We changed our name from IT Central Station: Here's why

FireMon OverviewUNIXBusinessApplication

FireMon is #3 ranked solution in top Firewall Security Management tools. PeerSpot users give FireMon an average rating of 8 out of 10. FireMon is most commonly compared to Tufin: FireMon vs Tufin. FireMon is popular among the large enterprise segment, accounting for 41% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 31% of all views.
What is FireMon?

FireMon, the only agile network security policy management (NSPM) platform, brings visibility, control, and automation to enterprise cloud and hybrid network infrastructures.

  • To drive agility across hybrid networks, the headless orchestration API allows customers to integrate with any existing system or process including IT Service Management platforms like ServiceNow, Security Orchestration Automation and Response (SOAR) tools like Splunk Phantom and Palo Alto Cortex SOAR, and DevOps platforms like Red Hat Ansible and HashiCorp Terraform.
  • To drive security efficiency and eliminate misconfigurations caused by complexity and manual processes, the platform addresses inefficient rule creation and change processes, delivers risk assessment of change through pre-change simulation and provides policy change recommendation.
  • To meet scale and heterogeneity requirements, FireMon normalizes policy across thousands of firewalls, devices, and cloud security groups through a single interface.

FireMon customers routinely experience up to 90% improvements in network security policy efficiency while eliminating common misconfigurations which lead to breaches and compliance violations.

FireMon Buyer's Guide

Download the FireMon Buyer's Guide including reviews and more. Updated: January 2022

FireMon Customers

Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Salesforce, Verizon, Wells Fargo

FireMon Video

FireMon Pricing Advice

What users are saying about FireMon pricing:
  • "FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated."
  • "This is an expensive solution. The cost of three modules for three years was approximately one million."
  • "The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average."
  • FireMon Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    IT Security Admin at a tech vendor with 1,001-5,000 employees
    Real User
    Top 20
    We have made massive improvements to firewall management and firewall hygiene
    Pros and Cons
    • "FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration."
    • "While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon."

    What is our primary use case?

    We use the Security Manager module. We use it to report and audit firewall changes. We also use it to track the hygiene of our firewalls in addition to the changes made to them. Since it normalizes the firewall config, we are able to do custom searches and make custom controls to build out those audits and reports, making sure that we are applying firewall rules correctly. There are a lot of built-in reports as well, which help us to identify rules and objects that are being used. 

    We are an enterprise environment. We are definitely not the largest of FireMon's customers, deployment-wise. 

    How has it helped my organization?

    FireMon automatically warns us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. We find this valuable as well, especially from the compliance standards where it has real-time change detection and FireMon watches the firewalls. Whenever there is a change that breaks compliance, we get that immediately. At the same time, whenever you are planning a change inside FireMon, it won't let you make that change when there is a compliance issue that they found.

    We have built-in change reporting in Security Manager, which is very helpful. Whenever we have a scheduled change report, we use that as an opportunity to review the report and do a technical review of the changes that were made.

    It does a search whenever you are planning a rule in FireMon. So, if the traffic that you are trying to create a rule for is already allowed, FireMon will tell you. This will save you the time of trying to create a duplicate rule if you already have a rule that would allow the traffic.

    What is most valuable?

    The change normalization is the most valuable feature. It gives us the ability to just do a search based on time, device, or even device groups. It just shows us one by one what the changes to the config were and what time they were. It even shows which admins made the changes. The individual changes can be searched. You can create reports of the changes. That is probably the most valuable feature that we have.

    Cleanup of rules is a huge pro of FireMon. After a change detection, the firewall hygiene is our number two most important feature that we use FireMon for. Right out the gate, they have built-in features and reports that will allow you to go through your firewall and identify objects that are not used in config. They have a report that is called removable rules, which is extremely helpful and very powerful. It goes through your firewall and identifies rules that are unlikely to be hit, either because the rules are set up wrong for your routing or they are completely shadowed, meaning that the rule will never have any impact on traffic going through the firewall. Those are both very powerful built-in reports that we do use extensively. 

    The firewall config is normalized in FireMon to do custom searches, so you can search off of any number of things. You can search off of rule names. You can search off of the different addresses that would be inside that rule. You can also search based off of services that are allowed or disallowed by the rule. Therefore, it lets you search any number of firewall types in the same search syntax. You could have an ASA and Juniper, then in FireMon, you can do a search that will return rules from both devices. So, it is very powerful. 

    We can create custom controls based on the hygiene. Whenever we have rules that are tagged as temporary, we have custom hygiene controls that will go through and help us make sure those are cleaned up after we are done using them.

    The quality of our reports has improved drastically. These are reports that we can use internally from a technical standpoint, we can send up to our own management, or we can even use some of them externally for different auditors or other requirements that we have.

    In most firewalls that you use, you have a comment field where you can put a change request ID and a little information about the rule. FireMon scales that up to 10. Within FireMon rules, you have fields for ticket ID. You have fields for the rule owner: the admin who created the rule, the security guy who approved the rule, and the business request, e.g., someone from IP systems or if it is a developer. Therefore, it has very verbose rule documentation inside of FireMon. Those are all searchable as well. 

    What needs improvement?

    While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon.

    FireMon could improve their support for individual vendors. There are features that are specific to Cisco Firewalls that are not supported in FireMon. That changes a lot because they do release updates pretty regularly. However, if you are using Check Point, and that is what you use as your firewall, and you don't use Cisco Firewalls, then all the features for Cisco just aren't really worth it to you. So, FireMon could improve by making sure that they have full coverage for all the vendor specific uses.

    For how long have I used the solution?

    We have been using FireMon for about a year.

    What do I think about the stability of the solution?

    The stability is favorable. We have been running it for a year. We have been able to restore from a backup. We did that as an exercise and that process was very straightforward.

    They have built-in monitoring that sends out alerts whenever the CPU or disc usage triggers the thresholds, which are set at intelligent levels.

    I have heard from the people at FireMon: When going from version 8 to version 9, that upgrade path was a little bit dicey in terms of stability. Since we installed version 9, I feel like we have been pretty good this whole time on stability.

    What do I think about the scalability of the solution?

    I have good things to say about scalability. They do have multiple ways of deploying it. If you are a very small company, you can have everything FireMon on one appliance, which is kind of cool. As you need to scale, you can add resources to the database and application servers. You can also add data collectors throughout your environment, which is the biggest thing. The data collectors are machines that retrieve the firewall configuration and receive firewalls usage logs.

