of release 24.9.0.See also the full release notes for Forward Enterprise version 24.9.0.Breaking Change Announcements What's New Improvements Deprecations Breaking Change AnnouncementsThe values NETRONOME and OPENFLOW_GENERIC were removed from Vendor. The value NETRONOME_OVS_OFCTL was removed from OS. What's NewNew types have been introduced to represent a point and interval of time. See the guide on Time for more information. uptime is now a field of System. This field should be used instead of uptimeSeconds, which is deprecated. description and versionId are now fields of DevicePart. BMP_SESSION_ALREADY_ESTABLISHED is now a possible value of DeviceCollectionError. publicUnallocatedSubnets is now a field of CloudAccount. This field should be used instead of publicUnallocatedIps, which is deprecated. AWS_OUTPOST_LGW is now a possible value of RefObjType. SOME_OID_FAILED is now a possible value of DeviceCollectionError. ImprovementsThe Command with CommandType value INVENTORY was modified for the OS value CHECKPOINT in some cases. It now uses the command system_info; dmidecode; clish -c "show asset system" instead of system_info; dmidecode in the Outputs of a Device. DeprecationsThe field cloudType on the record VpcData is deprecated. Use the field cloudType on the record CloudAccount instead. The built-in functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated. Use the version of these functions without the _alpha1 suffix. The field negotiatedPortSpeed of Ethernet is deprecated and will be removed in a future release. The field uptimeSeconds of System is deprecated and will be removed in a future release. The field publicUnallocatedIps of CloudAccount is deprecated and will be removed in a future release.

We’re pleased to announce the following updates to the Forward Networks API as part of release 24.9.0.See also the full release notes for Forward Enterprise version 24.9.0.Scheduled Breaking Changes Operation Behavior Changes New Models Model Changes Scheduled Breaking Changes Networks: The lastAccessedAt property of Network and NetworkSnapshots has been removed. The secondsToExpiry property can be used instead to determine how much longer a temporary Workspace network will last without use.Affected operations: GET /api/networks GET /api/networks/{networkId}/snapshots Network Setup: In release 24.10, the optional decommission query parameter will be removed. Devices will no longer be decommissioned manually; they will automatically stop counting toward the licensed device limit 30 days after their last successful collection.Affected operation: DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName}  Operation Behavior ChangesNetwork Locations: Locations can now be set for any modeled device, including devices typically anchored to other devices (e.g., virtual contexts and wireless access points). This is possible by including the snapshotId parameter in the request URL’s query string.Affected operation: PATCH /api/networks/{networkId}/atlas  New ModelsNQE: New column filtering models introduced to support upper and/or lower bounds. BetweenColumnFilter DefaultColumnFilter  Model Changes ColumnFilter: Added the operator property.Affected operation: POST /api/nqe Device: Updates to the type and platform values. Added type value AWS_LOCAL_GW and platform value aws_local_gw Added collectionError value BMP_SESSION_ALREADY_ESTABLISHED Added platform value meraki_mrAffected operations: GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName} MissingDevice: Added type and possibleTypes value meraki_mr_api.Affected operation: GET /api/snapshots/{snapshotId}/missingDevices Network, NetworkSnapshots: Removed the lastAccessedAt property.Affected operations: GET /api/networks GET /api/networks/{networkId} GET /api/networks/{networkId}/snapshots PathHop: Added properties for additional details. Added backfilledFrom property Added deviceType value AWS_LOCAL_GWAffected operations: GET /api/networks/{networkId}/paths POST /api/networks/{networkId}/paths-bulk POST /api/networks/{networkId}/paths-bulk-seq Vulnerability: Added os values for new device types. Added os value aws_local_gw Added os value meraki_mrAffected operation: GET /api/snapshots/{snapshotId}/vulnerabilities

Released: 2024-08-22We are happy to announce the following enhancements to NQE as part of release 24.8.0.See the full NQE release notes for Forward Enterprise version 24.8.0.Breaking Change Preannouncements What’s New Improvements Deprecations Breaking Change Preannouncements Vendor Value Deprecation: The value OPENFLOW_GENERIC for Vendor is deprecated and will be removed in release 24.9. OS and Vendor Deprecation: The value NETRONOME_OVS_OFCTL for OS and the value NETRONOME for Vendor are deprecated and will be removed in release 24.9. What’s New New VLAN Field: VLAN information is now included as a field of Device. This enhancement allows you to query VLAN details more efficiently. Ethernet Speed Field Update: A new field, speedMbps, has been added to Ethernet. This field can express speeds from aggregated interfaces. The previous field negotiatedPortSpeed of Ethernet is now deprecated. DELL SONIC Support: The value DELL_SONIC is now recognized as a possible value for OS. General Dynamics and Viasat Support: The values GENERAL_DYNAMICS for Vendor and GENERAL_DYNAMICS_ENCRYPTOR for OS have been added. Additionally, VIASAT_ENCRYPTOR is now a possible value for OS. Improvements Netscaler Hostname Command: A command with CommandType value HOSTNAME now exists for the OS value NETSCALER in the Outputs of a Device. Netscaler SLB Command Modifications: Several SLB (Server Load Balancing) commands have been modified for NETSCALER: SLB_CS_VIRTUAL_SERVERS now uses show cs vserver. SLB_SERVICE_GROUPS now uses show serviceGroup -includeMembers. SLB_VIRTUAL_SERVERS now uses show lb vserver. Checkpoint Uptime Command: The command with CommandType value UPTIME for CHECKPOINT has been updated in some cases to use uptime -p. Deprecations VpcData CloudType Field: The field cloudType on the record VpcData is deprecated and will be removed in a future release. Use the cloudType field on the record CloudAccount instead. Built-in Function Deprecations: The built-in functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated and will be removed in a future release. Use the corresponding function without the _alpha1 suffix. Ethernet Port Speed Field: The field negotiatedPortSpeed of Ethernet is deprecated and will be removed in a future release. Use the new speedMbps field instead.

