FireMon Security Manager Reviews

Policy test, access path analysis, and change reports.

Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly across the enterprise, troubleshoot, or to help choose the optimal path for proposed rules. Change reports on the device dashboard show us at a glance what was changed in a particular firewall config, by date, so we can easily troubleshoot problems with implementation.

It streamlined the firewall policy change management process by having all firewalls managed in one tool, and a workflow customized to our needs.

Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified.

4 years

No issues with stability.

No…we easily added a second data collector when needed.

Excellent.

Excellent--tech support engineers go above and beyond to answer questions and resolve issues.

We previously used separate database applications to route change requests for approval, and did not have a tool likeSecurity Managerwith visibility into all the firewall configs and activity.

Infrastructure was simple to set up, but custom workflow was complex, due to customer regulatory environment necessitating a lot of customization. FireMon Professional Services was able to accommodate, though.

In-house project management and equipment configuration; vendor install in the data centers; Firemon Professional Services for extensive custom workflow development.

Pricing model seems fair. Make sure to separate active versus inactive devices, and primary versus standby in HA pairs, as there is a significant cost savings for licensing; licenses on the applications are perpetual.

Customer evaluated other products, but chose FireMon due to its features and rating on Gartner.

Review your current operational requirements and processes well, and determine what can change, internally, to take full advantage of the standard FireMon processes.

It was used for firewall change review. For our company, it became an invaluable tool for auditing purposes.

It allowed us to track every change made to the firewall. We were able to see who made the changes, when the changes were made, and exactly what was modified.

We monitored multiple firewalls. In the version we used, we had to check the changes made on each firewall individually. We didn’t see a condensed list of changes across our environment.

I used it for 1.5 yrs.

We encountered minor issues with FireMon and its collection of data from Palo Alto firewalls. It required a small amount of additional time with system engineers on our side and on FireMon’s side to complete the deployment.

The customer service was excellent.

At the time we were using the product, it did seem like the tech support staff was very limited in size. I am sure they have grown more since we used this product.

We used another product (Tufin). For us, we needed to make a change because they lacked the ability to support Palo Alto (at that time). FireMon was a better fit with that firewall.

The initial setup was straightforward. Minimal support was required to complete it.

We implemented it through an in-house team. We required minimal assistance from the vendor.

There are very few products that can do what FireMon can. I would definitely recommend it if there is a need to review firewall changes.

The ability to audit our firewall rule base is my favorite feature. It allows us to determine which rules can be removed and it helps us reduce our security footprint.

Over the past two years, we have been able to identify a bunch of rules that were orphaned and no longer have any need.

These rules were exposing our organization to undue risk associated with devices being exposed to the internet that shouldn’t have been exposed.

We use the feature to identify some rules that were no longer needed. That helps us reduce our overall, organizational risk profile.

What's funny is that if I had been asked eight months ago about areas with room for improvement, I would have said the product in general needed to be improved. It wasn't web-based. It was client-based and it was just kind of clunky.

In the last eight months since we upgraded to the web version, there isn't a lot of need for improvement. I feel like it is pretty good. Things have been a lot better for us since we upgraded to the web version. I'm happy with it right now and I don't have any complaints.

We’ve been using this solution for just over two years.

We haven’t had any stability problems. I had one or two minor issues since the upgrade, such as upgrade failures. I couldn’t get the system to accept a maintenance release. Those issues were resolved pretty quickly. There have been no stability issues, nor long-term outage issues.

We have a fairly limited amount of systems that are monitored by FireMon. Our box can support up to 20-25 devices. We only have eight devices to monitor. We still have a lot of overhead. We haven’t noticed any slowdown issues or any problems of a scalable nature on the device.

Back then, it was client-based and the setup was not so straightforward. Most things worked well right out of the box.

Although I haven’t done an actual setup after it became web-based, I can see that it is much easier. You don’t have to download a client. You just have a website. There is no need for a command-line configuration to get it up and running. It was fine for overall level of difficultly before and I can assume it is easier now.

We did not evaluate other options. This was the first of its kind. I saw it at a vendor/expo demo and I was interested in it.

Our vendor that we work with threw it into a deal. We paid for support and they were trying to increase the overall install base footprint. They made a couple deals with us for a next generation firewall. I wasn’t budgeted to purchase it, but it was part of a deal, and it fell into our lap for next generation firewall monitoring.

FireMon is a very good product; is a slippery slope in terms of deployment. It can monitor all of your network devices and firewalls. I would imagine a lot of people probably use it for that.

We are a small organization. From a cost and work standpoint, we only wanted the ability to audit and manage our firewall rule sets. It’s been good for us in that way.

People need to think about what’s important to them based on a monitoring point of view, which is regulation-based. That wasn’t an issue for us. I recommend that people considered the best-sized solution for them. Give it a try. It’s worked well for us.

I would rate it as the best firewall monitoring platform that I’ve used, but I’ve only used FireMon.

We are a Palo Alto customer and this is a great tool to augment the Palo Alto tool set. It’s a very beneficial product. It fills the gap of things you can’t get with standard Palo Alto management, such as long-term analysis and knowing what’s really going on with objects and rules in the firewall rule base.