    Scalability is good. The appliances themselves are massive. We're not the largest of FireMon's customers, but as we grow, the amount of compute resources just in general that FireMon is going to be using will be huge as we grow. So, it is scalable. The architecture makes it scalable, but they are beefy, i.e., In terms of compute resources that these appliances use, just the specs on them.

    We do have plans to increase usage, if pricing and resources permit. Right now, we have all our firewalls reporting in FireMon. We also have our network topology loaded in FireMon.

    How are customer service and technical support?

    We have worked with them a good deal. I would give them a solid 9 out of 10. The way that they can do a 10 is just by continuing to do what they do. This year has been pretty good, and we have had several dozen cases open with them. Each one of them has been pretty good. There were a couple that could have been resolved maybe a little faster.

    Their management and all the techs with whom we have worked have been very helpful. We did have a couple of calls with their team lead.

    Their support is US time zone-based. So, they have people who work well with the people at my company. Their support is native English speakers, so they are very easy to understand.

    On the whole, their technical knowledge is pretty good. The documentation is a little bit spotty. Sometimes documentation around a specific issue is not full, but the people on a call are able to explain what is going on, what specific logs are, or what could be causing a specific issue. Therefore, the knowledge of their technical people is high.

    They are open to video conferencing. So, if you want to manage your entire case through email or through a written format, you can do that. However, a lot of times it is faster just to do a screen-sharing and do a phone call to explain your issue. They have been open to doing that.

    The way to move from 9 to 10: They will point you to their professional services, if they feel like your request is outside the scope of their support. They are a little quick to do that sometimes.

    Which solution did I use previously and why did I switch?

    FireMon identifies risks in our environment and helps to prioritize fixes. This has been a good usage. When we first got FireMon, we built out several custom reports, as well as the built-in reports, which have helped us tighten our security rules. FireMon has helped us improve 2000 rules in the span of three months. These were rules that presented a risk to our organization before we had the project with FireMon to fix those rules.

    We are spending about the same amount of time creating new reports as we did with our old reporting processes. However, the new compliance reports that we are turning out are across the board better, e.g., we are getting full change histories. We are getting when you have a control that does not allow a risky service out to the Internet. For example, it automatically goes through the rule base and then distills that report for you, rather than cherry-picking like we did on our old processes. These reports are more accurate and much better.

    We used a competing vendor before we bought FireMon. During our purchase phase, when we were looking to replace that vendor, we also did evaluations of two other alternatives as well.

    The primary reason that we switched to FireMon from our previous firewall administration platform was that there were bugs in it specific to the firewalls that we were using. This made things, like change detection and their version of compliance controls, unworkable so there was inaccurate reporting.

    The secondary reason that we switched to FireMon was the previous solution's support. The support of the people, whom we were using before FireMon, was absolutely terrible. 

    How was the initial setup?

    It took two weeks before we were completely deployed. The actual project took three months, but most of that was knowledge transfer and advanced concepts.

    Because FireMon is pretty expensive, our initial purchase was only one module of FireMon, which was Security Manager. We do have licenses for all our firewalls, but we only had the one module, Security Manager, and not the other ones, like Policy Planner and Policy Optimizer. That was our initial implementation setup.

    What about the implementation team?

    When we purchased FireMon, bundled in our purchase was professional services. So, we got to work with them during the initial implementation, and it was very straightforward and simple to set up. The people who we worked with were knowledgeable and helpful. They shot us the documentation well in advance so we could follow along with that step by step.

    What was our ROI?

    We have absolutely seen ROI. We are not tying ROI to automation, time saved, nor reduced headcount. Our return on investment has been primarily in the projects that we are able to accomplish with FireMon. For example, last quarter, our team completed 23 projects with FireMon, and they were each tied to a future-oriented process. For all the projects that my team accomplished, we created FireMon controls and reports as well as a cleanup on the firewalls. We also created automation around the FireMon API so these processes and reports are happening automatically in terms of scheduled reporting and automatic ticket requests into our ticket management system. FireMon's return on investment is due to the massive improvements that we have made on firewall management and firewall hygiene.

    FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration.

    On an average day, we receive a lot of requests to approve firewall changes, changes to the firewall, and additions to rules. On any given day, we have a request that was not given to us well, e.g., where they have different IPs that are needed or they don't give the right service request. Whenever FireMon gives us a report, we are able to go back through it and correct those changes to make them more accurate.

    Whenever we are getting a request where the traffic could hit multiple firewalls, FireMon fact checks us to make sure we are putting the rule in the correct firewall.

    What's my experience with pricing, setup cost, and licensing?

    FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated.

    They license per module. They have four main modules that they license currently. The base license is included with the Security Manager module, which was our initial purchase back a year ago. 

    The professional services is an add-on, and it is one where you can purchase more professional services. It is per project. So, it is an add-on for your initial implementation project. At a later time, if you have another project that you would want professional services on, they will quote you for that. 

    The support comes in tiers and it's also per module. I don't know of anyone who would purchase a license for a module and not purchase the support that comes with it. 

    Which other solutions did I evaluate?

    We evaluated both Tufin and AlgoSec, as competitors of FireMon. FireMon differentiated itself because it was more fully featured on the firewalls that we were deploying.

    What other advice do I have?

    My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool.

    If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base.

    We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value.

    We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it.

    We don't use FireMon to automatically make changes on our firewalls.

    I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    IT Manager for Networks and Cloud Infrastructure at a government with 10,001+ employees
    Real User
    Helps by automating the process of cleaning up firewall rules, reducing costs and increasing accuracy
    Pros and Cons
    • "We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy."
    • "The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly."

    What is our primary use case?

    We use FireMon for security management, to manage our security infrastructure. We also use it to do PCI compliance and to manage personal data and information related to the organization, and to prevent data loss. In addition, we use the admin console for firewall management, including firewall rules and to decommission firewalls when they are not in use. We use it to monitor our primary corporate DR firewalls as well.

    How has it helped my organization?

    In the past, we've had thousands of firewall rules that came from legacy applications and many years of work. FireMon has helped us to clean up those rules and to manage them properly. We can decommission rules that are old and outdated or clean them up. And we can work on the ones that are not functioning properly or that are configured improperly, to make them compliant and useful to the organization. It has helped us to manage multiple firewall rules and remove legacy ones that are not useful.

    It helps by automating the process of cleaning up firewall rules in a large, enterprise environment. It's not done manually, which is a process that is more prone to errors and takes more time. When it's done manually it's more tedious and requires multiple resources dedicated to doing it. It helps reduce the time involved, increasing the efficiency and reducing the cost, as well as making the job more accurate.

