Snapshot Obfuscation
The Forward Platform provides the ability to obfuscate a collected snapshot before downloading it to the local disk. Obfuscation enables users to share snapshots with Forward Support for troubleshooting purposes, without revealing sensitive data. If anyone else were to open the obfuscated snapshot zip, they would see the same device layout and topology, but randomized forwarding rules and (optionally) device names.
Obfuscation replaces device names, IP addresses, and MAC addresses with anonymized values so Forward Support can safely analyze customer snapshots. You may be asked to download an obfuscated snapshot and share with Forward Support if needed, but do not re-upload or process it — it will fail outside of Forward’s internal debugging environment.
During obfuscation, the following sensitive data is obfuscated:
- IPv4 and IPv6 addresses and subnets
- MAC addresses
- Device names (optional)
For some rare sentinel values (e.g., the IP address 0.0.0.0), we preserve the original address.
How To Retrieve Obfuscated snapshots
You can retrieve an obfuscated snapshot via the Forward GUI or via the Forward REST APIs.
Depending on the size of your snapshot, the devices that compose it, and your hardware resources, retrieving an
obfuscate Snapshot could take some time to complete.
If you retrieve it from the Forward UI, the session might time out. Please consider using the REST APIs instead.
Obfuscated snapshots via GUI
You can retrive an obfuscated snapshot via the Forward GUI by customizing the advanced Snapshot export provided by the Snapshot Selector.
Click on the Snapshot Selector, then click on the kebab button on the right side of the Snapshot you want to obfuscate and select Advanced export:
Select the devices you want to be included in the export by using the Choose devices to include, Choose devices to exclude or Include all devices options in the Select how to create the Snapshot step on Export Snapshot page.
On the next step, on Configure export settings page, specify a Secret Key that will be used to encrypt the
obfuscated portions of the Snapshot.
Optionally, you can select Also obfuscate device names as well. Notice that this option is not recommended.
Then, select the Obfuscate IP and MAC addresses option and, finally, click on Export to start the obfuscated
export process.
Obfuscated snapshots via REST APIS
To retrive an obfuscated snapshot via REST APIs you can use the POST /api/snapshots/{snapshotId} API endpoint.
You can find the endpoint details in the Forward API documentation page, which includes interactive Try it out functionality and generates working cURL commands. Type your API credentials in the Credentials for API Calls box to get started.
Snapshot Comparison Before And After Obfuscation
Device Information in the original snapshot:
Device Information in the obfuscated snapshot. Note changes to the hostname and to IP addresses on interfaces:
