FireMon Security Manager Reviews

We have a two-server system for web applications, and we utilize FireMon to manage our Palo Alto firewalls. We log in to FireMon for reporting and creating rules. Currently, I am working on a project that involves using FireMon to clean up some of our open rules.

FireMon is deployed on-premises.

The real-time compliance management is excellent. It's something we prioritize in our efforts to comply in real-time. We have established some rules following the PCI guidelines as we are currently working towards achieving PCI compliance. These rules serve as metrics for us to assess our progress. We believe that real-time capabilities are essential and exciting for our organization.

FireMon alerts us whenever there are new rules or changes to existing ones. I have set up some reports that arrive in my inbox daily, providing me with a summary. So, if there are any changes within the environment, I am notified. I believe that FireMon can also notify us before a change is made in our environment.

The compliance reporting process does not require much time or effort, as long as we know what we are doing.

FireMon helps automate firewall policy changes across large and multi-vendor enterprise environments.

FireMon provides us with a dashboard view that shows an overhead view of all our redundant rules, along with our own user rules. With this information, we can generate reports and focus on specific criteria we are interested in. By doing so, we can easily identify rules that are actively in use, while also being able to spot duplicates and other elements that aid in cleanup efforts.

FireMon helps us save time when creating, approving, and deploying firewall policies. For instance, when we deployed certain rules, they resembled penetration testing scenarios. The reports provided us with the capability to monitor activities in our network and effectively save time. Consequently, we could easily share these reports with the networking team, enabling them to promptly remove the identified rules, rather than having to conduct extensive and time-consuming investigations.

FireMon helps to reduce misconfiguration, which can increase risks in our environment by at least ten percent. For example, it achieves this by not deploying specific rules that are overly permissive.

FireMon assists in identifying risks within our environment and prioritizing fixes for those risks. This is an essential feature of our organization.

What I like about FireMon is the ability to track changes made by network engineers on the network. This allows us to run reports based on those changes. We can also track new rules to see if they comply with our standards. Additionally, we can identify rules that haven't been used or those that duplicate others excessively. FireMon enables us to create reports that provide valuable information for making changes within the system.

The dashboard in FireMon is excellent, offering an overview of our network's compliance and security index database, among other things. I have also used FireMon for risk analysis of policies, exploring the possibilities and findings. While primarily focused on cleaning up files for a project, I have utilized many features for removing redundant and unused rules.

However, I am aware that FireMon has even more to offer, such as understanding our network topology and conducting a comprehensive risk analysis. My current work mostly revolves around compliance, change management, and reviewing the alterations made.

FireMon could be made more user-friendly when it comes to creating filters or conducting traffic analysis.

I have been using FireMon for eight months. 

FireMon is quite stable overall. However, there is one issue I encounter when attempting to run reports. Occasionally, it indicates that I do not have to report the web services. I'm uncertain if this problem is unique to our system or not, as it seems to be an ongoing concern. I have submitted several tickets, with five more related to this particular issue. Aside from that, FireMon remains stable and does not experience frequent downtimes. The only inconvenience arises when running reports, as it occasionally prompts an error, leading to a need for a web server restart.

The technical support is generally good, but they can sometimes be slow in responding.

I would rate FireMon a seven out of ten. There's a lot more I can gain from FireMon, as opposed to just running reports. I am particularly interested in automation and similar functionalities, but I haven't dedicated enough time to fully take advantage of all the features it offers.

There are ten of us using FireMon within our organization.

The maintenance we undergo for FireMon primarily involves upgrades. We have dedicated networking personnel and a development manager who oversees the maintenance.

I suggest spending a significant amount of time watching the videos; there are some beneficial training videos available. Additionally, it would be beneficial to arrange some sessions with their contact. I have an account and have been having sessions with my contact for five months.

Firewall policy clean-up management is undoubtedly a priority. If we have rules that are not correctly configured or overly encrypted, we expose our environment to numerous serious compromises, making it imperative to address this promptly.

We're an MSSP, so we put FireMon on our customer sites to monitor their security devices.

It's so quick at finding redundant and shadowed rules. I used to have to do that and I would have to yell at people to stop bothering me because I needed my complete concentration to do it. And there was still human error. FireMon saves all that time and eliminates that human error.

Also, in terms of our compliance reporting process, they would give us a week and we'd pull all the configurations of all the firewalls and send them off to someone like me who would go through them and say, "Hey, this is not good. Take a close look at this. Why is it any-any?" People would have to go back and look at the firewalls to see if that was a business risk or not and, if it was, have the company sign off on it as a business risk. That would actually take up to about six months of going back and forth, giving people weeks at a time to respond.

With FireMon Security Manager, I can create a report and send it off to the customer and say, "Here are the 98 rules that put you at high risk. Are these needed?" They look at them and say, "Oh no, that application is gone, you can get rid of that." Or they say, "Yep, this is an acceptable risk." I then say, "Okay, I'm going to be back in a year," and I mark it as "acceptable risk, by so and so." A year later I can go back and say, "Is this still an acceptable risk to you?" It makes our compliance so much easier when compared to having to do it manually. I would recommend everybody get this tool just for that aspect.

