One firewall analyzer for your entire multi-vendor estate.
SAMURAI is a self-hosted firewall configuration analyzer that brings Palo Alto, Fortinet FortiGate, and Cisco FMC into a single dashboard. As a multi-vendor firewall policy analyzer it covers security policies, NAT rules, decryption policies, address and service objects, VPN tunnels, and full configuration audit trails, searchable, exportable, and change-tracked.
Updated June 2026
What it analyzes
Security policies, every vendor
Browse and search firewall rules across Palo Alto, FortiGate, and FMC with server-side filtering by zone, address, port, and action.
NAT & decryption rules
NAT rules with address objects resolved to real IPs, plus SSL/TLS decryption policy visibility.
Objects, resolved
Service and address groups expanded recursively at sync time, so you see "HTTPS (tcp/443)", not an object name you have to chase.
Change tracking with attribution
Every policy change detected, diffed, and attributed to the admin who made it, commit-correlated on PAN-OS, time-windowed on FortiOS.
VPN visibility
IPSec tunnels, IKE gateways, GlobalProtect sessions, and SSL-VPN users in the same view as the policies that govern them.
Path tracing across the estate
Hop-by-hop path simulation through firewalls, routers, switches, and ACI fabrics. See which devices a flow actually crosses.
Looking for an AlgoSec alternative?
AlgoSec, Tufin, and FireMon specialize in firewall policy optimization: rule recertification, shadowed-rule cleanup, approval workflows. SAMURAI takes a different angle: full-stack visibility. If your pain is "six vendors and no idea what changed where," SAMURAI covers your firewalls and the network around them.
Scope
SAMURAI
Firewalls plus routers, switches, ACI fabrics, ISE, and vCenter: nine device types in one view
Policy management suites
Firewall-centric policy management
Deployment
SAMURAI
Single Docker container, self-hosted, air-gap friendly, serving data in about five minutes
Policy management suites
Enterprise appliance or SaaS rollout
Change visibility
SAMURAI
Cross-vendor change timeline with admin attribution
Policy management suites
Firewall policy change workflows
Rule optimization
SAMURAI
Not our focus: no shadowed or unused-rule scoring today
Policy management suites
Their core strength
We'd rather be honest: if you need rule recertification workflows, the policy suites earn their price. If you need to see and search everything across a multi-vendor network, and know who changed what, when: that's what SAMURAI is built for.
Frequently asked questions
Which firewalls does SAMURAI support?
Palo Alto Networks (PAN-OS), Fortinet FortiGate (FortiOS), and Cisco Secure Firewall (FMC/FTD), plus ACL visibility on Cisco routers and switches.
Is SAMURAI a firewall log analyzer?
No, SAMURAI is a firewall configuration analyzer, not a log analyzer. It reads policy and configuration state directly from each device (Palo Alto, FortiGate, Cisco FMC) rather than parsing syslog or traffic logs, so you analyze the rules themselves and every change to them. SAMURAI can forward its own events as RFC5424 syslog, but firewall log analytics is not its focus.
Is there a free firewall analyzer option?
Yes. A free test license ships with the SAMURAI Docker image on Docker Hub, no email required, so you can analyze your own firewalls before talking to anyone. Production use is licensed per deployment, sized by device count.
Is SAMURAI an alternative to AlgoSec Firewall Analyzer?
For multi-vendor policy visibility, change tracking, and audit trails: yes. For automated rule recertification and policy optimization workflows, AlgoSec remains the specialist. Many teams want day-to-day visibility across the whole network, and that is what SAMURAI does.
Is there a FortiGate firewall analyzer in SAMURAI?
Yes. SAMURAI reads FortiGate over the FortiOS REST API: security policies, NAT, address and service objects (resolved recursively), routes, VPN tunnels, and configuration changes, in the same dashboard as your Palo Alto and Cisco FMC estate.
Does SAMURAI analyze Cisco firewalls?
Yes. Cisco Secure Firewall (FMC/FTD) access and NAT policies, objects, and deployable devices are first-class, alongside ACL visibility on Cisco routers, switches, and ACI fabrics.
Can SAMURAI run air-gapped?
Yes. It ships as a self-contained Docker image with an offline IEEE OUI database and no telemetry. Nothing leaves your perimeter.
How do I deploy it?
A single docker run. The image is published on Docker Hub (beyrak44/samurai); a typical deployment is serving data in about five minutes.