In one aspect, a method for automated creation and management of firewall rules in a network environment, includes obtaining network traffic patterns including data exported from one or more network appliances in the network environment, where the data includes a plurality of network identifiers, automatically generating a first set of firewall rules based on a source and destination of each network identifier, automatically generating a second set of firewall rules based on firewall data including a source and destination of address, and generating a revised set of firewall rules based on the first set of firewall rules and the second set of firewall rules, where the revised set of firewall rules is also based on a detection of a number of times at least one of the second set of rules is invoked at the firewall.