Step 1
Policy Input
Select a vendor, then paste a supported config export or upload the policy file.
Palo Alto accepts PAN-OS XML or set commands. The other vendors accept the sample export formats documented in the UI.
Free · No sign-up · about 30 seconds
Clean up your firewall config — without the guesswork
Paste a config export and we'll flag the risky, unused, and messy rules — with plain-English fixes you can actually act on. Works with Palo Alto, Cisco Firepower, Fortinet, and SonicWall, checked against NIST + CISA best practices.
New here? Load a sample below to see exactly what you'll get — no config of your own needed.
No account required. Your config is analyzed for this request only and never stored.
Step 2
Rule Usage Import
Optional, but required for automatic “remove if unused for 30+ days” recommendations. Accepts CSV or JSON with rule name, hit count, and last hit fields.
If omitted, cleanup recommendations are limited to config-only signals.
Step 3
Live Device Connection
Use the collection method the platform supports. Palo Alto and Fortinet can use API or SSH, Cisco Firepower uses FMC API, and SonicWall uses API. Config upload remains available for every vendor.
Select a vendor to see its live collection options and required credentials.
Best for a live snapshot when you already have management-plane access to the firewall or controller.
Want to save this analysis?
Create a free account to save reports, view history, and unlock live API/SSH collection from your firewall.