What it checks

• Cisco IOS — BGP with MD5, port-security hardening, VTY ACLs
• Cisco WLC 9800 — WPA3+802.1X corp SSID, guest with isolation
• Palo Alto — SAML SSO with Azure AD, default-deny with logging
• FortiGate — IPsec VPN to AWS (BGP), RFC1918 anti-spoof
• Cisco SD-WAN — voice SLA + app-aware routing
• OpenVPN — TOTP MFA + LDAP
• rsyslog — TLS forward to SIEM (mutual auth)
• Juniper SRX — Screen options for DDoS protection
• Aruba CX — 802.1X port-access with ClearPass

How it works

Paste a vendor config, the analyzer runs heuristic checks (regex + custom rules), produces a 0-100 score with prioritized findings, and lets you download the report as Word, HTML, or PDF.

The post Config Templates Library appeared first on SafeCadence.

What it checks

• Open SSIDs (no encryption)
• Legacy WEP / WPA1 / TKIP
• Weak PSKs (short or common passwords)
• Missing WPA3 / SAE
• No 802.1X for corporate SSIDs
• Guest SSID without client isolation
• Default RADIUS shared secret / management password

How it works

Paste a vendor config, the analyzer runs heuristic checks (regex + custom rules), produces a 0-100 score with prioritized findings, and lets you download the report as Word, HTML, or PDF.

The post Wireless / Wi-Fi Security Analyzer appeared first on SafeCadence.

What it checks

• Telnet enabled / VTY without ACL
• SNMP default communities (public / private)
• BGP / OSPF without authentication
• No port-security on access ports
• Missing DHCP snooping + Dynamic ARP Inspection
• No BPDU guard / spanning-tree hardening
• Type-7 / weak passwords

How it works

Paste a vendor config, the analyzer runs heuristic checks (regex + custom rules), produces a 0-100 score with prioritized findings, and lets you download the report as Word, HTML, or PDF.

The post Routing & Switching Security Analyzer appeared first on SafeCadence.

What it checks

• any/any policies that defeat branch isolation
• Missing SLA class definitions / no app-aware routing
• Single underlay (no failover transport)
• Missing tunnel encryption flag
• Missing branch isolation / VRF separation
• Missing logging / telemetry destination

How it works

Paste a vendor config, the analyzer runs heuristic checks (regex + custom rules), produces a 0-100 score with prioritized findings, and lets you download the report as Word, HTML, or PDF.

The post SD-WAN Analyzer (Multi-Vendor) appeared first on SafeCadence.

Sections in the as-built report

• Executive summary (vendor, source, rule count, posture)
• Prioritized action plan (top 25 items with rationale)
• Cleanup candidates (broad / shadowed / unused rules)
• Best-practice check results (vendor + NIST + CISA)
• "Need help executing this?" CTA → hello@safecadence.com

Output formats: Word (.docx), HTML, PDF.

The post Firewall As-Built Report Generator appeared first on SafeCadence.

What's in the generated SOW

• Project overview, sponsor, vendor(s), site count
• Scope — In / Out
• Deliverables, assumptions, acceptance criteria
• Timeline + pricing pointer
• SafeCadence-branded header + footer with hello@safecadence.com CTA

The post SOW Builder for Network & Security Projects appeared first on SafeCadence.

Scenarios pre-loaded

• Firewall rule cleanup (single site)
• Multi-site firewall consolidation
• SD-WAN design + rollout
• Switch / port-security hardening
• Wireless network audit
• Custom (start from scratch)

Output formats

Word (.docx), HTML, and PDF — all branded with SafeCadence header / footer. Edit further in Word or your browser if you want to tweak before sending.

The post Firewall Service Quote + Invoice Generator appeared first on SafeCadence.

What it checks

• Overly permissive rules (any/any, broad source/destination zones)
• Missing logging, threat-prevention profiles, IPS/AV inspection
• Drift from NIST SP 800-41 / CISA firewall hardening guidance
• Vendor-specific best-practice violations

How the score works

We run every applicable best-practice check against your config, count passes vs. fails, then dock points for each critical/high finding. A score above 85 is solid; below 60 means significant gaps.

The post Firewall Best-Practice Checker appeared first on SafeCadence.

What it checks

• Overly permissive rules (any/any, broad source/destination zones)
• Shadowed, unused, and conflicting rules
• Dangerous service exposure (RDP, SMB, Telnet, legacy SQL) on untrusted zones
• Missing logging, threat-prevention profiles, and IPS/AV inspection
• Policy drift from NIST SP 800-41 / CISA firewall hardening guidance
• Audit-ready exports for PCI DSS firewall sections, SOC 2 CC6.6, HIPAA §164.312

Who it's for

Network administrators, security engineers, and compliance owners who inherit large rulebases and need to prove the firewall is doing what the policy says.

Related tools

• Website Security Audit — SSL, security headers, mixed content, exposed CMS — one aggregate report per domain.
• SSL Certificate Checker — Certificate chain, expiry, issuer, and hostname match for any HTTPS site.
• Public IP Exposure Checker — What does your public IP reveal about you?
• Mail Server Security Checker — STARTTLS, MTA-STS, DNSSEC, MX hygiene — one report per domain.

The post Firewall Analyzer appeared first on SafeCadence.

Click Generate to produce the document.

The post Incident Response Plan Generator appeared first on SafeCadence.