Released: 2024-08-22We’re pleased to announce the following updates to the Forward Networks API as part of release 24.8.0.See also the API release notes for Forward Enterprise version 24.8.0.Scheduled Breaking Changes New Operations New Models Model Changes Scheduled Breaking Changes Networks:In release 24.9, the lastAccessedAt property of Network and NetworkSnapshots will be removed. The secondsToExpiry property can be used to determine how much longer a temporary Workspace network will be available before expiration if it isn't used.Affected operations:GET /api/networks GET /api/networks/{networkId}/snapshotsNetwork Setup:In release 24.10, the optional decommission query parameter will be removed. Devices are no longer decommissioned manually. Instead, devices stop counting toward the licensed device limit 30 days after their most recent successful collection.Affected operation:DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName} New OperationsNQE Query Diffing:A new API operation has been added to identify the differences in an NQE query’s results between two snapshots of a network.New operation:POST /api/nqe-diffs/{before}/{after} New ModelsNQE Query Result Differences:NqeDiffEntry NqeDiffRequest NqeDiffResult Model ChangesCreateWorkspaceNetworkRequest:The default value for retentionDays has been changed from null (permanent) to 7 days.Affected operation:POST /api/networks/{networkId}/workspacesDevice:Added platform value dell_sonic.Affected operations:GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName}DeviceSource, DeviceSourcePatch:Added type value sonic_dell_enterprise_ssh.Affected operations:GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName}JumpServer, JumpServerUpdate:Added sshCert property to support certificate-based authentication.Affected operations:GET /api/networks/{networkId}/jumpServers POST /api/networks/{networkId}/jumpServers PATCH /api/networks/{networkId}/jumpServers/{jumpServerId}MissingDevice:Added type and possibleTypes value sonic_dell_enterprise_ssh.Affected operation:GET /api/snapshots/{snapshotId}/missingDevicesVulnerability:Added os value dell_sonic.Affected operation:GET /api/snapshots/{snapshotId}/vulnerabilities

The 24.8.0 release is now available, packed with new features designed to enhance your network management experience! Released on August 22, 2024 (SaaS) and August 29, 2024 (on-prem), this update offers a wide range of improvements—from intelligent query assistance to advanced storage management and dynamic device matching. No matter your role, there's something for everyone in this release! NQE - AI Assist Topology - Improved Visual Handling of Access Points (APs) Data Analysis - NQE-based dynamic connections for L2 VPN and Internet Nodes Access Control - Device-based Access Control - Glob support Platform - Storage Management Improvements​ Disk Space Notifications   Automatic Snapshot Invalidation Platform - Snapshot background processing improvements Additional Features NQE - AI AssistThe 24.8.0 release introduces AI Assist for NQE, a new feature that simplifies writing and managing network queries. With AI Assist, users can now generate accurate NQE queries by typing in natural language prompts without needing to understand complex query syntax. AI Assist provides intelligent suggestions, real-time error detection, and step-by-step guidance, making it accessible to users of all skill levels.For example, rather than manually building and fine-tuning a query to list all CVEs impacted every device within a network, you can use a simple prompt like, “List CVEs impacting each device,” and let NQE AI Assist do the work. This allows you quickly identify potential performance issues without spending valuable time writing complex queries. Generating an NQE query using AI Assist.AI Assist is designed with data privacy and security in mind. The model runs entirely within our platform, hosted securely in AWS, ensuring that your data remains private and is never shared externally. No data is transmitted to external services; everything stays within Forward Networks. Prompts, generated queries, and feedback are used solely to improve the accuracy of the model and enhance the feature for all users. Topology - Improved Visual Handling of Access Points (APs)We’ve implemented a new AP Bundling feature within the Topology view to manage the display of Access Points more effectively. APs are now grouped into a single node based on their upstream device connections, keeping the Topology view organized and easy to navigate. This enhancement is similar to the virtual context bundling introduced in release 24.6. AP node display settings within the Topology viewData Analysis - NQE-based dynamic connections for L2 VPN and Internet NodesL2 VPN and Internet nodes in Forward Enterprise are synthetic devices that model Layer 2 VPNs and public Internet connections. L2 VPN nodes represent virtual networks that extend Layer 2 domains across the WAN. In contrast, Internet nodes simulate the public Internet or third-party network infrastructure, enabling comprehensive path analysis across internal and external networks.Previously, L2 VPN and Internet nodes had to be manually configured and updated, which could be time-consuming and prone to errors. With the 24.8.0 release, we have introduced support