Whitepaper NIS2 Readiness Check DE

The platform

Everything a firewall change needs, in one place

Capture the request, analyse the risk, route the approval, push the change, and prove it happened: across every vendor in the estate, on a single audit trail.

See the methodology → Supported vendors
app.fwchange.com/changes
FwChange admin console, dashboard showing open changes, awaiting review, managed firewalls, compliance score and a 30-day change-activity chart. FwChange admin console, dashboard showing open changes, awaiting review, managed firewalls, compliance score and a 30-day change-activity chart.

Change workflow

Structured change, not free-text tickets

A change request captures source, destination, port, action, and intent, the fields an auditor and a reviewer both need. From draft to implemented, status is tracked automatically.

  • Structured requests, every field a reviewer and auditor needs, captured up front.
  • Multi-level approval chains with configurable policy per environment.
  • Scheduled maintenance windows for controlled, predictable rollout.
Open Internet → DMZ 443Pending
Allow VPN → App-tierApproved
Block legacy SMB 445Approved
NAT for partner APIIn review
Decommission rule #4471Draft

Risk & impact analysis

Catch the bad rule before it ships

Every proposed change is simulated against the live rulebase. Shadowed rules, redundant policy, and over-permissive any/any access surface before anything reaches production, with subnet and IP context pulled from your IPAM.

  • Conflict detection for shadow rules and redundant policy.
  • Impact assessment before the change goes live.
  • IPAM-aware subnet and IP context in every analysis.
Low
Shadowed rule detectedReview
Overly-broad any/anyHigh
Redundant with #2218Info

Multi-vendor

One interface, every vendor's syntax

Read and reason about rules across the major platforms without learning six consoles. FwChange speaks each vendor's language so the team doesn't have to.

Palo AltoFortinetCheck PointCisco ASA / FTDJuniperSophosOPNsense
See full vendor coverage →

Compliance & audit

Turn an audit request into one click

Every change carries who, what, when, and why. Compliance-ready exports map to the frameworks European teams actually answer to, and rule-expiration tracking keeps temporary access from becoming permanent.

  • Complete change history, full who/what/when/why on every rule.
  • Framework-ready reports for NIS2, ISO 27001, PCI-DSS, DORA, KRITIS and TISAX.
  • Rule-expiration tracking so temporary access is never forgotten.
NIS2 evidence packReady
ISO 27001 change logReady

Integration hub

Fits the stack you already run

An API-first design with connectors for the tools change already flows through.

ITSM connectors

Bi-directional sync with Jira, ServiceNow, and Taiga keeps tickets and firewall changes aligned.

NetBox & IPAM

Pull subnet and device context straight from NetBox so rule analysis understands the network it runs on.

API & webhooks

An API-first core with webhook support drops FwChange into existing automation pipelines.

Explore the NetBox integration →

The method behind the platform

FwChange encodes seventeen years and 280+ migrations into software. The methodology page walks the thinking behind every feature.

Read the methodology Read the whitepaper →