Skip to main content

Recently active topics

30 Topics
C
Driver
CarlBDriver
asked in Product Discussions
Can a synthetic node be exported or downloaded to be recreated in a different network?

I have created a synthetic node inside a workspace to run down the various connections for a complex multibranch setup with multiple MPLS vpns and Internet VPNs. Is there a way to move or download the synthetic nodes so I can recreate them inside the parent network now that I have confirmed the accuracy inside the workspace? Note that I am trying to move it from a workspace back to the parent network - otherwise I would just recreate the workspace from the parent and include the synthetic.

204
C
Employee
1 day ago
V
Spotter
VarunS
asked in NQE
Syslog Enabled devices list

Hi Team,I need to obtain a list of devices that have syslog enabled as well as those that do not. I have checked the Forward Library and the community but could not find any relevant queries for this purpose. Could you please assist me in generating the list of devices with syslog enabled and those without it? Thank you!

555
Mullers
Employee
1 day ago
Mike
Community Manager
MikeCommunity Manager
posted in ServiceNow CMDB
ServiceNOW CMDB Integration

Is your network inventory spread across ServiceNow CMDB, spreadsheets, and various applications, leading to inaccuracies and causing you to overspend on service contracts?Discover how Forward Networks integrates with ServiceNow to seamlessly populate and update your CMDB with all organizational devices.  

962
Fabrizio
Employee
2 days ago
deronjohnson
Employee
deronjohnsonEmployee
published in Snapshots
How to Create a Custom Snapshot

A Snapshot is a collection of the network device's running configuration and state table files at a specific point in time. The Forward Collector logs in to the network devices, gather configuration and network state information, create a network topology, and run algorithms to calculate every possible traffic path in the network. A custom snapshot performs a collection on a subset of your network. Why take a custom snapshot?To upload a snapshot to support that includes a subset of devices  To capture a pre change snapshot of devices associated with a path search  To export a specific snapshot to import into a separate workspace outside of the primary workspace. Perform your intended path search using your specific parameters.’   From the search results, you can see off to the right a copy icon. This allows you to copy path search syntax. It also allows you to export your existing path search to  snapshot. To do what is described in step two, hold down the “CTRL” key (for MAC use the “

70
deronjohnson
Employee
2 days ago
G
Employee
GaryBEmployee
posted in NQE
How to check for unique values in NQE and how to share a query with the community

One of my customers came to me with a problem.Given a list of servers, how to determine if the keys applied are unique.Took some overnight thinking on this but using a simple approach with our group qualifier we can restructure the output in a way we can make the evaluation.The first thing we need to do is provide the input data.You should always have data that will represent a pass and a failure scenario. This way when posting here on the community, others can replicate the query and have a firm understanding of the outcome testpass = """set system ntp server 1.1.1.1 key 1set system ntp server 2.2.2.2 key 2set system ntp server 3.3.3.3 key 3""";testfail = """set system ntp server 1.1.1.1 key 2set system ntp server 2.2.2.2 key 2set system ntp server 3.3.3.3 key 3""";So we need to ensure that for the list of servers that each key is unique i.e. there are no servers that are using the same key. We also want to be able to identify the offenders so they can be remediatedThe expression be

170
G
Employee
5 days ago
Tyson Henrie
Employee
Tyson HenrieEmployee
asked in NQE
List with double quoted items in the list

I had to change a lot, but this keeps the intent.  This is from a PANOS firewall.  The problem is that I am trying to find the objects in this list.  However, some objects have double quotes to show there are spaces in the name of the object and some do not.  I’m not sure how to clean this since NQE natively does not use double quotes to designate a single object that happens to contain spaces. sampleInput = """policy { shared; panorama { address-group { THE-GRAPE-Subnets { static [ "Green Grapes Are Good" RedGrapes BlackGrapes "Wine Grapes" PurpleGrapes]; tag GRAPES; description "This is a list of Grapes"; }""";pattern01 = ```policy panorama address-group THE-GRAPE-Subnets static "[ {object: (string*)} ```;foreach x in [1]let config = parseConfigBlocks(OS.PAN_OS, sampleInput)foreach match in blockMatches(config, pattern01)select { objects: match.data, block: match.blocks}Then this is the result from the “objects” column.{object:["Green

1367
Mullers
Employee
5 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in Product Discussions
How can i add Custom command on FWN for fortinet firewall

How can i add Custom command for fortinet. command that i am looking. show system dns. show system ntp. show system central-management config system central-management. 

