← Back to Engineering Blog
πŸ—“οΈ Feb 1, 2017⏱️ 3 min read

Automating Multi-Vendor Firewall Audits with Python Netmiko & Paramiko

How we replaced manual SSH login sessions across 200+ multi-vendor firewalls with custom Python Netmiko scripts to audit stale rules and enforce compliance.

πŸŽ™οΈ Listen to ArticleREADY
AI Audio Synthesis Narrator
Share Post:

β€œLogging into 200 individual firewall CLI sessions manually to check for un-used permit rules is not engineering β€” it’s manual labor that invites human error.”

The Setup

In February 2017 at Wipro, we managed a sprawling multi-vendor security perimeter for a global healthcare client. The firewall estate comprised 200+ Cisco ASA, Checkpoint, and Palo Alto appliances.

During a strict ISO-27001 compliance audit, auditors required a comprehensive list of all active permit ANY rules, un-used ACL stanzas, and outdated NAT objects across every firewall.


The Mess

Manually logging into 200 devices over SSH, running vendor-specific CLI commands (show run access-list, show config), and pasting text files into spreadsheets was estimated to take 160 engineering hours.

During early manual checks, an engineer accidentally executed clear ip access-list on a live core Cisco ASA, causing a 12-minute outage:

[CRITICAL] 2017-02-10 14:15:02 IST - Cisco ASA 5550 Console Log
ciscoasa# clear ip access-list OUTSIDE_ACL_IN
Result: Access-List OUTSIDE_ACL_IN Cleared (0 rules remaining).
System Impact: 100% of inbound internet traffic dropped on interface outside.
Audit Failure: 45 firewalls audited manually, 155 firewalls remaining.

Manual auditing was slow, risky, and incapable of detecting real-time configuration drift.


The Solution

I wrote a modular Python Netmiko & Paramiko Automation Framework that executed read-only CLI commands across multi-vendor firewalls in parallel threads:

  1. Multi-Threaded SSH Execution: Utilized Python concurrent.futures to query 50 firewalls simultaneously using Netmiko drivers.
  2. Regex Parsing & Normalization: Standardized vendor-specific rule formats into a unified JSON compliance report.
  3. Read-Only SSH Credentials: Enforced read-only TACACS+ accounts to prevent accidental CLI state changes.
# audit_firewalls.py - Python Netmiko Multi-Vendor Audit Engine
import concurrent.futures
from netmiko import ConnectHandler
import json

devices = [
    {"device_type": "cisco_asa", "host": "192.168.1.10", "username": "audit_user", "password": "SecretPassword123"},
    {"device_type": "paloalto_panos", "host": "192.168.1.20", "username": "audit_user", "password": "SecretPassword123"},
]

def audit_device(device):
    try:
        net_connect = ConnectHandler(**device)
        if device['device_type'] == 'cisco_asa':
            output = net_connect.send_command("show access-list | include permit")
        elif device['device_type'] == 'paloalto_panos':
            output = net_connect.send_command("show config running rulebase security")
        net_connect.disconnect()
        return {"host": device['host'], "status": "SUCCESS", "rules": output.splitlines()}
    except Exception as e:
        return {"host": device['host'], "status": "FAILED", "error": str(e)}

with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor:
    results = list(executor.map(audit_device, devices))

print(json.dumps(results, indent=2))
# Python Netmiko Audit Summary Output
[NETMIKO AUDIT SUMMARY] 2017-02-18 10:00:00 IST
Total Devices Audited: 200 / 200 (100% COMPLETE)
Execution Time: 3 minutes 12 seconds (vs 160 hours manual)
Stale Rules Flagged (>90 days inactive): 1,420 ACL stanzas
Compliance Violations (Any/Any Ingress): 12 rules flagged for immediate cleanup

The Results

The Python Netmiko audit script completely transformed our security operations:

  • Audit Runtime: Reduced from 160 manual hours to 3 minutes 12 seconds.
  • Human Errors: 0 outages during automated read-only scans.
  • Security Stance: Identified and pruned 1,420 stale ACL rules across 200 firewalls.

Key Takeaway

Never audit network infrastructure manually. Building lightweight Python Netmiko automation scripts with read-only credentials guarantees fast, non-disruptive, and 100% accurate compliance reporting.


Architecture and decisions: mine. Python code and CLI automation: mine. AI assistance: structure, syntax, first draft. β€” Sachin

SKS

Sachin Kumar Sharma

Associate Director (Infrastructure & Cloud Architecture Strategy) | 20+ Yrs Exp

Architecting resilient multi-cloud enterprise landing zones, SDN overlay fabrics, DevSecFinOps automation pipelines, and autonomous Agentic AI platforms.

πŸ“¬

πŸ“¬ Stay Updated on Tech Releases

Sign up to get notified when I publish new production war stories, agentic AI architecture blueprints, or open-source infrastructure tools.

⚑ Theme Adaptive Shift
Switching layouts matching domain reading affinity...