A module that we have to pay for, because we're using FireMon Security Manager, helps automate firewall policy changes across large, multi-vendor enterprise environments, and it's the only solution that does that. The rest of them are so labor-intensive that this would probably save 70 percent of that work time. It enables us to make changes company-wide. Suppose one of our clients has 60 firewalls. We can do a company-wide firewall update within about two hours if they have multiple brands of firewalls. We can do it in about 30 minutes if they only have one brand. When we had a person logging in to manually do it, it would take them at least a day for 60 firewalls. Now, if it's Palo Alto, we can do it in half an hour. If it's Fortinet, it can take us an hour and a half.

We have about 20 customers and we're saving at least a day of time for each one of those customers. Within one day, we can do what we used to do in two weeks. That's very significant because we were looking at hiring more people. FireMon has reduced the need for that. As our people become more and more efficient, we can actually have more and more customers without having to increase our labor force.

The solution can also talk across on-premises, cloud, hybrid, SASE, and SD-WAN environments. You need the path. Once you have the path, which most of the time is going to be a VPN tunnel if it's over an untrusted area, you can do anything. That makes it one pane of glass. For example, in the past, if it was on-prem and in the cloud, I would have to do an on-prem pane of glass and a cloud pane of glass. Now I can do it in one pane of glass and it's less labor-intensive and much faster.

You can even automate the cleanup of firewall rules in a large, enterprise environment. That's the nice part about it. You can say, "Here are 100 rules I want you to disable," put in the IP addresses, hit enter, and it pushes that out to the 60 firewalls. It takes time, but you walk away. You've saved tons of time while it's doing the process for you through automation. I can't see working on more than one firewall without having this tool.

If you make a mistake on one IP address, and you push it out to 60 firewalls, instead of bringing one down, you could bring them all down. You measure twice and cut once. You verify, you make sure you have the stuff in there. Then you have a second person to look at it and, when you both agree, you hit enter and you know you're not going to bring the system down. That actually takes a little bit more time because it's a two-person activity where it used to be just one. We used to bring down a firewall once a month and now we don't do that. We're saving at least one outage day and then another day of apologizing.

People have a tendency to just add rules to firewalls, but they don't go back and take rules away. Some of our customers have thousands of unused rules that have been sitting out there for over a year. In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level.

It also identifies risks in your environment and helps to prioritize fixes. It actually rates the risk level, meaning you look for the red and try to bring everything to green.

When it comes to documentation, they need to start putting together a basic command manual. With Cisco, you can look up a command and it gives you examples of three or four different ways that command can be used. It tells you how to put it into the GUI and the CLI. FireMon does need to start doing that. Right now, I use their tech support for that. They give me a command and I create my own book.

I have been using FireMon for four years.

I have use cases where it's been running for two and a half years, and I've never had a problem with it. They're smaller companies where there aren't a lot of changes going on, but FireMon is just clicking away the whole time. It's stable.

Once it's put in, you pretty much walk away from it. You come back every morning to see if anything is going on and, if not, keep moving. It has made life a whole lot easier for us.

It's very easy to scale up or down.

Every time we get a new customer, we put it in. The customer has to have a VM set up for the hardware requirements of FireMon, or we won't monitor their systems.

They're very quick. They usually have the answer in a short period of time, and the maximum is no more than a day. Most of the time I just need a command and I can put it in on my side to verify, and that's it. I need to see what's going on. I'm a hands-on person. I don't like to sit back and watch other people do things.

Positive

We started with another solution called ManageEngine Firewall Analyzer, and we had that throughout our customers' sites. We recently started moving things over to FireMon for our old customers. If you run into Firewall Analyzer, run, don't walk, to the nearest exit.

Firewall Analyzer was so labor intensive just to do a report. You would tell it to look up an IP address and create the report, it would create a 20-page report, but you'd end up having to do that 20 times until you got the entire report. It could take six to eight hours to do a report. With FireMon, I hit "report," walk away, and it says, "Hey, your report's ready."

The initial setup is pretty easy. I have three engineers who work on setups, and it took about 20 minutes, walking through it twice in the sandbox. It's pretty easy to set up.

There are two aspects to the setup. There's the basic setup of getting the application working, and there is the advanced setup of putting firewalls into the application. The basic is so basic that it's ridiculous. I could probably answer all the questions a customer might have and send it off to them and they could do it by themselves the first time. The advanced is a little bit more hairy because you have to make sure everything is in place.

At each of our customers, we assign at least two people to do the reports.

The maintenance is lightweight. The only trouble is in the upgrades. They take a little bit of effort, but they only come out once or twice a year. Sometimes, you don't need to do the upgrade because the change isn't applied to whatever site you're working on. Sometimes an upgrade is easy, and sometimes it's reformatting a database and that takes a little bit more effort. But you don't do it. FireMon has a script all set up. It's just that it takes a little bit longer to watch it do the upgrades, as compared to doing it ourselves.

Our ROI is the FTEs a year that we're saving. The solution is not even close to the cost of an employee. It might cost that employee's health benefits. We're saving double the amount of money we would pay a person.

There is sticker shock on Firemon's pricing because it is done per device, but I'll guarantee you that it's well worth it. For each of our customers, we save at least one FTE a year. We would have needed 20 more people in our organization without the FireMon application.

When it comes to real-time compliance management, FireMon is much better. I've looked at Tufin and one other competitor, but FireMon has the most accurate best-practice reports. Tufin was our least favorite of the three. The other one was pretty good, but it looked a little bit immature. You had to create all the stuff you needed to do, while FireMon had everything already created, so it was the logical choice.

