FireMon Security Manager Reviews

We use it to keep track of our firewall devices, as an inventory database and a collection of the configuration. It also draws out the map of our network, including non-firewall devices.

We are using the latest version of the solution.

FireMon has been helpful because we have been able to meet our compliance risk management targets. We have been able to satisfy our auditors, internally and externally. 

FireMon has helped automate firewall policy changes across large, multi-vendor enterprise environments. This has been helpful for keeping a good inventory of the changes. Everything is well-documented. It also helps us to be mindful before we make any changes that everything is audited. Since we are a global environment, we can't see everything. We have many people working on different devices.

We are presently utilizing the automate firewall policy changes for our firewall and internal network devices.

The cleanup of firewall rules in our environment has been very helpful. We can go back and ensure we have uniform rules across different firewalls.

When it comes to real-time compliance management, it is very good because it is able to compare changes in the configuration as well as giving us a timestamp. It also sends email alerts to our environment so we know if someone has made a change on the network. It gives us the whole picture of that change. Whether it is a configuration change or just a small comment, it gives us the before and after snapshot.

FireMon can see firewall rules that may be too open. Then, we need to make them more restrictive. This is extremely important for our security posture. Every minute that passes, where we are not aware of an exposure, could cause major damage to the company.

We like that it is able to draw the network's topology. However, because it can't see certain things, it doesn't draw the full story. However, it is still extremely helpful. We also have asymmetric routing, which causes a challenge.

FireMon could improve its end-user practices. As an end user, I am just trying to catch up on all the alerts. There are so many, and you still have to go through them and document what was found. 

I have been using FireMon for at least two years.

Stability has been very good. The solution is set it and forget it. 

Scalability has potential. It could have more. Maybe a cloud environment is something that we should look into since there are many more layers once it gets out to the cloud. However, we don't want to trust the vendor completely. We just want to be able to see our environment.

It is used to monitor our firewalls and network devices from the US to Asia.

The technical support is very good. We have been able to get them on a call and get everything done as soon as possible, meeting our compliance and IT risk deadlines. I would rate the technical support as 10 out of 10. They were very patient with us on the call. It took about a week to get it all squared away.

Positive

Before FireMon, we were using FireEye. We switched because it could not generate the topology or draw it. It had a hard time with our Firepower Management Center, getting the firewall configuration and some of our ASAs. I also could not map the Cisco ACI environment.

The initial deployment was straightforward. Nothing was too complex, except adding more permissions to the service account. Otherwise, it was straightforward.

We did have a consultant from the solution on the call with us when it wasn't able to draw the whole network, as it couldn't log into that device. However, that was resolved.

We do change management every week. In a given week, we get at least a dozen email alerts about changes. FireMon saves us time in accurately creating, approving, and deploying firewall policy rules.

The solution saves us time in accurately changing firewall policy rules with 12 alerts per week. It gives us a graphical view, which is always helpful.

FireMon has decreased errors and misconfigurations that increased risk in our environment. There have been times that the solution found that we are using "any any" on some firewall rules. It was unintentional, and the solution was able to catch it and we fixed it right away.

Our information security did PoCs with many firewall or configuration change compliance software solutions.

Right now, we use a change management system so we are not using FireMon to warn us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. FireMon does this, and we have seen it where it will have a questionnaire of things before we implement into the firewall. However, we are not presently using it because it does not integrate well with our current change management software, Cherwell.

With more understanding, we could have saved time on what kind of access FireMon needs, since we can't just give full access. We have to gradually allow it until that is enough access to get the information.

I would rate this product as 10 out of 10. 

There are different groups within our organization that are plugging their routers into the FireMon solution. They have central monitoring and also a central repository, which allows them to look at all of the rule sets.

Basically, there are a few core sites that we plug into and we use FireMon to clean up the firewalls and help with any troubleshooting that comes up. It helps because it provides visibility into everything.

We are only using the Security Manager and we don't have any auditing on that.

When a rule comes in, we audit whether the rule is placed in the correct order and if it matches the request that came in. We do that after the fact.

Using FireMon has sped up our process a little bit.

We had a fairly big hiatus where we weren't really utilizing it to the degree that we wanted. This is because, after the upgrade, there were a few critical things that broke. We worked with FireMon to alleviate those issues and to get them fixed. Now, it's to the point where it was before the upgrade, and we're trying to utilize it more for what we need. This includes compliance, security checks, and a lot of cleaning up.

In terms of cleaning up firewall rules, FireMon helps in the sense that we can determine which rules are justified. One of my teammates actually created a script using the API to pull all the rules for a few of the core devices. Then, we give them to the respective group within the organization to look at and audit. This is something that is done on an annual basis. In that sense, we have started to utilize FireMon a lot, and it gives users a clean look at all of the firewall policies they have and provides them the opportunity to justify them. That helps cleanup because anything that's not justified or that needs to go, we can submit a request and get those taken care of.

For creating, approving, and deploying firewall rules, FireMon saves us time when it comes to the troubleshooting aspect. When there are issues with blocks that happen for users, or if they are trying to go from one end to another end, either outside the internet or internally, FireMon homes in and helps us. We use FireMon more for this, rather than to audit specific rules.

