Recently active topics

  The new ordered collections feature streamlines how you pull, organize, and present data from your inventory. It helps you quickly surface results—like the top 10 most vulnerable devices—organized the way you want, so you can act faster and share clearer insights with your team.Let’s walk through what ordered collections can do, when they’re most useful, and how to use the new syntax to save time and reduce manual filtering. Introduction: Why Ordered Collections MatterBefore ordered collections, finding and organizing your top results (say, the most vulnerable devices) meant extra filtering and sorting. Reports could show too many results, scattered by category, forcing you to click around or explain sorting steps to others. Now, ordered collections make it easy to: Limit results to exactly what you want (like the top 10) Sort by multiple criteria, such as vulnerability count and operating system Use familiar, flexible SQL-like syntax Handle both ordered (list) and unord

Where My Network Survey Lessons Really Began: High-Security Environments I’ve spent years surveying some of the most complex, layered, and mission-critical networks in high-security environments. One of the most impactful experiences came from supporting the Air Force’s Base Infrastructure Management (BIM) initiative—a massive effort to modernize, standardize, and truly understand the state of base-area network (BAN).These networks weren’t designed once; they were designed over time—by different teams, different contractors, and different mission owners. Every environment had its own personality, its own quirks, and its own technical ghosts. And when BIM kicked off, it quickly became clear that the Air Force needed a repeatable way to actually see what they had before they could improve it.Traditional approaches—flying in engineers to open comms closets and manually log into devices—took weeks and still left blind spots. We needed a better, faster, more reliable way to uncover the trut

One of the greatest strengths of using a digital twin is being able to separate the routing and firewall behavior of a particular traffic flow.For example, suppose we have a web application that is not functioning properly because traffic from the Internet cannot reach a public virtual-ip that is mapped to private IP on a top-of-rack switch on port 80.We enter this path search in the Forward Network Search bar.We can see immediately that the traffic is being blocked on an edge firewall (atl-edge-fw01). However, we don’t know what would happen to the traffic if it is permitted through this firewall and continues along its path.Are all the routing protocols properly configured to deliver the traffic to its destination? Is there another firewall in the path that would block the traffic?We can answer these questions by using permit-all mode.By enabling permit-mode, we pose the hypothetical question “what happens to the traffic if it is permitted through all the security rules in the path?”

In Forward Enterprise 25.10, we’ve introduced a powerful enhancement designed specifically for security teams: the Security-Focused Path Search View. This new mode improves path analysis by highlighting only the devices and hops that matter most for understanding security-relevant behavior.  Why a Security-Focused View? Traditional Path Search displays all hops along every possible path—including devices that simply forward traffic without applying filtering or NAT. While this full visibility is essential for many workflows, security practitioners often need a faster way to identify where enforcement and translation occur. The new security mode provides that focused lens. How It Works When running a standard Path Search, you’ll see the full end-to-end view: every switch, router, firewall, and intermediary device participating in traffic flow. But with the Security Mode slider enabled:  Forward-only hops (e.g., L2 switches, L3 routers not performing enforcement) are hidden. The view a

In support of ongoing federal cybersecurity and supply-chain risk management initiatives, Forward Networks has developed a streamlined detection workflow for identifying devices manufactured by Huawei, ZTE, TP-Link or any other network device of concern that are within an enterprise or government environment.This proactive measure aligns with Cybersecurity and Infrastructure Security Agency (CISA) guidance and the Federal Zero Trust Architecture (ZTA) implementation goals outlined in OMB Memorandum M-22-09. This capability helps agencies rapidly locate unapproved or unmanaged devices—enhancing visibility, compliance, and operational integrity across complex network infrastructures. What’s Going OnBecause consumer network devices (routers, access points, and embedded network interface components) are widely deployed in home and small-office settings, they may appear in larger networks without full discovery or oversight. These “commercial off-the-shelf” (COTS) components can bypass stan

The default number of results returned for an NQE query executed from the API is 1000 (returned as a list assigned to the key “items”)You can increase the limit to 10,000 items. For retrieving results of more than 10,000 items, you will need to use the limit and offset parameters as part of your script, and concatenate the results of multiple API calls within the script.Below is a simple script in Python that concatenates successive chunks of 10,000 items into a single output:import requestsdef nqe_query_with_offset(): my_result = [] limit= 10000 offset = 0 network_id = "101" url = "https://fwd.app/api/nqe?networkId=" + network_id total_extracted = False while total_extracted == False: payload ={"queryId": "FQ_ac651cb2901b067fe7dbfb511613ab44776d8029", "queryOptions": { "limit": limit, "offset": offset}} print(payload) headers = { 'Content-Type': 'application/json', 'Authorization': 'Basic #KEY#'} response = requests.request("POST", url,