Skip to main content

Device Credentials

Depending on the Forward platform deployment method, credentials are stored in different ways:

  • In on-premises deployments, credentials are stored within the master node.
  • In SaaS deployments:
    • For updated collectors (Post-24.10), collection secrets in device credentials are encrypted using AES-256 and securely stored, and all the non-sensitive information in device credentials are stored unencrypted onfwd.app. Collectors do not store credentials locally; instead, they retain an encryption key, which is used to decrypt the credentials during collector operations.
    • For legacy collectors, collection secrets in device credentials are stored locally on the collector, specifically in the conf/private sub-directory in the installation path. If you uninstall a legacy collector without backing up the credentials, they will be permanently lost.

Credentials can be configured directly using the Credentials Page or when adding/importing device(s) to the inventory.

Add Credentials via Credentials page

To add credentials from the Credentials page, go to Collection > Credentials, then select one of the following tabs: CLI, SNMP, or HTTP.

Add Credential

tip

Once the credentials are added, a Connectivity Test might have to be performed to auto-associate appropriate network devices with their respective credential.

CLI Credentials

CLI credentials are used to access network devices via a command-line interface (SSH or telnet):

  • Login: Provides basic access to the device CLI using a username and password. Add CLI Login Credentials
  • Privileged mode: Provides access to the operational state with the highest priority. Privileged mode enables the system to access all device configurations and state commands. Add CLI Privileged Mode Credentials
  • Avi shell: Enables access to the Avi Vantage CLI Shell on Avi platforms. Add CLI AVI shell Credentials

SNMP Credentials

SNMP credentials are used for polling device performance metrics, discovering devices, and accessing (custom) SNMP network endpoints:

  • SNMP: Enables collection of basic device information and performance metrics using SNMP OIDs (object identifiers). Add SNMP Credentials For more details, check out the Performance data collection documentation.

HTTP Credentials

HTTP credentials are used to access device APIs and web interfaces:

  • Login: Provides basic HTTP access to the device interface using a username and password. Add HTTP Login Credentials
  • API key: Enables the Collector to authenticate to devices that require an API key. Add HTTP API key Credentials

Adding Credentials Through Devices Wizard

Credentials can also be added during the device onboarding process in the Devices wizard.

Add Credentials Through Import Devices Wizard

tip

In Forward on-premises deployments, deleting a Network deletes the device credentials as well.
However, in Forward SaaS deployments, when a Network is deleted, all the references to the device credentials are removed from the Forward SaaS but the credentials are not deleted from the Forward Collector installed on-premises. They stay in a file in the conf/private sub-directory in the installation path.