sas sucks in a wireshark capture and spits out firewall rules in a group policy for a Cisco Meraki MX with a default deny rule. This makes it perfect for creating firewall rules for IoT devices and then restricting those IoT devices in case they later become compromised.
sas is aware of resources that are accessed via a DNS name that use dynamically changing IP addresses.
sas is also able to read in an existing group policy and update any existing firewall rules with anything found in the packet capture not currently contained in the rule set.
The problem I frequently run into is the firewall documentation I get from IoT vendors is nearly always wrong. I can't think of the last time it was correct.
The IoT devices are made of of so many components and the developers only focus on the code they wrote when writing the firewall rules and not everything else.
The last one I did was an IoT device running on top of Windows. The client wanted the Windows devices to be kept patched. And of course, the firewall rules did not include anything to allow Windows Update to run.