My advice would be to get familiar with UNIX commands and the VI. Those two are very helpful when you're working on the CLI. Otherwise, the GUI is so easy.

Security Manager, which is what we're using, doesn't automatically warn you when new firewall rules and changes to existing ones violate compliance policies, before they are deployed. However, there is another licensed aspect to Security Manager that does have that ability. What I have will tell me that somebody has made a change, what it was, and when it was made, but for the solution to make it a judgment call, I'd have to license another portion of Security Manager. It will even tell you where to put something. You put the entire enterprise in, with 60 firewalls, and you say, "I want to do this." It will say, "Okay, put it over here on this firewall, on this interface." You don't even have to think about the design. It does all the work for you.

If a colleague at another company said that firewall policy cleanup and management is important, but it's just not a priority, I would tell them that's a misconception. Any rule out there that hasn't been looked at, at least yearly, can become a security problem. Leaving that open, someone else can put another server in its place and now have open ports because you didn't remove a rule that's no longer in use. That's a very big security hazard. You do not want to leave rules in that aren't being used.

I've seen that happen in many companies that I've worked in, where a server had a lot of ports open because it needed to have them open for that application. The server then went away and then someone put another server in there and it automatically had all those rights. You didn't even know that it was changed. All you saw was a name change, and didn't realize that all those open ports are now a security violation because they applied to the old server and not the new one.

Having used it for so long, I'm so inundated with it that I can't see much that needs to be improved without a major redesign, and I can't even see that. When we're putting in automated changes it takes effort, but you realize that if it was too easy you could mess things up pretty quickly. I prefer it the way it is. I really don't want it changing.

It's the only tool we use for our security area that is worth anything.

We have a two-server system, application and web, and we're using FireMon for our Palo Alto firewalls and their logs, to help us create rules. 

We're working on cleaning up our rules using FireMon as well, because we have a lot of live, open rules.

FireMon really helps save time with the reports that give you visibility into what's going on with your network. We were able to pull a report and give it to the networking team and they were able to remove those rules, as opposed to having to dig deep and spend hours on that.

It has also definitely helped decrease errors and misconfigurations. For example, we had certain rules that were overly permissive. We were able to redress those rules and make them more specific. We have seen at least a 10 percent reduction in misconfigurations.

I've been using the reports to see what is going on, and that is a helpful feature. We can track down unused rules, which helps with compliance. We can see rules that have not been used or that are duplicates or overly permissive. We can use FireMon to create reports and use that information to make changes within FireMon. I also like that we can track the kinds of changes that the network engineers are performing on the networks. We can run reports on that.

We have also set up alerts and reports that come into my inbox daily. That gives me a rundown of any changes that have occurred within the environment.

The solution has a good dashboard that gives you an overview of what's going on within your network in terms of compliance and the security index. The dashboard also gives you an outline of redundant and unused rules. You can run reports and make them a bit more targeted in terms of what you're looking for. That can help with the cleanup.

I've also dabbled in the Policy Analyzer to see what information I can get from that.

Some of the things that you want to do in FireMon are not exactly straightforward, like creating certain reports or controls. Some of the functions could be a little more user-friendly, such as creating certain filters.

For example, I was trying to do a traffic analysis and it can be a little tricky trying to change your firewalls on that profile. You almost have to create the entire thing over again. So there could be some enhancements in the user-friendliness.

I have been using FireMon for eight months.

FireMon is pretty stable. 

There has been one issue when I try to run reports. Sometimes it gives me an error and I have to reboot the web services. I'm not sure if that's unique to us or an ongoing issue. I've opened quite a few tickets with FireMon on that. 

Apart from that, it's pretty stable. It doesn't go down.

The support has been good. They have been slow to respond sometimes, but overall, it has been good.

Positive

Networking-wise, I used a number of different solutions, but I didn't use anything similar to FireMon before.

My advice would be to spend a good amount of time on the training videos. And if you can set up some sessions with your FireMon contact, that would also help. I do so many different things that I don't get enough time to spend on FireMon. I do use it pretty often, but maybe in terms of training, especially, there's a lot more I could gain from it, as opposed to just running reports. I could get into automation, for example.

In addition to what I've been using it for, I know there's a lot more within FireMon, like getting an understanding of your network topology, bringing many different points together, and analyzing the risk factors. FireMon also helps automate firewall policy changes across large, enterprise environments, but we don't have it set up to that yet.

Real-time compliance management is great. That's something that we are looking into and we have created some PCI rules. It's just a matter of learning how to make the reports. It's not very difficult at all.

The maintenance that we go through with FireMon is mainly upgrades. I'm the point of contact and we have a couple of networking guys who are hands-on as well.

Firewall policy cleanup is definitely a priority. If you have rules that are not properly configured or overly permissive, you open your environment to a lot of serious compromises.

We use FireMon for monitoring, reporting, and logging purposes.

FireMon's real-time compliance management is good.

The ability to evaluate the overall security measures of our organization is beneficial. However, not essential for small to medium-sized companies like ours. These features are also provided by OEMs. For example, Palo Alto and other firewall solutions offer similar features on their devices. This includes the ability to identify unused or excessively permissive rules.

