Firewall Security Assessment | OC Security Audit
OC Security Audit • Firewall Security Assessment

Firewall Security Assessment

Your firewall should do more than pass traffic. It should reduce exposure, protect VPN access, inspect threats, log critical activity, and support compliance readiness for your business.

OC Security Audit, with 25+ years of experience under the management of Ali Hassani, has worked on dozens of networks for businesses in Southern California, Irvine, Orange County, and Los Angeles. With experience and certifications such as CISSP, CCISO, MCSE, MCSA Security, MCITP, CCNA, CCNP, and related security credentials, we help make your network and data more secure and your business better prepared for compliance requirements.

Schedule a Firewall Assessment Compare Firewall Audit
25+ Years ExperienceDozens of Business NetworksIrvine • OC • LACISSP • CCISO • CCNP
25+years of cybersecurity, infrastructure, and IT leadership experience
Dozensof business networks reviewed and supported across Southern California
360°technical review across rules, VPN, NAT, ports, logging, cloud, and backups
Actionableremediation guidance for IT teams and business leaders
What We Review

Technical Firewall Hardening That Reduces Real Business Risk

OC Security Audit reviews the settings that determine whether your firewall is actively protecting your organization or quietly exposing systems, users, data, and cloud services.

🧱

Firewall Rules & Least Privilege

We identify overly broad rules, any-to-any access, unused rules, duplicate rules, risky services, missing logging, and policies that should be narrowed by source, destination, port, user, application, or schedule.

🔐

VPN, MFA & Administrator Access

We review SSL VPN, IPsec VPN, site-to-site tunnels, MFA, inactive accounts, vendor access, administrator roles, secure management interfaces, and privileged access controls.

🌐

Open Ports, NAT & Exposure

We check public exposure, NAT policies, port forwarding, remote access services, database exposure, web applications, vendor rules, and legacy systems that may need safer access methods.

🛡️

Threat Prevention Services

We verify whether IPS, anti-malware, DNS filtering, URL filtering, botnet filtering, application control, SSL/TLS inspection, geo-blocking, and threat intelligence are licensed, updated, and applied correctly.

📊

Logging, Monitoring & Alerts

We review denied and allowed traffic logs, VPN events, administrator logins, configuration changes, SIEM forwarding, Microsoft Sentinel readiness, log retention, NTP, and security alerting.

☁️

Cloud & Hybrid Firewall Controls

We assess Microsoft Azure Firewall, Azure Network Security Groups, cloud routes, hybrid connectivity, and cloud firewall controls. For deeper cloud review, visit Azure Cloud Security Audit.

Cloud network security architecture protected by firewall controls
Enterprise firewall with secure traffic inspection
Assessment Scope

From Edge Firewalls to Cloud Controls, We Look for What Attackers Look For

Many firewall risks appear over time: emergency rules, old vendor access, exposed management portals, outdated firmware, VPN changes, cloud migrations, and temporary exceptions that were never removed.

Reduce unnecessary exposure by reviewing open ports, NAT, public IP mappings, remote access, and cloud security groups.
Strengthen access control by hardening VPN, MFA, administrator access, site-to-site tunnels, and identity integration.
Improve detection and response through better logs, alerts, SIEM forwarding, threat prevention settings, and backup readiness.
Support compliance readiness with practical control review and remediation planning for organizations preparing for compliance consulting.
Assessment vs. Audit

Technical Assessment or Audit-Focused Review?

A Firewall Security Assessment focuses on technical firewall configuration, hardening, attack surface reduction, VPN security, open ports, NAT, logging, firmware, and threat prevention.

A Firewall Security Audit focuses on audit evidence, control validation, governance, documentation, policy alignment, and compliance readiness.

Firewall Security Audit Security Audits Network Vulnerability Assessment Cybersecurity Risk Assessment
Firewall audit and firewall security assessment comparison visual
How We Work

A Clear Assessment Process Designed for Practical Remediation

The assessment is structured so business leaders understand the risk and technical teams receive specific, prioritized actions they can implement.

Discover & Scope

Review firewall platform, interfaces, zones, VLANs, VPNs, NAT, cloud connectivity, logging, subscriptions, and management access.

Review & Validate

Analyze firewall rules, exposure, firmware, threat prevention, VPN, MFA, cloud firewall settings, backups, and segmentation.

Prioritize Risk

Separate high-risk issues from normal configuration improvements so your team can focus on the items that matter most.

Remediate & Improve

Receive actionable recommendations, security hardening steps, and a practical roadmap for stronger protection.

Security team reviewing enterprise firewall statusFirewall configuration review with technical context
Cloud network security dashboard and protected systemsCloud, data center, remote user, and application security
Technicians in a server roomBusiness network experience across real environments
Why It Matters

A Firewall Misconfiguration Can Become a Business Problem Fast

Ransomware, credential attacks, exposed ports, weak VPN, outdated firmware, and missing logs can affect operations, customers, vendors, and compliance readiness. OC Security Audit helps you identify and reduce these risks before they become incidents.

