🔐 I just open-sourced a tool I built from real-world pain points on the job.
As a network security engineer working daily with FortiGate firewalls, I kept running into the same problem: configs that looked fine on the surface but had serious misconfigurations buried inside — accept policies with UTM completely disabled, admin accounts with no trusted host restrictions, SSL inspection running in certificate-only mode with no actual decryption, WAN interfaces with HTTP and Telnet still open.
Manually reviewing these across dozens of policies is slow, inconsistent, and easy to get wrong under pressure.
So I built FortiGate UTM Analyzer — a zero-dependency Python CLI that reads a show full-configuration backup and generates structured, severity-tagged security reports in seconds.
🛡️ What it audits:
→ Firewall policies — UTM status, IPS/AV/WebFilter/DNS/AppControl/SSL profile coverage, logging gaps
→ SSL/SSH inspection profiles — inspection mode, cert validation posture, SNI, anomaly logging
→ Antivirus profiles — protocol coverage (HTTP/HTTPS/SMTP/FTP/CIFS), sandbox, outbreak prevention
→ System hardening — admin 2FA, trusthosts, super_admin usage, interface exposure, strong-crypto, DH params, admin lockout
→ NTP — sync status, authentication, redundancy
→ Local-in policies — management exposure, broad source addresses
→ ASCII UTM flow diagrams — per-policy visual of the full security stack from source to destination interface
40+ security checks. HIGH / MEDIUM / INFO severity. Pure Python stdlib — nothing to install.
You point it at a config file and it generates up to 5 structured .txt reports you can read, grep, or feed into a SIEM.
🔗 GitHub: https://github.com/jafartavana01/fortigate-utm-analyzer
If you work with FortiGate in your environment, try it on a backup and see what it finds. Feedback and contributions are welcome.
Top comments (0)