I' d like a firewall policy diagnostic tool. One that detects unused objects, redundant rules (i.e. earlier rule in the stack that permits the same thing), poor choices (any any?), and the like.
Cisco has had sanity checking tools for this for a long time. They' re not perfect, but they' re extremely helpful when their output is taken with a grain of salt.
In real life, it' s not unusual for an infosec person to find themselves " inheriting" a firewall managed by someone else, some other group, or some company that was acquired. With 60 VLANs and 800+ rules. That have a lot of suckage.
Fortinet is offering tools to parse and migrate from Cisco and Juniper that do some of this. How about a tool specific to Fortigate firewalls that audit their rule sets and highlight masked rules and best-practices deviations?