Recently active topics

This is a companion post to CISA Adds CVE-2025-53521 to KEV: What It Means for F5 BIG-IP APM SystemsIf you manage Rockwell Automation/Allen-Bradley programmable logic controllers anywhere in your environment — or if you're responsible for any network that touches operational technology — this advisory is one of the most serious things to land in 2026.On April 7, 2026, six U.S. government agencies issued a joint advisory: the FBI, CISA, NSA, EPA, Department of Energy, and U.S. Cyber Command. When that many agencies co-sign a warning, it reflects both the severity of the activity and the breadth of the threat. The advisory (AA26-097A) confirms that Iranian-affiliated advanced persistent threat (APT) actors are actively exploiting internet-facing Rockwell Automation/Allen-Bradley PLCs across multiple U.S. critical infrastructure sectors, resulting in operational disruptions and financial loss. What's HappeningSince at least March 2026, an Iranian-affiliated APT group has been targeting in

A common network configuration is to have hosts(servers) connected to a leaf switch, which in turn is connected to spine switches, and finally to an upstream L3 switch / gateway.Host → Leaf Switch (ToR) → Spine Switch(s) → L3 Switch / Gateway(s)in this scenario, no hosts are directly connected to the spine switch.Suppose the Network Team wanted to upgrade a Spine switch. Ideally, a leaf switch would not be impacted by a single spine switch going offline. However, the Network Team must still notify application owners for servers on downstream switches with potential impact.The following NQE query can be used to list all access switches and their hosts that are downstream from a given switch:import "@fwd/Interfaces/Interface Utilities";@queryquery(deviceName: String) = foreach device in network.devices where device.name == deviceName foreach link in getLinkedInterfaces(device) let remoteDeviceName = link.remoteDeviceName foreach remoteDevice in network.devices where remoteDevice.na

If you manage F5 BIG-IP Access Policy Manager (APM) anywhere in your environment, this one demands your immediate attention.On March 27, 2026, CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation of a critical flaw in F5 BIG-IP APM. Federal Civilian Executive Branch (FCEB) agencies were given until March 30, 2026 — just 72 hours — to remediate. That kind of deadline reflects just how serious CISA considers this threat. What Happened — and Why the UrgencyThis vulnerability has a bit of a history that makes it particularly tricky. CVE-2025-53521 was originally disclosed by F5 back in October 2025 as part of their quarterly security advisory cycle. At the time, it was categorized as a denial-of-service (DoS) vulnerability with a CVSS v4 score of 8.7 — serious, but not immediately alarming for organizations that were still working through their patch queues.Fast forward to March 2026. F5 revised its advisory based on new

The Problem with “It Doesn’t Hurt Anything”Over time, stale configuration creates real friction:Configs become harder to read and reason about Engineers hesitate to make changes because “something might depend on it” Troubleshooting takes longer because it’s unclear what actually matters The network slowly accumulates configuration debtNone of this usually comes from bad configuration. It comes from old configuration that was never cleaned up.The Core ObjectiveThe primary objective of this approach is not to modify or remove configuration automatically, but to make potential problem areas visible.Identify configuration elements that are likely unused Extract them in a consistent, scalable way Present the results in a form that engineers can easily understandOnce those configs are visible, humans can make informed decisions instead of guessing.NQE for Cisco ASAThis NQE identifies objects that are not used by any ACL entries.  This is just one example of how we can quickly identify “conf

Hi TeamI am looking for some help to create a workplace in FN.This workplace will contain only CISCO devices and NQEs (BGP status and Interface Status). I want to auto execute this workspace (snapshot) by every 30 mins so that I can fetch interface and BGP status of cisco devices. Any help on this really appreciated. Thank you.