    The same is true when it comes to accurately creating, approving, and deploying firewall policy rules. It reduces the effort by 75 to 80 percent, compared to how we used to do it before we got FireMon. And we get that same percentage reduction in effort, 75 to 80 percent, when changing firewall policy rules.

    It has also been very helpful in terms of the time and effort required to create compliance reports. Previously, when we used other applications or did it manually, we were not able to finish our work efficiently and on time. FireMon has helped us to cut the time it takes to do auditing and reporting of firewall rules, and increased our efficiency. 

    It has cut both the man-hours spent as well as the number of staff members who are dedicated to firewall policy changes and the firewall policy update process, because it enables automation and simplifies the task. The reporting is also more efficient and more correct and useful.

    FireMon has decreased errors and misconfigurations, issues that had increased risk in our environment, by 75 percent.

    It also identifies risks in your environment and helps to prioritize fixes, if you have the necessary set of eyes to look at the rules and the resources. When FireMon gives you reports on what's going on in the environment, you assign staff members to rectify whatever issues it has reported and proactively prevent issues from arising in the future. It has improved our security posture drastically, and cut down the cost related to having third parties manage those things. We can do some of those things in-house. It has improved our security posture and senior management is happy because of that.

    What is most valuable?

    • The FireMon interface is very helpful.
    • The configuration management for multiple firewalls is very easy to use.
    • The backup facilities are very helpful as well.
    • The troubleshooting and testing capabilities are very good.

    The solution automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. Sometimes we get "white noise," meaning false positives, but it's always good to have more information than less. That way we can switch it off and work when we see that it's giving a false positive. It does send us an alert to let us know that there are changes in the environment. That functionality is very important because automating such tasks is very helpful in managing our environments and preventing attacks. The earlier you notice issues going on in an environment, the easier it is for you to prevent certain incidents or mitigate risk.

    We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy. When you automate processes like that, they are able to run themselves. You create one set of rules and automate them to run. That enables you to find problems proactively, before they happen. It also enables you to have a consistent set of firewall rules, wherever you go. If you deploy new sites, you can apply the rules you already have in place to those sites. It creates a single platform, a single source of truth, for managing disparate environments and systems that are connected together.

    For how long have I used the solution?

    I've used FireMon for nearly six years.

    What do I think about the stability of the solution?

    We don't have too many issues with FireMon. When it comes to the application, we don't have any issues. Sometimes we get white noise, meaning false positives, but that is just in terms of performance, and not necessarily the system itself.

    What do I think about the scalability of the solution?

    Scaling is simple. You can easily scale it and maintain it with any size team.

    We are using FireMon in a couple of departments. I work for a government office, and we have a lot of different departments under us. We have a need to increase our usage, because we always have people coming in. We're at the very beginning of moving to the cloud. When we move to the cloud, we're going to multiply our usage by at least tenfold, because people at remote locations will then be able to make use of the services.

    We have at least half a dozen people using FireMon. Their roles include the people that manage the hardware that it's installed on as well as the admin managers who look at it day-to-day to see what the configuration is like. The admin guys can do analysis but there are also analysts who get the alerts and who work on the action items related to the alerts. They investigate and then they know what mitigation actions to take to prevent attacks or to deal with whatever FireMon is reporting on. For deployment and maintenance we need just three people.

    Maintenance is connected with the need to upgrade. They have to seek funding for it to happen and get the funding arranged. If it doesn't require any funding, if it's just internal work that needs to be done, then the admin guys can do it without having to involve anyone else. If there's any need to connect with FireMon, that is done as well.

    How are customer service and support?

    I would rate their tech support at seven out of 10. They do respond to us and they provide good service, but sometimes it takes time for them to get back to us or to get people to work on stuff. Overall, they are good.

    Which solution did I use previously and why did I switch?

    Before FireMon, we used native solutions provided by Check Point. We switched because each of our departments has its requirements. They needed a product that would provide them with better service. They came to the central unit, which is where I work, to ask that something be procured, and that's why we procured FireMon. There are certain facilities in FireMon that give it an advantage over certain other companies or providers.

    How was the initial setup?

    The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly. The setup is a bit complex and tedious, especially for a new user who will need someone to hold their hand as they go through it. But after doing it a couple of times, or upgrading it a couple of times, it's not as tedious.

    Our deployment took about two weeks. We first did a discovery of what we wanted FireMon to do for us, a discovery of our requirements. We determined the prerequisites that had to be installed and the system requirements. We then moved on to an initial assessment through a deployment in a test environment. After the testing and everything working out, we further configured it to fine-tune it to our own specific environment. After all that was working okay, we went ahead to the final deployment. But for subsequent sites, it might just take a couple of days.

    There is a learning curve as well to get used to the system and all the nitty-gritty knowledge needed to configure it and run it properly. Another thing that is time-consuming and tough to do is tagging stuff the right way.

    What about the implementation team?

    We used a consultant, either DXC, which is a subsidiary of HPE, or Epic, which is a local consultant. Our experience with them was good.

    What's my experience with pricing, setup cost, and licensing?

    We're billed monthly.

    Sometimes, if there's a need for an upgrade or there is a system failure, there might be extra cost involved, such as for consultants or to procure the necessary equipment. We might be needing an upgrade very soon, and there will be costs connected with that.

    Which other solutions did I evaluate?

    We looked at a couple of other companies. We chose FireMon because of its cost and its simplicity, as well as its deployment and provisioning. We read reviews like this one, and we were quite confident because of what they described as their use and what their outcomes were.

    What other advice do I have?

    My advice would be to do an appraisal of your environment and list out your requirements and what you are hoping to achieve. Then look at a couple of companies that are in competition with FireMon and look at user reviews to see if your requirements are met best by FireMon or their competitors. That is the procedure we used to choose FireMon.

    If a colleague at another company said to me that firewall policy rule cleanup and management is important, but it's not a priority compared to more urgent things, I would say that there are a lot of bottlenecks and there is a reduction in service due to misconfigured or old firewall rules. They can prevent people from working properly. In the past, those issues hampered our network bandwidth and data movement. There were too many firewall rules that did recursive checks. There was increased latency and reduced productivity, and that frustrated a lot of end-users. Systems could be slow due to firewall rules that were misconfigured or outdated. FireMon enables you to efficiently manage your network and your firewalls and their rules, and it prevents security breaches.

