FortiGate Policy Audit

v0.2 — everything runs in your browser

Audit your FortiGate policies.
Your config never leaves this page.

Drop in a FortiOS 7.x config and get an instant policy audit — shadowed rules, any-any exposure, and CIS hardening gaps. All analysis runs locally in your browser: nothing is uploaded, no account, no install.

✓ Config analysis 100% local — zero uploads ✓ Works offline & air-gapped ✓ Single HTML file — save & keep it

Shadowed rules

Finds policies that can never match — including a broad accept silently hiding a deny below it. Resolves address groups, subnets, and interface any.

Any-any exposure

Flags overly permissive policies where source, destination, or service is all, ranked by severity.

CIS hardening

System-level checks against the CIS FortiOS Benchmark: admin timeout, HTTP mgmt, default admin, password policy, NTP, syslog, SNMP, USB auto-install.

Static configuration analysis only. It does not check license or certificate expiry, firmware CVEs, VPN tunnel status, or threat intelligence — a clean result is not a guarantee the firewall is secure. The full report lists exactly what is and isn't covered.

Drop your FortiGate config here

or click to browse

.conf · .txt · .log — FortiOS 7.x · use "show full-configuration" output for complete results

 · 
Tip: save this page (⌘S / Ctrl+S) and run it on an offline machine.

Feedback

Only what you type below is sent — never your config. Your firewall analysis stays 100% in this browser.