Overview Sandbox Exercise

This exercise introduces you to the Sandbox feature in Forward Enterprise, a sophisticated tool designed for advanced network modeling. The Sandbox allows for a focused analysis of local device changes, such as modifications to ACLs in routers or firewall policies. By simulating these changes within the Sandbox, you can assess their potential impact on the network and perform various verification checks in a safe environment before implementing any changes in the production network. It's important to note that the Sandbox is specifically intended for analyzing local configuration and state changes, providing a controlled setting for precise network planning and testing.

Estimated Completion Time

15 minutes

Exercise 1: Begin by expanding the Access Control section to view the available options.

1. Copy the following into the search bar

   f(internet)(dst.web_app_PUB_VIP)(!tp_dst.HTTPS)z(delivered)

   From the path component select device atl-edge-fw01

   

2. Click on See device state to inspect the current configuration and operational state of the device.

   

3. Below is the device configuration outlining the ACLs and firewall rules in context,

   

Exercise 2: Create Sandbox

1. Choose Edit in Sandbox to start making changes in a safe, isolated environment.

   

2. Identify and remove the offending line in the device's configuration that you wish to test.

   tip

   We are editing the file within the Forward Enterprise Digital Twin, changes here do not impact production systems

   1. Go to line 68 and delete the line

      

   note

   you can use alt/cmd x to delete the line)

3. After making the necessary changes, select Save to Sandbox to apply them within the Sandbox environment.

   

4. Navigate to the top bar, find the Snapshot drop-down menu, and select Analyze changes to initiate the analysis of your modifications.

   

   note

   When clicking analyze, Forward Enterprise will go through its processing pipeline which includes recomputation of network reachability and reevaluation of verification checks. The Diff application will be presented for detailed analysis

5. Finally, conduct a post-differential analysis to evaluate whether the changes have achieved the intended outcome and fixed the issue.

   

Key Insights

• Practical Learning: The Sandbox exercise provides hands-on experience with Forward Enterprise's advanced network modeling capabilities, allowing for practical learning in a controlled environment.
• Risk Mitigation: By simulating changes in the Sandbox, you can assess and mitigate potential impacts on the network, ensuring that modifications do not adversely affect the production environment.
• Configuration Testing: The Sandbox feature facilitates the testing of local device changes, such as ACL and firewall policy modifications, before they are implemented, enhancing network security and compliance.
• Network Planning and Analysis: Offers a sophisticated platform for detailed ACL/NAT analysis, enabling precise adjustments and optimizations to be planned with confidence.
• Verification and Validation: Supports thorough verification and validation processes, allowing for the assessment of changes' effects on network reachability and configuration baselines within a safe, isolated setting.

Resources:

Sandbox