A self-hosted firewall analyzer for your FortiGate fleet.
SAMURAI reads FortiGate over the FortiOS REST API and makes it searchable: security and NAT policies, address and service objects resolved recursively to real protocols and ports, routes, VPN tunnels, and every configuration change attributed to the admin who made it. Self-hosted, air-gap friendly, and in the same dashboard as your Palo Alto and Cisco firewalls.
Updated June 2026
What it reads from FortiOS
Security & NAT policies
Every FortiOS firewall policy and NAT rule, searchable by interface, address, service, and action.
Objects, resolved recursively
Address and service objects (including groups with nested members) flattened at sync time to real protocols and ports, with cycle protection.
Routes & VPN
Routing tables normalized to Cisco-style flags, plus IPSec and SSL-VPN tunnels in the same view as the policies around them.
API-token or session auth
Connect with a FortiOS REST API admin token (preferred) or session login. The API token is AES-encrypted at rest.
Change tracking with attribution
Configuration changes diffed from device state and grouped by admin in time windows. FortiOS has no commit step, so SAMURAI reconstructs the who and when.
Beyond the firewall
The same dashboard covers Palo Alto, Cisco FMC/FTD, routers, switches, ACI, ISE, and vCenter. Nine device types in one view.
SAMURAI vs FortiManager for visibility
FortiManager is the Fortinet management plane, built to provision and push policy across a FortiGate fleet. SAMURAI is read-only and multi-vendor: it never changes configuration, and it sees your Palo Alto and Cisco firewalls in the same place.
Scope
SAMURAI
FortiGate plus Palo Alto, Cisco FMC/FTD, routers, switches, ACI, ISE, and vCenter in one view
FortiManager
Fortinet fleet management (single vendor)
Direction
SAMURAI
Read-only: observes and reports, never pushes configuration
FortiManager
Management plane: provisions and pushes policy
Change attribution
SAMURAI
Cross-vendor change timeline, time-window-grouped per admin
FortiManager
Native Fortinet admin logs
Deployment
SAMURAI
Single self-hosted Docker container, serving data in about five minutes
FortiManager
FortiManager appliance or VM, Fortinet-licensed
If you manage a Fortinet-only estate and need to provision policy, FortiManager is the right tool. If you need to see and search your FortiGate firewalls next to everything else, and know who changed what, when, that is what SAMURAI is built for.
Frequently asked questions
How does SAMURAI connect to FortiGate?
Over the FortiOS REST API, read-only. A REST API admin token is preferred (and stored AES-encrypted); session login is also supported. It defaults to the root VDOM.
Does it need FortiManager?
No. SAMURAI reads each FortiGate directly over the API. It does not require or replace FortiManager: it is read-only visibility, not a management plane.
Are FortiGate objects resolved?
Yes. Address and service objects, including nested groups, are resolved recursively at sync time (with cycle protection) and annotated with real protocols and ports.
How are FortiGate changes attributed?
FortiOS has no commit step, so SAMURAI groups configuration changes by admin within short time windows to attribute each change, the same approach it uses for vCenter and ISE.
Can it run air-gapped?
Yes. One self-contained Docker image, an offline IEEE OUI database, and no telemetry. Nothing leaves your perimeter.
Speaks every box on your network
Direct API and SSH integrations. No agents, no collectors, no middleware.