Recently active topics

Forward brings in Fortinet firewalls as the device its self and the VDOM’s this becomes challenging when you need to validate the tacacs configuration for the physical device this means quite often the vdoms or even the root vdom will fail even though tacacs is configured on the device.The simple solution is to add a permitted violation list, however this needs to be maintained manually there must be a better solution surely?userTacacs =```config user tacacs+ edit "TACACS" set server [server 1 IP Address] set secondary-server [server 2 IP Address] set key ENC {string} set secondary-key ENC {string} set authorization enable nextend```;systemAdmin = ```config system admin edit "tacacs" set remote-auth enable set accprofile "no_access" set vdom {vdoms:string} set wildcard enable set remote-group "TACACS_ACCESS" set accprofile-override enable```;foreach device in network.deviceswhere device.platform.v

When attempting to access the Vulnerabilities page I get the following errors.Jakarta.servlet.servletexception:request processing failed:java.util.concurrent.completionexception:java.util.nosuchelementexception:no value presentThis error has accord since the last time I updated my CVE using the Vulnerabilities page.

 If you manage Cisco ASA, Firepower, or Secure Firewall anywhere in your environment, this one demands your immediate attention.On April 23, 2026, CISA published Analysis Report AR26-113A, a malware analysis report on a backdoor known as FIRESTARTER. The report — issued jointly with the UK’s National Cyber Security Centre — confirms that at least one U.S. federal agency was compromised through a Cisco Firepower device, and that the attackers used FIRESTARTER to maintain persistent access even after the device was patched and rebooted. CISA has urged every organization running Cisco Secure Firewall ASA or Firepower Threat Defense (FTD) software to assess exposure now.This isn’t a brand-new vulnerability story — the underlying CVEs have been in CISA’s Known Exploited Vulnerabilities (KEV) catalog since September 25, 2025. What’s new is the depth of evidence about how the ArcaneDoor threat actor (tracked by Cisco Talos as UAT-4356) is operating after initial exploitation, and just how per

Very often, customers either disable or can’t run LLDP on certain devices, which can cause problems for Forward trying to create a topology. You find isolated icons on the topology which are not connected to anything.Reasons for this are various:Device doesn’t support LLDP or CDP Device is at the edge of the network connecting to a third party, so LLDP is turned off for security reasons Device is a passive member of a cluster - interfaces aren’t active so LLDP is not running on this cluster memberYou could manually add the links into the topology, which is fine until the network is changed.  Unless you manually change the map, you’ll potentially be working on an out-of-date topology.In these situations, Forward allows you to infer a link’s presence based on an interface description. You only need to have a description on one of the two devices for this to work.   The documentation is here.Let us have a quick walk-through of this process Lab ScenarioUbuntu-jumphost port eth3 is connecte

As of April 15, NIST is changing how it handles CVEs in the NVD. The new approach is risk-based: every submission still lands in the NVD, but only a subset will get the full analysis and enrichment treatment going forward:CVEs in CISA’s Known Exploited Vulnerabilities (KEV) catalog CVEs in software the federal government uses CVEs in “critical software” as defined by Executive Order 14028Everything else — including the existing backlog — gets marked “Not Scheduled.” NIST is also dropping its own severity scoring for most CVEs, to “reduce duplication of effort.” The full breakdown is on the NVD process page.The rationale is reasonable — CVE volume has exploded, and central triage at that scale was never going to hold forever. But in practice, the single source a lot of security and network teams have been leaning on for enrichment is about to get a whole lot thinner. That’s worth pausing on. The hot takeHere’s a line straight out of our own documentation FAQ:“We use the NIST National Vu