    The biggest lesson I have learned from using FireMon is that automating certain tasks enables you to get them done properly. Those tasks include cleaning up and managing firewalls efficiently. It saves you time, costs, and resource usage, so that people don't have to manage as many mundane tasks. Those tasks can be shifted to a system like FireMon. Usage of FireMon enables you to concentrate on more important tasks, while the system alerts you on things that are not going properly.

    I would rate its real-time compliance management at eight out of 10. I can provide more details after we actually deploy it in the cloud, because I've used certain other things in the cloud, in other places, but we've not deployed FireMon in the cloud. But on-prem, it is very effective and an eight out of 10 is good.

    We haven't upgraded to the latest version. We're having discussions with FireMon at the moment. Most people are at home because of the pandemic and people have not had the chance to pursue it. About a week or two ago, we had a meeting with them, and a discussion with them not just on how to upgrade it, but also on how to fine-tune it with the new facilities and functionalities that have recently been created.

    Our deployment is on-prem, for now. We hope to get to SaaS, because we just started moving things to the cloud. We will do it soon. We are planning ahead for that, but it's dependent on the pandemic exit procedures.

    FireMon can also help automate firewall policy changes across large, multi-vendor enterprise environments, depending on how it's managed and how it's tuned. It requires knowledge to configure it to do that. We are hoping to implement that in the future, in hybrid, multi-cloud environments.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Learn what your peers think about FireMon. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    563,148 professionals have used our research since 2012.
    Network Engineer at a insurance company with 10,001+ employees
    Real User
    Top 20
    Decreases configuration errors, facilitates compliance, and the support is helpful
    Pros and Cons
    • "The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, headcounts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule."
    • "We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless."

    What is our primary use case?

    I am a contractor and I work on security. At this company, we primarily use FireMon for firewall rule analysis and as part of our firewall rule certification process.

    Our environment is on-premises using VM hosts.

    How has it helped my organization?

    With respect to compliance management, this product does cover some of the compliance factors, although not all of them. For example, in terms of accountability, it has all of the data available for third-party rules and auditing. It can produce a comprehensive report. However, compliance has its own set of requirements.

    We planned on having divisions for about 400 days but at 700 gigabytes, the file size was too large and it was interfering with our database backups. Consequently, we had to cut it down to 100 days, which means that we're missing 300 days of divisions. The fact that we no longer had a complete view of 400 days of data was a setback for us. Otherwise, the metadata has been pretty handy.

    We do not run assessments on new firewall rules before they are deployed, but we can set it up in such a way that compliance can be checked automatically once we push a rule to the firewall. If there is a problem then the new rule will be flagged. As it is now, we do all of the compliance assessments manually. The reason that we don't use the compliance module in FireMon is that it creates a heavy load on our CPU.

    Prior to FireMon being implemented, the company had Tufin running to conduct assessments. They were flagging some rules, based on the subnet categorization that is defined in Tufin. However, those kinds of assessments were not really accurate. They also weren't making any changes to the rules that were problematic.

    When they brought in FireMon, we started to run reports that are pretty precise. They were more accurate, and based on the firewall zone definitions. We began to flag rules that made sense and we also started to analyze them. Afterward, we were able to get rid of a lot of risky rules. There were a lot of shadow rules identified that we cleaned up. The agenda was to make sure that the security compound or security footprint within the company is safe.

    For this task, FireMon has been very helpful in terms of flagging such rules so we can drop them and improve the security of the infrastructure.

    FireMon has improved our compliance process in terms of the time and effort required to create compliance reports. As far as the rule recertification is concerned, it's made it easier for us because it's just one click to explore the metadata of each firewall rule and its information. For example, we use owner fields, technical descriptions, review dates, next review dates, and exceptions, if there are any exceptions. With all of the metadata in place, it can be given to the compliance team.

    This solution has helped us to decrease errors and misconfiguration that increased risk in our environment. By using the system that we did to flag risky rules, we were able to identify problems and mediate or eliminate them. We are still working on this but at this point, we have completed 80% of our cleanup. It has been helpful.

    FireMon helps to identify and prioritize fixes, although we do the repairs manually. This is something that is necessary when you consider our network and how our firewalls are configured. FireMon does provide suggestions and we make use of them, but we conduct our own manual analysis in addition to the reports. This acts as a valuable double-check for us, which is very important for our security posture.

    What is most valuable?

    The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, hit counts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.

    The logs product documentation and metadata that is very useful for compliance purposes.

    Usage reporting, including hit counts, is helpful for analysis. It comes in very handy when we can see how the firewall rules are being used because it can help us clean them up.

    Fireman has helped us in terms of being able to clean up firewall rules in a large environment, first of all, by helping to identify the risky rules. Rules are flagged using the filters, based on the zone metric definitions. We then refer to the object usage reports that we get within a group, along with the traffic analysis that we get from Splunk, and all of this is considered when it comes to making a decision. The rule might stay the same, be modified, or be dropped. FireMon has given us the extra ability to be able to do this.

    What needs improvement?

    We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.

    For how long have I used the solution?

    We have been using FireMon since the start of 2019.

    What do I think about the stability of the solution?

    Stability-wise, we did not have any issues.

    What do I think about the scalability of the solution?

    There are no issues with scalability.

    We have different business units in different countries. For example, we have users in Hungary and they're a different business unit. They're not given access to the firewalls or Panorama, although they were given access to FireMon where they can view the policies related to the Hungarian firewalls. There are between 10 and 15 people in the Hungarian business unit that use FireMon on a regular basis and their role is to view the policies.

    We have a few people from the NetOps team and the network technical center team that use the rule certification process, and they collect statistics on rule usage. These teams have mid-level privileges on the system.

    I have superuser privileges, and there is one other person that has the same access I do. He uses it for documentation on the firewalls for our offices in the Netherlands and Poland. Aside from these, we have other people who use it more generally for things like viewing rules.

    FireMon is being extensively used within the company and we have a few new users being onboarded next week. They are part of a third-party contract and the user count will increase, although I don't think that any new modules will be added.

    How are customer service and technical support?

    I would rate the support a nine and a half out of ten.

    They were really proactive and helpful in terms of support when we had issues. The servers have been pretty good and we haven't had any problems with them. There will be minor bugs and all of that, but they're always helpful and things get fixed with the next release.

    Which solution did I use previously and why did I switch?

    Prior to FireMon, the company was using Tufin.

    The reason that we switched is that somebody in the company decided that they wanted to have a one-stop solution for pushing the policies to the firewall, and for automation of policies to facilitate compliance. FireMon had the capability, which was proven with a PoC.