We are using it read-only right now, so it helps us to find the policy in question that could be the cause of the issue, but we alleviate it by submitting a request. There's a lengthy process for validating and verifying requests that come in, so the product doesn't save us time in this regard. We have the visual but then we tell the respective team to handle the writing on the device.

Using FireMon has decreased errors and misconfigurations that would have otherwise increased risk in our environment. I can't estimate an exact number but when we did the initial cleanup a year ago, on the core devices it helped us to eliminate rules that weren't really being used. It was between 300 and 400 rules per device, which is a significant amount.

FireMon has helped us to identify risks in the environment and to prioritize the fixes. This is mainly with some of the security blocking rules that we have, which are pretty intense. Firemon found issues where they were blocking too much or too little. It didn't have a very large impact on our security posture because we have other security tools that we're utilizing for intrusion detection, as well as other vulnerabilities. Because we're using it read-only, its primary use is as a monitoring solution. It doesn't do too much but does help with finding security issues before something goes wrong.

FireMon provides an automated way of figuring out which rules are redundant and which ones aren't used, based on the sys log data.

The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries.

One way FireMon could be improved is to open up a little bit. Our team is pretty Linux-savvy and when we're troubleshooting on our own, we're limited by the way the backend is locked down. For example, if we're running into issues with a device not being read properly into the system, we have to go offsite and this doesn't give us the answers we want. We have to wait to create a ticket.

I think that having a more open system and providing documentation for it would be helpful for users like us. We are pretty adept and can navigate through the Linux software that the on-premises FireMon is based on. It would help us in the long run.

Again, having a more open system that we can operate using our own scripting and automation would be useful. The API is there, which helps a lot, but a more open system would let us better dig into issues.

I have been using FireMon since I joined the company, approximately two years ago. The company had already been using it in production before that.

It's pretty stable. We do have false negatives about things going awry, but when we submit a CRQ, or submit a ticket to FireMon about it, they're usually aware of the problem. In some cases, we've had swap file issues, which goes into the yellow, and that's normal.

The on-premises deployment is pretty scalable. We have four or five collectors, which is a pretty decently sized deployment. Adding more connectors is just spinning up a new VM in most cases.

We don't have too many connected devices, although that is something that we're working on. It's part of the initiative. We're also looking into gathering information from AWS, the Amazon Web Services, although we're hitting a few roadblocks and we're working with FireMon about.

In that sense, in the way that we want to scale in the Amazon environment, we're just getting clarification from them about it. That's the only downside for scalability that we've found so far. It may be a non-issue but we're working with them to figure it out.

We use technical support pretty regularly and they are prompt. We have a point of contact, who is a project manager that is appointed to us from them. If we have any issues then we contact them directly, and they are pretty quick to respond and remediate any problems.

If it's a small issue, we submit a ticket and they get back to us within a few hours. 

I would rate the technical support a seven out of ten, as there are some areas that need improvement. For example, sometimes when we have a very detailed question, it takes them a bit to get back to us, rather than having knowledgeable people there. Usually, these are detailed questions that we have and we expect the technical resource to have the answers, or to get the answers very quickly.

We did not use another similar solution prior to this one. FireMon was purely stood up to clean up the firewall rules.

I was not with the company for the initial setup but it was pretty straightforward when we did the upgrade. There were no real issues in the process.

Initially, we did have some high-maintenance requirements for it. That was at a point when we were having issues with it. However, after those were fixed within the system, it's been pretty low-maintenance. It runs as it needs to.

FireMon can be used for real-time compliance management, and this is something that we're working on right now. We're working on doing a better job of creating our own custom compliances. The default ones are okay but we're trying to create our own compliance so that we can use that feature a little bit more. Right now, it's just sitting there with most of the defaults but that's one of the goals.

We do not have FireMon fully integrated with anything. It operates mainly in a standalone fashion. If we wanted to, it could be used with the other security appliances. They are also standalone and operate independently.

My advice for anybody who is considering FireMon is to check to make sure that FireMon is capable of pulling data from all of the devices. We have found some gaps in the support for some devices, and we've had to go back and forth for a custom device pack.  It is important to look at the environment to ensure that all of the necessary devices can be monitored.

If FireMon is being used but rule cleanup isn't a priority, then standing it up for the Security Manager and pulling data from all of the devices still allows you to clean things up when there is downtime. As long as the firewall rules are logged, then it should be left to run and collect data until it's a priority. When there is time for a cleanup, it will find the redundant rules, shadow rules, and rules that haven't been used for a while. The reporting functionality auto generates that information and it will provide a stepping stone for easier cleanup.

The capability is there with this product but it has to be refined. Most of the time when we try to add a new device, it should work but we run into issues. It's not hiccup-free. The software is getting there but for now, we run into issues too often.

I would rate this solution a five out of ten.

We are using FireMon Policy Planner because we have a lot of tickets every day, and we are trying to automate the resolution for each ticket. This is our primary use case.

We are not specifically using FireMon for compliance management at this point. However, we will be looking at using more of the features within the next year.

Using FireMon means that we can quickly implement new firewall rules.

FireMon provides the capability for automating firewall policy changes. This helps to reduce errors and overall expense, which are the most important things for our company right now.

Prior to using FireMon, we had to use another procedure that would check every rule that we created. Now, we don't need to do this anymore. Everything is done automatically.

