FwChange

Multi-Vendor Firewall Change Management

Native support for leading enterprise firewall vendors. Manage all your firewalls from a single platform with vendor-agnostic rule normalization.

PA
Production Ready

Palo Alto Networks

PAN-OS XML API

Authentication:API Key
Tested Versions:PA-VM 10.x, 11.x
FT
Production Ready

Fortinet FortiGate

FortiOS REST API

Authentication:API Token
Tested Versions:FortiOS 6.x, 7.x
CP
Production Ready

Check Point

R80+ Web API

Authentication:API Key + Session
Tested Versions:R80.40, R81.x
CS
Production Ready

Cisco ASA

REST API

Authentication:Basic Auth
Tested Versions:ASA 9.x
OP
Production Ready

OPNsense

REST API

Authentication:API Key + Secret
Tested Versions:22.x, 23.x, 24.x
PF
Compatible

pfSense

OPNsense Compatible

Authentication:Via OPNsense driver
Tested Versions:2.6.x, 2.7.x

Vendor Integration Details

Palo Alto Networks - PAN-OS XML API

Authentication

API Key

Supported Operations

  • Rule CRUD
  • Policy queries
  • Health monitoring
  • Config backup

Tested Versions

PA-VM 10.x, 11.x

Deployment Models

Physical, VM, Cloud (AWS, Azure, GCP)

Fortinet FortiGate - FortiOS REST API

Authentication

API Token

Supported Operations

  • Firewall policies
  • Address objects
  • Services
  • VPN config

Tested Versions

FortiOS 6.x, 7.x

Deployment Models

FortiGate appliances, VM, Cloud

Check Point - R80+ Web API

Authentication

API Key + Session

Supported Operations

  • Access rules
  • NAT rules
  • Object management
  • Policy install

Tested Versions

R80.40, R81.x

Deployment Models

Check Point appliances, CloudGuard

Cisco ASA - REST API

Authentication

Basic Auth

Supported Operations

  • Access lists
  • Object groups
  • NAT rules
  • VPN

Tested Versions

ASA 9.x

Deployment Models

ASA 5500-X, Firepower, ASAv

OPNsense - REST API

Authentication

API Key + Secret

Supported Operations

  • Firewall rules
  • Aliases
  • NAT
  • Traffic shaping

Tested Versions

22.x, 23.x, 24.x

Deployment Models

Bare metal, VM, Cloud instances

pfSense - OPNsense Compatible

Authentication

Via OPNsense driver

Supported Operations

  • Rules
  • Aliases
  • NAT

Tested Versions

2.6.x, 2.7.x

Deployment Models

Netgate appliances, pfSense VM

How It Works

Vendor-Agnostic Normalization

FwChange translates vendor-specific configurations into a unified rule format, allowing you to work with all your firewalls using consistent terminology.

1

Driver Architecture

Each vendor has a dedicated driver implementing a common interface. Add new vendors by implementing the same interface.

2

Rule Normalization

Vendor-specific rules are converted to a normalized format for analysis, optimization, and approval workflows.

3

Push to Device

Approved changes are translated back to vendor-specific syntax and pushed via the appropriate API.

Frequently Asked Questions

How do you store firewall credentials?

All credentials are encrypted at rest using AES-256-GCM. Credentials are only decrypted in memory during API calls and never logged or exposed.

Can I manage mixed vendor environments?

Yes. FwChange is designed for heterogeneous firewall fleets. Manage Palo Alto at the perimeter, Fortinet at branches, and Check Point in the datacenter—all from one platform.

What if my vendor isn't supported?

We can develop custom drivers for enterprise customers. Contact us with your vendor and API documentation, and we'll provide an integration timeline.

Which versions are supported?

We support the last 2-3 major releases of each vendor. Check the detailed integration table above for specific version numbers tested with your firewall.

Ready to Unify Your Firewall Management?

See how FwChange simplifies multi-vendor firewall operations.

Test Your Firewall Free →