N E T W O R K O P E R AT I O N S. S I M P L I F I E D.F O R WA R D E NT E R P R I S E H I G H L I G HT S

A C H I E V E P R O A CT I V E N E T W O R K A S S U R A N C E

Forward Networks has created a revolutionary platform, Forward Enterprise, for analyzing network designs and predicting future behavior to proactively eliminate configuration errors and policy violations. The platform can compare the intent of the network designers to actual behavior and expose any inconsistencies in minutes. Network IT teams can now troubleshoot faster and eliminate problems prior to a security breach or network outage.

Forward Networks is the first accurate software model of large multi-vendor networks to quickly emulate and analyze all possible behavior. Our logical analysis of possible future network activity is an enormous leap from traditional low-level testing tools, like ping and traceroute, or sifting through log files only after a policy violation has occurred.

Forward Enterprise shifts the focus from a reactive approach to a proactive approach of verifying network designs and behavior ahead of deployments. We allow you to go from testing basic network functionality to verifying compliance under all possible traffic scenarios. Get away from tedious, manual device-specific processes, to automated, end-to-end verification in minutes, as every update is considered and made.

Because Forward Enterprise automates the intelligent analysis of network designs and configurations, we provide an immediate and verifiable benefit by accelerating key IT processes and reducing man-hours of highly skilled engineers in troubleshooting and testing the network. Other key benefits include the ability to certify that proposed changes are compliant with existing policies quickly before going live, increasing the overall responsiveness of the IT team to change requests and network updates.

Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification of network policies and configurations. With the only solution that operates across all major networking vendors and services at provider-class scale, Forward Networks provides greater network agility and proactively removes risk from the network.

Lower costs for managing large networks

K E Y B E N E F IT S | F O R WA R D N E T W O R K S D E L I V E R S:

Reduction in human error, misconfigurations, and policy

violations that lead to network outages

Accelerated IT processes for remediation and change

windows

Thorough security policy verification

Improved network and security policy compliance

Forward Enterprise Data Sheet 1

Forward Enterprise Data Sheet 2

Forward CollectorPerforms the collection of the device configuration and state (MAC, ACL, FIB tables, etc.) The collection is done over an SSH connection.

Forward CoreThe core is the Forward Platform computational engine that creates an accurate model of the network. It’s where all the existing network behavior is indexed and made searchable.

Forward DashboardAn intuitive HTML5-based dashboard provides instant access to the Forward Applications. All data in the Dashboard is made available via REST.

Device Configuration and State Collection

Network Behavior Analysis

Behavior Database

F O R WA R D E NT E R P R I S E A R C H IT E CT U R E

Forward Enterprise collects device configuration data and state information from every network device, including switches, routers, load balancers and firewalls. Forward Enterprise can then emulate the behavior of the entire network, end-to-end, and reports on potential vulnerabilities, policy violations or risk exposure. Using a series of proprietary algorithms, Forward Enterprise computes a model of all current and potential activity to proactively highlight issues before they arise in live network traffic.

Every Forward Networks installation starts with data collection. Configuration and states are

collected securely from all network devices via SSH. The device data is then processed to create

a behaviorally accurate model – a copy of the entire network, in software. Atop the network

copy, the Forward Platform traces, indexes, and stores all possible ways that the network can process packets. This behavioral data is then

made available to applications.

K E Y F E AT U R E S A N D C A PA B I L IT I E S

Forward Search Forward Enterprise creates a large database of network configurations, state and behavior information from a series of individual snapshots in time. Like any database, the Forward Platform can be queried with the behavior and policy results being displayed in an intuitive and interactive network map.

A network search or query takes the form of traffic scenarios, including details such as IP parameters, ports, protocols, reachability, deliverability, access controls, and more. The result of a search query is always a set of network paths that would allow that specific traffic pattern. Or, if the traffic scenario is never possible, no

Queries or Searches in Forward Enterprise are expressed as network policies. Results show all viable or

possible paths that support the policy. Each path and hop along the path can be explored to better understand the impact

of potential changes on current policy implementations.

paths are returned.

