Generate Compliance Reports

Procedure

Step 1

In the left pane, click Insights & Reports > Compliance Posture.

The Compliance Posture page displays previously generated reports and allows you to create new compliance evaluations.

Step 2

Click Generate Report to begin defining the report.

Step 3

Enter a name and choose the device to evaluate.

  • Currently, PCI DSS 4.0.1 Compliance Template is the only supported template. This template evaluates firewall configurations against requirements for network security, access control, secure configuration, and logging.

  • Only devices that are currently online are available for selection.

Step 4

Review zone mappings.

Zone mappings are pre-assigned based on the existing configuration. Review these assignments and update them as needed. Assign each interface to one of the following zone categories:

  • Trusted: Internal networks that handle sensitive or business-critical data, such as the Cardholder Data Environment (CDE) or corporate networks.

  • Untrusted: External networks, typically the internet or any network outside organizational control.

  • DMZ: Intermediate networks that expose services to untrusted networks while isolating them from trusted environments.

  • N/A: Interfaces that are not relevant to compliance evaluation or are not part of the analyzed traffic flow.

Note

Zone mappings are used to evaluate segmentation-related compliance rules. Incorrect mappings can lead to inaccurate findings, especially for rules that validate traffic between trusted and untrusted networks.

Step 5

Click Generate Report to begin the compliance evaluation process.

Note

  • Compliance reports are generated manually and are not evaluated automatically.

  • The system analyzes firewall policies and validates them against the selected compliance template. Report generation can fail due to device connectivity issues. Verify that the device is online and reachable.

Step 6

Monitor report status.

View the report status from the Compliance Posture dashboard. The Compliance Status column indicates the current state of the report and its findings.

Step 7

Select a completed report from the Compliance Posture dashboard to view detailed compliance results for the selected device.

Step 8

Review compliance checks and findings.

The report displays a list of compliance checks, each representing a specific requirement being evaluated (for example, restricting inbound traffic to the CDE or validating VPN security). Select a compliance check to view its details, which may include:

  • A description

  • References to relevant compliance standards

  • Identified findings associated with the check

  • Recommendations for remediation

The number next to each compliance check indicates how many findings were identified for that check.

Step 9

Click Download Report to export the report in JSON format for audit and offline review.

You can re-run reports on devices after making policy changes that address findings from previous reports. You can view compliance findings from the Summary page. Navigate to Insights & Reports > Summary and click Operations to view compliance-related insights for the selected time range.