for NQE-based dynamic connections for these synthetic devices. This enhancement enables users to associate NQE queries with L2 VPN and Internet nodes, allowing them to be automatically updated with each new snapshot. Configuring an L2 VPN synthetic device For more information, visit the documentation pages for L2 VPN and Internet nodes. Access Control - Device-based Access Control - Glob supportIn the 24.8.0 release, we’ve enhanced the process for managing device access labels by introducing dynamic device matching using glob patterns. With dynamic device matching, devices are automatically added to device access labels based on name patterns. For example, using a pattern like DNA* will automatically include devices such as DNA-SW-01 in the relevant label. This process allows for a more flexible approach to managing devices, as you can now choose between static (manual) selection and dynamic-match (pattern-based) when adding devices to a label. Adding dynamic devices to a device access label.Platform - Storage Management Improvements​ Disk Space NotificationsWe’ve introduced several enhancements to improve disk space management and storage efficiency across the platform. Users will now receive notifications when disk usage reaches critical thresholds. These notifications, which appear both in-app and via email, alert users when disk space is low, or the system enters into read-only mode due to insufficient space. Additionally, the System Overview page now includes a disk usage status, providing a clear view of disk usage for each node. Disk-usage threshold settings within Notifications settings Automatic Snapshot InvalidationTo optimize storage, the platform now automatically removes derived data from snapshots that haven’t been accessed in 30 days, helping to manage storage more efficiently. While the associated data is deleted to free up disk space, the original snapshots are preserved and can be reprocessed at any time if needed. Users can adjust the expiration period according to their requirements, with favorited snapshots being exempt from this process to ensure that essential data is retained. Platform - Snapshot background processing improvementsWith the 24.8.0 release, we've made it easier to manage snapshots by enabling background processing by default. The platform now reprocesses snapshots automatically, ensuring they are always up to date without needing manual input. This helps reduce workload and keeps historical data relevant.Additionally, there is now the option to configure the number of days for which background snapshot reprocessing is enabled. This feature is particularly beneficial for those who need to maintain a specified amount of historical data available for reporting or compliance purposes. Additional FeaturesUI - Migration of the file editor to Monaco: The file editor has been migrated to Monaco, a more robust and user-friendly code editor. This migration enhances the editing experience by providing better syntax highlighting, error detection, and improved overall usability for users editing configuration files or NQE queries. Search - Traffic defaults have been added for TCP_Flags and IP_FRAG Offsets. Collection - Added support for certificate-based authentication for port forwarding jump servers. NQE - Data model updates with additions such as VLAN entries and port speed. 

Breaking Change AnnouncementsChange: The OS value DELL has been updated to DELL_OS6.Breaking Change PreannouncementsChange: The Vendor value OPENFLOW_GENERIC is deprecated and will be removed in release 24.9. Change: The OS value NETRONOME_OVS_OFCTL and Vendor value NETRONOME are deprecated and will be removed in release 24.9.What's NewNew Feature: Declarations can now include return type annotations. New OS and Vendor Values: DELL_OS9 is now a value for both OS and Vendor. New OS and Vendor Values: DELL_OS10 is now a value for both OS and Vendor.ImprovementsType Annotations: Any function can now have parameter type annotations. Previously, this was only possible with an exported declaration or a parameterized query. Optional Record Fields: Improved handling of optional record fields when considering record subtyping. One record type can now be a subtype of another even if it omits optional fields of the other. For example, { iface: String } is now a subtype of { iface: String, vlan?: Number }. Command Modification for PAN_OS: The command with CommandType value VIRTUAL_CONTEXTS for the OS value PAN_OS now uses the command set system setting target-vsys ? in some cases. Command Modification for FORTINET, CHECKPOINT, and F5: The command with CommandType value VERSION for the OS value FORTINET no longer uses get sys per status | grep Uptime. Instead, UPTIME is now a possible CommandType value using get sys per status. The OS values CHECKPOINT and F5 also use this CommandType with the commands show uptime for CHECKPOINT and either bash -c uptime or uptime for F5.DeprecationsVpcData Field: The field cloudType on the record VpcData is deprecated and will be removed in a major release. Use the cloudType field on the record CloudAccount instead. Deprecated Functions: The built-in functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated and will be removed in a major release. Use the versions of these functions without the _alpha1 suffix.