15818
R
Spotter
7 days ago
J
javeedfRamping Up
asked in NQE
length of  vrrpFhrpGroupsCount is retured as 0 for VRRP configured device

vlan456 is configured with VRRP group 456, for the below query, length of vrrpFhrpGroupsCount is returned as 0configuration snippet:interface vlan456 no shutdown ip address 10.7.0.1/26 ip pim sparse-mode ip igmp version 3 ! vrrp-group 456  priority 110  virtual-address 10.7.0.7!for the below query,@queryget_vrrp_details(host_pattern: String) =    foreach device in network.devices        where matches(device.name, toUpperCase(host_pattern))            foreach interface in device.interfaces            where isPresent(interface.routedVlan)            let routedVlan = interface.routedVlan            let ipv4 = routedVlan.ipv4            let fhrp = ipv4.fhrp            let vrrp = fhrp.vrrp            select {            deviceName: device.name,            interfaceName: interface.name,            vlan: routedVlan.vlan,            hsrpFhrpGroupsCount: length(fhrp.hsrp.fhrpGroups),            vrrpFhrpGroupsCount: length(fhrp.vrrp.fhrpGroups)              }; length of  vrrpFhrpGroupsCount is r

373
G
Employee
8 days ago
S
Employee
Scot WilsonEmployee
published in Compliance
Implementing Zero Trust with Forward Networks

  The following article is based on Zero Trust insights ​​​​​@devecis and I presented in the webinar: How to follow DoD Zero Trust Guidelines Zero Trust is an increasingly essential framework for securing modern networks, especially within federal civilian branch and defense organizations. Forward Networks provides a platform to help organizations adopt a Zero Trust approach, offering visibility into networks and ensuring proper access control, compliance, and automation. Though this post focuses on meeting the U.S. Department of Defense (DoD) Zero Trust requirements, it's helpful for any organizations that need to implement Zero Trust and manage their network infrastructure efficiently. Key Insights on Zero Trust and Network Management 1. The Changing Landscape of Network InfrastructureAs networks have evolved, many components are now virtualized or located in data centers across the globe, adding complexity to management. Organizations must ensure accountability for all networking eq

140
S
Employee
9 days ago
C
Driver
CarlBDriver
asked in NQE
blockMatches on multiple patterns with the differentiator being a child line of output

I am trying to get data out of a Cisco DMVPN hub on the spokes via NHRP database.  Specifically the ARIN addresses and if the spoke has a firewall or other NAT. I was modelling off of this NQE question and it works...except for the 2nd pattern is not detecting the child line.The above question had a parent line that was always present if the new child was present and NHRP has the new child only if there is a NAT in the path while the parent line is always present. The line in question is the “(Claimed NBMA address: <IP address>)” line at the bottom of the 2nd example - it is indented 1 space from the line above ‘NBMA address’ which is always present. I tried both the NHRP data in the data model as well as a custom command ‘show ip nhrp’ with identical results.   //NHRP Database output//Command: show ip nhrp//10.100.12.5/32 via 10.100.12.5//   Tunnel1 created 1d18h, expire 01:56:31//   Type: dynamic, Flags: unique registered nhop//   NBMA address: 12.12.31.74//10.100.12.6/32 via 1

435
C
Driver
12 days ago
D
Spotter
dakotaglorySpotter
asked in NQE
Do blockMatches require consistent line patterns?

Do patterns need to be standardized or will blockMatches match when lines are missing? pattern=```line one {main:string}    sub-line1 may or may not be consistently present    sub-line2 may or may not be consistently present    sub-line3 {value1:string} is target and sub-line3 will always be there    sub-line4 may or may not be consistently present    sub-line5 may or may not be consistently present    sub-line6 may or may not be consistently present    sub-line7 may or may not be consistently present    sub-line8 {value2:string} is target and sub-line8 will always be there         sub-sub-line9 {value3:string} is target and sub-sub-line9 will always be there        sub-line10 may or may not be consistently present    sub-line11 may or may not be consistently present    sub-line12 {value4:string} is target and may or may not be present         sub-sub-line13 {value5:string} is target and sub-sub-line13 will be there if sub-line12 is present    sub-line14 may or may not be consistently