    Everybody liked the solution and that's why it was implemented. Ultimately, the one-stop solution was not used because, with our Palo Alto firewalls, it has been decided that Panorama will push the rules, rather than FireMon. At this point, I can't see that changing in the future. Panorama is not going anywhere because that is how the firewalls are managed. At the same time, they wouldn't want to rely on FireMon to push rules to Panorama, so this is why the system will stay as it is.

    Overall, however, the capabilities are better compared to other similar products.

    How was the initial setup?

    The basic implementation was straightforward but when you're talking about configuring the servers and all of the other steps, for a tool of this size, it's never straightforward.

    For example, when configuring the servers, you will still have minor or major issues that you have to tackle or have to fix during the initial implementation. It may be straightforward to do so, but fixing problems will always lead to other problems in the process.

    Overall, it was an easy implementation, but at the same time, it was ongoing. Our deployment did not take more than a month to complete. This included adding the firewalls from Check Point, which was done in advance of setting up FireMon. We had to set up the CPMI log collectors and then configure the Check Point dashboard to forward all of the logs to FireMon. Although it was time-consuming, I think it took less than 20 days in total.

    With respect to our implementation strategy, we followed a basic approach. We started with installing all of the servers, and then we had to move all of the devices from Tufin to FireMon. We had three vendors including Cisco, Check Point, and Palo Alto.

    We added each firewall vendor separately and we made sure that all of the logs were being forwarded to the data collector. This is where we get all of the log data hit counts, and we have to make sure that all of the devices are being retrieved successfully, without any issues. We also had to ensure that nothing was impacting the performance of the servers and there were instances where we had to wait for the specifications of the server just so they could meet all of the performance requirements. For example, the retrievals and all of the log data had to work properly.

    All in all, there were a lot of steps and we had to get support tickets throughout. Thankfully, the support was great. They were very helpful during the initial implementation stage.

    What about the implementation team?

    I was part of the implementation, testing, and onboarding processes. I have been part of the day-to-day operations, as well. I am the only person doing the maintenance and taking care of the tool.

    Maintenance involves upgrading the servers, and we have to make sure that all of the backup files are generated on time. Also, we have to check that they are being transferred via SFTP to our backup server. Basically, we have to make sure that the servers are healthy and nothing's causing any problems.

    What's my experience with pricing, setup cost, and licensing?

    This is an expensive solution. The cost of three modules for three years was approximately one million. There are no costs in addition to the standard licensing fees.

    Which other solutions did I evaluate?

    The company evaluated AlgoSec and a few other tools, ultimately zooming in on FireMon. It was after the initial evaluation that the PoC was done.

    What other advice do I have?

    The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are.

    We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it.

    This is definitely a product that I recommend, based primarily on how it compares with other similar tools. 

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Network Security Analyst at a government with 10,001+ employees
    Real User
    Support should be more knowledgeable and the system should be more open, but it is straightforward to set up and it's low maintenance
    Pros and Cons
    • "The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries."
    • "I think that having a more open system and providing documentation for it would be helpful for users like us. We are pretty adept and can navigate through the Linux software that the on-premises FireMon is based on. It would help us in the long run."

    What is our primary use case?

    There are different groups within our organization that are plugging their routers into the FireMon solution. They have central monitoring and also a central repository, which allows them to look at all of the rule sets.

    Basically, there are a few core sites that we plug into and we use FireMon to clean up the firewalls and help with any troubleshooting that comes up. It helps because it provides visibility into everything.

    We are only using the Security Manager and we don't have any auditing on that.

    When a rule comes in, we audit whether the rule is placed in the correct order and if it matches the request that came in. We do that after the fact.

    How has it helped my organization?

    Using FireMon has sped up our process a little bit.

    We had a fairly big hiatus where we weren't really utilizing it to the degree that we wanted. This is because, after the upgrade, there were a few critical things that broke. We worked with FireMon to alleviate those issues and to get them fixed. Now, it's to the point where it was before the upgrade, and we're trying to utilize it more for what we need. This includes compliance, security checks, and a lot of cleaning up.

    In terms of cleaning up firewall rules, FireMon helps in the sense that we can determine which rules are justified. One of my teammates actually created a script using the API to pull all the rules for a few of the core devices. Then, we give them to the respective group within the organization to look at and audit. This is something that is done on an annual basis. In that sense, we have started to utilize FireMon a lot, and it gives users a clean look at all of the firewall policies they have and provides them the opportunity to justify them. That helps cleanup because anything that's not justified or that needs to go, we can submit a request and get those taken care of.

    For creating, approving, and deploying firewall rules, FireMon saves us time when it comes to the troubleshooting aspect. When there are issues with blocks that happen for users, or if they are trying to go from one end to another end, either outside the internet or internally, FireMon homes in and helps us. We use FireMon more for this, rather than to audit specific rules.

    We are using it read-only right now, so it helps us to find the policy in question that could be the cause of the issue, but we alleviate it by submitting a request. There's a lengthy process for validating and verifying requests that come in, so the product doesn't save us time in this regard. We have the visual but then we tell the respective team to handle the writing on the device.

    Using FireMon has decreased errors and misconfigurations that would have otherwise increased risk in our environment. I can't estimate an exact number but when we did the initial cleanup a year ago, on the core devices it helped us to eliminate rules that weren't really being used. It was between 300 and 400 rules per device, which is a significant amount.

    FireMon has helped us to identify risks in the environment and to prioritize the fixes. This is mainly with some of the security blocking rules that we have, which are pretty intense. Firemon found issues where they were blocking too much or too little. It didn't have a very large impact on our security posture because we have other security tools that we're utilizing for intrusion detection, as well as other vulnerabilities. Because we're using it read-only, its primary use is as a monitoring solution. It doesn't do too much but does help with finding security issues before something goes wrong.

    What is most valuable?

    FireMon provides an automated way of figuring out which rules are redundant and which ones aren't used, based on the sys log data.

    The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries.

    What needs improvement?

    One way FireMon could be improved is to open up a little bit. Our team is pretty Linux-savvy and when we're troubleshooting on our own, we're limited by the way the backend is locked down. For example, if we're running into issues with a device not being read properly into the system, we have to go offsite and this doesn't give us the answers we want. We have to wait to create a ticket.

    I think that having a more open system and providing documentation for it would be helpful for users like us. We are pretty adept and can navigate through the Linux software that the on-premises FireMon is based on. It would help us in the long run.

    Again, having a more open system that we can operate using our own scripting and automation would be useful. The API is there, which helps a lot, but a more open system would let us better dig into issues.

    For how long have I used the solution?