Generating compliance reports is a straightforward process. These are auto-generated reports that are produced once we forward our traffic to the SIEM devices. The devices automatically generate standard compliance reports that we can customize if necessary. This feature is advantageous because it saves time and ensures that the necessary reports are generated.

FireMon can help organizations automate firewall policy changes across large multi-vendor enterprise environments.

FireMon can impact the cleanup of firewall rules in a large enterprise environment. With FireMon, it is possible to view shared rules and assign tasks to different users within our team. Additionally, tagging is available which allows us to easily revisit and save alerts on these rules. This feature is particularly useful for large organizations.

FireMon helps save us significant time by accurately creating, approving, and deploying firewall policy rules and eliminating duplicate rules.

FireMon helps us identify errors in misconfigured policies by displaying the errors in the dashboard allowing us to remove those rules.

The most valuable feature of FireMon is its ability to configure multiple devices and consolidate them into a single desktop, which allows us to manage all of our security devices, such as Palo Alto and Zscaler, from one place.

The training for configuring new users or operators is confusing because the UI is not user-friendly and has room for improvement.

The technical support team's responsiveness needs improvement.

I have been using FireMon for one year.

FireMon is extremely stable with zero downtime.

FireMon is scalable. The scalability is based on the number of licenses.

The technical support team is not promptly addressing any issues. As a result, it can take some time to have the tech engineers available when we require features to be enabled or configurations to be updated.

Neutral

FireMon's initial setup is straightforward. Three individuals from our team and one engineer from FireMon's team participated in the deployment.

The implementation was completed by the professional services team.

I give FireMon a nine out of ten.

I recommend that prospective users thoroughly familiarize themselves with all the features and capabilities of FireMon before configuring it. This will help ensure that no features are overlooked and that all features are utilized correctly.

Firewall policy rule cleanup and management should be a top priority for all organizations. Improper configuration of these rules can pose a significant security risk. It is crucial to have knowledge of the allowed traffic, necessary policies, and unnecessary policies. Additionally, it is essential to monitor web traffic and accessed web port applications within the organization, including which users are accessing them. Configuring policies correctly is crucial to gaining control over malicious activity and user access.

We use it to keep track of our firewall devices, as an inventory database and a collection of the configuration. It also draws out the map of our network, including non-firewall devices.

We are using the latest version of the solution.

FireMon has been helpful because we have been able to meet our compliance risk management targets. We have been able to satisfy our auditors, internally and externally. 

FireMon has helped automate firewall policy changes across large, multi-vendor enterprise environments. This has been helpful for keeping a good inventory of the changes. Everything is well-documented. It also helps us to be mindful before we make any changes that everything is audited. Since we are a global environment, we can't see everything. We have many people working on different devices.

We are presently utilizing the automate firewall policy changes for our firewall and internal network devices.

The cleanup of firewall rules in our environment has been very helpful. We can go back and ensure we have uniform rules across different firewalls.

When it comes to real-time compliance management, it is very good because it is able to compare changes in the configuration as well as giving us a timestamp. It also sends email alerts to our environment so we know if someone has made a change on the network. It gives us the whole picture of that change. Whether it is a configuration change or just a small comment, it gives us the before and after snapshot.

FireMon can see firewall rules that may be too open. Then, we need to make them more restrictive. This is extremely important for our security posture. Every minute that passes, where we are not aware of an exposure, could cause major damage to the company.

We like that it is able to draw the network's topology. However, because it can't see certain things, it doesn't draw the full story. However, it is still extremely helpful. We also have asymmetric routing, which causes a challenge.

FireMon could improve its end-user practices. As an end user, I am just trying to catch up on all the alerts. There are so many, and you still have to go through them and document what was found. 

I have been using FireMon for at least two years.

Stability has been very good. The solution is set it and forget it. 

Scalability has potential. It could have more. Maybe a cloud environment is something that we should look into since there are many more layers once it gets out to the cloud. However, we don't want to trust the vendor completely. We just want to be able to see our environment.

It is used to monitor our firewalls and network devices from the US to Asia.

The technical support is very good. We have been able to get them on a call and get everything done as soon as possible, meeting our compliance and IT risk deadlines. I would rate the technical support as 10 out of 10. They were very patient with us on the call. It took about a week to get it all squared away.

Positive

Before FireMon, we were using FireEye. We switched because it could not generate the topology or draw it. It had a hard time with our Firepower Management Center, getting the firewall configuration and some of our ASAs. I also could not map the Cisco ACI environment.

The initial deployment was straightforward. Nothing was too complex, except adding more permissions to the service account. Otherwise, it was straightforward.

We did have a consultant from the solution on the call with us when it wasn't able to draw the whole network, as it couldn't log into that device. However, that was resolved.

We do change management every week. In a given week, we get at least a dozen email alerts about changes. FireMon saves us time in accurately creating, approving, and deploying firewall policy rules.

The solution saves us time in accurately changing firewall policy rules with 12 alerts per week. It gives us a graphical view, which is always helpful.

FireMon has decreased errors and misconfigurations that increased risk in our environment. There have been times that the solution found that we are using "any any" on some firewall rules. It was unintentional, and the solution was able to catch it and we fixed it right away.

Our information security did PoCs with many firewall or configuration change compliance software solutions.