By using the Policy Planner when we are going to create a new rule, it will stop us if there is a similar one that has already been created. Often, we don't have to create new objects because we can reuse the ones that are already in place for the firewall.

FireMon helps us to reduce our policy rule set by cleaning up unused and redundant rules. Prior to using FireMon, our firewall had approximately 10,000 rules. After the cleanup,  that was cut in half to approximately 5,000 rules.

Because we are using automation, FireMon has reduced the time it takes to create new rules in our firewalls. It used to take approximately 15 minutes to create a rule, whereas now, with FireMon, it takes about 7 minutes.

FireMon saves us time when it comes to changing firewall policy rules. On average, we receive 16 tickets per day that relate to changing policy. All of these are now handled by FireMon, which means that we can spend more time on other activities or different operations.

This solution has improved our security posture because before implementing it, we had firewall rules with many sources and destinations. As it is now, our ruleset is very fine-tuned. We have only the source or destination defined that we need.

The GUI is easy to use and makes it very easy to manage the platform.

The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead.

We have had some stability issues that are affecting operations. We rely heavily on this solution and if it isn't working then we have to create rules manually.

We have had some stability issues where the solution could not be used.

The technical support team is very good. When I have to call or create a support ticket, the response is very fast and they are always very helpful.

Prior to FireMon, we were using Tufin. We switched to FireMon because the support for Tufin is not good. When I created a ticket, their response time was very poor.

FireMon is working to integrate with different vendors and different solutions like Palo Alto and Check Point. Tufin does not have many options when it comes to working with other vendors.

It is very easy to set up and deploy this solution. It took perhaps one hour to complete.

I didn't have to use a professional service to create the environment. I received a couple of files and then deployed the product myself.

If I were explaining to a friend of mine at another company what the benefits of FireMon are, I would tell them that it integrates well with other vendors. It is easy to use, help is available by looking through the menus, and the support team is good. You don't need to hire a professional service to set it up and use it. Rather, management of this solution is very easy.

I would rate this solution a nine out of ten.

We were excited in the beginning about this solution because we have multiple firewalls in different regions, and so many rules. We wanted to find a solution that could organize our firewalls and remove the unused rules and redundant rules.

We use FireMon Security Manager. We don't use the Policy Planner or Policy Optimizer. We don't have a license for them. We started with a limited license and said, "If things go well with this, we'll go to the next step."

The solution has helped when it comes to the time and effort required to create compliance reports.

It has also given me some confidence in the changes I make. Before, I was very hesitant to make changes or remove rules. Now, FireMon has decreased the time I spend on that by 50 percent.

FireMon has also helped us when it comes to misconfigurations that increased risk in our environment. That is something that I have just discovered recently, when using it.

Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use.

During the first year of use we mostly reviewed the results FireMon gave us and used that time to learn about it. We did not go with the recommended changes in-depth, and we did not have many problems. But this year, we tried to go into the details and follow the recommendations. It helped us to remove and clean up a lot of our redundant rules, historically. But in the meantime, especially when we tried to do some advanced rule consolidation or cleanup of historically unused rules, we encountered problems.

The solution does not detect traffic or activities that come and go through our local or site-to-site VPNs. So when we cleaned up some of those rules and encountered issues, we actually had to put them back.

It's not just the VPN, but it also misses some of the rules. Two weeks ago, I cleaned some rules with the FireMon. I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did. Since then, I have been busy the whole time just reviewing all those rules and restoring some of them.

FireMon also does not detect the rules with UDP. That's another problem.

Another issue is that our compliance team wants to do some consolidation but that is also a problem because FireMon recommends consolidation based on the ports that we open. We have a grouping system with multiple groups. Under the consolidation grouping, FireMon suggests only based on the port. For example, if we use port 22, we have to share it across the board. It disorganizes the groupings that we have. So the consolidation is not working very well.

Our compliance team also creates reports using FireMon, reports that they send to me. Sometimes I can follow those reports, but most of the time I cannot. In the last two days, I received two huge reports on unused rules and I cannot really use them. At the same time, I'm using my own judgment and my own due diligence. When I doubt a rule, I go back to the firewall and run the history and compare things to help me decide. The problem is that if I always do that, it will take me a lot of time and the solution ends up being 50 percent useful and 50 percent not useful.

I have been using FireMon for roughly two years.

I guess it is scalable, but there is room for improvement. 

I was not involved in the setup of FireMon but, later on, when I became involved working with it, I approached FireMon personnel through remote conferences and remote meetings. They helped over the course of several sessions and that was helpful.

Their technical support is very good, very responsive, and very helpful. They follow up on issues.

Positive

We did not have a previous solution. We just relied on regular reviews of our firewalls and rules by looking at the history.

The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average.

It is not a bad tool. I still recommend it and I'm not against it. I recommend it because, overall, it has helped us to remove and clean 15,000 to 20,000 redundant unused rules. When we cleaned those, we were confident that they were not usable. They were very old. But we didn't just rely on FireMon's report. At the same time, we used our own judgment. When we blindly relied on the FireMon report, it created issues.

It's a good solution, but it is not something that you can 100 percent rely upon. It is a useful tool. At least it will help you up to a certain percentage.

We work according to the risks FireMon warns us about, but some of those recommendations are false alarms and others are valid. If it gives us 100 warnings, about 10 of them are valid.

