Latest features & updates

We're constantly aligning the tech docs with the latest hotfixes information. Find out below what's new or updated.

Note: See AppViz latest features & updates for latest AppViz (SaaS-based) updates

January 2026 Update

Aruba CX Layer 3 Switch (Topology)
Support for Azure ExpressRoute in ASMS Map (Early Availability)
New Route Query API
New API | Retrieve Change Request SLA Data
New FireFlow Hook: Add Devices to Initial FireFlow Plan Results

Aruba CX Layer 3 Switch (Topology)

In Early Availability: We've added support for Aruba CX Layer 3 switches. This enhancement introduces device tree and topology map visibility, enabling users to easily visualize and manage integrations. See Aruba CX Layer 3 Switches in AFA. (Released 13-Jan-2026)

Support for Azure ExpressRoute in ASMS Map (Early Availability)

ASMS now provides Early Availability support for Azure ExpressRoute in the ASMS network map when ASMS is integrated with ACE. This capability gives you enhanced visibility into your hybrid connectivity by displaying ExpressRoute circuits and peerings directly in the topology view.

To activate the Early Availability feature, the ASMS administrator must set the appropriate EA flag in ASMS Advanced Configuration.

See Support for Azure ExpressRoute in ASMS Map (Early Availability). (Released 13-Jan-2026)

New Route Query API

Find the Firewalls in Path (FIP) between a source and destination using a new routing query endpoint. The query returns all firewalls in the route if one exists. See Find route between source and destination. (Released 13-Jan-2026)

New API | Retrieve Change Request SLA Data

You can now retrieve detailed SLA information for a specific change request using its Change Request ID via a new REST API endpoint. The API returns the change request details along with all associated SLA stages, including status, elapsed time, start and end times, due dates, and SLA limits. See Get Change Request SLA Data . (Released 13-January-2026)

New FireFlow Hook: Add Devices to Initial FireFlow Plan Results

We’ve introduced a new FireFlow hook, AddInitialPlanDevices, which allows you to add devices to the initial plan results when at least one device is found. For details, see AddInitialPlanDevices. (Released 13-Jan-2026)

December 2025 Update

View Application Flow Recertification Information for Policy Rules
Arista Baseline Compliance

View Application Flow Recertification Information for Policy Rules

Firewall Analyzer now displays flow recertification details for as part of the policy data appearing on the Policy tab. For details on configuring this feature, see Application Flows and Rule Associations. (Released 17-December-2025)

Arista Baseline Compliance

ASMS now supports baseline compliance for Arista EOS devices. See Add an Arista device to AFA. (Released 9-December-2025)

November 2025 Update

Updated POST Trigger ActiveChange for change request API
Updated GET Risky Rules API

Updated POST Trigger ActiveChange for change request API

We have added a new request query parameter shouldPushOnlySubRequest to the POST /change-requests/traffic/{changeRequestId}/work-order/implement API endpoint that determines whether to trigger ActiveChange only to the specified sub-change request or to all sub-change requests under its parent. See Trigger ActiveChange for change request . (Released 11-November-2025)

Updated GET Risky Rules API

We have added a new request query parameter ruleType to the GET /api/v1/risks/riskyRules API endpoint that determines the amount of details included in the response. See Get risky rules . (Released 11-November-2025)

July 2025 Update

Device Group Field Added to Application Dashboard

Device Group Field Added to Application Dashboard

We’ve enhanced the General Information area of the Application’s Dashboard tab to now include a new field: Device Group.

This field allows you to define the specific device group used when running Traffic Simulation Queries (TSQs) for the application—delivering more accurate and targeted connectivity analysis.

If no Device Group is explicitly defined for the application, the system will use the value set in the afa.tsq.custom_group user property. If that property is not configured, the default device group ALL_FIREWALLS is applied.

See Application DASHBOARD tab interface.

June 2025 Update

Support for Cisco Catalyst SD-WAN devices
New NCA Regulatory Compliance Report

Support for Cisco Catalyst SD-WAN devices

Support for Cisco Catalyst SD-WAN devices is now generally available (GA). See Cisco Catalyst SD-WAN devices in AFA. (Released 10-June-2025)

New NCA Regulatory Compliance Report

We've added a dedicated report to support compliance with the National Cybersecurity Authority (NCA) regulations. The new report provides detailed visibility into network security policies, rule usage, and access controls, aligned with NCA requirements. See REGULATORY COMPLIANCE page. (Released 10-June-2025)