Audit · Score · Fix

Early Access

Your firewall policies. Audited in 60 seconds.

AI-powered multi-vendor firewall auditing for MSPs and IT teams. Upload a config, get a scored report with compliance mapping and vendor-specific remediation commands.

No credit card required. We'll reach out within 24 hours.

See how it works ↓
87Good
Critical0
High2
Medium3

9

Vendors Supported

15

Security Checks

60s

Average Audit Time

3

Compliance Frameworks

See it in action

Upload a config. 60 seconds later, this is what you get.

getshieldiq.com/audits/results
41High Risk

FortiGate

500 rules analyzed

↑ +22 vs last audit

9Critical
201High
18Medium
1Low
Your firewall has 9 critical issues that leave your network exposed to attack. Rule VPN-485 permits unrestricted traffic from any source to any destination — effectively bypassing your entire security perimeter. Immediate action required.

⚑ Fix These First

critical8 rules

Unrestricted Traffic Rule

Firewall rule VPN-485 permits all traffic from any source to any destination…

critical1 rule

No Default Deny Rule

Your FortiGate has no final deny-all rule — any traffic not explicitly permitted…

high168 rules

Unreachable (Shadowed) Rules

Rule Legacy-Old-52 is completely hidden behind SBNP-Monitoring-42…

Duplicate Rules — 82 rules affected
Insecure Protocols Allowed — 14 rules affected
Missing Default Deny — 1 rule affected
See the full report →

Between Enterprise and a Spreadsheet

Enterprise tools cost $50K+ and take 6 weeks. Spreadsheets are free but miss everything. ShieldIQ is the middle ground.

Enterprise Tools

$50K–500K/yr

4–6 week setup

Complex deployments, long contracts, dedicated teams required. Great if you have the budget.

ShieldIQ

$750/audit

60 seconds

Multi-vendor, AI-explained, compliance-mapped. Built for MSPs.

Spreadsheets

Free

Hours of manual work

What most SMBs use today. Misses shadowed rules, duplicates, drift.

How It Works

Upload

Drop your firewall config — JSON, XML, or text export. We detect the vendor automatically.

Score

15 security checks run instantly. You get a risk score from 0–100 with compliance mapping to PCI-DSS, NIST, and CIS.

Fix

Every finding includes vendor-specific CLI commands you can copy and paste to remediate. No guesswork.

Why MSPs Choose ShieldIQ

AI-Powered Explanations

Every finding explained in plain English. No security team required — your level 1 techs can understand the results.

Compliance Mapping

Automatically maps findings to PCI-DSS v4.0, NIST 800-53, and CIS Controls. Show clients exactly which controls are failing.

Copy-Paste Remediation

Vendor-specific CLI commands for every fix. Upload a FortiGate config, get FortiGate commands. Not generic advice.

White-Label Reports

Your logo, your colors, your footer. Generate executive and technical reports branded as your company. Clients never see ShieldIQ.

Fleet Dashboard

See all your clients' firewalls in one view. Scores, trends, drift detection. Know which client needs attention before they call you.

Scheduled Audits & Alerts

Run audits automatically. Get emailed when scores drop or new critical findings appear. Never miss a policy change.

15 Security Checks. Every Audit.

Every config is analyzed against the same 15 checks, regardless of vendor. Consistent results across your entire fleet.

Allow-All TrafficMissing Default DenyNo LoggingDuplicate RulesShadowed RulesUnrestricted ServicesInsecure ProtocolsBroad EgressDevice HardeningDisabled RulesStale RulesRule ComplexityWeak JustificationBroad SubnetsMissing Descriptions

9 Vendors. One Platform.

Upload any supported config — we detect the vendor automatically and run the same 15 checks.

FortiGate
Palo Alto
Cisco ASA
Cisco Firepower
Cisco Meraki
SonicWall
Sophos XGS
WatchGuard
Check Point

Simple Pricing

No contracts. No per-seat fees. Pay per audit or go unlimited.

Single Audit

$750one-time

1 firewall, full audit report with AI explanations, compliance mapping, and remediation commands.