Despite all the shortcomings, we still prefer to use it. At least we get some good recommendations and suggestions in the reports. We like it, despite the drawbacks.

I am a contractor and I work on security. At this company, we primarily use FireMon for firewall rule analysis and as part of our firewall rule certification process.

Our environment is on-premises using VM hosts.

With respect to compliance management, this product does cover some of the compliance factors, although not all of them. For example, in terms of accountability, it has all of the data available for third-party rules and auditing. It can produce a comprehensive report. However, compliance has its own set of requirements.

We planned on having divisions for about 400 days but at 700 gigabytes, the file size was too large and it was interfering with our database backups. Consequently, we had to cut it down to 100 days, which means that we're missing 300 days of divisions. The fact that we no longer had a complete view of 400 days of data was a setback for us. Otherwise, the metadata has been pretty handy.

We do not run assessments on new firewall rules before they are deployed, but we can set it up in such a way that compliance can be checked automatically once we push a rule to the firewall. If there is a problem then the new rule will be flagged. As it is now, we do all of the compliance assessments manually. The reason that we don't use the compliance module in FireMon is that it creates a heavy load on our CPU.

Prior to FireMon being implemented, the company had Tufin running to conduct assessments. They were flagging some rules, based on the subnet categorization that is defined in Tufin. However, those kinds of assessments were not really accurate. They also weren't making any changes to the rules that were problematic.

When they brought in FireMon, we started to run reports that are pretty precise. They were more accurate, and based on the firewall zone definitions. We began to flag rules that made sense and we also started to analyze them. Afterward, we were able to get rid of a lot of risky rules. There were a lot of shadow rules identified that we cleaned up. The agenda was to make sure that the security compound or security footprint within the company is safe.

For this task, FireMon has been very helpful in terms of flagging such rules so we can drop them and improve the security of the infrastructure.

FireMon has improved our compliance process in terms of the time and effort required to create compliance reports. As far as the rule recertification is concerned, it's made it easier for us because it's just one click to explore the metadata of each firewall rule and its information. For example, we use owner fields, technical descriptions, review dates, next review dates, and exceptions, if there are any exceptions. With all of the metadata in place, it can be given to the compliance team.

This solution has helped us to decrease errors and misconfiguration that increased risk in our environment. By using the system that we did to flag risky rules, we were able to identify problems and mediate or eliminate them. We are still working on this but at this point, we have completed 80% of our cleanup. It has been helpful.

FireMon helps to identify and prioritize fixes, although we do the repairs manually. This is something that is necessary when you consider our network and how our firewalls are configured. FireMon does provide suggestions and we make use of them, but we conduct our own manual analysis in addition to the reports. This acts as a valuable double-check for us, which is very important for our security posture.

The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, hit counts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.

The logs product documentation and metadata that is very useful for compliance purposes.

Usage reporting, including hit counts, is helpful for analysis. It comes in very handy when we can see how the firewall rules are being used because it can help us clean them up.

Fireman has helped us in terms of being able to clean up firewall rules in a large environment, first of all, by helping to identify the risky rules. Rules are flagged using the filters, based on the zone metric definitions. We then refer to the object usage reports that we get within a group, along with the traffic analysis that we get from Splunk, and all of this is considered when it comes to making a decision. The rule might stay the same, be modified, or be dropped. FireMon has given us the extra ability to be able to do this.

We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.

We have been using FireMon since the start of 2019.

Stability-wise, we did not have any issues.

There are no issues with scalability.

We have different business units in different countries. For example, we have users in Hungary and they're a different business unit. They're not given access to the firewalls or Panorama, although they were given access to FireMon where they can view the policies related to the Hungarian firewalls. There are between 10 and 15 people in the Hungarian business unit that use FireMon on a regular basis and their role is to view the policies.

We have a few people from the NetOps team and the network technical center team that use the rule certification process, and they collect statistics on rule usage. These teams have mid-level privileges on the system.

I have superuser privileges, and there is one other person that has the same access I do. He uses it for documentation on the firewalls for our offices in the Netherlands and Poland. Aside from these, we have other people who use it more generally for things like viewing rules.

FireMon is being extensively used within the company and we have a few new users being onboarded next week. They are part of a third-party contract and the user count will increase, although I don't think that any new modules will be added.

I would rate the support a nine and a half out of ten.

They were really proactive and helpful in terms of support when we had issues. The servers have been pretty good and we haven't had any problems with them. There will be minor bugs and all of that, but they're always helpful and things get fixed with the next release.

Prior to FireMon, the company was using Tufin.

The reason that we switched is that somebody in the company decided that they wanted to have a one-stop solution for pushing the policies to the firewall, and for automation of policies to facilitate compliance. FireMon had the capability, which was proven with a PoC.

Everybody liked the solution and that's why it was implemented. Ultimately, the one-stop solution was not used because, with our Palo Alto firewalls, it has been decided that Panorama will push the rules, rather than FireMon. At this point, I can't see that changing in the future. Panorama is not going anywhere because that is how the firewalls are managed. At the same time, they wouldn't want to rely on FireMon to push rules to Panorama, so this is why the system will stay as it is.

Overall, however, the capabilities are better compared to other similar products.

The basic implementation was straightforward but when you're talking about configuring the servers and all of the other steps, for a tool of this size, it's never straightforward.

For example, when configuring the servers, you will still have minor or major issues that you have to tackle or have to fix during the initial implementation. It may be straightforward to do so, but fixing problems will always lead to other problems in the process.

Overall, it was an easy implementation, but at the same time, it was ongoing. Our deployment did not take more than a month to complete. This included adding the firewalls from Check Point, which was done in advance of setting up FireMon. We had to set up the CPMI log collectors and then configure the Check Point dashboard to forward all of the logs to FireMon. Although it was time-consuming, I think it took less than 20 days in total.

With respect to our implementation strategy, we followed a basic approach. We started with installing all of the servers, and then we had to move all of the devices from Tufin to FireMon. We had three vendors including Cisco, Check Point, and Palo Alto.

We added each firewall vendor separately and we made sure that all of the logs were being forwarded to the data collector. This is where we get all of the log data hit counts, and we have to make sure that all of the devices are being retrieved successfully, without any issues. We also had to ensure that nothing was impacting the performance of the servers and there were instances where we had to wait for the specifications of the server just so they could meet all of the performance requirements. For example, the retrievals and all of the log data had to work properly.

All in all, there were a lot of steps and we had to get support tickets throughout. Thankfully, the support was great. They were very helpful during the initial implementation stage.

I was part of the implementation, testing, and onboarding processes. I have been part of the day-to-day operations, as well. I am the only person doing the maintenance and taking care of the tool.

Maintenance involves upgrading the servers, and we have to make sure that all of the backup files are generated on time. Also, we have to check that they are being transferred via SFTP to our backup server. Basically, we have to make sure that the servers are healthy and nothing's causing any problems.

This is an expensive solution. The cost of three modules for three years was approximately one million. There are no costs in addition to the standard licensing fees.

The company evaluated AlgoSec and a few other tools, ultimately zooming in on FireMon. It was after the initial evaluation that the PoC was done.

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are.

We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it.

This is definitely a product that I recommend, based primarily on how it compares with other similar tools. 

I would rate this solution a nine out of ten.

We use FireMon for security management, to manage our security infrastructure. We also use it to do PCI compliance and to manage personal data and information related to the organization, and to prevent data loss. In addition, we use the admin console for firewall management, including firewall rules and to decommission firewalls when they are not in use. We use it to monitor our primary corporate DR firewalls as well.

In the past, we've had thousands of firewall rules that came from legacy applications and many years of work. FireMon has helped us to clean up those rules and to manage them properly. We can decommission rules that are old and outdated or clean them up. And we can work on the ones that are not functioning properly or that are configured improperly, to make them compliant and useful to the organization. It has helped us to manage multiple firewall rules and remove legacy ones that are not useful.

It helps by automating the process of cleaning up firewall rules in a large, enterprise environment. It's not done manually, which is a process that is more prone to errors and takes more time. When it's done manually it's more tedious and requires multiple resources dedicated to doing it. It helps reduce the time involved, increasing the efficiency and reducing the cost, as well as making the job more accurate.

The same is true when it comes to accurately creating, approving, and deploying firewall policy rules. It reduces the effort by 75 to 80 percent, compared to how we used to do it before we got FireMon. And we get that same percentage reduction in effort, 75 to 80 percent, when changing firewall policy rules.

It has also been very helpful in terms of the time and effort required to create compliance reports. Previously, when we used other applications or did it manually, we were not able to finish our work efficiently and on time. FireMon has helped us to cut the time it takes to do auditing and reporting of firewall rules, and increased our efficiency. 

It has cut both the man-hours spent as well as the number of staff members who are dedicated to firewall policy changes and the firewall policy update process, because it enables automation and simplifies the task. The reporting is also more efficient and more correct and useful.

FireMon has decreased errors and misconfigurations, issues that had increased risk in our environment, by 75 percent.

It also identifies risks in your environment and helps to prioritize fixes, if you have the necessary set of eyes to look at the rules and the resources. When FireMon gives you reports on what's going on in the environment, you assign staff members to rectify whatever issues it has reported and proactively prevent issues from arising in the future. It has improved our security posture drastically, and cut down the cost related to having third parties manage those things. We can do some of those things in-house. It has improved our security posture and senior management is happy because of that.

• The FireMon interface is very helpful.
• The configuration management for multiple firewalls is very easy to use.
• The backup facilities are very helpful as well.
• The troubleshooting and testing capabilities are very good.

The solution automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. Sometimes we get "white noise," meaning false positives, but it's always good to have more information than less. That way we can switch it off and work when we see that it's giving a false positive. It does send us an alert to let us know that there are changes in the environment. That functionality is very important because automating such tasks is very helpful in managing our environments and preventing attacks. The earlier you notice issues going on in an environment, the easier it is for you to prevent certain incidents or mitigate risk.

We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy. When you automate processes like that, they are able to run themselves. You create one set of rules and automate them to run. That enables you to find problems proactively, before they happen. It also enables you to have a consistent set of firewall rules, wherever you go. If you deploy new sites, you can apply the rules you already have in place to those sites. It creates a single platform, a single source of truth, for managing disparate environments and systems that are connected together.

I've used FireMon for nearly six years.

We don't have too many issues with FireMon. When it comes to the application, we don't have any issues. Sometimes we get white noise, meaning false positives, but that is just in terms of performance, and not necessarily the system itself.

Scaling is simple. You can easily scale it and maintain it with any size team.

We are using FireMon in a couple of departments. I work for a government office, and we have a lot of different departments under us. We have a need to increase our usage, because we always have people coming in. We're at the very beginning of moving to the cloud. When we move to the cloud, we're going to multiply our usage by at least tenfold, because people at remote locations will then be able to make use of the services.

We have at least half a dozen people using FireMon. Their roles include the people that manage the hardware that it's installed on as well as the admin managers who look at it day-to-day to see what the configuration is like. The admin guys can do analysis but there are also analysts who get the alerts and who work on the action items related to the alerts. They investigate and then they know what mitigation actions to take to prevent attacks or to deal with whatever FireMon is reporting on. For deployment and maintenance we need just three people.

Maintenance is connected with the need to upgrade. They have to seek funding for it to happen and get the funding arranged. If it doesn't require any funding, if it's just internal work that needs to be done, then the admin guys can do it without having to involve anyone else. If there's any need to connect with FireMon, that is done as well.

I would rate their tech support at seven out of 10. They do respond to us and they provide good service, but sometimes it takes time for them to get back to us or to get people to work on stuff. Overall, they are good.

Before FireMon, we used native solutions provided by Check Point. We switched because each of our departments has its requirements. They needed a product that would provide them with better service. They came to the central unit, which is where I work, to ask that something be procured, and that's why we procured FireMon. There are certain facilities in FireMon that give it an advantage over certain other companies or providers.

The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly. The setup is a bit complex and tedious, especially for a new user who will need someone to hold their hand as they go through it. But after doing it a couple of times, or upgrading it a couple of times, it's not as tedious.

Our deployment took about two weeks. We first did a discovery of what we wanted FireMon to do for us, a discovery of our requirements. We determined the prerequisites that had to be installed and the system requirements. We then moved on to an initial assessment through a deployment in a test environment. After the testing and everything working out, we further configured it to fine-tune it to our own specific environment. After all that was working okay, we went ahead to the final deployment. But for subsequent sites, it might just take a couple of days.

There is a learning curve as well to get used to the system and all the nitty-gritty knowledge needed to configure it and run it properly. Another thing that is time-consuming and tough to do is tagging stuff the right way.

We used a consultant, either DXC, which is a subsidiary of HPE, or Epic, which is a local consultant. Our experience with them was good.

We're billed monthly.

Sometimes, if there's a need for an upgrade or there is a system failure, there might be extra cost involved, such as for consultants or to procure the necessary equipment. We might be needing an upgrade very soon, and there will be costs connected with that.

We looked at a couple of other companies. We chose FireMon because of its cost and its simplicity, as well as its deployment and provisioning. We read reviews like this one, and we were quite confident because of what they described as their use and what their outcomes were.

My advice would be to do an appraisal of your environment and list out your requirements and what you are hoping to achieve. Then look at a couple of companies that are in competition with FireMon and look at user reviews to see if your requirements are met best by FireMon or their competitors. That is the procedure we used to choose FireMon.

If a colleague at another company said to me that firewall policy rule cleanup and management is important, but it's not a priority compared to more urgent things, I would say that there are a lot of bottlenecks and there is a reduction in service due to misconfigured or old firewall rules. They can prevent people from working properly. In the past, those issues hampered our network bandwidth and data movement. There were too many firewall rules that did recursive checks. There was increased latency and reduced productivity, and that frustrated a lot of end-users. Systems could be slow due to firewall rules that were misconfigured or outdated. FireMon enables you to efficiently manage your network and your firewalls and their rules, and it prevents security breaches.

The biggest lesson I have learned from using FireMon is that automating certain tasks enables you to get them done properly. Those tasks include cleaning up and managing firewalls efficiently. It saves you time, costs, and resource usage, so that people don't have to manage as many mundane tasks. Those tasks can be shifted to a system like FireMon. Usage of FireMon enables you to concentrate on more important tasks, while the system alerts you on things that are not going properly.

I would rate its real-time compliance management at eight out of 10. I can provide more details after we actually deploy it in the cloud, because I've used certain other things in the cloud, in other places, but we've not deployed FireMon in the cloud. But on-prem, it is very effective and an eight out of 10 is good.

We haven't upgraded to the latest version. We're having discussions with FireMon at the moment. Most people are at home because of the pandemic and people have not had the chance to pursue it. About a week or two ago, we had a meeting with them, and a discussion with them not just on how to upgrade it, but also on how to fine-tune it with the new facilities and functionalities that have recently been created.

Our deployment is on-prem, for now. We hope to get to SaaS, because we just started moving things to the cloud. We will do it soon. We are planning ahead for that, but it's dependent on the pandemic exit procedures.

FireMon can also help automate firewall policy changes across large, multi-vendor enterprise environments, depending on how it's managed and how it's tuned. It requires knowledge to configure it to do that. We are hoping to implement that in the future, in hybrid, multi-cloud environments.

We use the Security Manager module. We use it to report and audit firewall changes. We also use it to track the hygiene of our firewalls in addition to the changes made to them. Since it normalizes the firewall config, we are able to do custom searches and make custom controls to build out those audits and reports, making sure that we are applying firewall rules correctly. There are a lot of built-in reports as well, which help us to identify rules and objects that are being used. 

We are an enterprise environment. We are definitely not the largest of FireMon's customers, deployment-wise. 

FireMon automatically warns us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. We find this valuable as well, especially from the compliance standards where it has real-time change detection and FireMon watches the firewalls. Whenever there is a change that breaks compliance, we get that immediately. At the same time, whenever you are planning a change inside FireMon, it won't let you make that change when there is a compliance issue that they found.

We have built-in change reporting in Security Manager, which is very helpful. Whenever we have a scheduled change report, we use that as an opportunity to review the report and do a technical review of the changes that were made.

It does a search whenever you are planning a rule in FireMon. So, if the traffic that you are trying to create a rule for is already allowed, FireMon will tell you. This will save you the time of trying to create a duplicate rule if you already have a rule that would allow the traffic.

The change normalization is the most valuable feature. It gives us the ability to just do a search based on time, device, or even device groups. It just shows us one by one what the changes to the config were and what time they were. It even shows which admins made the changes. The individual changes can be searched. You can create reports of the changes. That is probably the most valuable feature that we have.

Cleanup of rules is a huge pro of FireMon. After a change detection, the firewall hygiene is our number two most important feature that we use FireMon for. Right out the gate, they have built-in features and reports that will allow you to go through your firewall and identify objects that are not used in config. They have a report that is called removable rules, which is extremely helpful and very powerful. It goes through your firewall and identifies rules that are unlikely to be hit, either because the rules are set up wrong for your routing or they are completely shadowed, meaning that the rule will never have any impact on traffic going through the firewall. Those are both very powerful built-in reports that we do use extensively. 

The firewall config is normalized in FireMon to do custom searches, so you can search off of any number of things. You can search off of rule names. You can search off of the different addresses that would be inside that rule. You can also search based off of services that are allowed or disallowed by the rule. Therefore, it lets you search any number of firewall types in the same search syntax. You could have an ASA and Juniper, then in FireMon, you can do a search that will return rules from both devices. So, it is very powerful. 

We can create custom controls based on the hygiene. Whenever we have rules that are tagged as temporary, we have custom hygiene controls that will go through and help us make sure those are cleaned up after we are done using them.

The quality of our reports has improved drastically. These are reports that we can use internally from a technical standpoint, we can send up to our own management, or we can even use some of them externally for different auditors or other requirements that we have.

In most firewalls that you use, you have a comment field where you can put a change request ID and a little information about the rule. FireMon scales that up to 10. Within FireMon rules, you have fields for ticket ID. You have fields for the rule owner: the admin who created the rule, the security guy who approved the rule, and the business request, e.g., someone from IP systems or if it is a developer. Therefore, it has very verbose rule documentation inside of FireMon. Those are all searchable as well. 

While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon.

FireMon could improve their support for individual vendors. There are features that are specific to Cisco Firewalls that are not supported in FireMon. That changes a lot because they do release updates pretty regularly. However, if you are using Check Point, and that is what you use as your firewall, and you don't use Cisco Firewalls, then all the features for Cisco just aren't really worth it to you. So, FireMon could improve by making sure that they have full coverage for all the vendor specific uses.

We have been using FireMon for about a year.

The stability is favorable. We have been running it for a year. We have been able to restore from a backup. We did that as an exercise and that process was very straightforward.

They have built-in monitoring that sends out alerts whenever the CPU or disc usage triggers the thresholds, which are set at intelligent levels.

I have heard from the people at FireMon: When going from version 8 to version 9, that upgrade path was a little bit dicey in terms of stability. Since we installed version 9, I feel like we have been pretty good this whole time on stability.

I have good things to say about scalability. They do have multiple ways of deploying it. If you are a very small company, you can have everything FireMon on one appliance, which is kind of cool. As you need to scale, you can add resources to the database and application servers. You can also add data collectors throughout your environment, which is the biggest thing. The data collectors are machines that retrieve the firewall configuration and receive firewalls usage logs.

Scalability is good. The appliances themselves are massive. We're not the largest of FireMon's customers, but as we grow, the amount of compute resources just in general that FireMon is going to be using will be huge as we grow. So, it is scalable. The architecture makes it scalable, but they are beefy, i.e., In terms of compute resources that these appliances use, just the specs on them.

We do have plans to increase usage, if pricing and resources permit. Right now, we have all our firewalls reporting in FireMon. We also have our network topology loaded in FireMon.

We have worked with them a good deal. I would give them a solid 9 out of 10. The way that they can do a 10 is just by continuing to do what they do. This year has been pretty good, and we have had several dozen cases open with them. Each one of them has been pretty good. There were a couple that could have been resolved maybe a little faster.

Their management and all the techs with whom we have worked have been very helpful. We did have a couple of calls with their team lead.

Their support is US time zone-based. So, they have people who work well with the people at my company. Their support is native English speakers, so they are very easy to understand.

On the whole, their technical knowledge is pretty good. The documentation is a little bit spotty. Sometimes documentation around a specific issue is not full, but the people on a call are able to explain what is going on, what specific logs are, or what could be causing a specific issue. Therefore, the knowledge of their technical people is high.

They are open to video conferencing. So, if you want to manage your entire case through email or through a written format, you can do that. However, a lot of times it is faster just to do a screen-sharing and do a phone call to explain your issue. They have been open to doing that.

The way to move from 9 to 10: They will point you to their professional services, if they feel like your request is outside the scope of their support. They are a little quick to do that sometimes.

FireMon identifies risks in our environment and helps to prioritize fixes. This has been a good usage. When we first got FireMon, we built out several custom reports, as well as the built-in reports, which have helped us tighten our security rules. FireMon has helped us improve 2000 rules in the span of three months. These were rules that presented a risk to our organization before we had the project with FireMon to fix those rules.

We are spending about the same amount of time creating new reports as we did with our old reporting processes. However, the new compliance reports that we are turning out are across the board better, e.g., we are getting full change histories. We are getting when you have a control that does not allow a risky service out to the Internet. For example, it automatically goes through the rule base and then distills that report for you, rather than cherry-picking like we did on our old processes. These reports are more accurate and much better.

We used a competing vendor before we bought FireMon. During our purchase phase, when we were looking to replace that vendor, we also did evaluations of two other alternatives as well.

The primary reason that we switched to FireMon from our previous firewall administration platform was that there were bugs in it specific to the firewalls that we were using. This made things, like change detection and their version of compliance controls, unworkable so there was inaccurate reporting.

The secondary reason that we switched to FireMon was the previous solution's support. The support of the people, whom we were using before FireMon, was absolutely terrible. 

It took two weeks before we were completely deployed. The actual project took three months, but most of that was knowledge transfer and advanced concepts.

Because FireMon is pretty expensive, our initial purchase was only one module of FireMon, which was Security Manager. We do have licenses for all our firewalls, but we only had the one module, Security Manager, and not the other ones, like Policy Planner and Policy Optimizer. That was our initial implementation setup.

When we purchased FireMon, bundled in our purchase was professional services. So, we got to work with them during the initial implementation, and it was very straightforward and simple to set up. The people who we worked with were knowledgeable and helpful. They shot us the documentation well in advance so we could follow along with that step by step.

We have absolutely seen ROI. We are not tying ROI to automation, time saved, nor reduced headcount. Our return on investment has been primarily in the projects that we are able to accomplish with FireMon. For example, last quarter, our team completed 23 projects with FireMon, and they were each tied to a future-oriented process. For all the projects that my team accomplished, we created FireMon controls and reports as well as a cleanup on the firewalls. We also created automation around the FireMon API so these processes and reports are happening automatically in terms of scheduled reporting and automatic ticket requests into our ticket management system. FireMon's return on investment is due to the massive improvements that we have made on firewall management and firewall hygiene.

FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration.

On an average day, we receive a lot of requests to approve firewall changes, changes to the firewall, and additions to rules. On any given day, we have a request that was not given to us well, e.g., where they have different IPs that are needed or they don't give the right service request. Whenever FireMon gives us a report, we are able to go back through it and correct those changes to make them more accurate.

Whenever we are getting a request where the traffic could hit multiple firewalls, FireMon fact checks us to make sure we are putting the rule in the correct firewall.

FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated.

They license per module. They have four main modules that they license currently. The base license is included with the Security Manager module, which was our initial purchase back a year ago. 

The professional services is an add-on, and it is one where you can purchase more professional services. It is per project. So, it is an add-on for your initial implementation project. At a later time, if you have another project that you would want professional services on, they will quote you for that. 

The support comes in tiers and it's also per module. I don't know of anyone who would purchase a license for a module and not purchase the support that comes with it. 

We evaluated both Tufin and AlgoSec, as competitors of FireMon. FireMon differentiated itself because it was more fully featured on the firewalls that we were deploying.

My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool.

If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base.

We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value.

We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it.

We don't use FireMon to automatically make changes on our firewalls.

I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

We use Security Manager for firewall changes, monitoring, and audits. 

FireMon makes it much easier for us to track firewall changes and perform audits. It has made our compliance process more efficient. Before we implemented FireMon we had to go into each individual firewall and check the rules. Now, we pull a report, and that's it. 

We can monitor and implement changes across different firewall vendors. It lets us clean up our firewall rules regularly, which we do as part of our audit. It helps us save time managing firewall policies. We don't make changes to our firewall policies through FireMon, but we use it to track changes across various firewalls. It makes our internal processes more efficient and improves our visibility. 

It reduces risks. Better visibility and cross-vendor integration give us more control and context about potential changes. Having a product for monitoring critical changes is crucial for our security posture. 

I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement. That's useful for regular audits and monitoring some critical events we want to know about. We can configure alerts that notify us about policy changes. This is pretty beneficial for monitoring and helps us track changes in the projects. 

We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us.

We have used FireMon for about two and a half years. 

FireMon is more or less stable. We've had some issues with backups failing. 

I believe that FireMon is scalable. 

I rate FireMon support seven out of 10. It varies depending on who you get. We sometimes get a highly knowledgeable agent, but other times, it seems like we just go in circles. It sometimes takes them a while to understand what we want. 

FireMon professional services helped us during deployment, and it was relatively straightforward. Deployment took us around two months. 

FireMon is working on our project scope. We save some labor power on our side. 

I rate FireMon Security Manager eight out of 10. It has many more features than we use, but we have a limited scope. I think we could've done more had we used that momentum when we were implementing it. 

Even if you think having a firewall management solution isn't a priority, the FireMon can provide more visibility and make some tasks easier, faster, and more efficient.