The invention discloses a firewall policy data analysis device based on the network flow. The firewall policy data analysis device comprises a mirror image switch, a mirror image flow acquisition server and an analysis device; the mirror image switch is connected onto a switch, and used for obtaining all access data of a firewall; the mirror image flow acquisition server is used for pre-processing the data obtained by the mirror image switch, and generating a corresponding txt file to store; and the analysis device is used for performing analysis and merging of the data according to a MapReduce algorithm, and generating a statistical report form. A firewall access policy configuration report form can be generated; an auxiliary decision action is provided for firewall safety managers; workers are helped to judge the correctness of policy configuration of the firewall; and thus, the operation safety is improved under a condition that normal operation of an information system is ensured.