Scheduled Breaking Changes Networks: Change: In release 24.9, the lastAccessedAt property will be removed from Network and NetworkSnapshots. Replacement: Use secondsToExpiry instead. Affected Operations: GET /api/networks GET /api/networks/{networkId}/snapshots Network Setup: Change: In release 24.10 the optional decommission query parameter will be removed. New Behavior: Devices automatically stop counting toward the licensed device limit 30 days after their last successful collection. Affected Operations: DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName} Query Parameter Changes Path Search: Change: Added the from parameter. Affected Operation: GET /api/networks/{networkId}/paths Network Setup: Change: The decommission parameter is now ignored. New Behavior: Devices automatically stop counting toward the licensed device limit 30 days after their last successful collection. Affected Operation: DELETE /api/networks/{networkId}/deviceSources/{deviceSourceName} Model Changes CollectorState: Change: Removed hasDevicesConfigured, isOnline, and isIdle. Affected Operations: GET /api/networks/{networkId}/collector/status Device: Change: Added platform value cisco_wireless. Affected Operations: GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName} DeviceSource and DeviceSourcePatch: Changes: Added type values checkpoint_ssh_nonexpert and cisco_wireless_api. Affected Operations: GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName} JumpServer and JumpServerUpdate: Change: Added sshKey property. Affected Operations: GET /api/networks/{networkId}/jumpServers POST /api/networks/{networkId}/jumpServers PATCH /api/networks/{networkId}/jumpServers/{jumpServerId} MissingDevice: Changes: Added type and possibleTypes values checkpoint_ssh_nonexpert and cisco_wireless_api. Affected Operation: GET /api/snapshots/{snapshotId}/missingDevices NqeCheck: Change: Removed the commitId property. Affected Operations: GET /api/snapshots/{snapshotId}/checks POST /api/snapshots/{snapshotId}/checks PATCH /api/snapshots/{snapshotId}/checks/{checkId} NqeQueryRunRequest: Change: Made the commitId property required for deleted NQE queries. Affected Operation: POST /api/nqe PathSearchQuery: Change: Added the from property. Affected Operations: POST /api/networks/{networkId}/paths-bulk POST /api/networks/{networkId}/paths-bulk-seq Vulnerability: Change: Added os value cisco_wireless. Affected Operation: GET /api/snapshots/{snapshotId}/vulnerabilities Notable Changes to Unpublished APIs Device Decommissioning: Change: Removed support for device decommissioning. Removed: POST /api/licensed-devices?action=decommission License Retrieval: Change: Moved operation for license retrieval. Removed: GET /api/license Added: GET /api/licenses License Activation (On-Prem Deployments Only): Change: Moved operation for license activation. Removed: PUT /api/vm/activeLicense Added: POST /api/licenses

We're thrilled to introduce the Forward Networks 24.7.0 release. This update brings new features and improvements designed to increase usability, efficiency, and integration capabilities for our users. Let’s dive into the new updates in this release:NQE - New Query Editor Integrations - Custom Webhook Payloads Search - Limit Search Results by Location: Focusing on Relevant Data RBAC - Resource-Based Access Control: Granular Permissions Management Discovery - Optimizations for Extremely Large Subnets: Enhancing Performance Collection - Backfill Device Data When Collection Fails: Ensuring Data Availability Modeling - NQE-Based Dynamic Connections for Intranet Nodes: Automating Network Changes NQE - New Query EditorThe Network Query Engine (NQE) has received a significant upgrade with a new query editor! This editor retains the familiar look and feel and introduces several powerful features to streamline query writing and improve user experience.Mini Map: Provides a bird's-eye view of the entire query, making it easier to navigate large queries quickly. Error Markers in the Scrollbar: This feature highlights errors directly in the scrollbar, allowing users to quickly identify and address issues without scrolling through the entire document. Fully Featured Find and Replace: Enhances the search and replace functionality with advanced options, making managing and editing queries easier. Vertical Rulers at the Indentation Level: Improves code readability by visually aligning indentation levels. Collapsible Sections Based on Indentation: This feature enables users to collapse and expand sections of the query, simplifying navigation and allowing them to focus on specific parts. Sticky Scrolling Based on Indentation: Keeps relevant sections visible while scrolling, improving readability. "More Actions" Button: Offers a range of actions and maintains a history of changes for easy reference. Autocompletion of Variable Names: Speeds up query writing with intelligent suggestions for variable names. Font Size Adjustment with Persistence: This option allows you to customize the editor's font size, with settings retained across sessions.These upgrades make the NQE editor a powerhouse for writing and managing queries, helping you get more done with less effort. View of the new NQE editor Integrations - Custom Webhook PayloadsThe 24.7.0 release enhances Forward Enterprise's integration capabilities by introducing advanced customization options for webhook payloads. You can now tailor webhook payloads to your specific needs, supporting both JSON and plain text formats.Key Features:Advanced Customization: Users can modify existing JSON keys, create new key/value pairs, and incorporate supported variables into custom strings. Flexible Configuration: This flexibility enables seamless embedding of Forward Enterprise into diverse automation workflows, significantly improving operational efficiency and integration versatility.These enhancements empower users to create highly customized and dynamic configurations, facilitating smoother and more efficient integration with other systems. Configuring a custom webhook Search - Limit Search Results by Location: Focusing on Relevant DataUsers often need to tailor search results to specific areas within their network. The 24.7 release introduces the ability to limit search results by location, allowing users to constrain the search engine to a chosen location. Enhanced Search Capabilities: This feature lets users focus on results pertinent to a specific area, improving search relevance and efficiency. Improved Network Management: Users can ensure accurate placement within the global topology and easily find relevant information by assigning specific locations to devices.This long-requested feature helps users better manage their network layouts and quickly find the necessary data. Example of limiting search results by location RBAC - Resource-Based Access Control: Granular Permissions ManagementForward Networks introduces a new resource-based access control (RBAC) approach in the 24.7.0 release. This approach provides more granular permissions by separating the role and functions a user can access from the ability to view and download raw collected data.Granular Access