Practice real firewalls without the licence headache
Browser-based simulators that look and feel like the real device — GUI, CLI, commit workflow, the works. Each firewall gets your own saved workspace, so you can come back tomorrow and pick up where you left off.
Available now
Palo Alto PAN-OS
Full WebUI clone — Policies, Objects, Network, Device tabs, plus a working CLI with configure, commit, and show commands.
Topology Lab Builder · Multi-Device
Drag firewalls, PCs, switches onto a canvas. Pick a scenario (IPsec Site-to-Site, HA Pair) — both firewalls must match exactly, or Diagnose shows realistic PAN-OS-style errors pointing at the mismatched parameter.
PAN-OS Lab Workbook
20 hands-on investigation tasks across 5 levels — recon, log analysis with the query builder, policy creation, troubleshooting, and reporting.
Walkthrough · Create Interface
Step-by-step "where to click" guide with side-by-side screenshots. 10 steps from opening Network tab → committing → verifying via CLI.
CLI-only consoles · multi-vendor practice
Checkpoint Gaia CLI
Pure CLI sim — clish for config and expert (bash) for advanced. ~30 commands covering interfaces, routes, hosts, ClusterXL, fw stat, cpinfo, tcpdump.
FortiGate FortiOS CLI
Hierarchical config tree — config X → edit Y → set Z → next → end. Prompt changes with context. Full get/show/execute/diagnose command set.
Juniper SRX Junos CLI
Two-mode CLI — operational > and configuration #. Real candidate config + commit / rollback / show | compare semantics.
Cisco ASA CLI
IOS-style multi-mode shell — user >, privileged #, global (config)#, plus interface / object sub-config. Full show run, access-list, object network, NAT, packet-tracer.
SonicWall NSv CLI
SonicOS shell with zones, address/service objects, access rules, NAT policies, and routes. Edits stay pending until commit.
Cisco IOS Switch
Catalyst 2960-style — VLANs, trunking, STP, EtherChannel, CDP, port-security. Full CCNA fundamentals practice.
Cisco IOS Router
ISR4321 with OSPF, BGP, NAT, ACL, static routes, DHCP pools. CCNA / CCNP Routing practice.
F5 BIG-IP TMSH
Flat TMOS shell — virtuals, pools, nodes, monitors, profiles. show /ltm, list, create, save sys config.
Policy simulators · GUI-style
Cisco ISE Policy Simulator
Build authentication + authorization policies, then trace canned RADIUS requests through the rules. See which authz profile + VLAN + dACL applies.
Zscaler ZIA Policy Simulator
URL filtering + SSL inspection + firewall rules + cloud-app control. Test a URL × user, see category, matched rule, action.
Forescout NAC
Asset inventory with classification, compliance state, VLAN assignment by policy. Click any endpoint → see policy match + remediation flow.