Rampart combines Palo Alto security policy analysis, firewall rule optimisation, and compliance scoring to provide a complete PAN-OS config review in a single pass.
Deep Palo Alto security policy analysis to understand the structure and behaviour of complex rulebases.
Full searchable, filterable table of all security rules showing zones, addresses, applications, services, actions, and security profiles.
Dedicated High Risk Rules review with severity scoring per rule. Automatically flags rules using "any" for source or destination, rules missing security profiles, rules without descriptions, and other elevated-risk patterns.
Identifies rules completely or partially shadowed by earlier entries. Detects application-level partial shadows where App-ID overlap causes some traffic to be intercepted by an earlier rule with a conflicting action.
Flags rules with outdated naming conventions, descriptions suggesting decommission, and references to objects that no longer exist. When a device state bundle is imported, also detects zero-hit rules using actual traffic hit counts.
Detects rules with expired schedules still active and flags likely-temporary rules (test, hotfix, ticket references) that have no expiry set.
Recommends consolidating multiple inline services or addresses into reusable groups for easier management and auditing.
Coverage beyond the security rulebase β Authentication, Application Override, DoS Protection, QoS, and HIP policies all get the same audit treatment.
Audits Authentication policy rules used for Multi-Factor Authentication enforcement β coverage of sensitive applications, user targeting, and authentication profile assignment.
Flags Application Override rules that force traffic to be classified as a specific App-ID, bypassing App-ID inspection. A common source of hidden risk in mature rulebases.
Reviews DoS Protection rules and profiles. Reports active rules, protect / allow / deny disposition, and security rules missing a DoS profile where one is expected.
Reviews Quality of Service policies β active rules, matching criteria, and the set of unique QoS classes in use β to validate bandwidth controls are actually being applied.
Inventories Host Information Profile objects and profiles, and verifies that authentication and security rules actually reference them where endpoint posture checks are expected.
Visualise how network zones interact and identify unintended exposure.
Generates a Zone Exposure Matrix showing every permitted inter-zone traffic path to reveal unintended exposure.
Analyses east-west traffic paths between internal zones. Flags rules that allow broad cross-zone access with wide port ranges, which are common pivot points during an attack.
Evaluates how well zones are actually segmented by scoring the ratio of allowed vs blocked inter-zone flows. Identifies cosmetic segmentation where most zones can communicate freely.
Identifies rules allowing unencrypted protocols (HTTP, FTP, Telnet, SNMP, LDAP, and more) across zone boundaries, with severity elevated for internet-facing rules.
Flags internet-facing rules with unrestricted source addressing that lack geographic restrictions, creating compliance risk with OFAC, EU, and UN sanctions frameworks.
Audits interface management profiles for insecure protocols (HTTP, Telnet, SNMP) exposed on data-plane interfaces.
Deep inspection powered by App-ID behaviour and application-default port resolution.
Simulate any traffic scenario by source/destination IP, zone, port, protocol, and application to determine which rule would match β without touching the live firewall.
Analyses outbound rules for data exfiltration risk β unrestricted outbound to internet, DNS exfiltration vectors, common C2 ports, and missing outbound security profiles.
Identifies traffic flows that bypass SSL/TLS decryption. Reports coverage percentage, no-decrypt exclusions, and security rules with no matching decryption rule.
Audits SSL/TLS decryption profiles for weak certificate validation, permissive failure modes, and unsupported-mode bypasses that silently disable inspection.
Inspects URL Filtering, Anti-Spyware, Vulnerability, and File Blocking profiles. Flags malicious URL categories that are not blocked, empty / unconfigured profiles, and gaps in content inspection coverage.
Tests all FQDN-based address objects against live DNS to surface stale or unresolvable entries before they cause policy gaps.
Rates App-ID enablement, logging configuration, and policy structure against Palo Alto Networks' official best practice guidelines.
Validate against industry frameworks and produce professional audit deliverables.
Scores your configuration against NIST, ISO 27001, SOX, GDPR, HIPAA, CIS Benchmarks, PCI-DSS, and APRA CPS 234 with per-control pass/fail detail.
Composite security score (0β100) combining Best Practices (40%), Segmentation Effectiveness (30%), and Severity Penalty (30%) into a single AβF grade for executive reporting.
Generate professional audit reports with executive summary, risk rating, detailed findings, compliance results, and remediation recommendations.
Generate customizable Word reports using your own branded .docx templates with automatic placeholder replacement. Requires Windows and Microsoft Word.
Firewall rule cleanup and optimisation β identify redundant, unused, and misconfigured objects for cleaner policy management.
Finds duplicate address objects referencing the same IP/subnet and highlights unreferenced objects safe for removal.
Surfaces address objects, service objects, and groups defined in the configuration but never referenced by any rule β safe candidates for cleanup.
Maps every address and service object to its rule usage count, exposing unused objects and over-referenced entries.
Verifies that every address, service, and security profile referenced by a rule actually exists. Catches broken references introduced by Panorama imports or partial cleanups.
Persistent left-panel dashboard showing total rules, issues, Rampart Risk Rating, and severity breakdown β visible from every review tab so context never gets lost.
Import a device state bundle or tech support file for deeper analysis beyond static configuration β certificates, hit counts, licences, and platform health.
Evaluates installed SSL certificates for chain completeness, identifying missing intermediate CAs and expired certificates that could cause decryption failures or service outages.
When a device state bundle or tech support file is imported, Rampart uses actual traffic hit counts to identify zero-hit rules β rules that exist in the policy but have never matched real traffic.
Reports active and expired subscriptions (Threat Prevention, WildFire, URL Filtering, etc.) with expiry dates, so you can identify coverage gaps before they become security blind spots.
Shows installed versions of threat signatures, App-ID definitions, antivirus, WildFire, and URL databases with timestamps β verifying that dynamic content is current.
Reports HA mode, local and peer state, and peer address so you can verify failover readiness as part of a configuration audit.
Checks object counts against device-specific platform capacity limits, warning before you hit session table, rule, or object maximums.
Connect directly to Palo Alto management platforms to fetch configurations without manual exports (Professional+).
Connect directly to Palo Alto Strata Cloud Manager via API to fetch firewall configurations for analysis β no manual exports required.
Connect directly to a firewall or Panorama appliance via the PAN-OS XML API to fetch live running configuration and operational state.
Multi-client management and cross-audit tracking for security consultants.
Organise audits by client and project. Assign configurations, track audit history, and manage multiple engagements from a single interface.
Track remediation progress across audits. Save baselines, compare snapshots, and see which findings are resolved, still open, or newly introduced. Useful for consultants managing multiple clients and for internal engineers tracking security posture over time.
PDF reports automatically include remediation progress when a project baseline exists, showing resolved, open, and new findings with visual breakdown.