Right now, we use a change management system so we are not using FireMon to warn us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. FireMon does this, and we have seen it where it will have a questionnaire of things before we implement into the firewall. However, we are not presently using it because it does not integrate well with our current change management software, Cherwell.

With more understanding, we could have saved time on what kind of access FireMon needs, since we can't just give full access. We have to gradually allow it until that is enough access to get the information.

I would rate this product as 10 out of 10. 

We use it to capture logs and events from our enterprise firewalls, and we also collect configurations from those firewalls. Our main use case is for cleanup and hygiene of those firewalls, to make sure that all the rules that allow our systems to talk to each other are current and being used. And if they're not, then we clean those rules up.

We use it more on the reporting and logging side, rather than for actually making changes to our firewalls.

For our PCI compliance audit this year, it was a better tool for us, with better real-time capabilities and better formatting for the reports that we needed. It has definitely made things more efficient by having a single console. We can run all of our reports from it, whether it's for the PCI environment or things that extend beyond that environment. It's very simple to use and it saves us time.

The "wheelhouse" of FireMon, and why we bought it is the effect it has on the cleanup of firewall rules in a large environment. We've had rules out there that needed to be cleaned up for a couple of years and we just didn't have an elegant way to do that. The solution has really helped make things more efficient and easy for the implementing teams to consume. It's been great for that.

While we didn't buy some of the additional tools that allow us to implement changes, it saves us time in accurately creating, approving, and deploying firewall policy rules. We get more value out of being able to compare what was done versus what the team said they were going to do or what was approved.

It has also decreased errors and misconfigurations that increased risk. It's hard to quantify by how much, but we'll catch something that wasn't done quite right or as optimally as possible in 10 to 15 percent of the things that are implemented.

There are some built-in cleanup reports, out-of-the-box, and we like those. 

Also, the unused objects is another nice feature, where it digs a little bit deeper into comparing the logs that it sees versus the configurations that it sees. As an example, a firewall rule deck could be very complex and might have hundreds of objects. The unused objects feature will go through in a pretty detailed way and show us which ones aren't being used. Or, if they are used, it will show us how often they're used. 

Both those are geared toward cleanup and hygiene of the environment.

It's also good when it comes to real-time compliance management. We used it for our PCI audit this year. It's a situation where we have to prove to our auditors that all the communications that are coming in and out of particular systems, and that process cardholder data, are current, and that we have the documentation, descriptions, and the rules. It's been extremely helpful for that. We used some other tools in the past, but this one is far superior.

In addition, in terms of when new firewall rules and changes to existing ones violate compliance, the way we have it set up, FireMon automatically warns us when they're deployed. We look at those and we compare them with what we have approved for changes to the environment and it's very helpful for us.

To my knowledge, there's no cloud component to FireMon whatsoever. We're on the hook for any updates to versioning of the operating system or the application that runs on the operating system. It would be nice if it was a little bit more automated. We've got a small team and every time a new version is released, we have to go back and relearn the commands and how to verify that things were done correctly. That's the one pain point for me: It takes quite a bit of hand-holding, in terms of system administration from our server and infrastructure teams.

We implemented FireMon about six months ago.  

We haven't had any problems since the deployment. Things have been running fast and efficiently.

We're a pretty small shop, so I don't know how it would scale for a Fortune 100-sized company. Based on the feedback I've had, it's been great. We haven't had any problems with capacity or what we have needed to do.

We have 10 people using it who are system admins, network admins, and security analysts. I wouldn't say we use it extensively. It's something that any given person probably uses once a week.

It's possible that we would purchase some other modules that could give us a little bit more insight into the implementation and the planning side of things. But we like what we have for now. We don't have any direct plans to purchase more.

Initially, we had contact with their technical support, but things have been smooth for the last few months. We haven't had to reach out lately.

I don't remember the specific issue that we had, but it seems that they were on the ball. They responded right away and got us what we needed. My overall impression of their support organization is good. We've had limited involvement with them, but from my experience, it's been great.

Positive

We used Tufin. When we looked at FireMon we liked it from a price standpoint; it was better. We asked some peers about it through the reseller that we bought it through and got very good feedback. Those were the two main factors.

The initial setup was pretty straightforward for the most part. We had some hiccups and some bumps with some of the more detailed configurations, but overall, it was pretty simple to set up, get it running, and collecting logs and configurations. It took us about four hours over the span of two weeks.

We used FireMon paid services to help us implement it. They were great.

It's hard to quantify ROI with FireMon, but it's definitely valuable. How do you quantify a missed cyber security incident?

It's a good value. 

From a licensing standpoint, our only limitation is the number of devices that we manage. Our environment is small. We have fewer than 20 enterprise firewalls, meaning it's hard to say what it would look like at a company that has thousands and thousands of enterprise firewalls. But from our standpoint, it's very simple to understand, and gives us a good bang for the buck.

There are some hardware components involved in the cost, but in general, it's pretty straightforward. There are no hidden fees or adjacent costs that we weren't aware of going in.

We looked at Tufin's comparable product. We were using an older platform of theirs so we looked at their new platform and we looked at FireMon's and we decided on FireMon.

Make sure that you've got somebody from your non-cyber-security teams, somebody from one of the other IT teams, such as infrastructure, servers, or networks, who understands and who does really good documentation around the initial setup. Our cyber security or information security team is the one that uses it mostly, but we do need assistance from the other team. Make sure that you have stakeholders from other groups, even though they're not going to be the primary users.

