FortiOS 7.x / 8.x — Client-side only

Policy Analyzer
& Generator

Paste FortiGate traffic logs and running config. The engine produces minimum-privilege policy recommendations, risk scores, shadow detection, VIP/NAT analysis, coverage mapping, and CLI commands — entirely in your browser. No data leaves your device.

How to collect data from FortiGate
1
Traffic Logs required
The primary input. Export from FortiAnalyzer or FortiGate CLI.
FortiAnalyzer GUI
Log & Report → Traffic → Forward Traffic → Export CSV
FortiGate CLI
execute log filter category 0 execute log filter start-line 1 execute log display
💡 Export 7–30 days minimum. Supports CSV (comma or semicolon) and JSON.
2
Firewall Policies required
The policy list to analyze. SSH into FortiGate and run:
show firewall policy
💡 If using VDOMs, run config vdom → edit <name> first.
3
Objects & Config optional
Paste any combination — the parser auto-detects each section.
show firewall address show firewall addrgrp show firewall service custom show firewall service group show firewall vip show firewall ippool
💡 Enables address group expansion, VIP analysis, coverage matching, and object cleanup.

Input Data

Analysis Mode
Initializing…