1269
Tyson Henrie
Employee
13 days ago
Mike
Community Manager
MikeCommunity Manager
published in Videos
Traffic🚦and Weather 🌥: Troubleshooting Cloud to Cloud Connectivity

  @captainpacket and I dive into the all-too-common struggle of troubleshooting connectivity issues between cloud environments. As more companies move applications to the cloud, the old on-prem tools just don’t cut it anymore. We walk through how Forward Networks helps solve these challenges with an intuitive, powerful approach that saves time and simplifies understanding complex network paths.Craig shows how Forward Networks lets him map out an entire data flow from one cloud to another in seconds. He doesn’t need to jump through hoops with trace routes, logging into each firewall, or trying out multiple cloud-native tools. Instead, he inputs the source and destination, and Forward reveals every step along the way, pinpointing exactly where the issue is—and fixing it becomes a breeze.Here’s a summary of what we covered:Connectivity Challenges Between Clouds: Why troubleshooting from one cloud to another is tough without the right tools. Old vs. New Tools: The limits of traditional tro

70
Mike
Community Manager
14 days ago
B
BillWRamping Up
asked in Product Discussions
run nqe immediately after snapshot completes

is it possible to run NQEs immediately after a snapshot completes?  If Forward can baseline what NQEs are always run after a snapshot completes (possibly this data baseline is based upon a period of time such as 30 days or some admin defined time period).  Administrators can use this baseline data to flag those NQEs of priority to run immediately after the snapshot completes.  in this way, results from priority NQEs are immediately available (from cached results) for applications to use with minimal delay.

231
RobertWelch
Employee
14 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
how can i get the Egress and Ingress IP Details by NQE

how can i get the Egress and Ingress IP Details by NQE 

524
G
Employee
15 days ago
V
Spotter
VarunS
asked in NQE
Public IPs from where outside traffic is coming Internal Network

Need one NQE Queries for Public IPs only from where outside traffic is coming to my internal network. Also want to get the output of below command on Fortinet Firewall through NQE Queries. “ local route prefix list ”I used one NQE Query that already on Forward Library - “Interfaces Using Public IPv4 Addresses” but this is not fulfilling my requirement. Tried Forward AI Assist also but not useful in this scenario.Can you please help me on this ? 

291
Mullers
Employee
15 days ago
G
Employee
GaryBEmployee
posted in NQE
Three techniques for pattern matching text with patternMatch, patternMatches and blockMatches

This article explores NQE's robust pattern matching for extracting and parsing data, simplifying complex tasks with high-level, well-defined types for reporting and evaluation.Table of ContentsApproach 1: Leveraging the “or” pattern as described here Approach 1 Test  Approach 2 : Unifying multiple patterns Approach 2 Test Approach 3: Evaluation via token count Approach 3 Test Approach 1: Leveraging the “or” pattern as described here Using the following pattern`ntp server {"vrf" vrf:string server:string | server:string}`; We can accommodate various patterns for this command syntax by which the literal “vrf” and the VRF name maybe elided from the command. Instead of needing to create two separate patterns we can combine them into one expression.Looking closer at how we then extract the properties out of the data for vrf and server. The expression will append all properties to the left of the ‘|’ pipe operator to the data.left property and will append all properties to the right of the 

4822
G
Employee
20 days ago
P
pjptsujitRamping Up
asked in NQE
Getting VRRP peers

Is there a way to get the pair of switches for the VRRP protocol using NQE?

341
Tyson Henrie
Employee
20 days ago
C
Driver
CarlBDriver
asked in NQE
How to isolate a single commandType output for parsing?

I am trying to get the output from commandType NHRP_STATE so I can then pull out the tunnel peer IPs with a patternmatch. When the NHRP table was a custom command the command.commandText was able to get this information, now how to do so that NHRP is part of the data model?