Control: Users can now grant or deny access to the raw collected data of specific resources, such as classic network devices, VCenters, and managed wireless controllers. Maintains Existing Roles: The original five roles (Org Admin, Network Admin, Network Operator, Read-Only, Limited Read-Only) are retained while adding the ability to control access at a more detailed level.This new RBAC structure offers a higher level of control and security, ensuring that sensitive information is only accessible to authorized users. Viewing a device config access policy Discovery - Optimizations for Extremely Large Subnets: Enhancing PerformanceThe 24.7.0 release brings significant performance improvements to the discovery process, especially for large and sparsely populated subnets.Increased Scan Rate: The scan rate, configurable under Advanced Network Collection settings, now defaults to 2,000 connections per second. Customizable Port Scanning: Users can customize the ports to be scanned using the Subnet Scan Wizard.These enhancements ensure that Forward Enterprise continues to lead in efficiency and adaptability, meeting the demands of the most challenging network environments. Collection - Backfill Device Data When Collection Fails: Ensuring Data AvailabilityIn large networks, it is common for some devices to fail during data collection. The 24.7.0 release introduces a feature that allows Org admins to backfill data for failed devices using the last good processed data available.Data Backfill: The system can use the last good data for devices that fail collection, keeping them available for analysis. Configurable Max Backfill Age: Org Admins can set the max backfill age to 5 days.This feature ensures that the system remains comprehensive and up-to-date, even when some devices fail to collect data.Example of a device using backfilled dataModeling - NQE-Based Dynamic Connections for Intranet Nodes: Automating Network ChangesThe 24.7.0 release introduces a significant improvement to the management of Intranet synthetic nodes by enabling NQE-based dynamic connections.Dynamic Updates: Users can now associate an NQE query with the Intranet synthetic node, which will automatically update node connections based on network changes at each new snapshot. Example Queries: Forward Enterprise provides examples of NQE queries to help users leverage this key improvement.This feature automates the maintenance of Intranet nodes, reducing manual efforts and ensuring accurate network modeling. Configuring Intranet nodes via NQE-based connections 

24.5.0 Product Updates  We’re excited to share the latest enhancements in the Forward platform with you! Our 24.5.0 release brings several powerful features designed to give you deeper insights, greater flexibility, and improved security for managing your network. Let’s dive into the new updates in this release:Network Performance Dashboard Custom HTTP Sources and Profiles Host Security Zone Discovery STIGs Compliance DISA CY24Q1 Update Intent Check History Improvements Improved UX Workflow for Workspace Creation 24.5.0 API Updates 24.5.0 NQE Updates Network Performance Dashboard The new Network Performance Dashboard provides a detailed and interactive view of network performance metrics collected via SNMP. This dashboard enhances the digital twin of the network by integrating performance data with existing configuration and state information.The Network Performance Dashboard includes five sub-tabs displaying critical performance metrics for devices and interfaces:Interface Utilization Interface Packet Loss Interface Errors Device CPU Utilization Device Memory UtilizationThis comprehensive view allows for identifying and optimizing network efficiency, quick diagnosis and proactive problem resolution, and efficient resource management. Proactively detecting and addressing potential problems maintains a high-performance, reliable network infrastructure and guarantees optimal network conditions.  If you would like more information, please refer to the Dashboards page in the product document. Custom HTTP Sources and Profiles Previously known as External Sources, Custom HTTP Sources enhance network performance by monitoring specific data sources and profiles for HTTP data collection. This flexibility enables network operators to tailor their data collection processes to meet specific needs and optimize network performance. Custom HTTP Sources allow operators to configure specific endpoints for HTTP data collection, ensuring that only relevant and targeted data is gathered. This results in more precise monitoring and actionable insights, making addressing network issues easier and improving overall performance. Custom HTTP Profiles enable the creation of profiles with defined parameters and settings for data collection. These profiles allow for targeted monitoring, ensuring the data collected is pertinent to specific performance metrics and scenarios. This customization level helps optimize data collection efforts and provides a more detailed understanding of network health.  By using Custom HTTP Sources and Profiles, network operators can collect more accurate and relevant data, leading to better network optimization, proactive problem resolution, and a more reliable network infrastructure. This feature ensures that performance data is tailored to specific needs, providing actionable insights for maintaining high-performance network conditions. For more detailed instructions, refer to the Custom Sources and Custom Profiles pages in the product documentation. Host Security Zone Discovery The new Host Security Zone Discovery feature enhances network security by mapping inferred end-hosts and other IP addresses to security zones based on the gateway ports they connect to. This mapping is visible in host cards, blast radius analysis, and the Network Query Engine (NQE) data model.This feature automates the mapping process, allowing network operators to quickly identify and manage the security zones of hosts, improving security management and incident response. Understanding the security zone of each host enables more effective monitoring and protection of network segments, leading to a more secure and manageable network environment. This results in better threat detection and a stronger overall network defense strategy. STIGs Compliance DISA CY24Q1 Update The 24.5 release updates more than 1,400 Cisco and Juniper STIGs queries to match the Defense Information Systems Agency (DISA) January 2024 quarterly maintenance release. STIGs (Security Technical Implementation Guides) are crucial guidelines established by DISA to secure information systems and software. Following STIGs ensures that the network adheres to rigorous security standards, reduces vulnerabilities, and bolsters defenses against potential cyber threats.This update is not just about meeting compliance requirements; it signifies a proactive strategy to protect sensitive data, maintain operational continuity, and enhance overall cybersecurity. With these latest STIGs updates, network operators can ensure their systems stay secure and robust against emerging threats. Intent Check History Improvements The 24.5 release significantly improves the user experience for Intent verification history. The workflow and data presentation have been enhanced to provide a more intuitive and efficient experience.Key enhancements include:Searchable Timeline: Users can now search through a timeline of snapshots where the check has been enabled. Visual Indication: A clear visual indication of the current snapshot is provided. Streamlined Diffs View: The diffs view has been streamlined to focus on configuration changes, reducing noise. Hyperlinks: Each snapshot in the check's history includes a hyperlink for easy access. Additionally, there is a hyperlink to the Diffs application for a full Diffs view.These improvements allow for more efficient tracking and analysis of Intent verification history, making it easier for network operators to monitor changes and ensure network integrity.  