Capabilities
Forward AI answers questions by combining a small set of tools that operate on the digital twin. The categories below describe what's in scope, with sample prompts for each.
Ask in plain English; the agent picks the tools.
Connectivity and path tracing
Trace traffic between two endpoints, find what blocks a flow, or compare paths.
Sample prompts
- "Show the path from
10.1.2.3to10.4.5.6for TCP on port 443 and explain where the traffic is being blocked or misrouted." - "Explain why
host-acan't reach10.4.5.6and identify the first device or rule that drops the traffic." - "Can you verify that
host-ais able to talk to10.4.5.6? If not, tell me what's blocking it." - "Can
host-a(10.1.2.3) reach the SQL server at10.20.5.8on TCP 1433? If yes, which firewall rules permit it?"
The agent runs the same path-search engine that powers the Search application. Results include a Query URL that opens the path in Search with the same parameters pre-filled.
Inventory lookups
Resolve a name or identifier into structured details from the snapshot.
Sample prompts
- "What's the configuration of
core-rtr-1?" - "Show interface
Ethernet1/1oncore-rtr-1." - "Tell me about VLAN 100."
- "Which devices are in VRF
customer-a?" - "Where is host
10.1.2.3?" - "Show details for cloud object
vpc-0abc1234." - "Which backend hosts sit behind VIP
10.50.10.5:443?"
Inventory tools cover devices, interfaces, VLANs, VRFs, hosts, and cloud objects. The agent decides which tool fits the question.
Subnet localization
Find where a subnet is attached in the network — which devices and interfaces serve it.
Sample prompts
- "Where is
10.0.0.0/24attached?" - "Which devices are connected to subnet
192.168.50.0/24?"
Vulnerability inquiry
Ask about CVEs in the network, devices affected by a specific CVE, or the riskiest exposures.
Sample prompts
- "What vulnerabilities are on
core-rtr-1?" - "Show devices with CVE-2024-XXXXX and find out if any are exposed to the internet."
- "Are there any vulnerabilities along the path between
10.1.2.3and10.4.5.6? If so, sort them by risk." - "What vulnerabilities in my network pose the highest risk and should be addressed first?"
Vulnerability data comes from the same source that powers the Vulnerabilities dashboard. Replies include CVE identifiers, severity, and the affected devices.
Open-ended analysis (NQE-backed)
For questions that don't map to a single inventory or path lookup, the agent generates an NQE query, runs it, and summarizes the result.
Sample prompts
- "List interfaces with duplex mismatch."
- "Identify firewall rules that haven't matched a packet in the last 30 days."
- "Show all hosts discovered on the network and the security zones they belong to."
- "Run an audit to find BGP peerings that are configured but currently not established."
- "Find all Cisco devices that don't use SSH."
- "Find ACLs that contain a
permit any anyrule and which device they're configured on." - "Which devices still have telnet enabled?"
The NQE tool fetches at most 100 rows per query — that's what the agent summarizes and what you see in the result table. For larger result sets, refine the prompt or open the query in NQE directly.
If a generated query fails to validate, the agent retries automatically before reporting the failure.
Network shape and complexity
Get high-level metrics about the size and complexity of the network.
Sample prompts
- "Summarize the complexity of this network."
Combining categories
Most real questions span multiple categories. The agent plans across tools — for example:
"Are there any vulnerabilities along the path between
10.1.2.3and10.4.5.6? If so, sort them by risk."
triggers a path search, then per-device vulnerability lookups along the path, then a final ranking. You see each step and its result in the plan & tools panel.
What Forward AI does not do
- It does not modify network state. There is no tool to push configuration, create a snapshot, or trigger a collection.
- It does not answer general IT questions unrelated to your network ("how does OSPF work?"). Those return an out-of-scope reply.
- It does not cross networks. A conversation is anchored to one network and one snapshot.
For details on out-of-scope replies and other boundaries, see Limits and scope.