Protect remote workers with stronger VPN, MFA, access rules, and monitoring. See Internal Network Security.
Improve email and endpoint protection with related controls for Microsoft 365 Email Security and Endpoint Security.
Prepare for response with stronger logging and related Incident Response & Digital Forensics planning.
System hacked alert showing business cybersecurity risk
Spyware warning on business workstation
Related Services

Build a Stronger Security Program Around the Firewall

A firewall assessment is strongest when connected to network security, cloud security, compliance readiness, risk management, and executive security governance.

Network & Data SecurityStrengthen network architecture, access control, and protective security layers. Microsoft Azure SecurityReview cloud identity, networking, access, and Microsoft security controls. Risk ManagementTranslate technical security findings into business risk and remediation priorities. Business Continuity & DRImprove resilience planning for outages, ransomware, and critical service recovery. Threat DetectionImprove visibility into suspicious traffic, high-risk events, and attack patterns. Automated Incident ResponseConnect alerts, workflows, and response actions to reduce incident impact. Vulnerability ManagementPrioritize weaknesses across systems, applications, endpoints, and infrastructure. Virtual CISOSecurity leadership, governance, planning, and executive-level security guidance.
Email security alert and cybersecurity warning visual
Healthcare compliance and security documentation visual
Business cybersecurity consultation meeting
Business IT team collaborating at a workstation
Compliance Readiness

Security Controls That Support Better Compliance Preparation

Strong firewall controls can support compliance readiness, gap analysis, documentation support, control review, and audit preparation for organizations working toward HIPAA, PCI-DSS, SOC 2, NIST, ISO/IEC 27000, or CMMC 2.0 alignment.

HIPAAHIPAA Risk AssessmentSecurity Rule MatrixFree HIPAA ChecklistPCI-DSS ReadinessSOC 2 Compliance ServicesNIST Cybersecurity FrameworkISO/IEC 27000CMMC 2.0
Compliance documentation and healthcare security visual

Strengthen Your Firewall Before Attackers Find the Weaknesses

For businesses in Southern California, Irvine, Orange County, and Los Angeles, OC Security Audit provides practical firewall security assessments focused on reducing exposure, hardening VPN access, improving logging, validating cloud controls, and creating a prioritized remediation plan.

Contact OC Security Audit IT Security Consulting Security Governance
HomeAccount Control AuditMicrosoft Office 365 AuditInternal Security AuditExternal Security AuditRisk Assessment ServicesAI-Powered CybersecurityBusiness Leadership Role
Firewall Assessment Matrix

Firewall Security Assessment Checklist

This firewall security assessment checklist is used for IT managers, CISOs, cybersecurity consultants, network engineers, and network administrators who want to make sure that everything on the firewall is considered, secured, and locked. It helps teams review firewall rules, exposed services, VPN access, identity protection, logging, threat prevention, cloud firewall controls, backups, segmentation, and remediation priorities before small configuration gaps become serious business risks.

209+technical firewall review items organized into assessment domains
25+ yrsOC Security Audit experience under the management of Ali Hassani
SoCalsupporting businesses across Southern California, Irvine, Orange County, and Los Angeles
CISSP+CISSP, CCISO, MCSE, MCSA Security, MCITP, CCNA, CCNP, and related credentials

OC Security Audit helps organizations make networks and data more secure, improve compliance readiness, and prioritize firewall remediation with practical findings that IT teams can act on.