393
Tyson Henrie
Employee
20 days ago
kevinbrasher
Community Manager
kevinbrasherCommunity Manager
published in Vulnerability Management
Vulnerability Analysis with Forward Networks + Tenable

 In a recent video, I shared insights on using Tenable Security Center with Forward Networks’ exposure analysis to boost cybersecurity efforts. Here’s how it works and why it matters:Tenable Vulnerability Scanners: These are key for identifying network, device, host, and application vulnerabilities. They generate detailed reports, which are critical, but can feel overwhelming without clear steps for action.  Forward Exposure Analysis with Tenable: By combining Tenable’s vulnerability data with network modeling, this analysis tool helps prioritize the most urgent vulnerabilities. It pinpoints where risks are most exposed, like internet access points, enabling faster, targeted remediation.Key Features:Rapid Identification: Finds vulnerable hosts in seconds, particularly those exposed to the internet or other high-risk areas. Automated Reporting: Pulls the latest Tenable reports during data collection, with zero disruption to the environment. Detailed Insights: Breaks down data by exposur

70
kevinbrasher
Community Manager
20 days ago
P
pjptsujitRamping Up
asked in NQE
Split the output string value

foreach device in network.devicesselect {  deviceName: device.name}For the above NQE, if I get the device names in the format “aaa_bbb_ccc”, is there a way to split the output based on the string “_” and have three different fields?

562
Andreas
Employee
21 days ago
deronjohnson
Employee
deronjohnsonEmployee
published in NQE
Simplifying Compliance for Palo Alto Firewalls: Custom Checks

OverviewIn my recent work with Palo Alto firewalls, I noticed that keeping configurations compliant can get complex, especially when administrators need to modify default settings for certain applications. Small changes to session handling or TCP timeouts, while necessary for specific use cases, can introduce inconsistencies and potential compliance issues. I developed straightforward NQEs to create compliance checks that help us monitor and manage these configurations effectively. Key Benefits:Improved Visibility: The compliance checks I set up give us a clear view into any configuration deviations across firewalls, making it easy to spot unauthorized changes. Targeted Control: By creating separate compliance checks for different parameters, like session setup and timeouts, we can focus on what matters most in our environment. Unified Compliance Management: Even though Panorama handles many configurations, Forward Networks fills in the gaps by providing custom compliance checks, givin

80
deronjohnson
Employee
21 days ago
elyor_khakimov
Employee
elyor_khakimov
published in Product Discussions
Submit Your Ideas for Network Configurations to Analyze in the Forward Networks Net3 Lab!

Hey, Forward Community Members!We're thrilled to invite you to submit your ideas for network configurations you’d like to see analyzed within our Net3 lab network. Whether it's testing new scenarios, troubleshooting common issues, or exploring unique configurations, we want to know what network setups you’re interested in. Example lab scenarios include:Layer 2  Host-to-Host communication in VXLAN EVPN  fabric based on  Arista STP/RSTP Layer2 pods built  with Cisco or  Arista switches Layer 3 MPBGP with VXLAN EVPN forwarding (Arista vEOS) IPv6/IPv4 Dual stack forwarding using routers/switches by Cisco and Arista, as well as Palo Alto firewalls SD-WAN Viptela/Catalyst SD-WAN As well as other configurations including Network Services - Load-balancer single-arm (SNAT/DNAT): A10 And many others!  What network configuration would you like to see? Our Net3 lab network is constantly expanding with a diverse set of devices, offering a robust environment for analysis and experimentation. H

280
elyor_khakimov
Employee
22 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
NQE Query for F5 NTP Server details from config, Please help us to collect this data.

NQE Query for F5 NTP Server details from config, Please help us to collect this data.

382
C
Employee
22 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
Merge NQE Query

how can i merger 2 or 3 NQE Query into 1 , so that i can get output in single file.

442
Tyson Henrie
Employee
23 days ago
V
Spotter
VarunS
asked in NQE
Request for all firewalls, verifying NTP, DNS, and FortiGuard configurations.

Hi Team, Can you help to get all the details verifying NTP/DNS and Fortiguard configuratioins ?

1029
V
Employee
23 days ago
Show all badges
Terms of UseCookie settings