Search queries can be refined by applying filters, such as paths through or avoiding specific devices, to a specific port, or using a particular protocol. Any search result allows drilling down into specific device configurations and behavior to quickly isolate and analyze errors and determine remediation steps.

Forward Enterprise Data Sheet 3

Forward VerifyMany search queries may actually be network or security policy requirements that we need to continually check for. For example, it’s possible to verify that a subnet is unreachable from traffic on another subnet after every network update. Or to reconfirm simple compliance checks such as no forwarding loops or no Maximum Transmission Unit (MTU) mismatches between devices. All of these policy requirements are aggregated into the Verify screen, and continually checked after every network snapshot or update. The screenshot shows the Verify screen with a number of policy checks, as well as their status in the current network.

Forward Enterprise quickly highlights which policy rules are violated in the current network design or in a proposed change

candidate.

Forward Enterprise can verify both the requirement for a specific traffic pattern to be supported, or the requirement that a particular path does not exist (an isolation check). For example, Forward Enterprise can verify there is no possible scenario that traffic from one subnet could reach another subnet or destination. With traditional network tests, it is almost impossible to “prove a negative” such as this. With Forward Enterprise, this type of verification using our mathematical and logical analysis of network designs provides game-changing confidence to IT and compliance teams.

Forward PredictForward Predict enables network teams to model the correctness and behavior of network changes before they are deployed to production. Configuration changes to a network are typically tested in a lab environment, which never match the scale and end-to-end behavior of a production network.

Forward Predict enables the user to edit network configuration files on any or all devices in a “sandbox”, creating a new version of the network model containing proposed changes. A new verification process can quickly verify the effects of the change on existing compliance and security policies. Forward Predict capabilities are expanding over time, and currently include ACL, NAT, and firewall rule changes.

Network Query EngineForward Enterprise forms a large database of all device configuration files from potentially thousands of network devices, coupled with the device’s current state information. This data is parsed and normalized into a flexible, open data model that is accessible to other applications, dashboards and programs. Important network health checks can now be developed in only a few minutes in a powerful standardized data query language, GraphQL. Querying the network like a database can quickly automate many tedious IT tasks while identifying errors and anomalies from across a large network.

Forward Enterprise Data Sheet 4

Virtual Network Support | VMware NSXOne of the leading obstacles to managing virtual networks has been the inability to correlate activity between the overlay network and the physical network that supports it. Separate management consoles and platforms, and frequently separate teams, were required that typically did not share information and could not quickly identify root cause issues, or correlate identified problems in virtual network behavior with a physical device issue.

Forward Enterprise overcomes this issue by applying common network assurance and verification methodology across physical and virtual network planes, but integrating policy and path-based views of both into a single network view for the first time. Virtual network designers also benefit from being able to apply the latest technology for network verification to virtual network policies and designs.

A view of an AWS Virtual Private Cloud in Forward Enterprise

allows end-to-end path visibility and analysis for hybrid cloud

infrastructure.

Public and Hybrid Cloud Support | Amazon AWSThe path-oriented focus that Forward Networks provides is natural to extend to AWS hybrid cloud environments. Having the same visibility and policy verification for the cloud component of your infrastructure greatly accelerates adoption of hybrid and public cloud projects and simplifies network operations.

Imagine if instead of a “black box” subnet view, each virtual network devices could be represented as an extension of your physical infrastructure on an always up-to-date topology diagram. This includes the ability to analyze and verify the end-to-end path behaviors flowing from any on-premises devices all the way through to any cloud workload.

With support for Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS), Forward Networks extends network verification and analysis to the public cloud and hybrid cloud environments. Forward Enterprise provides the ability to define and verify end-to-end policies for security and connectivity through on-premises networks all the way through AWS in a single consistent view and topology map. You even have full visibility to networking behavior extending into multiple VPCs.