If you would like more information, please refer to the Intent Verification page in the product documentation. Improved UX Workflow for Workspace Creation The 24.5 release introduces improved user experience for workspace creation, particularly for troubleshooting workspaces generated from path analysis results. Workspaces created from path analysis will be retained for 1 day by default, while those created from the network dropdown will be retained for 7 days. Users can modify these retention settings at creation, including opting for a permanent status. The “Workspace network auto-deletion days” org-wide setting has been moved to a per-workspace configuration and removed from the UI and API. This change means existing settings will automatically apply to current workspaces, ensuring they are deleted when they expire. API-created workspaces must now include a retentionDays property, or they will be considered permanent. Each workspace in the network dropdown now shows a retention countdown timer or a permanent status.  24.5.0 API Updates Model ChangesCreateWorkspaceNetworkRequest Added optional retentionDays property. Affected operation: POST /api/networks/{networkId}/workspaces Device Added platform values: dell_os9, dell_os10. Affected operations: GET /api/networks/{networkId}/devices GET /api/snapshots/{snapshotId}/devices GET /api/snapshots/{snapshotId}/devices/{deviceName} DeviceSource, DeviceSourcePatch Renamed type value dell_switch_ssh to dell_os6_switch_ssh. Added type values: dell_os9_switch_ssh, dell_os10_switch_ssh. Affected operations: GET /api/networks/{networkId}/deviceSources POST /api/networks/{networkId}/deviceSources GET /api/networks/{networkId}/deviceSources/{deviceSourceName} PUT /api/networks/{networkId}/deviceSources/{deviceSourceName} PATCH /api/networks/{networkId}/deviceSources/{deviceSourceName} MissingDevice Renamed type and possibleTypes value dell_switch_ssh to dell_os6_switch_ssh. Added type and possibleTypes values: dell_os9_switch_ssh, dell_os10_switch_ssh. Affected operation: GET /api/snapshots/{snapshotId}/missingDevices Network, NetworkSnapshots Added retentionDays property (for workspace networks only). Added lastAccessedAt property. Affected operations: GET /api/networks GET /api/networks/{networkId}/snapshots NetworkUpdate Added retentionDays property (for workspace networks only). Affected operation: PATCH /api/networks/{networkId} PathSearchResponse Added new CO_LOCATED value for srcIpLocationType and dstIpLocationType. Affected operations: GET /api/networks/{networkId}/paths POST /api/networks/{networkId}/paths-bulk POST /api/networks/{networkId}/paths-bulk-seq Vulnerability Added v4Score. Affected operation: GET /api/snapshots/{snapshotId}/vulnerabilities Notable Changes to Unpublished APIsSlack Integration Operations Moved operations: Removed: GET /api/orgs/current/integrations/slack POST /api/orgs/current/integrations/slack?test=incoming POST /api/orgs/current/integrations/slack?test=outgoing PATCH /api/orgs/current/integrations/slack DELETE /api/orgs/current/integrations/slack GET /api/orgs/current/integrations/slack/commands POST /api/orgs/current/integrations/slack/commands PATCH /api/orgs/current/integrations/slack/commands/{commandId} DELETE /api/orgs/current/integrations/slack/commands/{commandId} Added: GET /api/integrations/slack POST /api/integrations/slack?test=incoming POST /api/integrations/slack?test=outgoing PATCH /api/integrations/slack DELETE /api/integrations/slack GET /api/integrations/slack/commands POST /api/integrations/slack/commands PATCH /api/integrations/slack/commands/{commandId} DELETE /api/integrations/slack/commands/{commandId} SNMP Integration Operations Moved operations: Removed: GET /api/orgs/current/integrations/smtp GET /api/orgs/current/integrations/smtp?view=minimal POST /api/orgs/current/integrations/smtp?action=sendTestEmail PUT /api/orgs/current/integrations/smtp PATCH /api/orgs/current/integrations/smtp DELETE /api/orgs/current/integrations/smtp Added: GET /api/integrations/smtp GET /api/integrations/smtp?view=minimal POST /api/integrations/smtp?action=sendTestEmail PUT /api/integrations/smtp PATCH /api/integrations/smtp DELETE /api/integrations/smtp Custom Banner Operations Moved operations: Removed: GET /api/orgs/current/custom-banners POST /api/orgs/current/custom-banners PUT /api/orgs/current/custom-banners/{bannerId} DELETE /api/orgs/current/custom-banners/{bannerId} Added: GET /api/custom-banners POST /api/custom-banners PUT /api/custom-banners/{bannerId} DELETE /api/custom-banners/{bannerId} Access Control Group Operations Moved operations: Removed: GET /api/orgs/current/accessControlGroups GET /api/orgs/current/accessControlGroups?view=names POST /api/orgs/current/accessControlGroups POST /api/orgs/current/accessControlGroups/{id} DELETE /api/orgs/current/accessControlGroups/{id} Added: GET /api/access-control-groups GET /api/access-control-groups?view=names POST /api/access-control-groups POST /api/access-control-groups/{id} DELETE /api/access-control-groups/{id} For more detailed information, refer to the 24.5.0 API Release Notes. 24.5.0 NQE Updates What's NewDevice and DeviceHost securityZones with type List<DeviceSecurityZone> is now a field. CloudAccount The id field is now always present. IfaceIpv4Info and IfaceIpv6Info multicastMode with type MulticastMode is now a field. Configuration Retrieval sourceConfigText is now a function that returns the configuration linked from a value. ImprovementsCommand Modifications The Command with CommandType value VERSION was modified for the OS value AVI_VANTAGE to use the command GET /api/serviceengine in the Outputs of a Device in some cases. What’s FixedSwitchedVlan The value of the field accessVlan of SwitchedVlan used to be -4 in some cases. This value is now absent in those cases. DeprecationsVpcData The field cloudType on the record VpcData is deprecated. Use the field cloudType on the record CloudAccount instead. This field will be removed in a major release. Built-in Functions The functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated. Use the functions without the _alpha1 suffix instead. These functions will be removed in a major release. For more detailed information, refer to the 24.5.0 NQE Release Notes . 

