Step 1
Policy Input
Select a vendor, then paste a supported config export or upload the policy file.
Palo Alto accepts PAN-OS XML or set commands. The other vendors accept the sample export formats documented in the UI.
Workflow · Free · No sign-up
Bring in policy, optionally add usage data, then analyze
Reviews Palo Alto, Cisco Firepower, Fortinet, and SonicWall policies against vendor + NIST + CISA best practices.
Credentials are used only for the current request and are not persisted.
Step 2
Rule Usage Import
Optional, but required for automatic “remove if unused for 30+ days” recommendations. Accepts CSV or JSON with rule name, hit count, and last hit fields.
If omitted, cleanup recommendations are limited to config-only signals.
Step 3
Live Device Connection
Use the collection method the platform supports. Palo Alto and Fortinet can use API or SSH, Cisco Firepower uses FMC API, and SonicWall uses API. Config upload remains available for every vendor.
Select a vendor to see its live collection options and required credentials.
Best for a live snapshot when you already have management-plane access to the firewall or controller.
Want to save this analysis?
Create a free account to save reports, view history, and unlock live API/SSH collection from your firewall.