Firewall policy analysis
Your policy table is where intent meets reality — and where it drifts. FirewallScan analyzes every FortiGate policy for least privilege, redundancy and risk, and shows you what to change.
What is firewall policy analysis?
Firewall policy analysis examines each rule in a firewall to determine whether it grants only the access it should, whether it conflicts with or duplicates other rules, and whether it is still needed at all.
It is the difference between a rule base that documents intent and one that has quietly accumulated exceptions, shadows and dead entries. FirewallScan brings that clarity to FortiGate policy tables.
- Detects overly permissive and any/any policies
- Finds shadowed rules that never match traffic
- Flags redundant and unused policies for cleanup
How FirewallScan solves it
Every policy, evaluated in context
FirewallScan evaluates each policy in the context of the full rule base, not in isolation. It identifies where access is too broad, where rules overlap or shadow each other, and where policies can be tightened or removed.
For each issue, you get the precise FortiOS remediation — so policy analysis leads directly to a cleaner, safer rule base.
- Context-aware evaluation across the full policy table
- Clear least-privilege recommendations
- Exact FortiOS commands for each fix
Frequently asked questions
See FirewallScan on your own configuration
Book a 30-minute demo and watch FirewallScan analyze a FortiGate config in minutes — prioritized findings, remediation steps and an executive-ready report.