I need to go through my PA and map out the security zones, NAT rules, and so on that have accumulated over the years and I need a tool to help me scrub through the configution and sort out what is going on. I heard there was a tool called Clikr or Clickr or something like that that is an open source tool that is supposed to help with this kind of thing but I'm looking for it and can't find it. Can anyone tell me what this tool is or another free tool or 30 day eval or something that can help me do this? Thanks!
I'm not aware of any free tools, but you could try to get a demo of Tuffin or Firemon that support Palo Alto.
Yes, they attempt to discover and map out the network topology. But you would need to add all of the relevant routers in addition to the firewalls for the most accurate results. And they are licensed by the nodes you put into the system. And the discovery is not always perfect requiring some manual tweaks.
But once they successfully have the topology they can also help in making sure that all of the necessary rules along a communication path are in place end to end.
If its just the zones/interfaces etc you want and not a network map you could try the Migration Tool, have not used it for some months but seem to remember you can export it to XML and from there you can use Excel or just about anything to carve it up or manipulate it how you want...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!