Firewall Audit in 60 Seconds
Find the attack paths before attackers do.
Upload your firewall config and get a posture score, prioritized risks, and ready-to-paste CLI fixes.
No credit card required. Your config never touches our storage.
What You Get in Every Scan
Security Checks
Policy hygiene, zone segmentation, management exposure, crypto audit, firmware CVEs.
Real Threat Intel
Cross-references your exact firmware against CISA KEV, NVD, and vendor PSIRT feeds.
Configs Stored
Raw configs parsed in memory, never stored. Architecture-level guarantee, not a policy.
Ready-to-Paste Fixes
Every finding includes vendor-specific commands you can paste into your firewall.
Supported Vendors
Frequently Asked Questions
What is a firewall configuration audit?+
A firewall configuration audit is a systematic review of your firewall rules, policies, and system settings to find security gaps, misconfigurations, and compliance violations. CRWLR automates this process — upload your config file and get a security posture score with prioritized findings in under 60 seconds.
Which firewall vendors does CRWLR support?+
CRWLR supports Fortinet FortiGate (.conf), Palo Alto Networks (XML), Sophos XG/XGS (XML or PostgreSQL dump), Check Point R80+ (JSON from mgmt_cli), and Cisco ASA (show running-config). Each vendor gets tailored remediation commands you can paste directly into your firewall CLI.
How does attack path analysis work?+
Attack path analysis maps how multiple individual misconfigurations can chain together into an exploitable route through your network. For example, an overly permissive WAN rule combined with missing SSL inspection and no IPS profile creates a path for data exfiltration that no single finding would reveal on its own.
Is my firewall configuration stored?+
No. Your raw config file is parsed entirely in memory and never written to disk or database. This is an architecture-level guarantee, not just a policy. Only the normalized analysis results (findings, scores, remediation) are stored — never the original configuration.
How often should firewall rules be reviewed?+
PCI DSS requires firewall rule reviews every 6 months. NIST and CIS recommend quarterly reviews. For organizations with frequent changes, monthly automated scans catch configuration drift before it becomes a compliance gap or security risk.
What compliance frameworks does CRWLR map to?+
CRWLR maps findings to CIS Benchmarks (FortiGate, Palo Alto, Sophos), PCI DSS Requirement 1 (network security controls), and NIST 800-41 (firewall policy guidelines). Each finding shows which compliance controls it affects.
Can MSPs use CRWLR for multiple clients?+
Yes. CRWLR supports multi-tenant fleet management — manage all your client firewalls from one dashboard with per-client scoring, bulk import via ZIP, and exportable audit evidence packages for compliance reporting.
How does CVE cross-referencing work?+
CRWLR detects your exact firmware version and cross-references it against CISA Known Exploited Vulnerabilities (KEV), NVD, and vendor-specific PSIRT feeds. It only alerts on CVEs for features actually enabled on your firewall — no noise from vulnerabilities in disabled modules.