Firewall analyzers

L1 Bithead

Firewall analyzers

Can anyone let me know about their experience with firewall analyzer tools?  I work at a university and we have 20 PANs, but we're expanding to new campuses in a few cities in the US and one in Italy.  It's going to be tough to manage double the number of devices, but I can't find anyone with good experiences with these tools.


Gartner and Forrester have been no help.  Waste of time.




Community Manager

Re: Firewall analyzers

Hi @JessMayfield


Are you looking for a tool to manage all your firewalls at once, or a tool to analyze your firewalls for conformity/best practices/proper configuration ?


there's several things we have at your disposal which may be helpful: 


Panorama is a centralized management platform which looks and feels the same as your firewalls, but it allows you to build configuration in one spot and deploy it to one, several or all of your firewall appliances out in the field. It comes in a VM and physical chassis flavor, depending on your requirements


If you'd simply like your configs verified, you can reach out to your sales team and they can perform a best practices assessment on your firewalls and get you a heatmap and recommendations to improve or tweak your configuration



hope this helps


Help the community: Like helpful comments and mark solutions
Reaper out
L7 Applicator

Re: Firewall analyzers


Are you referring to 3rd party tools such as firemon?



L1 Bithead

Re: Firewall analyzers



Yes...looking for systems like FireMon (or others) that can help me with compliance reporting and determine if rules are risky/need cleanup.  A friend of mine suggested to POC a few vendors, but I'd like to get to a short list.


Have you had any experience with these tools?


L1 Bithead

Re: Firewall analyzers

The trouble I have with PAN is being able to report details on the traffic flows and compliance implications.  But I have never used these other tools, and don't know which should be on my short list...



L7 Applicator

Re: Firewall analyzers


The only ones I've seen that would be worth testing would be FireMon or Tuffin. 

L4 Transporter

Re: Firewall analyzers



I did a on premise 30 day trial, contact a vendor and see if they are willing to do that for you and you can decide it does what you need it too

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!