Firewall Configuration Audits

I'd recommend nipper for this. Runs on a wide range of devices, and is targeted at firewall audits, rather than configuration management.

In my experience it's very easy to get working. Generally, you give it a copy of the config and it runs :)


Solarwinds' Firewall Browser (formerly of Athena Security) is a free tool that does this kind of analysis.

You didn't mention Checkpoint, but the Checkpoint Users Group (CPUG) has discussions of such tools--many of which are not Checkpoint specific.