    I have been using FireMon since I joined the company, approximately two years ago. The company had already been using it in production before that.

    What do I think about the stability of the solution?

    It's pretty stable. We do have false negatives about things going awry, but when we submit a CRQ, or submit a ticket to FireMon about it, they're usually aware of the problem. In some cases, we've had swap file issues, which goes into the yellow, and that's normal.

    What do I think about the scalability of the solution?

    The on-premises deployment is pretty scalable. We have four or five collectors, which is a pretty decently sized deployment. Adding more connectors is just spinning up a new VM in most cases.

    We don't have too many connected devices, although that is something that we're working on. It's part of the initiative. We're also looking into gathering information from AWS, the Amazon Web Services, although we're hitting a few roadblocks and we're working with FireMon about.

    In that sense, in the way that we want to scale in the Amazon environment, we're just getting clarification from them about it. That's the only downside for scalability that we've found so far. It may be a non-issue but we're working with them to figure it out.

    How are customer service and support?

    We use technical support pretty regularly and they are prompt. We have a point of contact, who is a project manager that is appointed to us from them. If we have any issues then we contact them directly, and they are pretty quick to respond and remediate any problems.

    If it's a small issue, we submit a ticket and they get back to us within a few hours. 

    I would rate the technical support a seven out of ten, as there are some areas that need improvement. For example, sometimes when we have a very detailed question, it takes them a bit to get back to us, rather than having knowledgeable people there. Usually, these are detailed questions that we have and we expect the technical resource to have the answers, or to get the answers very quickly.

    Which solution did I use previously and why did I switch?

    We did not use another similar solution prior to this one. FireMon was purely stood up to clean up the firewall rules.

    How was the initial setup?

    I was not with the company for the initial setup but it was pretty straightforward when we did the upgrade. There were no real issues in the process.

    Initially, we did have some high-maintenance requirements for it. That was at a point when we were having issues with it. However, after those were fixed within the system, it's been pretty low-maintenance. It runs as it needs to.

    What other advice do I have?

    FireMon can be used for real-time compliance management, and this is something that we're working on right now. We're working on doing a better job of creating our own custom compliances. The default ones are okay but we're trying to create our own compliance so that we can use that feature a little bit more. Right now, it's just sitting there with most of the defaults but that's one of the goals.

    We do not have FireMon fully integrated with anything. It operates mainly in a standalone fashion. If we wanted to, it could be used with the other security appliances. They are also standalone and operate independently.

    My advice for anybody who is considering FireMon is to check to make sure that FireMon is capable of pulling data from all of the devices. We have found some gaps in the support for some devices, and we've had to go back and forth for a custom device pack.  It is important to look at the environment to ensure that all of the necessary devices can be monitored.

    If FireMon is being used but rule cleanup isn't a priority, then standing it up for the Security Manager and pulling data from all of the devices still allows you to clean things up when there is downtime. As long as the firewall rules are logged, then it should be left to run and collect data until it's a priority. When there is time for a cleanup, it will find the redundant rules, shadow rules, and rules that haven't been used for a while. The reporting functionality auto generates that information and it will provide a stepping stone for easier cleanup.

    The capability is there with this product but it has to be refined. Most of the time when we try to add a new device, it should work but we run into issues. It's not hiccup-free. The software is getting there but for now, we run into issues too often.

    I would rate this solution a five out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Project Manager at a manufacturing company with 10,001+ employees
    Real User
    Does not yet work well with our complex Palo Alto environment, but does identify unused rules and objects for us
    Pros and Cons
    • "The most valuable features are the security assessments and the ability to identify unused rules or objects."
    • "Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric. I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there."

    What is our primary use case?

    We use it for firewall management and security management, firewall health, and processing firewall change requests.

    How has it helped my organization?

    Firewalls are very complex, and FireMon allows us to identify a firewall rule that may have a lot of sources, destinations, and paths, and identify various high-risk ports and high-risk situations that either shouldn't be implemented or need to be rectified prior to implementation.

    It has not really saved us time yet because there is still some pretty significant manual intervention involved. We haven't implemented it on all firewall types yet because we have hundreds and hundreds of firewalls that do different things and because different firewalls have different risk conditions. But for the ones we have implemented it on, while it doesn't really save time, per se, it does provide higher visibility into high-risk situations, which were very difficult to identify before. As a result, it has decreased risk.

    What is most valuable?

    The most valuable features are the security assessments and the ability to identify unused rules or objects. 

    The real-time compliance management, in general, is also pretty good, as is the cleanup of firewall rules in a large, enterprise environment.

    What needs improvement?

    It doesn't yet handle our firewall brand very well and some of the complexities that exist in a very large organization like ours. For example, it doesn't handle network address translation very well for cleanup and it doesn't handle nested objects very well for cleanup. It does unused-firewall-rule cleanup pretty well, but we have had to do some extensive modification because it sometimes gave us false positives. It would identify a firewall rule as unused when it really wasn't unused, due to the nature of how Palo Alto works and how FireMon works. That has required some manual workarounds.

    I also wouldn't say the solution automatically warns before new firewall rules, or changes to existing ones, violate compliance policies. Not totally. When a change request comes through, it runs through the FireMon process and if it is a high-risk situation, FireMon will flag it. It then requires manual intervention or manual evaluation or correction. Other than that, we work from a monthly audit report that runs to flag any rules that are high-risk. We want to streamline our operations and make them more effective and automated so that high-risk requests are filtered out and validated automatically or semi-automatically, prior to implementation.

    We're working on automating the request process, but we're at a standstill right now because FireMon doesn't handle Palo Alto attributes very well yet. It's very Check Point-centric. We've had limited success with automating, as a result. They need to be able to handle Palo Alto firewalls better. For example, they don't do App-ID very well.

    For how long have I used the solution?

    I have been using FireMon for almost two years.

    What do I think about the stability of the solution?

    We've had some stability issues in the past with FireMon. We still have a few that they say are fixed in version 9.5. But we can't run version 9.5 yet because they took out the SNMP management and our ability to remotely monitor our FireMon instance. As a result, we can't put that version into production yet. They're putting that ability back. That's a feature that we absolutely require. We're not the only ones that require It. In talking with them, a number of customers have complained about that.

    We've had some issues with file systems filling up because it identifies unused or unlicensed firewalls and it adds them to the list. It's trying to pull unused firewalls and that is filling up the file system and crashing the system. It still does that on version 9.3, but they say it's fixed in version 9.5.

    What do I think about the scalability of the solution?

