phpIPAM is a solid open-source IPAM tool, but it requires setting up network scanning agents and database infrastructure. Here's a different approach that might fit your needs better.
The phpIPAM Approach
phpIPAM is built around a traditional IPAM model: deploy the software, configure database backends, set up scanning agents, and maintain the infrastructure. It's powerful, but it comes with operational overhead.
Common challenges teams face with phpIPAM:
- Infrastructure requirements: MySQL/MariaDB database, web server, PHP—all need ongoing maintenance
- Network scanning setup: Scanning agents need network access, firewall rules, and credential management
- Data accuracy: Scanning shows what's live on the network, but not what's configured in your firewall
- Update cycles: Database needs to stay in sync with network changes
A Different Approach: Config-Based IPAM
What if you could skip the scanning entirely and get your IP data from the source of truth—your firewall configuration?
Your FortiGate or Palo Alto config already contains:
- Every address object you've defined
- All address groups and their members
- Interface IP assignments
- VIP/NAT mappings
- Static routes and next hops
- Security zone definitions
This is the data that actually matters for understanding your IP allocation—and it's already organized and maintained as part of your firewall management.
When Config-Based IPAM Makes Sense
This approach works particularly well for:
- MSPs managing multiple clients: Upload each client's firewall config, get instant visibility without deploying scanning infrastructure at every site
- Network audits: Document IP allocation quickly without setting up persistent monitoring
- Migration planning: Understand the current state before making changes
- Compliance documentation: Generate accurate IP inventories from authoritative config files
- Small teams: Get IPAM functionality without dedicated infrastructure
When phpIPAM Is Still Better
To be fair, phpIPAM and similar scanning-based tools have strengths that config parsing doesn't cover:
- Live network state: Scanning shows what's actually responding on the network right now
- DHCP integration: phpIPAM can integrate with DHCP servers for dynamic IP tracking
- DNS management: Some tools integrate DNS record management
- Rogue device detection: Scanning can find unauthorized devices
If you need these capabilities, a scanning-based tool makes sense. But many teams discover they primarily need visibility into their planned IP allocation—what's configured—rather than continuous live monitoring.
Quick Comparison
| Feature | phpIPAM | Config Parsing |
|---|---|---|
| Setup time | Hours to days | Minutes |
| Infrastructure | Database, web server, agents | None (browser-based) |
| Network access | Required for scanning | Not required |
| Data source | Live network + manual entry | Firewall config file |
| Multi-site | Requires distributed agents | Upload configs from anywhere |
| Maintenance | Ongoing | None |
Try Config-Based IPAM
SimpleIPAM takes the config parsing approach. Upload your FortiGate or Palo Alto config file and see your entire IP address space in seconds—no database setup, no scanning agents, no ongoing maintenance.
No registration required. Config is processed in your browser and not stored.
Top comments (0)