The idea that firewall policy rule cleanup and management is important, but it's just not a priority compared to other more urgent items, is a pretty tough statement to make, especially in a regulated environment or if any sort of compliance is needed. It's just not really a valid statement. If someone said that, I would ask them to go back and make sure that they're following all the rules of the road.

It comes down to what your priorities are and what's important. Most regulations have some sort of a component around zoning and limiting communications between different systems. It's of utmost importance if you think about it from a compliance standpoint.

I am a contractor and I work on security. At this company, we primarily use FireMon for firewall rule analysis and as part of our firewall rule certification process.

Our environment is on-premises using VM hosts.

With respect to compliance management, this product does cover some of the compliance factors, although not all of them. For example, in terms of accountability, it has all of the data available for third-party rules and auditing. It can produce a comprehensive report. However, compliance has its own set of requirements.

We planned on having divisions for about 400 days but at 700 gigabytes, the file size was too large and it was interfering with our database backups. Consequently, we had to cut it down to 100 days, which means that we're missing 300 days of divisions. The fact that we no longer had a complete view of 400 days of data was a setback for us. Otherwise, the metadata has been pretty handy.

We do not run assessments on new firewall rules before they are deployed, but we can set it up in such a way that compliance can be checked automatically once we push a rule to the firewall. If there is a problem then the new rule will be flagged. As it is now, we do all of the compliance assessments manually. The reason that we don't use the compliance module in FireMon is that it creates a heavy load on our CPU.

Prior to FireMon being implemented, the company had Tufin running to conduct assessments. They were flagging some rules, based on the subnet categorization that is defined in Tufin. However, those kinds of assessments were not really accurate. They also weren't making any changes to the rules that were problematic.

When they brought in FireMon, we started to run reports that are pretty precise. They were more accurate, and based on the firewall zone definitions. We began to flag rules that made sense and we also started to analyze them. Afterward, we were able to get rid of a lot of risky rules. There were a lot of shadow rules identified that we cleaned up. The agenda was to make sure that the security compound or security footprint within the company is safe.

For this task, FireMon has been very helpful in terms of flagging such rules so we can drop them and improve the security of the infrastructure.

FireMon has improved our compliance process in terms of the time and effort required to create compliance reports. As far as the rule recertification is concerned, it's made it easier for us because it's just one click to explore the metadata of each firewall rule and its information. For example, we use owner fields, technical descriptions, review dates, next review dates, and exceptions, if there are any exceptions. With all of the metadata in place, it can be given to the compliance team.

This solution has helped us to decrease errors and misconfiguration that increased risk in our environment. By using the system that we did to flag risky rules, we were able to identify problems and mediate or eliminate them. We are still working on this but at this point, we have completed 80% of our cleanup. It has been helpful.

FireMon helps to identify and prioritize fixes, although we do the repairs manually. This is something that is necessary when you consider our network and how our firewalls are configured. FireMon does provide suggestions and we make use of them, but we conduct our own manual analysis in addition to the reports. This acts as a valuable double-check for us, which is very important for our security posture.

The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, hit counts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.

The logs product documentation and metadata that is very useful for compliance purposes.

Usage reporting, including hit counts, is helpful for analysis. It comes in very handy when we can see how the firewall rules are being used because it can help us clean them up.

Fireman has helped us in terms of being able to clean up firewall rules in a large environment, first of all, by helping to identify the risky rules. Rules are flagged using the filters, based on the zone metric definitions. We then refer to the object usage reports that we get within a group, along with the traffic analysis that we get from Splunk, and all of this is considered when it comes to making a decision. The rule might stay the same, be modified, or be dropped. FireMon has given us the extra ability to be able to do this.

We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.

We have been using FireMon since the start of 2019.

Stability-wise, we did not have any issues.

There are no issues with scalability.

We have different business units in different countries. For example, we have users in Hungary and they're a different business unit. They're not given access to the firewalls or Panorama, although they were given access to FireMon where they can view the policies related to the Hungarian firewalls. There are between 10 and 15 people in the Hungarian business unit that use FireMon on a regular basis and their role is to view the policies.

We have a few people from the NetOps team and the network technical center team that use the rule certification process, and they collect statistics on rule usage. These teams have mid-level privileges on the system.

I have superuser privileges, and there is one other person that has the same access I do. He uses it for documentation on the firewalls for our offices in the Netherlands and Poland. Aside from these, we have other people who use it more generally for things like viewing rules.

FireMon is being extensively used within the company and we have a few new users being onboarded next week. They are part of a third-party contract and the user count will increase, although I don't think that any new modules will be added.

I would rate the support a nine and a half out of ten.

They were really proactive and helpful in terms of support when we had issues. The servers have been pretty good and we haven't had any problems with them. There will be minor bugs and all of that, but they're always helpful and things get fixed with the next release.

Prior to FireMon, the company was using Tufin.

The reason that we switched is that somebody in the company decided that they wanted to have a one-stop solution for pushing the policies to the firewall, and for automation of policies to facilitate compliance. FireMon had the capability, which was proven with a PoC.