24.4.0 - Apr 11Released: 2024-04-11We’re pleased to announce the following updates to the Forward Networks API as part of release 24.4.0.See also the full release notes for Forward Enterprise version 24.4.0.Breaking change preannouncements​BUG-9714 NQE: In release 24.7, the commitId property of NqeQueryRunRequest will be required in conjunction with queryId to run a query that has been deleted from the Org repository. Affected operation: POST /api/nqe Specification changes​BUG-10631 Authentication: Renamed the Basic authentication security scheme ("Email/Password" → "api_token") to eliminate a specification validation error. API behavior did not change.Retired operations​ FWD-31290 Network Devices: GET /api/snapshots/…/devices (deprecated since release 23.11) GET /api/snapshots/{snapshotId}/devices → GET /api/networks/{networkId}/devices FWD-31298 Path Search: GET /api/snapshots/…/paths (deprecated since release 23.9) GET /api/snapshots/{snapshotId}/paths → GET /api/networks/{networkId}/paths[?snapshotId={snapshotId}] POST /api/snapshots/{snapshotId}/pathsBulk → POST /api/networks/{networkId}/paths-bulk[?snapshotId={snapshotId}] POST /api/snapshots/{snapshotId}/pathsBulkSeq → POST /api/networks/{networkId}/paths-bulk-seq[?snapshotId={snapshotId}] Model changes​ CollectorState FWD-36440 Deprecated the hasDevicesConfigured, isOnline, and isIdle properties for removal in release 24.7 Affected operations: GET /api/networks/{networkId}/collector/status ExistsCheck FWD-35330 Removed the andBack property (deprecated since release 24.1) FWD-35397 Designated checkType as required (for IsolationCheck and ReachabilityCheck too) Affected operations: GET /api/snapshots/{snapshotId}/checks POST /api/snapshots/{snapshotId}/checks GET /api/snapshots/{snapshotId}/checks/{checkId}

24.4.0 - Apr 11Released: 2024-04-11We are happy to announce the following enhancements to NQE as part of release 24.4.0.See the full release notes for Forward Enterprise version 24.4.0.What's New​FWD-34895 - The field uptimeSeconds is now present for devices with OS value F5. BUG-10638 - On Cisco devices, switches within a stack are listed with STACK_SWITCH part type. Also STACK_MODULE is now a possible value of type [DevicePartType](../../../nqe/data-model/type_deviceparttype. md). FWDN-9239 - id, email, and collected are now fields of CloudAccount. The cloudAccounts field of the [Network](../../.. /nqe/data-model/type_network.md) type now includes accounts that are visible based on the configured Cloud Setups but which were not collected. These accounts will have their collected field value set to false. FWDN-9031 - The field organizationalUnitIds is now populated for cloud objects with CloudType value GCP. FWD-35872 - Co-located hosts are now listed in the colocatedAddresses field of DeviceHost. A Co-located host of a host is a /32 IPv4 or /128 IPv6 address which appears as a route in a gateway with a next hop owned by the host.Improvements​FWD-36500 - A Command with CommandType value AP_ESSID now exists for the OS value IOS_XE in the Outputs of a Device. BUG-10825 - A Command with CommandType value NDP_TABLE now exists for the OS value NXOS (when the device is in ACI mode) in the Outputs of a Device.Deprecations​The field cloudType on the record VpcData is deprecated. This field will be removed in a major release. Use the field cloudType on the record CloudAccount instead. The built-in functions blockDiff_alpha1, blockMatches_alpha1, and hasBlockMatch_alpha1 are deprecated. They will be removed in a major release. For each function, use instead the function without the _alpha1 suffix.