  • 1 firewall config
  • 15 security checks
  • Compliance mapping
  • Technical + executive report
Book a Demo
Most Popular

Audit Package

$1,500up to 5 firewalls

Perfect for companies with multiple firewalls. Same deep analysis across your entire perimeter.

  • Up to 5 firewalls
  • Fleet dashboard
  • Drift detection
  • White-label reports
Request Early Access

Enterprise

$3,000–5,000custom scope

Unlimited firewalls, dedicated onboarding, custom compliance profiles, and priority support.

  • Unlimited firewalls
  • Custom compliance profiles
  • Dedicated onboarding
  • Priority support
Book a Demo

MSP License

$499/month

Unlimited audits for your entire client base. API access, scheduled scans, and white-label everything.

  • Unlimited firewalls
  • Scheduled audits
  • API access
  • Multi-tenant + white-label
Book a Demo

Frequently Asked Questions

Questions we hear from MSPs and IT teams before they get started.

Do my clients' firewall configs leave my environment?+
No. Configs are processed entirely in memory during the audit and immediately discarded after. We store findings and risk scores — not the raw configuration content. Your clients' network topology, IP ranges, and rule logic never leave your machine or get written to any database.
Do I need to install an agent or give ShieldIQ access to my firewalls?+
No agents, no network credentials required for an upload-based audit. You export a config file from your firewall's management console (a process that takes about 30 seconds) and upload it. We detect the vendor automatically and return results in under 60 seconds. API-connected scheduled audits are available for advanced users who want continuous monitoring.
How is this different from a vulnerability scanner like Nessus or Qualys?+
Vulnerability scanners probe live systems for unpatched CVEs and open ports. ShieldIQ analyzes the firewall's own policy logic — finding rule errors like shadowed rules, allow-all policies, missing default deny, and stale rules that active scanners cannot detect. It's policy auditing, not vulnerability scanning. Most MSPs use both: scanners find exploitable weaknesses, ShieldIQ finds the policy misconfigurations that let those weaknesses through.
My firewall vendor has a built-in policy checker. Why do I need ShieldIQ?+
Built-in tools only analyze their own vendor's format, apply basic syntax checks, and produce output designed for network engineers — not client delivery. ShieldIQ audits 9 vendors using the same 15 checks, maps every finding to PCI-DSS, NIST, and CIS controls, generates AI-explained findings in plain English, and produces white-labeled executive and technical reports your clients can read. It's the difference between a system log and a board-ready report.
Will ShieldIQ reports hold up with a PCI-DSS auditor?+
ShieldIQ maps every finding to specific PCI-DSS v4.0 controls — for example, an allow-all rule flags controls 1.3.1 and 1.3.2. The technical report is formatted as audit evidence and shows exactly which controls pass or fail. Most customers use ShieldIQ to find and remediate gaps before their QSA arrives, then provide the report as supporting evidence. ShieldIQ does not replace a QSA assessment, but it significantly reduces what the assessor finds.
Can I white-label the reports for my clients?+
Yes — the MSP License includes full white-labeling. Upload your logo, set your brand colors, and add a custom footer. Both the executive summary and the full technical report render under your company name. Clients receive professional, branded PDF and Word reports. ShieldIQ is never mentioned anywhere in the output.
When does the MSP License make more sense than per-audit pricing?+
If you're auditing more than two clients per month, the MSP License ($499/month) pays for itself immediately — a single Audit Package is $1,500. The MSP License also includes the fleet dashboard, scheduled audits, drift detection, API access, and multi-tenant client management that per-audit pricing doesn't. Most MSPs treating firewall audits as a recurring service move to the MSP License after their first two clients.
Is ShieldIQ SOC2 certified?+
Not yet — we're in early access. A SOC2 Type II audit is on our roadmap as we scale. In the meantime, we're transparent about how data is handled: raw configs are never stored, access is role-based with JWT authentication, all stored data is encrypted at rest with AES-256, refresh tokens rotate on every use, and our full Privacy Policy and Terms of Service are published on this site. If you have specific security questions before onboarding, reach out directly.

Ready to audit your firewall policies?

See ShieldIQ in action with your own firewall config. 15-minute demo, no commitment.

Request Early AccessBook a Demo →