Everybody liked the solution and that's why it was implemented. Ultimately, the one-stop solution was not used because, with our Palo Alto firewalls, it has been decided that Panorama will push the rules, rather than FireMon. At this point, I can't see that changing in the future. Panorama is not going anywhere because that is how the firewalls are managed. At the same time, they wouldn't want to rely on FireMon to push rules to Panorama, so this is why the system will stay as it is.

Overall, however, the capabilities are better compared to other similar products.

The basic implementation was straightforward but when you're talking about configuring the servers and all of the other steps, for a tool of this size, it's never straightforward.

For example, when configuring the servers, you will still have minor or major issues that you have to tackle or have to fix during the initial implementation. It may be straightforward to do so, but fixing problems will always lead to other problems in the process.

Overall, it was an easy implementation, but at the same time, it was ongoing. Our deployment did not take more than a month to complete. This included adding the firewalls from Check Point, which was done in advance of setting up FireMon. We had to set up the CPMI log collectors and then configure the Check Point dashboard to forward all of the logs to FireMon. Although it was time-consuming, I think it took less than 20 days in total.

With respect to our implementation strategy, we followed a basic approach. We started with installing all of the servers, and then we had to move all of the devices from Tufin to FireMon. We had three vendors including Cisco, Check Point, and Palo Alto.

We added each firewall vendor separately and we made sure that all of the logs were being forwarded to the data collector. This is where we get all of the log data hit counts, and we have to make sure that all of the devices are being retrieved successfully, without any issues. We also had to ensure that nothing was impacting the performance of the servers and there were instances where we had to wait for the specifications of the server just so they could meet all of the performance requirements. For example, the retrievals and all of the log data had to work properly.

All in all, there were a lot of steps and we had to get support tickets throughout. Thankfully, the support was great. They were very helpful during the initial implementation stage.

I was part of the implementation, testing, and onboarding processes. I have been part of the day-to-day operations, as well. I am the only person doing the maintenance and taking care of the tool.

Maintenance involves upgrading the servers, and we have to make sure that all of the backup files are generated on time. Also, we have to check that they are being transferred via SFTP to our backup server. Basically, we have to make sure that the servers are healthy and nothing's causing any problems.

This is an expensive solution. The cost of three modules for three years was approximately one million. There are no costs in addition to the standard licensing fees.

The company evaluated AlgoSec and a few other tools, ultimately zooming in on FireMon. It was after the initial evaluation that the PoC was done.

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are.

We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it.

This is definitely a product that I recommend, based primarily on how it compares with other similar tools. 

I would rate this solution a nine out of ten.

We use FireMon for security management, to manage our security infrastructure. We also use it to do PCI compliance and to manage personal data and information related to the organization, and to prevent data loss. In addition, we use the admin console for firewall management, including firewall rules and to decommission firewalls when they are not in use. We use it to monitor our primary corporate DR firewalls as well.

In the past, we've had thousands of firewall rules that came from legacy applications and many years of work. FireMon has helped us to clean up those rules and to manage them properly. We can decommission rules that are old and outdated or clean them up. And we can work on the ones that are not functioning properly or that are configured improperly, to make them compliant and useful to the organization. It has helped us to manage multiple firewall rules and remove legacy ones that are not useful.

It helps by automating the process of cleaning up firewall rules in a large, enterprise environment. It's not done manually, which is a process that is more prone to errors and takes more time. When it's done manually it's more tedious and requires multiple resources dedicated to doing it. It helps reduce the time involved, increasing the efficiency and reducing the cost, as well as making the job more accurate.

The same is true when it comes to accurately creating, approving, and deploying firewall policy rules. It reduces the effort by 75 to 80 percent, compared to how we used to do it before we got FireMon. And we get that same percentage reduction in effort, 75 to 80 percent, when changing firewall policy rules.

It has also been very helpful in terms of the time and effort required to create compliance reports. Previously, when we used other applications or did it manually, we were not able to finish our work efficiently and on time. FireMon has helped us to cut the time it takes to do auditing and reporting of firewall rules, and increased our efficiency. 

It has cut both the man-hours spent as well as the number of staff members who are dedicated to firewall policy changes and the firewall policy update process, because it enables automation and simplifies the task. The reporting is also more efficient and more correct and useful.

FireMon has decreased errors and misconfigurations, issues that had increased risk in our environment, by 75 percent.

It also identifies risks in your environment and helps to prioritize fixes, if you have the necessary set of eyes to look at the rules and the resources. When FireMon gives you reports on what's going on in the environment, you assign staff members to rectify whatever issues it has reported and proactively prevent issues from arising in the future. It has improved our security posture drastically, and cut down the cost related to having third parties manage those things. We can do some of those things in-house. It has improved our security posture and senior management is happy because of that.

• The FireMon interface is very helpful.
• The configuration management for multiple firewalls is very easy to use.
• The backup facilities are very helpful as well.
• The troubleshooting and testing capabilities are very good.

The solution automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. Sometimes we get "white noise," meaning false positives, but it's always good to have more information than less. That way we can switch it off and work when we see that it's giving a false positive. It does send us an alert to let us know that there are changes in the environment. That functionality is very important because automating such tasks is very helpful in managing our environments and preventing attacks. The earlier you notice issues going on in an environment, the easier it is for you to prevent certain incidents or mitigate risk.

We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy. When you automate processes like that, they are able to run themselves. You create one set of rules and automate them to run. That enables you to find problems proactively, before they happen. It also enables you to have a consistent set of firewall rules, wherever you go. If you deploy new sites, you can apply the rules you already have in place to those sites. It creates a single platform, a single source of truth, for managing disparate environments and systems that are connected together.

