Manual firewall review is valuable because experienced engineers understand context, risk acceptance, legacy constraints, and operational impact. The weakness is that manual review can be slow, inconsistent, and hard to repeat across large configurations.
Automation is strongest where the checks are deterministic: broad rules, missing settings, risky services, disabled logging, shadowed policy logic, object hygiene, known hardening expectations, and standards-aligned control checks.
The best model combines both. Let automation perform the repeatable inspection work, then let engineers apply judgement to prioritisation, exception handling, change planning, and final remediation decisions.