NETWORK OPERATIONS. SIMPLIFIED. FORWARD ENTERPRISE HIGHLIGHTS Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification of network policies and configurations. With the only solution that operates across all major networking vendors and services at provider-class scale, Forward Networks provides greater network agility and proactively removes risk from the network. KEY BENEFITS | FORWARD NETWORKS DELIVERS: Reduction in human error, Accelerated IT processes Lower costs for managing misconfigurations, and policy large networks for remediation and change violations that lead to network outages windows Thorough security policy Improved network and security verification policy compliance ACHIEVE PROACTIVE NETWORK ASSURANCE Forward Networks has created a revolutionary platform, Forward Enterprise, for analyzing network designs and predicting future behavior to proactively eliminate configuration errors and policy violations. The platform can compare the intent of the network designers to actual behavior and expose any inconsistencies in minutes. Network IT teams can now troubleshoot faster and eliminate problems prior to a security breach or network outage. Forward Networks is the first accurate software model of large multi-vendor networks to quickly emulate and analyze all possible behavior. Our logical analysis of possible future network activity is an enormous leap from traditional low-level testing tools, like ping and traceroute, or sifting through log files only after a policy violation has occurred. Forward Enterprise shifts the focus from a reactive approach to a proactive approach of verifying network designs and behavior ahead of deployments. We allow you to go from testing basic network functionality to verifying compliance under all possible traffic scenarios. Get away from tedious, manual device-specific processes, to automated, end-to-end verification in minutes, as every update is considered and made. Because Forward Enterprise automates the intelligent analysis of network designs and configurations, we provide an immediate and verifiable benefit by accelerating key IT processes and reducing man-hours of highly skilled engineers in troubleshooting and testing the network. Other key benefits include the ability to certify that proposed changes are compliant with existing policies quickly before going live, increasing the overall responsiveness of the IT team to change requests and network updates. Forward Enterprise Data Sheet 1 FORWARD ENTERPRISE ARCHITECTURE Every Forward Networks installation starts with data collection onfiguration and states are Forward Enterprise collects device configuration data and state collected securely from all network devices via information from every network device, including switches, routers, load he device data is then processed to create a behaviorally accurate model a copy of the balancers and firewalls. Forward Enterprise can then emulate the behavior entire network, in software top the network of the entire network, end-to-end, and reports on potential vulnerabilities, copy, the Forward latform traces, indexes, and policy violations or risk exposure. Using a series of proprietary algorithms, stores all possible ways that the network can process packets his behavioral data is then Forward Enterprise computes a model of all current and potential activity made available to applications to proactively highlight issues before they arise in live network traffic. evice onfiguration Network ehavior ehavior and tate ollection nalysis atabase Forward Collector Forward Core Forward Dashoard Performs the collection of the he core is the Forward latform n intuitive HTML5based dashboard device configuration and state computational engine that creates an provides instant access to the (MA, A, F tables, etc he accurate model of the network ts where all Forward pplications ll data in the collection is done over an the existing network behavior is indexed and ashboard is made available via connection made searchable E KEY FEATURES AND CAPABILITIES Forward Search Forward Enterprise creates a large database of network configurations, state and behavior information from a series of individual snapshots in time. Like any database, the Forward Platform can be queried with the behavior and policy results being displayed in an intuitive and interactive network map. A network search or query takes the form of traffic scenarios, including details ueries or earches in Forward such as IP parameters, ports, protocols, reachability, deliverability, access controls, Enterprise are expressed as network and more. The result of a search query is always a set of network paths that would policies esults show all viable or possible paths that support the policy allow that specific traffic pattern. Or, if the traffic scenario is never possible, no Each path and hop along the path can be paths are returned. explored to better understand the impact of potential changes on current policy implementations Search queries can be refined by applying filters, such as paths through or avoiding specific devices, to a specific port, or using a particular protocol. Any search result allows drilling down into specific device configurations and behavior to quickly isolate and analyze errors and determine remediation steps. Forward Enterprise Data Sheet 2 Forward Verify Many search queries may actually be network or security policy requirements that we need to continually check for. For example, it’s possible to verify that a subnet is unreachable from traffic on another subnet after every network update. Or to reconfirm simple compliance checks such as no forwarding loops or no Maximum Transmission Unit (MTU) mismatches between devices. All of these policy requirements are aggregated into the Verify screen, and continually checked after every network snapshot or update. The screenshot shows the Verify screen with a number of policy checks, as well as their status in the current network. Forward Enterprise can verify both the requirement for a specific traffic pattern to be supported, or the requirement that a particular path does not exist (an isolation check). For example, Forward Enterprise can verify there is no possible scenario that traffic from one subnet could reach another subnet or destination. With traditional network tests, it is almost impossible to “prove a negative” such as this. With Forward Enterprise, this type of verification using our mathematical and logical analysis of network designs provides game-changing confidence to IT and Forward Enterprise uickly compliance teams. highlights which policy rules are violated in the current network design or in a proposed change candidate Forward Predict Forward Predict enables network teams to model the correctness and behavior of network changes before they are deployed to production. Configuration changes to a network are typically tested in a lab environment, which never match the scale and end-to-end behavior of a production network. Forward Predict enables the user to edit network configuration files on any or all devices in a “sandbox”, creating a new version of the network model containing proposed changes. A new verification process can quickly verify the effects of the change on existing compliance and security policies. Forward Predict capabilities are expanding over time, and currently include ACL, NAT, and firewall rule changes. Network Query Engine Forward Enterprise forms a large database of all device configuration files from potentially thousands of network devices, coupled with the device’s current state information. This data is parsed and normalized into a flexible, open data model that is accessible to other applications, dashboards and programs. Important network health checks can now be developed in only a few minutes in a powerful standardized data query language, GraphQL. Querying the network like a database can quickly automate many tedious IT tasks while identifying errors and anomalies from across a large network. Forward Enterprise Data Sheet 3 Virtual Network Support | VMware NSX One of the leading obstacles to managing virtual networks has been the inability to correlate activity between the overlay network and the physical network that supports it. Separate management consoles and platforms, and frequently separate teams, were required that typically did not share information and could not quickly identify root cause issues, or correlate identified problems in virtual network behavior with a physical device issue. Forward Enterprise overcomes this issue by applying common network assurance and verification methodology across physical and virtual network planes, but integrating policy and path-based views of both into a single network view for the first time. Virtual network designers also benefit from being able to apply the latest technology for network verification to virtual network policies and designs. Public and Hybrid Cloud Support | Amazon AWS The path-oriented focus that Forward Networks provides is natural to extend to AWS hybrid cloud environments. Having the same visibility and policy verification for the cloud component of your infrastructure greatly accelerates adoption of hybrid and public cloud projects and simplifies network operations. Imagine if instead of a “black box” subnet view, each virtual network devices could be represented as an extension of your physical infrastructure on an always up-to-date topology diagram. This includes the ability to