I've used FireMon for nearly six years.

We don't have too many issues with FireMon. When it comes to the application, we don't have any issues. Sometimes we get white noise, meaning false positives, but that is just in terms of performance, and not necessarily the system itself.

Scaling is simple. You can easily scale it and maintain it with any size team.

We are using FireMon in a couple of departments. I work for a government office, and we have a lot of different departments under us. We have a need to increase our usage, because we always have people coming in. We're at the very beginning of moving to the cloud. When we move to the cloud, we're going to multiply our usage by at least tenfold, because people at remote locations will then be able to make use of the services.

We have at least half a dozen people using FireMon. Their roles include the people that manage the hardware that it's installed on as well as the admin managers who look at it day-to-day to see what the configuration is like. The admin guys can do analysis but there are also analysts who get the alerts and who work on the action items related to the alerts. They investigate and then they know what mitigation actions to take to prevent attacks or to deal with whatever FireMon is reporting on. For deployment and maintenance we need just three people.

Maintenance is connected with the need to upgrade. They have to seek funding for it to happen and get the funding arranged. If it doesn't require any funding, if it's just internal work that needs to be done, then the admin guys can do it without having to involve anyone else. If there's any need to connect with FireMon, that is done as well.

I would rate their tech support at seven out of 10. They do respond to us and they provide good service, but sometimes it takes time for them to get back to us or to get people to work on stuff. Overall, they are good.

Before FireMon, we used native solutions provided by Check Point. We switched because each of our departments has its requirements. They needed a product that would provide them with better service. They came to the central unit, which is where I work, to ask that something be procured, and that's why we procured FireMon. There are certain facilities in FireMon that give it an advantage over certain other companies or providers.

The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly. The setup is a bit complex and tedious, especially for a new user who will need someone to hold their hand as they go through it. But after doing it a couple of times, or upgrading it a couple of times, it's not as tedious.

Our deployment took about two weeks. We first did a discovery of what we wanted FireMon to do for us, a discovery of our requirements. We determined the prerequisites that had to be installed and the system requirements. We then moved on to an initial assessment through a deployment in a test environment. After the testing and everything working out, we further configured it to fine-tune it to our own specific environment. After all that was working okay, we went ahead to the final deployment. But for subsequent sites, it might just take a couple of days.

There is a learning curve as well to get used to the system and all the nitty-gritty knowledge needed to configure it and run it properly. Another thing that is time-consuming and tough to do is tagging stuff the right way.

We used a consultant, either DXC, which is a subsidiary of HPE, or Epic, which is a local consultant. Our experience with them was good.

We're billed monthly.

Sometimes, if there's a need for an upgrade or there is a system failure, there might be extra cost involved, such as for consultants or to procure the necessary equipment. We might be needing an upgrade very soon, and there will be costs connected with that.

We looked at a couple of other companies. We chose FireMon because of its cost and its simplicity, as well as its deployment and provisioning. We read reviews like this one, and we were quite confident because of what they described as their use and what their outcomes were.

My advice would be to do an appraisal of your environment and list out your requirements and what you are hoping to achieve. Then look at a couple of companies that are in competition with FireMon and look at user reviews to see if your requirements are met best by FireMon or their competitors. That is the procedure we used to choose FireMon.

If a colleague at another company said to me that firewall policy rule cleanup and management is important, but it's not a priority compared to more urgent things, I would say that there are a lot of bottlenecks and there is a reduction in service due to misconfigured or old firewall rules. They can prevent people from working properly. In the past, those issues hampered our network bandwidth and data movement. There were too many firewall rules that did recursive checks. There was increased latency and reduced productivity, and that frustrated a lot of end-users. Systems could be slow due to firewall rules that were misconfigured or outdated. FireMon enables you to efficiently manage your network and your firewalls and their rules, and it prevents security breaches.

The biggest lesson I have learned from using FireMon is that automating certain tasks enables you to get them done properly. Those tasks include cleaning up and managing firewalls efficiently. It saves you time, costs, and resource usage, so that people don't have to manage as many mundane tasks. Those tasks can be shifted to a system like FireMon. Usage of FireMon enables you to concentrate on more important tasks, while the system alerts you on things that are not going properly.

I would rate its real-time compliance management at eight out of 10. I can provide more details after we actually deploy it in the cloud, because I've used certain other things in the cloud, in other places, but we've not deployed FireMon in the cloud. But on-prem, it is very effective and an eight out of 10 is good.

We haven't upgraded to the latest version. We're having discussions with FireMon at the moment. Most people are at home because of the pandemic and people have not had the chance to pursue it. About a week or two ago, we had a meeting with them, and a discussion with them not just on how to upgrade it, but also on how to fine-tune it with the new facilities and functionalities that have recently been created.

Our deployment is on-prem, for now. We hope to get to SaaS, because we just started moving things to the cloud. We will do it soon. We are planning ahead for that, but it's dependent on the pandemic exit procedures.

FireMon can also help automate firewall policy changes across large, multi-vendor enterprise environments, depending on how it's managed and how it's tuned. It requires knowledge to configure it to do that. We are hoping to implement that in the future, in hybrid, multi-cloud environments.