    It's hard to scale FireMon. You have to add a lot more appliances or virtual machines to run the software and scale it appropriately. Because we're a worldwide organization, we've had to do a lot of that. We've had to split out our application servers and databases. We have three instances around the world and we're probably going to need to add more as we go forward, because it does have some limitations in how much it can process at any point in time.

    It's also, in part, a Palo Alto issue because Palo Alto processing is very slow. So in the handoff between Palo Alto and FireMon, we've had some issues where FireMon doesn't always retrieve the configurations in a timely manner. When we run a report that is not necessarily running on the current data for all firewall rules, a firewall rule will suddenly be flagged as "not used," for example, when it really is used.

    How are customer service and support?

    In general, their tech support is pretty good. 

    I do have a concern with them, and I did express it to them already: Sometimes, it seems that when a new release comes out and changes take place, their development team doesn't always let the field support people know what the changes are. We have run into something on several occasions that caught the technical account manager off guard because he wasn't aware of it. It was only when we surfaced it that he realized it and said, "Oh yeah, that has changed and they never told me."

    But generally, their technical support has been able to resolve issues. They're good, but I don't think they have enough expertise yet in Palo Alto.

    Some of our requests are feature requests. We're working with them on a lot of those and they take more time. Some have to be put into a future release, and some are on their roadmap but haven't been pushed out yet. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Before FireMon everything was manual.

    How was the initial setup?

    Our initial setup of FireMon was pretty complex, but we're trying to simplify things by choosing where we start. We're starting with some of our simpler, more straightforward firewalls. We haven't even gotten to the complex ones yet. It's a very slow process.

    What was our ROI?

    We haven't calculated ROI but the return when it comes to value is getting there. FireMon doesn't scale well enough with the complexity of our Palo Alto environment yet. I think the value will get there. We're at about the midway point when it comes to value. On a scale of one to 10, we're at about a four or five. On the simple firewalls, it works pretty well. On the complex firewalls, it kind of works, but there are a lot of exceptions that it doesn't know about or can't handle, and that causes us to have to backtrack into a lot of manual work.

    What's my experience with pricing, setup cost, and licensing?

    I don't see an issue with the pricing.

    Which other solutions did I evaluate?

    AlgoSec was one of the three other products we looked at. FireMon seemed to be a better fit for where we're going and what we're doing. It seemed to have more capabilities and features than some of the others did, features that fit our environment.

    What other advice do I have?

    If a colleague at another company were to say to me that firewall policy cleanup and management is important, but it's just not a priority compared to other more urgent items, I would say that firewall cleanup is pretty subjective. We think it's important because if you don't clean things up it leaves potential holes where vulnerabilities can come into your network. I would tell them it ought to be a priority.

    In a small organization, I think FireMon would be absolutely fantastic. Just be sure you do a good job of documenting your use cases in terms of the scalability you need, before you talk to FireMon. You need to be clear with FireMon about what kind of scale you need to be able to scale up to.

    When you get into an organization like ours, with hundreds upon hundreds of firewalls for different purposes, our firewalls don't line up in a linear fashion. It's not a case of "more of the same, more of the same," when it comes to our firewalls. They all have their own risks and nuances, their own rule sets, and their own security implications. Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric.

    I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there.

    We have an open issue list that we are working through with FireMon little by little, including things it doesn't do well. We meet with a technical account manager on a weekly basis. Of course, we're not their only customer, so we can't dictate what they do or don't do regarding Palo Alto, but we're making our concerns known.

    We've had to customize a lot of the security. Their out-of-the-box risk situation was too restrictive in some areas and not restrictive enough in others. So we have had to tailor the risk conditions by firewall type and create custom risk reports by firewall type, because not all our firewalls are the same.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Network Administrator at a computer software company with 51-200 employees
    Real User
    Reduces time and effort required to create compliance reports, but there have been issues with rule cleanup recommendations
    Pros and Cons
    • "Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use."
    • "I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did."

    What is our primary use case?

    We were excited in the beginning about this solution because we have multiple firewalls in different regions, and so many rules. We wanted to find a solution that could organize our firewalls and remove the unused rules and redundant rules.

    We use FireMon Security Manager. We don't use the Policy Planner or Policy Optimizer. We don't have a license for them. We started with a limited license and said, "If things go well with this, we'll go to the next step."

    How has it helped my organization?

    The solution has helped when it comes to the time and effort required to create compliance reports.

    It has also given me some confidence in the changes I make. Before, I was very hesitant to make changes or remove rules. Now, FireMon has decreased the time I spend on that by 50 percent.

    FireMon has also helped us when it comes to misconfigurations that increased risk in our environment. That is something that I have just discovered recently, when using it.

    What is most valuable?

    Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use.

    What needs improvement?

    During the first year of use we mostly reviewed the results FireMon gave us and used that time to learn about it. We did not go with the recommended changes in-depth, and we did not have many problems. But this year, we tried to go into the details and follow the recommendations. It helped us to remove and clean up a lot of our redundant rules, historically. But in the meantime, especially when we tried to do some advanced rule consolidation or cleanup of historically unused rules, we encountered problems.

    The solution does not detect traffic or activities that come and go through our local or site-to-site VPNs. So when we cleaned up some of those rules and encountered issues, we actually had to put them back.

    It's not just the VPN, but it also misses some of the rules. Two weeks ago, I cleaned some rules with the FireMon. I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did. Since then, I have been busy the whole time just reviewing all those rules and restoring some of them.

    FireMon also does not detect the rules with UDP. That's another problem.

    Another issue is that our compliance team wants to do some consolidation but that is also a problem because FireMon recommends consolidation based on the ports that we open. We have a grouping system with multiple groups. Under the consolidation grouping, FireMon suggests only based on the port. For example, if we use port 22, we have to share it across the board. It disorganizes the groupings that we have. So the consolidation is not working very well.

    Our compliance team also creates reports using FireMon, reports that they send to me. Sometimes I can follow those reports, but most of the time I cannot. In the last two days, I received two huge reports on unused rules and I cannot really use them. At the same time, I'm using my own judgment and my own due diligence. When I doubt a rule, I go back to the firewall and run the history and compare things to help me decide. The problem is that if I always do that, it will take me a lot of time and the solution ends up being 50 percent useful and 50 percent not useful.

    For how long have I used the solution?

    I have been using FireMon for roughly two years.

    What do I think about the scalability of the solution?

    I guess it is scalable, but there is room for improvement. 

    How are customer service and support?

    I was not involved in the setup of FireMon but, later on, when I became involved working with it, I approached FireMon personnel through remote conferences and remote meetings. They helped over the course of several sessions and that was helpful.

