Natural Language Interface for Firewall Configuration
This addresses the challenge for network administrators by making firewall configuration more accessible and auditable, though it is incremental as it builds on existing methods with a new interface.
The paper tackles the problem of configuring enterprise firewalls by developing a natural language interface that translates plain language policies into vendor-specific configurations, using a prototype that compiles to Palo Alto PAN OS and includes validation layers like a static linter and simulator.
This paper presents the design and prototype implementation of a natural language interface for configuring enterprise firewalls. The framework allows administrators to express access control policies in plain language, which are then translated into vendor specific configurations. A compact schema bound intermediate representation separates human intent from device syntax and in the current prototype compiles to Palo Alto PAN OS command line configuration while remaining extensible to other platforms. Large language models are used only as assistive parsers that generate typed intermediate representation objects, while compilation and enforcement remain deterministic. The prototype integrates three validation layers, namely a static linter that checks structural and vendor specific constraints, a safety gate that blocks overly permissive rules such as any to any allows, and a Batfish based simulator that validates configuration syntax and referential integrity against a synthetic device model. The paper describes the architecture, implementation, and test methodology on synthetic network context datasets and discusses how this approach can evolve into a scalable auditable and human centered workflow for firewall policy management.