Rampart combines multiple layers of firewall analysis to provide a complete security review in a single pass.
Understand the structure and behaviour of complex rulebases.
Full searchable, filterable table of all security rules showing zones, addresses, applications, services, actions, and security profiles.
Automatically flags rules using "any" for source or destination, rules missing security profiles, and rules without audit descriptions.
Identifies rules completely shadowed by earlier entries that will never be matched, with specific options for remediation.
Flags rules with outdated naming conventions, descriptions suggesting decommission, and references to objects that no longer exist in the configuration.
Detects rules with expired schedules still active and flags likely-temporary rules (test, hotfix, ticket references) that have no expiry set.
Recommends consolidating multiple inline services or addresses into reusable groups for easier management and auditing.
Visualise how network zones interact and identify unintended exposure.
Generates a Zone Exposure Matrix showing every permitted inter-zone traffic path to reveal unintended exposure.
Analyses east-west traffic paths between internal zones. Flags rules that allow broad cross-zone access with wide port ranges, which are common pivot points during an attack.
Evaluates how well zones are actually segmented by scoring the ratio of allowed vs blocked inter-zone flows. Identifies cosmetic segmentation where most zones can communicate freely.
Identifies rules allowing unencrypted protocols (HTTP, FTP, Telnet, SNMP, LDAP, and more) across zone boundaries, with severity elevated for internet-facing rules.
Flags internet-facing rules with unrestricted source addressing that lack geographic restrictions, creating compliance risk with OFAC, EU, and UN sanctions frameworks.
Audits interface management profiles for insecure protocols (HTTP, Telnet, SNMP) exposed on data-plane interfaces.
Deep inspection powered by App-ID behaviour and application-default port resolution.
Simulate any traffic scenario by source/destination IP, zone, port, protocol, and application to determine which rule would match β without touching the live firewall.
Analyses outbound rules for data exfiltration risk β unrestricted outbound to internet, DNS exfiltration vectors, common C2 ports, and missing outbound security profiles.
Identifies traffic flows that bypass SSL/TLS decryption. Reports coverage percentage, no-decrypt exclusions, and security rules with no matching decryption rule.
Tests all FQDN-based address objects against live DNS to surface stale or unresolvable entries before they cause policy gaps.
Rates App-ID enablement, logging configuration, and policy structure against Palo Alto Networks' official best practice guidelines.
Validate against industry frameworks and produce professional audit deliverables.
Scores your configuration against NIST, ISO 27001, SOX, GDPR, HIPAA, CIS Benchmarks, PCI-DSS, and APRA CPS 234 with per-control pass/fail detail.
Composite security score (0β100) combining Best Practices (40%), Segmentation Effectiveness (30%), and Severity Penalty (30%) into a single AβF grade for executive reporting.
Generate professional audit reports with executive summary, risk rating, detailed findings, compliance results, and remediation recommendations.
Generate customizable Word reports using your own branded .docx templates with automatic placeholder replacement. Requires Windows and Microsoft Word.
Identify redundant, unused, and misconfigured objects for cleaner policy management.
Finds duplicate address objects referencing the same IP/subnet and highlights unreferenced objects safe for removal.
Maps every address and service object to its rule usage count, exposing unused objects and over-referenced entries.
At-a-glance view of risk rating, total rules, and issues broken down by severity with key security metrics.
Multi-client management and cross-audit tracking for security consultants.
Organise audits by client and project. Assign configurations, track audit history, and manage multiple engagements from a single interface.
Track remediation progress across audits. Save baselines, compare snapshots, and see which findings are resolved, still open, or newly introduced.
PDF reports automatically include remediation progress when a project baseline exists, showing resolved, open, and new findings with visual breakdown.
Connect directly to Palo Alto Strata Cloud Manager via API to fetch firewall configurations for analysis β no manual exports required.