Kikimora reads FortiGate configuration so firewall policy questions get answered in seconds, and risky rules don’t hide in a thousand-line policy table.
Audit your Fortinet firewall policies from one conversation
The integration covers the parts of a FortiGate configuration that decide what traffic is allowed: firewall policies and the services and zones they permit, network objects, and address groups. On a busy appliance the dangerous rule is rarely the obvious one. It is the broad object reused in twenty policies, or the rule that was meant to be temporary three years ago. Asking in plain language beats scrolling the table. Firewall policy tables grow by accretion. Every project adds a rule, almost nobody removes one, and after a few years the table is long enough that a genuinely risky any-to-any policy hides in plain sight. The agent reads the configuration the way a reviewer would, following which objects a policy uses and which policies a single permissive object touches, so the rule that actually matters surfaces instead of staying buried.
What you can do
- Review firewall policies and the traffic they allow.
- Audit network objects and address groups.
- Flag overly-broad rules for review.
Things you might ask
- “Which FortiGate policies allow inbound traffic from the internet to internal services?”
- “Show me every policy that uses an any-source or any-destination object.”
- “List rules that are disabled or shadowed by an earlier policy and have no effect.”
Fortinet usually guards the on-prem and datacenter perimeter, while a CDN handles the public edge. Pair it with the Cloudflare integration so edge WAF rules and FortiGate policies get reviewed in the same conversation, and a gap in one does not hide behind the other.