Drop in a FortiOS 7.x config and get an instant policy audit — shadowed rules, any-any exposure, and CIS hardening gaps. All analysis runs locally in your browser: nothing is uploaded, no account, no install.
Finds policies that can never match — including a broad accept silently hiding a deny below it. Resolves address groups, subnets, and interface any.
Flags overly permissive policies where source, destination, or service is all, ranked by severity.
System-level checks against the CIS FortiOS Benchmark: admin timeout, HTTP mgmt, default admin, password policy, NTP, syslog, SNMP, USB auto-install.
Static configuration analysis only. It does not check license or certificate expiry, firmware CVEs, VPN tunnel status, or threat intelligence — a clean result is not a guarantee the firewall is secure. The full report lists exactly what is and isn't covered.
Drop your FortiGate config here
or click to browse
.conf · .txt · .log — FortiOS 7.x · use "show full-configuration" output for complete results
Only what you type below is sent — never your config. Your firewall analysis stays 100% in this browser.