One firewall analyzer for your entire multi-vendor estate.
SAMURAI is a self-hosted firewall analyzer that brings Palo Alto, Fortinet FortiGate, and Cisco FMC into a single dashboard: security policies, NAT rules, decryption policies, address and service objects, VPN tunnels, and full configuration audit trails. Searchable, exportable, and change-tracked.
Updated June 2026
What it analyzes
Security policies, every vendor
Browse and search firewall rules across Palo Alto, FortiGate, and FMC with server-side filtering by zone, address, port, and action.
NAT & decryption rules
NAT rules with address objects resolved to real IPs, plus SSL/TLS decryption policy visibility.
Objects, resolved
Service and address groups expanded recursively at sync time, so you see "HTTPS (tcp/443)", not an object name you have to chase.
Change tracking with attribution
Every policy change detected, diffed, and attributed to the admin who made it, commit-correlated on PAN-OS, time-windowed on FortiOS.
VPN visibility
IPSec tunnels, IKE gateways, GlobalProtect sessions, and SSL-VPN users in the same view as the policies that govern them.
Path tracing across the estate
Hop-by-hop path simulation through firewalls, routers, switches, and ACI fabrics. See which devices a flow actually crosses.
Looking for an AlgoSec alternative?
AlgoSec, Tufin, and FireMon specialize in firewall policy optimization: rule recertification, shadowed-rule cleanup, approval workflows. SAMURAI takes a different angle: full-stack visibility. If your pain is "six vendors and no idea what changed where," SAMURAI covers your firewalls and the network around them.
Scope
SAMURAI
Firewalls plus routers, switches, ACI fabrics, ISE, and vCenter: nine device types in one view
Policy management suites
Firewall-centric policy management
Deployment
SAMURAI
Single Docker container, self-hosted, air-gap friendly, serving data in about five minutes
Policy management suites
Enterprise appliance or SaaS rollout
Change visibility
SAMURAI
Cross-vendor change timeline with admin attribution
Policy management suites
Firewall policy change workflows
Rule optimization
SAMURAI
No shadowed or unused-rule scoring today — a firewall policy analyzer and optimizer is on our roadmap
Policy management suites
Their core strength
We'd rather be honest: if you need rule recertification workflows, the policy suites earn their price. If you need to see and search everything across a multi-vendor network, and know who changed what, when: that's what SAMURAI is built for.
Frequently asked questions
Which firewalls does SAMURAI support?
Palo Alto Networks (PAN-OS), Fortinet FortiGate (FortiOS), and Cisco Secure Firewall (FMC/FTD), plus ACL visibility on Cisco routers and switches.
Is SAMURAI an alternative to AlgoSec Firewall Analyzer?
For multi-vendor policy visibility, change tracking, and audit trails: yes. For automated rule recertification and policy optimization workflows, AlgoSec remains the specialist. Many teams want day-to-day visibility across the whole network, and that is what SAMURAI does.
Is SAMURAI a firewall rule analyzer?
Yes, in the inspection sense: it reads every security policy, NAT rule, and object across Palo Alto, FortiGate, and Cisco FMC, makes them searchable with one query language, and diffs every change with admin attribution. What it does not do today is usage-based rule scoring — a firewall policy analyzer and optimizer is on our roadmap.
Is SAMURAI a firewall log analyzer?
No — and the distinction matters. Log analyzers reconstruct what your firewalls did from syslog; SAMURAI reads what your firewalls are configured to do, directly from device state. It does ingest syslog for its live event stream, but traffic and bandwidth analytics from logs are a different product category. If that is your need, pair SAMURAI with a log platform.
Is there a FortiGate firewall analyzer in SAMURAI?
Yes. SAMURAI reads FortiGate over the FortiOS REST API: security policies, NAT, address and service objects (resolved recursively), routes, VPN tunnels, and configuration changes, in the same dashboard as your Palo Alto and Cisco FMC estate.
Does SAMURAI analyze Cisco firewalls?
Yes. Cisco Secure Firewall (FMC/FTD) access and NAT policies, objects, and deployable devices are first-class, alongside ACL visibility on Cisco routers, switches, and ACI fabrics.
Can SAMURAI run air-gapped?
Yes. It ships as a self-contained Docker image with an offline IEEE OUI database and no telemetry. Nothing leaves your perimeter.
How do I deploy it?
A single docker run. The image is published on Docker Hub (beyrak44/samurai); a typical deployment is serving data in about five minutes.