asprom assault profile monitor
asprom is a firewall compliance scanner.
You define a profile of which services your network(s) should offer to users. The scanner automatically and regularly portscans your networks using nmap and reports any aberrations from the defined profile.
This functionality can be used to ascertain PCI-DSS, BSI-Grundschutz or DIN 27001 compliance of stateful firewalls.
Don't be afraid - it is easily installed, very user-friendly and doesn't require any knowledge besides basic tcp/ip concepts :-)
You can download a virtual appliance for Oracle Virtualbox and VMWare Player right here, it works out of the box!
There are also installation instructions if you want to roll from scratch (also very easy).