Firewall Analyzer - Device Rule - FAQ

1. What is the expected configuration format of Juniper SRX firewall? How to export the configuration to file?

Configuration format of Juniper SRX is set format.

Procedure to export configuration to file:

  1. Login in to the SRX device using putty or other ssh tool.
  2. Execute the following command:
show configuration | display set | no-more
  1. Copy and save the output in .txt file.
  2. Choose File Import when adding device rule and import the file.

2. What are the supported configuration file extensions?

The configuration file extension .txt is supported for all the firewalls except below mentioned firewalls.

Firewall Vendor Name Supported File Extensions
PaloAlto .xml
WatchGuard .xml
pfSense .xm
SonicWALL .exp

3. Device rule fetching succeeded but no data shown in any of the Compliance tab reports. Why?

The protocol used to fetch device rule is not supported by Firewall Analyzer or the user credentials entered doesn't have enough permission to run the config command. Verify the abovr details and still not able to view the data in the report, send <Firewall Analyzer Home>/logs folder to

4. What is Fetch Rules? What is the use of choosing Fetch Rules option when you create Device Rule?

  1. Firewall Analyzer will fetch entire rule details from your firewall by executing show rule command.
  2. Firewall Analyzer will find the unused rules from fetched rule details and triggered rules retrieved from syslogs.
  3. Unused rules report shown under Compliance > Rule Management > Rule Cleanup tab. You can prune the firewall rules that were not triggered.


A single platter for comprehensive Network Security Device Management