    Their technical support is very good, very responsive, and very helpful. They follow up on issues.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We did not have a previous solution. We just relied on regular reviews of our firewalls and rules by looking at the history.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average.

    What other advice do I have?

    It is not a bad tool. I still recommend it and I'm not against it. I recommend it because, overall, it has helped us to remove and clean 15,000 to 20,000 redundant unused rules. When we cleaned those, we were confident that they were not usable. They were very old. But we didn't just rely on FireMon's report. At the same time, we used our own judgment. When we blindly relied on the FireMon report, it created issues.

    It's a good solution, but it is not something that you can 100 percent rely upon. It is a useful tool. At least it will help you up to a certain percentage.

    We work according to the risks FireMon warns us about, but some of those recommendations are false alarms and others are valid. If it gives us 100 warnings, about 10 of them are valid.

    Despite all the shortcomings, we still prefer to use it. At least we get some good recommendations and suggestions in the reports. We like it, despite the drawbacks.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    GISA at a computer software company with 201-500 employees
    Real User
    Provides us with very good real-time compliance management
    Pros and Cons
    • "For the cleanup of firewall rules, it performs really well for us. We utilize it in our regular rule cleanup tasks, several times a year. FireMon is our primary tool when doing that, either by going through its out-of-the-box compliance rules or using it to search for certain things in our rules that we want to prune from our firewalls."
    • "When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box."

    What is our primary use case?

    Our main use case is the monitoring of changes on our firewalls. Another of our use cases is keeping firewall rules in good shape by doing regular rule reviews, using FireMon's built-in categories for rules and even deploying our own. Additionally, we used FireMon when we did internal firewall migration, meaning we were switching to a new generation of firewalls.

    How has it helped my organization?

    The solution has decreased errors and misconfigurations that would otherwise increase risk in our environment.

    In addition, when we migrated to a new generation of firewalls, FireMon was of help when doing a first benchmark of the new solution and the initial setup.

    It also identifies risks in our environment and helps prioritize fixes for them. The compliance module in Security Manager does that by watching overall rules and any changes, and benchmarking them against a pre-setup set of controls. It notifies us if any control has failed. That's how we monitor whether our firewall rules are compliant with a pre-set benchmark.

    Firewall policy rule cleanup doesn't need to be a priority for a company to justify using FireMon, given that it makes that job much easier and faster. That means you don't need to allocate as many resources to do that work. It's now incomparably easier to do things like a rule review.

    Overall, our monitoring and compliance are on much higher levels. The visibility we have into our firewall rules is much better now than it was prior to having FireMon.

    What is most valuable?

    One of the most valuable features is the compliance feature, which is something that we really utilize in Security Manager. It has a set of controls that we tuned a little bit from the way they came out-of-the-box, and created a custom set of rules that we are monitoring and that we want to have inline in our environment. It's a very good solution for real-time compliance management.

    And for the cleanup of firewall rules, it performs really well for us. We utilize it in our regular rule cleanup tasks, several times a year. FireMon is our primary tool when doing that, either by going through its out-of-the-box compliance rules or using it to search for certain things in our rules that we want to prune from our firewalls.

    What needs improvement?

    When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box. We have tried to work around it by setting up email notifications, but it would be nice if it came with the product. That would really turn it into real-time monitoring for us. 

    The workaround works for us, and the out-of-the-box setup is also good, but it expects you to be constantly watching and monitoring the solution itself. That's a bit hard when you have more than one solution to work on. You cannot just watch one and keep an eye on it for something that's non-compliant. Having an alert would be much easier for us. Still, it's a good tool for that kind of monitoring, for us.

    For how long have I used the solution?

    I have been using FireMon for about two years.

    What do I think about the stability of the solution?

    FireMon is quite stable. We haven't had any stability issues with it so far.

    What do I think about the scalability of the solution?

    It's quite scalable. The process of adding modules has gone quite well. Anytime we have needed to increase it, there hasn't been a problem.

    We use it extensively; if not on a daily basis then on a weekly basis. There are periods when we use it even more intensely when doing reviews.

    How are customer service and support?

    They really give us great support. When thinking of the level of support that we get from some other vendors, FireMon's support is really good. They have a good, knowledgeable support team around the world. We have offices in Europe and California. Whenever we have had any type of issue and have needed their support, whether the issue is in Europe or California, we have had really great support from them.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution.

    How was the initial setup?

    We had a FireMon support engineer for the initial setup and it looked fairly straightforward, but it definitely needed some FireMon knowledge. Since then, we have onboarded a number of new devices in FireMon on our own, and that part is quite straightforward. But setting up the system itself is something that requires the knowledge of a FireMon engineer.

    For the deployment, there was a month of weekly sessions with the engineer to get it working.

    We have three people, within our security staff, who are using FireMon regularly. The three of us were involved in deploying and we work on maintaining it. It's a shared effort. None of us is working full-time on FireMon.

    What's my experience with pricing, setup cost, and licensing?

    There are no costs in addition to the standard licensing fees.

    Which other solutions did I evaluate?

    We talked about other solutions with different partners, and based on that we decided to go with FireMon. We did have a proof of concept with them before going live, and we liked it and the options it had, so we decided to go forward.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Security Analyst at a government with 501-1,000 employees
    Real User
    A capable product with good support, but it needs better reporting
    Pros and Cons
    • "It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now."
    • "Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that."

    What is our primary use case?

    We only have security management. 

    It was deployed on-prem. It used to be on the hardware, and there used to be an appliance, but we have switched to a virtual server. We are now on a VM.

    What is most valuable?

    It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now.

    What needs improvement?

    Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that.

    For how long have I used the solution?

    I have been using this solution for more than five years.

    What do I think about the stability of the solution?

    It has been stable until this year when we had three weeks of downtime. We had an issue with data collectors, and they couldn't figure out what the issue was. They were troubleshooting for more than two weeks. It was up and down. It was probably related to the hardware because since we have moved to the virtual machine, we haven't had that issue.

    What do I think about the scalability of the solution?

    It is a capable solution. We are in the process of buying more licenses and adding more virtual machines. We started with 20 licenses, and now, we have more than 60 licenses.

    How are customer service and support?

    Their support is nice. They are very good.

    Which solution did I use previously and why did I switch?

    I am not aware of any previous solution.

    How was the initial setup?

    I wasn't there when they installed it.

    What other advice do I have?

    It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard.

    To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important.

    In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them.

    It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much.

    In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies.

    I would rate it a seven out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate