FireMon Room for Improvement
IT Security Admin at a tech vendor with 1,001-5,000 employees
While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon.
FireMon could improve their support for individual vendors. There are features that are specific to Cisco Firewalls that are not supported in FireMon. That changes a lot because they do release updates pretty regularly. However, if you are using Check Point, and that is what you use as your firewall, and you don't use Cisco Firewalls, then all the features for Cisco just aren't really worth it to you. So, FireMon could improve by making sure that they have full coverage for all the vendor specific uses.
Network Engineer at a insurance company with 10,001+ employees
We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.View full review »
Network Security Analyst at a government with 10,001+ employees
One way FireMon could be improved is to open up a little bit. Our team is pretty Linux-savvy and when we're troubleshooting on our own, we're limited by the way the backend is locked down. For example, if we're running into issues with a device not being read properly into the system, we have to go offsite and this doesn't give us the answers we want. We have to wait to create a ticket.
I think that having a more open system and providing documentation for it would be helpful for users like us. We are pretty adept and can navigate through the Linux software that the on-premises FireMon is based on. It would help us in the long run.
Again, having a more open system that we can operate using our own scripting and automation would be useful. The API is there, which helps a lot, but a more open system would let us better dig into issues.View full review »
Project Manager at a manufacturing company with 10,001+ employees
It doesn't yet handle our firewall brand very well and some of the complexities that exist in a very large organization like ours. For example, it doesn't handle network address translation very well for cleanup and it doesn't handle nested objects very well for cleanup. It does unused-firewall-rule cleanup pretty well, but we have had to do some extensive modification because it sometimes gave us false positives. It would identify a firewall rule as unused when it really wasn't unused, due to the nature of how Palo Alto works and how FireMon works. That has required some manual workarounds.
I also wouldn't say the solution automatically warns before new firewall rules, or changes to existing ones, violate compliance policies. Not totally. When a change request comes through, it runs through the FireMon process and if it is a high-risk situation, FireMon will flag it. It then requires manual intervention or manual evaluation or correction. Other than that, we work from a monthly audit report that runs to flag any rules that are high-risk. We want to streamline our operations and make them more effective and automated so that high-risk requests are filtered out and validated automatically or semi-automatically, prior to implementation.
We're working on automating the request process, but we're at a standstill right now because FireMon doesn't handle Palo Alto attributes very well yet. It's very Check Point-centric. We've had limited success with automating, as a result. They need to be able to handle Palo Alto firewalls better. For example, they don't do App-ID very well.View full review »
Network Administrator at a computer software company with 51-200 employees
During the first year of use we mostly reviewed the results FireMon gave us and used that time to learn about it. We did not go with the recommended changes in-depth, and we did not have many problems. But this year, we tried to go into the details and follow the recommendations. It helped us to remove and clean up a lot of our redundant rules, historically. But in the meantime, especially when we tried to do some advanced rule consolidation or cleanup of historically unused rules, we encountered problems.
The solution does not detect traffic or activities that come and go through our local or site-to-site VPNs. So when we cleaned up some of those rules and encountered issues, we actually had to put them back.
It's not just the VPN, but it also misses some of the rules. Two weeks ago, I cleaned some rules with the FireMon. I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did. Since then, I have been busy the whole time just reviewing all those rules and restoring some of them.
FireMon also does not detect the rules with UDP. That's another problem.
Another issue is that our compliance team wants to do some consolidation but that is also a problem because FireMon recommends consolidation based on the ports that we open. We have a grouping system with multiple groups. Under the consolidation grouping, FireMon suggests only based on the port. For example, if we use port 22, we have to share it across the board. It disorganizes the groupings that we have. So the consolidation is not working very well.
Our compliance team also creates reports using FireMon, reports that they send to me. Sometimes I can follow those reports, but most of the time I cannot. In the last two days, I received two huge reports on unused rules and I cannot really use them. At the same time, I'm using my own judgment and my own due diligence. When I doubt a rule, I go back to the firewall and run the history and compare things to help me decide. The problem is that if I always do that, it will take me a lot of time and the solution ends up being 50 percent useful and 50 percent not useful.View full review »
GISA at a computer software company with 201-500 employees
When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box. We have tried to work around it by setting up email notifications, but it would be nice if it came with the product. That would really turn it into real-time monitoring for us.
The workaround works for us, and the out-of-the-box setup is also good, but it expects you to be constantly watching and monitoring the solution itself. That's a bit hard when you have more than one solution to work on. You cannot just watch one and keep an eye on it for something that's non-compliant. Having an alert would be much easier for us. Still, it's a good tool for that kind of monitoring, for us.View full review »
Security Analyst at a government with 501-1,000 employees
Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that.View full review »
Lead Network Specialist at a university with 5,001-10,000 employees
It comes as a Linux appliance on a server and we're not a Linux shop, we're more of a Windows shop. It would be great if they could automate or integrate the backups into it and other things through their GUI interface, just to make the management of Linux a little more transparent.View full review »
We have had some stability issues that are affecting operations. We rely heavily on this solution and if it isn't working then we have to create rules manually.View full review »
Asst. Manager Finance at a insurance company with 5,001-10,000 employees
I personally have started using it recently, therefore it's hard to pinpoint if anything is lacking. I need more time with the product.
The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing.View full review »
IT Security Assistant Manager at Octopus Cards Limited
The review process is an area that needs improvement. We would like to review the rules and be able to make comments.
The advanced features are complex in setting up the rules.
I would like to see level mapping available with other products improved, to allow other products to build the level mapping. It does not have an export in Visio.View full review »
FireMon could be easier to use and flexibility regarding reporting could be improved.View full review »
Network Solution Architect at a manufacturing company with 10,001+ employees
I don't like that it comes with bugs, constant issues, and limited functionality. I would like to have enhanced change management reporting support for UTM features in the next release.View full review »