We're thrilled to roll out the red carpet for the new 24.4 release! This latest update significantly enhances some key features and introduces an innovative dashboard for tracking a network’s health and performance. 24.4 is now available for both SaaS and on-prem deployments. Here’s an overview of what to expect for this release: Insights DashboardThe new Insights Dashboard centralizes all dashboards and essential data into a single integrated view of your network's key metrics. Designed to be intuitive, it delivers role-specific insights tailored to the unique aspects of the networks you manage, incorporating data from various sources, including external ones.The dashboard includes a dropdown to select which Snapshot to display and breaks the dashboard up into several key sections:Vulnerabilities and Verifications: Provides key CVE metrics, a list of the top 10 CVEs (by configuration and OS version), and total active verifications. KPIs and Scorecards: Displays scores and metrics from the KPI and Scorecards dashboard. Lay of the Land: This section offers an infrastructure overview, highlighting cloud accounts, compute instances, vendor-specific device counts, connection stats, and other vital network metrics.  Screenshot displaying the Insights Dashboard You can find the Insights dashboard by selecting the Dashboards icon from the navigation bar. If you would like more information about the Insights dashboard, you can visit our documentation page. Diffs – Automated DiffsChange is constant, and with Automated Diffs, you’ll never miss what’s new after an update. Automated Diff reports are triggered with each new Snapshot and provides a summary of the changes made, such as device configs, IP routes, interfaces, VLANs, links, and devices. Users can select which networks to subscribe to within the Notifications page. Screenshot displaying the Diffs tab within the Notifications page. Navigate to the Diffs tab on the Notifications page to get started. If you would like more information about automated Diff notifications, you can visit our documentation page. Backup & Restore – S3 BackupsWe've improved the S3-compatible storage backup setup, introducing new functionalities like immutable backups and bucket ownership override for enhanced data security and management flexibility.Immutable backups: A new option is now available when configuring S3 buckets. When enabled, selected S3 buckets will enforce external management of backup retention. Bucket ownership override: Users can now assert ownership of an S3 bucket during setup if already claimed by another Forward Cluster.Screenshot displaying the configuration of an S3 bucket with immutable backups enabled If you would like more information about setting up S3-compatible storage, you can visit our documentation page. Snapshot MergingA new workflow has been added to easily merge previously exported Snapshots with the latest Snapshot of a network. This facilitates an all-encompassing view of separate network enclaves, ensuring seamless network data integration. Additional options for handling duplicate device data between Snapshots have been introduced; these are:Override with imported data: Replaces existing duplicate device data with data from the imported snapshot. Ignore import and preserve existing device data: Keeps the current device data intact, disregarding duplicate data from imports. Abort if there are merge conflicts: Cancels the merge if conflicting data is found and provides a list of the detected conflicts. Screenshot displaying the “Merge with latest Snapshot” tab within Import Snapshots. To start merging Snapshots, navigate to the Snapshot Selection dropdown and select Import Snapshot at the bottom. For more information regarding Snapshot management, visit our documentation page.

We are proud to announce the release of version 24.3, a feature-packed update focusing on advanced functionality and user-centric improvements. This release delivers powerful enhancements to some of our major features and adds additional vendor support for Meraki MX & MS and NSX-T. Here's an overview of what’s new: NQE Query History NQE Query History enhances how you interact with your NQE queries. This advanced functionality not only allows you to access and view the entire history of your queries but also brings forth tools to compare and test different versions effortlessly. Gone are the days of juggling multiple saved versions of a query, as Query History introduces a streamlined approach to revising and optimizing your queries. Screenshot comparing two versions of a NQE QueryKey Enhancements:Version Tracking: Easily navigate through the historical timeline of your queries, understanding each modification and its impact. Comparative Analysis: Utilize the versatile comparison views - the Unified View merges changes for a quick overview, while the Split View offers a detailed, side-by-side comparison of different versions, highlighting the evolution of your queries. Efficient Testing: Directly test any version of your query from the history, viewing results in real-time to assess the effectiveness and accuracy of different iterations. To learn more about NQE, visit the documentation page. NQE Data ModelThe NQE Data Model now boasts a more intuitive search experience, adding key device classification fields and interface details, enhancing your ability to understand and leverage your network's schema. This upgrade brings clarity and depth, ensuring critical data is at your fingertips when creating your own NQE queries. Screenshot displaying additional details within the Data Model Key Enhancements:Text Highlighting: Key information now stands out with distinct color coding, making data types easily distinguishable at a glance. Enhanced Search: The search functionality has been refined for more intuitive and faster results. Interactive Tooltips: Hovering over data model elements now triggers interactive tooltips, offering comprehensive context and practical examples.  To learn more about NQE, visit the documentation page. Vendor Support and Modeling for Meraki MX & MSExpanding our reach, the 24.3 release integrates with Meraki’s cloud-based dashboard, enhancing Forward’s capabilities to manage and monitor Meraki MX and MS devices, further enhancing your network management experience. Screenshot displaying a connected Meraki Dashboard For step-by-step instructions on adding Meraki to your Forward deployment, visit the documentation page. Vendor Support and Modeling for NSX-T Support for NSX and vCenter now includes NSX-T, used to configure, manage, and operate VMware's NSX-T Data Center environments Thanks to the new NSX-T Setup Wizard, we now have a streamlined setup process for adding NSX and vCenter devices, ensuring a unified management experience. Screenshot displaying a connected NSX-T Manager For step-by-step instructions on adding NSX-T to your Forward deployment, visit the documentation page. License Decommissioning ImprovementsIn previous releases, device license decommissioning was a multi-step process, with the 24.3 update, this process has been streamlined to allow for the removal and decommissioning of multiple devices across multiple networks in a single action. Decommissioning devices have also been grouped and can be viewed in a single location within the license dashboard. Screenshot displaying a confirmation prompt for deleting and decommissioning devicesTo learn more about license management, visit the documentation page. Multiple Sources Blast Radius Improving from 24.2, Blast Radius now facilitates multi-source analysis, providing detailed insights across multiple points in the network, enhancing your ability to strategize and prepare for potential security incidents. Screenshot displaying a Blast Radius search utilizing multiple sourcesThe following source types are available for use:Device Interface Security zone Device VRF Host alias Device alias Interface alias Subnet location To learn more about Blast Radius, visit the documentation page.