Firewall Security AuditVulnerability AssessmentSchedule Assessment
Firewall Security Assessment WorkbookScroll horizontally and vertically to review the complete assessment matrix. Header row remains locked while scrolling.
IDAssessment DomainAssessment ItemDescriptionEvidence / What to CollectRisk ScoreRisk RatingRisk ImpactRisk LikelihoodLikelihood This Might OccurPriorityLast CheckedOwnerStatusAdditional NotesRelated Service
FW-001Discovery & ScopeFirewall inventory completenessConfirm every physical, virtual, branch, cloud, SD-WAN, VPN concentrator, and security gateway is included in the review scope.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-002Discovery & ScopeFirewall model and platform identificationRecord vendor, model, serial number, OS, license tier, HA role, and management platform.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-003Discovery & ScopeInterface and zone mappingVerify WAN, LAN, DMZ, guest, server, management, IoT, VPN, wireless, and cloud zones.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-004Discovery & ScopeNetwork diagrams accuracyCompare diagrams with actual firewall interfaces, VLANs, routes, NAT, and VPN connections.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports52MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-005Discovery & ScopeInternet circuit and public IP inventoryDocument WAN circuits, public IP blocks, failover circuits, and provider responsibilities.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports66MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-006Discovery & ScopeSecurity subscription statusConfirm IPS, AV, DNS, URL filtering, sandboxing, and threat intelligence subscriptions are active.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports73HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-007Discovery & ScopeManagement configuration baselineExport current configuration and identify the standard configuration baseline for comparison.Asset inventory, firewall dashboard exports, CMDB records, topology diagrams, configuration exports60MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-008Firmware & UpdatesFirewall firmware versionVerify firewall firmware or operating system is currently supported by the vendor.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-009Firmware & UpdatesSecurity patch levelCheck whether recent security patches, hotfixes, and maintenance releases are installed.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records88HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-010Firmware & UpdatesThreat signature update statusValidate IPS, malware, content filtering, DNS, and URL signatures are current.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records70HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-011Firmware & UpdatesEnd-of-life / end-of-support statusIdentify unsupported firewalls, modules, OS versions, and subscriptions.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-012Firmware & UpdatesVendor support contractConfirm support contract status and access to firmware downloads and emergency support.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-013Firmware & UpdatesUpgrade path and maintenance windowConfirm upgrades have an approved maintenance window, pre-checks, and post-checks.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records64MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-014Firmware & UpdatesRollback planningVerify backups and rollback steps exist before firmware or policy changes.Firmware page screenshots, vendor advisory comparison, patch history, maintenance tickets, support portal records68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-015Rulebase HardeningAny-to-any firewall rulesIdentify unrestricted source, destination, and service combinations.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records92CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-016Rulebase HardeningAny-source access rulesFind rules allowing access from any source when restrictions should exist.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-017Rulebase HardeningAny-destination access rulesFind rules allowing broad access to any destination.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records79HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-018Rulebase HardeningAny-service rulesReview rules allowing all ports, protocols, or applications.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records83HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-019Rulebase HardeningBroad network rangesIdentify rules using large subnets where narrow ranges are appropriate.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-020Rulebase HardeningOverly permissive outbound rulesReview broad outbound access that could enable data exfiltration or command-and-control.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-021Rulebase HardeningOverly permissive inbound rulesReview inbound rules that expose internal services unnecessarily.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records89HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-022Rulebase HardeningHigh-risk protocol allowanceReview RDP, SSH, Telnet, SMB, SQL, FTP, SNMP, and management protocols.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records87HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-023Rulebase HardeningLegacy protocol rulesIdentify rules allowing outdated or insecure protocols.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-024Rulebase HardeningTemporary rules not removedFind emergency, vendor, or project rules that remained enabled after use.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-025Rulebase HardeningUnused rulesFind zero-hit or low-hit rules over the review period.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records45MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-026Rulebase HardeningDuplicate rulesIdentify duplicate rules that complicate management.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records38LowCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyLowTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-027Rulebase HardeningDisabled rulesReview disabled rules to determine whether they should be removed.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records32LowCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyLowTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-028Rulebase HardeningShadowed rulesIdentify rules hidden by earlier policies.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records58MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-029Rulebase HardeningRules bypassing inspectionFind rules that skip IPS, malware scanning, SSL inspection, logging, or app control.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-030Rulebase HardeningRules without loggingIdentify important allow/deny rules where logging is disabled.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records67MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-031Rulebase HardeningWeak naming conventionsReview whether rule names explain purpose, owner, and ticket.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records36LowCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyLowTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-032Rulebase HardeningMissing technical justificationConfirm each active rule has business purpose and approval evidence.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-033Rulebase HardeningLeast-privilege scopeNarrow source, destination, port, app, user, and schedule where possible.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-034Rulebase HardeningRule recertification processVerify that rules are periodically reviewed by business and technical owners.Rule export, hit counts, change tickets, business owner approval, screenshots, recertification records63MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-035Internet ExposurePublic RDP exposureReview any Remote Desktop exposure from the internet.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots95CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-036Internet ExposurePublic SSH exposureReview direct SSH exposure and source restrictions.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-037Internet ExposurePublic FTP / Telnet exposureIdentify insecure legacy remote access protocols exposed externally.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots90CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-038Internet ExposurePublic SMB exposureConfirm SMB is not exposed to the internet.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots96CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-039Internet ExposurePublic database portsReview SQL, MySQL, PostgreSQL, and database listener exposure.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots91CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-040Internet ExposureRemote management portalsVerify firewall, server, camera, VoIP, and application admin portals are not publicly exposed.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots89HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-041Internet ExposureVPN portal exposureAssess VPN portal hardening, MFA, lockout, logging, and geo restrictions.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-042Internet ExposurePublic web applicationsReview public web applications for necessity, WAF or inspection, and logging.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-043Internet ExposureMail service exposureReview SMTP, OWA, mail gateways, and related exposure.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-044Internet ExposureCamera and IoT exposureIdentify cameras, NVRs, IoT devices, and building systems reachable from the internet.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-045Internet ExposureVendor support accessReview vendor allowlists, schedules, authentication, and expiration dates.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-046Internet ExposurePublic-facing administrative interfacesRemove or tightly restrict public administrative interfaces.External scan results, NAT rules, public IP map, firewall logs, business justification, screenshots92CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Network Vulnerability Assessment
FW-047NAT & Port ForwardingDestination NAT rulesReview public-to-private mappings for necessity, source limits, and logging.NAT table export, policy match, public IP inventory, owner approval, external validation scan79HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-048NAT & Port ForwardingSource NAT rulesValidate outbound NAT design and prevent unintended egress paths.NAT table export, policy match, public IP inventory, owner approval, external validation scan55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-049NAT & Port ForwardingStatic NAT rulesReview static mappings for exposure and business need.NAT table export, policy match, public IP inventory, owner approval, external validation scan75HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-050NAT & Port ForwardingDynamic NAT rulesValidate dynamic NAT behavior and egress control.NAT table export, policy match, public IP inventory, owner approval, external validation scan48MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-051NAT & Port ForwardingOne-to-one NAT mappingsReview one-to-one NAT for unnecessary exposure of internal systems.NAT table export, policy match, public IP inventory, owner approval, external validation scan80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-052NAT & Port ForwardingPort forwarding rulesIdentify old, broad, or undocumented port forwards.NAT table export, policy match, public IP inventory, owner approval, external validation scan86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-053NAT & Port ForwardingPublic-to-private IP mappingsMap all public addresses to internal systems and owners.NAT table export, policy match, public IP inventory, owner approval, external validation scan74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-054NAT & Port ForwardingHairpin NATAssess internal access paths and logging for hairpin NAT behavior.NAT table export, policy match, public IP inventory, owner approval, external validation scan42MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-055NAT & Port ForwardingNAT rules without matching policiesFind NAT entries not governed by clear firewall rules.NAT table export, policy match, public IP inventory, owner approval, external validation scan65MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-056NAT & Port ForwardingLegacy server NATConfirm old server mappings are removed or protected.NAT table export, policy match, public IP inventory, owner approval, external validation scan83HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-057NAT & Port ForwardingVendor NAT rulesReview vendor NAT access for expiration and source restrictions.NAT table export, policy match, public IP inventory, owner approval, external validation scan74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Firewall Security Audit
FW-058VPN SecuritySSL VPN configurationReview portal, cipher settings, access groups, split tunnel, idle timeout, and lockout.VPN settings export, user list, authentication logs, group membership, access rules, screenshots84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-059VPN SecurityIPsec VPN configurationReview IKE version, proposals, PFS, lifetimes, and encryption strength.VPN settings export, user list, authentication logs, group membership, access rules, screenshots78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-060VPN SecurityRemote access VPN usersValidate active users, group membership, least privilege, and departed users.VPN settings export, user list, authentication logs, group membership, access rules, screenshots82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-061VPN SecuritySite-to-site VPN tunnelsInventory site, vendor, and cloud tunnels.VPN settings export, user list, authentication logs, group membership, access rules, screenshots72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-062VPN SecurityVPN authentication settingsReview authentication source, conditional access, and fallback settings.VPN settings export, user list, authentication logs, group membership, access rules, screenshots84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-063VPN SecurityVPN user groupsConfirm groups match approved access roles.VPN settings export, user list, authentication logs, group membership, access rules, screenshots68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-064VPN SecurityVPN address poolsReview pool ranges and routing overlap.VPN settings export, user list, authentication logs, group membership, access rules, screenshots45MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-065VPN SecurityVPN access permissionsConfirm VPN users only reach required systems and ports.VPN settings export, user list, authentication logs, group membership, access rules, screenshots81HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-066VPN SecuritySplit tunnelingDetermine whether split tunnel is approved and risk-managed.VPN settings export, user list, authentication logs, group membership, access rules, screenshots69MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-067VPN SecurityFull tunnel configurationValidate egress inspection for full-tunnel remote users.VPN settings export, user list, authentication logs, group membership, access rules, screenshots58MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-068VPN SecurityVPN encryption algorithmsRemove weak ciphers, weak DH groups, and outdated proposals.VPN settings export, user list, authentication logs, group membership, access rules, screenshots82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-069VPN SecurityPre-shared key strengthAssess PSK complexity, age, and rotation process.VPN settings export, user list, authentication logs, group membership, access rules, screenshots80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-070VPN SecurityCertificate-based VPN optionsDetermine whether certificate auth should replace or supplement PSKs.VPN settings export, user list, authentication logs, group membership, access rules, screenshots54MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-071VPN SecurityInactive VPN accountsDisable stale accounts and review last login activity.VPN settings export, user list, authentication logs, group membership, access rules, screenshots88HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-072VPN SecurityShared VPN accountsIdentify and remove shared VPN credentials.VPN settings export, user list, authentication logs, group membership, access rules, screenshots93CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-073VPN SecurityVendor VPN accountsCheck vendor users for ownership, expiration, MFA, and monitoring.VPN settings export, user list, authentication logs, group membership, access rules, screenshots86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-074VPN SecurityFailed VPN login activityReview brute-force attempts, lockouts, geo anomalies, and impossible travel.VPN settings export, user list, authentication logs, group membership, access rules, screenshots75HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-075VPN SecurityVPN loggingConfirm logins, failures, session duration, and assigned IPs are retained.VPN settings export, user list, authentication logs, group membership, access rules, screenshots65MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-076MFA & Identity ProtectionMFA for firewall administratorsVerify administrative access requires MFA.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies93CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-077MFA & Identity ProtectionMFA for remote access VPN usersVerify all VPN users complete MFA.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies94CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-078MFA & Identity ProtectionMFA for SSL VPN usersConfirm SSL VPN authentication cannot rely on password-only access.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies94CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-079MFA & Identity ProtectionMFA for cloud dashboardsConfirm Meraki, Azure, AWS, Google, Fortinet, SonicWall, and Palo Alto dashboards enforce MFA.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies88HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-080MFA & Identity ProtectionVendor account MFAEnsure vendors with access use MFA and scoped roles.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies85HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-081MFA & Identity ProtectionPrivileged IT account protectionConfirm privileged firewall-related accounts use strong authentication and conditional access.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-082MFA & Identity ProtectionIdentity provider integrationReview Entra ID, AD, RADIUS, LDAP, SAML, Duo, Okta, or similar integrations.MFA policy screenshots, identity provider settings, admin lists, sign-in logs, conditional access policies70HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-083Site-to-Site VPNTunnel peer IP validationConfirm peer IPs and business owners for each site-to-site tunnel.Tunnel config, peer list, route table, access rules, logs, approval records62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-084Site-to-Site VPNTunnel encryptionReview IKE, Phase 1, Phase 2, PFS, DH groups, and cipher strength.Tunnel config, peer list, route table, access rules, logs, approval records82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-085Site-to-Site VPNAllowed local networksLimit local tunnel selectors to approved networks only.Tunnel config, peer list, route table, access rules, logs, approval records84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-086Site-to-Site VPNAllowed remote networksLimit remote tunnel selectors to approved networks only.Tunnel config, peer list, route table, access rules, logs, approval records84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-087Site-to-Site VPNRouting through tunnelsReview route tables to prevent excessive trust or unwanted backhaul.Tunnel config, peer list, route table, access rules, logs, approval records68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-088Site-to-Site VPNTunnel monitoring and DPDConfirm tunnel status monitoring, dead peer detection, and alerts.Tunnel config, peer list, route table, access rules, logs, approval records49MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-089Site-to-Site VPNVendor tunnel accessValidate vendor tunnels are segmented and time-bound.Tunnel config, peer list, route table, access rules, logs, approval records86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-090Site-to-Site VPNCloud site-to-site VPNReview Azure, AWS, or Google VPN connections and route propagation.Tunnel config, peer list, route table, access rules, logs, approval records72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-091Site-to-Site VPNFailover settingsValidate tunnel failover behavior and monitoring.Tunnel config, peer list, route table, access rules, logs, approval records55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-092Site-to-Site VPNTunnel loggingConfirm tunnel events and failures are logged.Tunnel config, peer list, route table, access rules, logs, approval records56MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-093Site-to-Site VPNAccess rules for VPN trafficConfirm policies inspect and restrict tunnel traffic.Tunnel config, peer list, route table, access rules, logs, approval records82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-094Administrator AccessLocal administrator accountsReview local accounts, ownership, last login, and necessity.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-095Administrator AccessDirectory-integrated admin accountsValidate AD or Entra-integrated admin group membership.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-096Administrator AccessRole-based access controlConfirm admins have appropriate least-privilege roles.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots69MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-097Administrator AccessRead-only accountsValidate view-only accounts cannot make changes.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots52MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-098Administrator AccessHelpdesk accountsConfirm helpdesk access is limited to approved support tasks.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-099Administrator AccessVendor administrator accountsReview vendor admin access, expiration, MFA, and activity logs.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-100Administrator AccessShared administrator accountsIdentify and remove shared admin credentials.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots94CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-101Administrator AccessDefault accountsDisable or secure default accounts and default passwords.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots90CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-102Administrator AccessPassword policyCheck length, complexity, rotation, and lockout policy.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots66MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-103Administrator AccessManagement interface restrictionsRestrict admin portals to approved management networks and VPN.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots91CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-104Administrator AccessAllowed management IPsVerify admin access allowlists are narrow and current.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots85HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-105Administrator AccessHTTPS managementDisable insecure web management and enforce secure TLS.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-106Administrator AccessSSH managementRestrict SSH management and remove weak algorithms.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-107Administrator AccessSNMP configurationRemove SNMP v1/v2 where possible and restrict SNMP sources.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots73HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-108Administrator AccessAPI accessReview API keys, integrations, privileges, and rotation.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots75HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-109Administrator AccessCloud dashboard accessReview cloud-managed firewall dashboard users and permissions.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-110Administrator AccessSession timeoutConfirm admin sessions expire automatically.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots45MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.UnlikelyUnlikelyMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-111Administrator AccessLogin lockoutConfirm failed admin login lockout is enabled.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-112Administrator AccessFailed login loggingVerify failed administrative logins are logged and alerted.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-113Administrator AccessAdministrative change loggingCapture who changed what and when.Admin list, RBAC settings, management ACLs, auth logs, config audit logs, screenshots85HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Security Governance
FW-114Threat PreventionIPS / IDSVerify intrusion prevention or detection is licensed, updated, and applied to traffic.Security profile settings, policy attachments, subscription status, event logs, exception list82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-115Threat PreventionGateway antivirusConfirm gateway malware scanning is enabled where supported.Security profile settings, policy attachments, subscription status, event logs, exception list76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-116Threat PreventionAnti-malware scanningReview anti-malware settings and policy attachment.Security profile settings, policy attachments, subscription status, event logs, exception list76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-117Threat PreventionAnti-spywareReview spyware and command-and-control protections.Security profile settings, policy attachments, subscription status, event logs, exception list75HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-118Threat PreventionBotnet filteringConfirm botnet detection and blocking are enabled.Security profile settings, policy attachments, subscription status, event logs, exception list78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-119Threat PreventionDNS filteringConfirm malicious domain blocking is enabled and logged.Security profile settings, policy attachments, subscription status, event logs, exception list74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-120Threat PreventionURL filteringReview malware, phishing, risky, and newly registered domain categories.Security profile settings, policy attachments, subscription status, event logs, exception list70HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-121Threat PreventionContent filteringReview content categories and business exceptions.Security profile settings, policy attachments, subscription status, event logs, exception list58MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-122Threat PreventionApplication controlBlock or monitor risky applications and unauthorized remote tools.Security profile settings, policy attachments, subscription status, event logs, exception list73HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-123Threat PreventionGeo-IP blockingEvaluate country restrictions for management, VPN, and inbound services.Security profile settings, policy attachments, subscription status, event logs, exception list58MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-124Threat PreventionThreat intelligence feedsConfirm reputation feeds are active and applied.Security profile settings, policy attachments, subscription status, event logs, exception list65MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-125Threat PreventionFile inspectionReview file inspection coverage and bypasses.Security profile settings, policy attachments, subscription status, event logs, exception list68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-126Threat PreventionSandboxing / zero-day protectionReview file detonation and zero-day protection.Security profile settings, policy attachments, subscription status, event logs, exception list72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-127Threat PreventionCommand-and-control detectionConfirm C2 detection policies are enabled.Security profile settings, policy attachments, subscription status, event logs, exception list80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-128Threat PreventionSSL/TLS inspectionConfirm encrypted traffic inspection strategy is approved and applied where appropriate.Security profile settings, policy attachments, subscription status, event logs, exception list67MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-129Threat PreventionSecurity profiles on policiesVerify security profiles are attached to rules, not just licensed.Security profile settings, policy attachments, subscription status, event logs, exception list86HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-130Threat PreventionSecurity license statusConfirm threat prevention licenses are active.Security profile settings, policy attachments, subscription status, event logs, exception list73HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-131Threat PreventionExceptions and bypass rulesReview bypasses for necessity, approval, expiration, and compensating controls.Security profile settings, policy attachments, subscription status, event logs, exception list80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-132Application, Web, DNS & TLS ControlsApplication visibilityConfirm firewall identifies applications rather than only ports.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review54MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Endpoint Security
FW-133Application, Web, DNS & TLS ControlsRemote access toolsReview TeamViewer, AnyDesk, ScreenConnect, RMM, and other remote tools.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Endpoint Security
FW-134Application, Web, DNS & TLS ControlsFile-sharing applicationsRestrict unauthorized file-sharing services.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Endpoint Security
FW-135Application, Web, DNS & TLS ControlsPeer-to-peer applicationsRestrict P2P traffic that increases malware and data exposure.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Endpoint Security
FW-136Application, Web, DNS & TLS ControlsProxy avoidanceBlock or monitor proxy avoidance tools.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-137Application, Web, DNS & TLS ControlsAnonymous VPN toolsBlock or monitor unauthorized anonymizing VPN services.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-138Application, Web, DNS & TLS ControlsUser-based filteringValidate policies map to users or groups where supported.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Endpoint Security
FW-139Application, Web, DNS & TLS ControlsGroup-based filteringConfirm filtering aligns with department or role-based needs.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review50MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Endpoint Security
FW-140Application, Web, DNS & TLS ControlsFiltering exceptionsReview exceptions for approval, expiration, and risk acceptance.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-141Application, Web, DNS & TLS ControlsUnauthorized external DNSPrevent clients from bypassing approved DNS resolvers.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-142Application, Web, DNS & TLS ControlsDNS over HTTPSReview DoH behavior and whether it bypasses DNS inspection.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review66MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-143Application, Web, DNS & TLS ControlsInternal DNS forwardingConfirm internal DNS flows are controlled and logged.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review50MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-144Application, Web, DNS & TLS ControlsDNS loggingVerify DNS queries and blocks are logged.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review60MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-145Application, Web, DNS & TLS ControlsThreat intelligence domain feedsConfirm malicious domain feeds are active.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review70HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-146Application, Web, DNS & TLS ControlsTLS certificate deploymentConfirm inspection certificates are trusted and properly distributed.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-147Application, Web, DNS & TLS ControlsTLS included networksReview which networks are included in SSL/TLS inspection.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-148Application, Web, DNS & TLS ControlsTLS excluded networksReview exclusions for privacy, healthcare, banking, and compatibility.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review52MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-149Application, Web, DNS & TLS ControlsTLS bypass rulesReview bypass rules for excessive scope or missing justification.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-150Application, Web, DNS & TLS ControlsTLS version supportDisable outdated TLS versions where appropriate.Configuration screenshots, policy exports, exception list, test results, DNS logs, TLS policy review72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-151Logging, Monitoring & AlertingAllowed traffic loggingVerify logging on important allow rules.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings58MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-152Logging, Monitoring & AlertingDenied traffic loggingVerify deny/drop traffic is logged for investigations.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-153Logging, Monitoring & AlertingInbound access loggingConfirm public-facing access is logged with source, destination, and service.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-154Logging, Monitoring & AlertingOutbound access loggingConfirm egress events support investigation and policy tuning.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings60MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-155Logging, Monitoring & AlertingVPN login loggingLog successful VPN activity.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-156Logging, Monitoring & AlertingVPN failure loggingLog failed VPN authentication and lockouts.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-157Logging, Monitoring & AlertingAdministrator login loggingLog admin success, failure, and source IP.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-158Logging, Monitoring & AlertingConfiguration change loggingCapture who changed what and when.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings85HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-159Logging, Monitoring & AlertingNAT event loggingLog NAT events tied to public exposure and troubleshooting.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-160Logging, Monitoring & AlertingIPS event loggingConfirm IPS alerts are logged and searchable.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-161Logging, Monitoring & AlertingMalware event loggingConfirm malware detections are logged and alerted.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-162Logging, Monitoring & AlertingBotnet event loggingConfirm botnet events are logged and alerted.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-163Logging, Monitoring & AlertingApplication control loggingLog blocked and risky application activity.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings65MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-164Logging, Monitoring & AlertingURL filtering loggingLog web filtering allow, block, and category events.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-165Logging, Monitoring & AlertingDNS filtering loggingLog malicious DNS blocks and suspicious lookups.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-166Logging, Monitoring & AlertingGeo-IP blocking logsLog geo-blocked events for review.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings52MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-167Logging, Monitoring & AlertingSyslog forwardingForward important firewall events to syslog or SIEM.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-168Logging, Monitoring & AlertingSIEM integrationValidate firewall events are searchable in the SIEM.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-169Logging, Monitoring & AlertingMicrosoft Sentinel / Log AnalyticsConfirm cloud-forwarded events are searchable and retained.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings65MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-170Logging, Monitoring & AlertingSplunk / FortiAnalyzer / Panorama / Meraki logsValidate vendor log platform integration where applicable.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings58MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-171Logging, Monitoring & AlertingLog retentionConfirm retention supports investigations and compliance readiness.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-172Logging, Monitoring & AlertingNTP synchronizationEnsure firewall time is synchronized for event correlation.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings64MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-173Logging, Monitoring & AlertingCritical event alertingAlert on VPN brute force, admin failures, malware, IPS, and configuration changes.Log settings, SIEM forwarding status, sample events, retention settings, alert rules, time sync settings80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Threat Detection
FW-174Backup, Segmentation & Cloud FirewallsAutomatic configuration backupsConfirm scheduled firewall backups are enabled.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports75HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-175Backup, Segmentation & Cloud FirewallsManual configuration backupsVerify backups are made before major changes and firmware upgrades.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-176Backup, Segmentation & Cloud FirewallsBackup storage locationConfirm backups are stored in approved secure locations.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-177Backup, Segmentation & Cloud FirewallsEncrypted backup storageProtect configuration backups with encryption where available.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports76HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-178Backup, Segmentation & Cloud FirewallsBackup access permissionsLimit who can access firewall configuration backups.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-179Backup, Segmentation & Cloud FirewallsBackup retentionConfirm backup history supports rollback and investigation needs.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports55MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-180Backup, Segmentation & Cloud FirewallsRestore testingValidate firewall configurations can be restored.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports82HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-181Backup, Segmentation & Cloud FirewallsHigh availability synchronizationConfirm HA peers synchronize configuration and failover settings.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Business Continuity & DR
FW-182Backup, Segmentation & Cloud FirewallsUser network segmentationRestrict user VLAN access to server networks.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-183Backup, Segmentation & Cloud FirewallsServer network segmentationLimit server-to-server traffic by business need.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-184Backup, Segmentation & Cloud FirewallsDomain controller segmentationLimit DC access to required protocols and approved systems.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports88HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-185Backup, Segmentation & Cloud FirewallsBackup system segmentationProtect backup repositories from broad access.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports91CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-186Backup, Segmentation & Cloud FirewallsManagement network segmentationRestrict management interfaces to dedicated admin networks.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports87HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-187Backup, Segmentation & Cloud FirewallsGuest Wi-Fi isolationConfirm guest Wi-Fi cannot reach corporate systems.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-188Backup, Segmentation & Cloud FirewallsCorporate Wi-Fi segmentationEnsure corporate Wi-Fi access follows identity and device controls.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports65MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-189Backup, Segmentation & Cloud FirewallsIoT device isolationSegment IoT, cameras, printers, and building systems.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-190Backup, Segmentation & Cloud FirewallsPOS segmentationRestrict POS network access to approved systems only.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports90CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-191Backup, Segmentation & Cloud FirewallsDMZ designConfirm public-facing systems are isolated from internal networks.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports85HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-192Backup, Segmentation & Cloud FirewallsCloud workload segmentationReview cloud network segmentation for workloads and data tiers.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-193Backup, Segmentation & Cloud FirewallsSensitive database segmentationRestrict sensitive databases to approved application servers and admins.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports90CriticalCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyCriticalTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Internal Network Security
FW-194Backup, Segmentation & Cloud FirewallsAzure Firewall policiesReview Azure Firewall rules, policy hierarchy, logging, and routing.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-195Backup, Segmentation & Cloud FirewallsAzure Network Security GroupsReview NSGs for broad access and internet exposure.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-196Backup, Segmentation & Cloud FirewallsAzure route tablesConfirm routes do not bypass inspection or segmentation.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports70HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-197Backup, Segmentation & Cloud FirewallsAzure VPN GatewayReview VPN gateway connections, routes, logging, and authentication.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-198Backup, Segmentation & Cloud FirewallsAzure hub-and-spoke networkingValidate inspection and routing in hub-and-spoke designs.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-199Backup, Segmentation & Cloud FirewallsAzure private endpointsValidate private endpoint design and access restrictions.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports62MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-200Backup, Segmentation & Cloud FirewallsAWS Network FirewallReview AWS Network Firewall policies and logging.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports78HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-201Backup, Segmentation & Cloud FirewallsAWS security groupsReview inbound and outbound rules for least privilege.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports84HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-202Backup, Segmentation & Cloud FirewallsAWS network ACLsAssess subnet-level access controls and unintended exposure.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports68MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-203Backup, Segmentation & Cloud FirewallsAWS route tables and VPC endpointsConfirm routing aligns with inspection and egress strategy.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports66MediumCould weaken visibility, governance, consistency, or remediation planning if not reviewed.PossiblePossibleMediumTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-204Backup, Segmentation & Cloud FirewallsGoogle Cloud firewall rulesReview GCP firewall rules and policy hierarchy.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports80HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-205Backup, Segmentation & Cloud FirewallsGoogle Cloud firewall policiesConfirm hierarchical policies align with security standards.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-206Backup, Segmentation & Cloud FirewallsVirtual firewall appliancesReview marketplace and virtual appliance policy, routing, and HA.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-207Backup, Segmentation & Cloud FirewallsCloud loggingEnsure cloud firewall and flow logs are enabled and retained.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports74HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-208Backup, Segmentation & Cloud FirewallsCloud identity permissionsReview who can change cloud firewall rules and routes.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports88HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.LikelyLikelyHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
FW-209Backup, Segmentation & Cloud FirewallsHybrid connectivityReview ExpressRoute, VPN, Direct Connect, peering, and transit routes.Configuration exports, diagrams, route tables, logs, backup records, access reviews, cloud policy exports72HighCould create material security exposure, compliance readiness gaps, operational disruption, or incident response limitations.PossiblePossibleHighTBDIT / SecurityNot AssessedRecord findings, screenshots, rule IDs, business owner, ticket number, remediation decision, and follow-up date.Azure Cloud Security Audit
How to use this checklist

Start with discovery, firmware, exposed services, VPN, administrator access, and logging. Then review segmentation, cloud firewall controls, backups, and remediation ownership.

Risk scoring guide

Critical and High items should be reviewed first because they often involve internet exposure, privileged access, weak VPN controls, unsupported firmware, or missing security monitoring.

Professional support

OC Security Audit has worked on dozens of business networks and can help prioritize findings, reduce exposure, strengthen firewall controls, and support compliance readiness.