Cisco ACI SupportCisco ACI allows customers to define policies by assigning applications to security groups, called end-point groups (EPGs). Forward Enterprise verifies EPG policies and how they are translated to VLANs to affect traffic flows and access permissions. Forward Enterprise can then go on to compare the resulting behavior to network intent and see if there are any deviations or policy violations that should be addressed.

Forward Enterprise Data Sheet 5

Behavior DiffsForward Enterprise takes and saves snapshots of network configurations, topology and device state at numerous points in time. Not only does this provide an ideal historical record of network behavior and compliance at any point in time, but Forward Enterprise allows comparisons of behavior between any two snapshots for further diagnostics and troubleshooting purposes.

Want to compare network configurations back to a previous week before an issue arose? Forward Enterprise can quickly compare snapshots and isolate changes that could cause the incorrect behavior.

Forward Enterprise shows diffs between two network

snapshots, showing newly created and removed links in

the topology.

Device Inventory Management and Topology ManagementForward Networks provides an ideal solution for managing and documenting network topologies, device configurations and inventory over time. The snapshots of network designs are archived for easy search and retrieval, including comparisons of changes between points in time. There’s no more wasted effort documenting changes or wondering if you are troubleshooting from the most accurate topology diagram.

Forward Enterprise automatically tracks network topologies, as well

as device configurations and inventory lists over time.

Deployment OptionsForward Enterprise can be deployed fully on-pemises or as a SaaS solution in the cloud. In both cases the latest security best practices are in place to protect customer’s sensitive data.

network requirements:SSH must be configured and working on the network devices from which the Forward Collector will collect data

The OS instance on which the Forward Collector is installed must have IP and SSH port reachability to the network devices, either directly, or via a jump server.

on-premises deployment requirements:Forward Enterprise is deployed as a Virtual Machine (VM-OVA format) for KVM and ESXi environments. The deployment requires the following resources:

+ Cores: 16 + RAM: 64 GB of reserved memory. Performance

may improve with more memory availability, but only when individual snapshots are large.

+ Disk: 250 GB of disk. The amount of disk consumed will depend on the number of historical snapshots to be stored, as well as the size of each one.

SaaS deployment requirements:A machine (virtual or physical) with at least two dedicated cores and 4GB of RAM. Supported Operating Systems:Ubuntu Linux (14.04 and 16.04), Apple OS X (10.12), and Windows 7 (or later versions).

+ The machine must be able to access the https://fwd.app webpage via HTTPS.

+ The user must have admin privileges on the machine.

+ The latest versions of Chrome or Firefox are required to access the Forward Enterprise UI.

Forward Enterprise Data Sheet 6

S U P P O RT E D V E N D O R S A N D D E V I C E S

Please contact us at info@forwardnetworks.com for more details about supported devices and vendors.

A B O U T F O R WA R D N E T W O R K S

Forward Networks’ mission is to de-risk and accelerate network operations, by increasing efficiency, reducing outages and verifying network intent. Built on a series of breakthrough algorithms, the Forward Platform provides enhanced network visibility, policy verification and change modeling for legacy, SDN or hybrid environments.

Forward Networks is headquartered in Palo Alto, California, and funded by top-tier investors, including Andreessen Horowitz, DFJ, A.Capital, SV Angel, and several luminaries in the networking and systems space.

+ A10 Networks

+ AVI Networks

+ Arista Networks

+ CheckPoint

+ Cisco Systems

+ Citrix

+ Cumulus Networks

+ F5 Networks

+ Fortinet

+ HPE

+ Juniper Networks

+ Palo Alto Networks

+ Pica8

+ Symantec Blue Coat

+ VMware

C O NTA CT U S

Forward Enterprise supports over 456 device types and more than 1479 OS verisons, including:

www.forwardnetworks.com

sales@forwardnetworks.com

@fwdnetworks

facebook.com/forwardnetworks/