A web-based tool for visualizing, analyzing, and optimizing Azure Firewall policies. Upload your Azure Firewall Policy exports to understand rule processing order, identify duplicates and conflicts, and optimize your firewall configuration.
Azure Firewall policies can become complex with hundreds of rules across multiple collection groups. This tool helps you:
- Visualize Rule Processing Order: See exactly how Azure Firewall will process your rules, following the priority-based hierarchy
- Identify Duplicate Rules: Find rules that have identical configurations and can be consolidated
- Detect Rule Conflicts: Discover Allow/Deny conflicts and rules that shadow each other
- Interactive Navigation: Browse through rule hierarchies with table and mindmap visualizations
- Export Analysis: Generate reports of your policy analysis and optimization suggestions
🛡️ Everything runs locally in your browser - Your Azure Firewall policies never leave your machine:
- No data is sent to external servers
- No cloud processing or storage
- No user accounts or authentication required
- Your sensitive firewall configurations remain private and secure
# Clone the repository
git clone https://github.com/your-username/azure-firewall-analyzer.git
cd azure-firewall-analyzer
# Install dependencies
npm install
# Start development server
npm run devOpen http://localhost:5173 in your browser.
# Build for production
npm run build
# Preview the production build
npm run previewAccess at http://localhost:4173 to test the production build locally.
The application is configured for automatic deployment to Azure Static Web Apps:
- Fork this repository to your GitHub account
- Create an Azure Static Web Apps resource in Azure Portal
- Connect your GitHub repository during the creation process
- Azure will automatically deploy on every push to the main branch
The GitHub Actions workflow (.github/workflows/azure-static-web-apps.yml) handles the build and deployment automatically.
In Azure Portal:
- Navigate to your Firewall Policy
- Click "Export template" in the left menu
- Click "Download" to get the ARM template
- You'll need the
template.jsonfile (notparameters.json)
- Open Azure Firewall Analyzer in your browser
- Drag and drop your
template.jsonfile or click to browse - The tool will automatically:
- Parse your firewall policy
- Apply Azure's rule processing logic
- Analyze for duplicates and conflicts
- Generate interactive visualizations
- Table View: Hierarchical view of all rules with search and filtering
- Mind Map: Interactive node-based visualization of rule relationships
- Issues View: Dedicated view for duplicates, conflicts, and optimization suggestions
- Rule Details: Click any rule to see detailed configuration and metadata
- Implements Azure Firewall's exact rule processing order
- Handles Rule Collection Group priorities (100-65000)
- Respects DNAT → Network → Application rule sequence
- Supports parent/child policy inheritance
- Duplicate Detection: Identifies rules with identical source, destination, ports, and protocols
- Conflict Analysis: Finds Allow/Deny conflicts and rule shadowing
- Optimization Suggestions: Recommends rule consolidation opportunities
- Processing Order Visualization: Shows the exact sequence Azure Firewall follows
- Hierarchical Table: Expandable tree view with search and filtering
- Interactive Mind Map: Zoomable, pannable node graph using ReactFlow
- Real-time Updates: Dynamic filtering and selection across all views
- Responsive Design: Works on desktop and tablet devices
Contributions are welcome! This project is designed to help Azure administrators better understand and optimize their firewall configurations.
- Fork the repository
- Create a feature branch:
git checkout -b feature-name - Make your changes and test thoroughly
- Run linting:
npm run lint - Build and test:
npm run build - Submit a pull request
This project is open source and available under the MIT License.
- Issues: Report bugs or request features on GitHub Issues
This tool is for analysis and visualization purposes only. Always validate any configuration changes in a test environment before applying to production Azure Firewall policies. The tool processes policies locally and does not modify your actual Azure resources.