• The ability to look for shadow-based rules
• The ability to look for rules that are being used
• Change management
• Gets alerts from the system

• The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used.
• Helps us to identify those items and gives us the ability to go back and audit the firewalls.
• It gives us the ability to determine what our security architecture looks like: This helps us secure our company better. This helps us to determine who is making the changes and we then have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
• We were in the middle of a project where we were migrating from one set of firewalls, that were old, to a newer set. This tool allowed us to go through and identify rules that we could get rid of. It allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls. It helps us to understand what's being used and what's not.
• It helps us to research what rules are already in place, so that way we don't have to add anything. It is a quick look up for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked." This is a feature that we like to use and it helps us save time.

So far, we're not too much into the product.

• We don't quite like the web interface.
• We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a huge learning curve for us to use the web interface.
• We have to learn their query language or define the details that we need.
• Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way that it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

It's going on for at least three years now, if not more.

There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.

They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.

We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.

I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.

If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.

We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.

The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.

I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.

The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the changes and have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."

The ability for spotting the shadowed-based rules helps us to eliminate overlapping rules that may not be otherwise needed or maybe under-used. It helps us to identify that stuff and gives us the ability to go back and audit the firewalls.

On the whole, it gives us the ability to determine what our security architecture looks like, so as to help secure our company better.

It's kind of a two-fold type thing for us. We were in the middle of a project, where we were migrating from one set of firewalls that were old to a newer set. So, this tool has allowed us to go through and identify rules that we could get rid off and allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls, so as to understand what's being used and what's not.

It helps us to just do a research into what rules are already in place, so that way we don't have to add anything and it is a quick lookup for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked at." This is a feature that we like to use and it helps us save time.

So far, we're not too much into the product yet. However, we're not really liking the web interface. We enjoy the so-called fat client a lot better because it just gives a bit more of the opportunities to work with the software faster, whereas there's been a huge learning curve for us to use the web interface. Then, we also have to learn their query language or define the details that we need.

Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

It's going on for at least three years now, if not more.

There were a few issues with stability initially, but luckily FireMon is very supportive in terms of their support staff. They have been able to identify the issues that we've been having, and in turn implement some kind of compensating mechanism or come up with a solution in order to fix it, so as to help us resolve our issues. Overall, we've been pretty happy with the support team.

We have not had any scalability issues and I've been very impressed in that aspect. At one point, we had a single server and we overloaded it pretty quickly, with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as syslog goes. So, I had to out-size our environment to compensate for the additional logs and had to deploy to a couple of other different sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

Overall, I would give the technical support team a 10/10. There have been maybe a few issues, here and there. Unfortunately, it has taken some time for them to resolve and it goes back to them, i.e., asking for updates, and working with myself and the team to understand what issues we're having. They try to help us resolve issues either through training or going back to the development team and asking for a feature.

We didn't previously use any other solution. This was definitely one of the best of its breed that we researched. Eventually, this tool is what we selected to go with.

The setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things, so that it could go out and fetch the configurations/settings. Thus, it was relatively easy.

I believe the other option that we looked at was Infoblox and maybe one other tool. However, Infoblox was just too cumbersome and didn't offer a lot of features. In comparison, we felt that FireMon had those out-of-the-box features built-in.

Definitely, you should look into how many syslogs you're getting because there is a limitation on how many syslog messages it can handle per second. We felt in a more distributed environment, it allowed us to support our network more adequately. So even with our main data centers, we had to usually have three or more collectors in order to deal with the amount of syslogs we're sending. We also had to include a few different offices needing their own implementation of data collectors.

This company does a pretty solid job and they're always constantly wanting to improve their products.

The most valuable features are the FireMon reporting for change control as well as rule utilization.

It allows us to do utilization and cleaning of our policies. For your firewall, you have a series of rules and stuff that identify traffic, sort of whether or not the rules within your firewall policy are actually being used; what part of the rule is being used; whether or not it's identifying issues. You've got 1000 rules and only 900 are actually being used. About 100 of them are not.

We're now getting hit counts within Check Point that give us that information, but sometimes a rule says that it has been hit a lot even though it's not all the services within that rule. So it allows us to edit, modify and clean in order to remove anything that's not used.

I would say the most recent release caused us a lot of trouble as we couldn't get it working for a while, so we weren't getting the reports that we wanted, but it has improved. It's just very, very different. The most recent release level was dramatically different.

Maybe better videos or whatever could be included as to how to work with the updated product.

I believe it's going on about five years, maybe as much as six.

When we transferred from one release to the next, the most recent upgrade, the integration with Check Point gateways was very poor and so it was for almost a year that the product was unusable to us.

I think the scalability seems fine, although not all of our gateways are licensed so that in itself also caused some issues, because the product had to be more tuned to the fact that our environment doesn't utilize FireMon for all of its gateways.

I would say technical support is about 8/10. Some issues just weren't handled quickly enough, I guess.

We previously used an earlier release of FireMon and they had good success with that. In the newest release, we had a lot of problems. Prior to that, we really didn't have a tool to do that type of analysis for us. Although the most recent releases from Check Point have given us better analytics within our environment, FireMon has provided us with a better view into our environment. We didn't have anything prior to that.

I haven't really been involved much with the licensing. It seems fairly straightforward. Regarding the training after setup, I find the videos maybe could be a little bit better in respect to how to work with your FireMon product to get the best out of it; so maybe some better training videos on how to work with the product.

I believe the only other option I looked at was Check Point's reporting option and it was quite costly.

When using this product, you have to spend time understanding not only how it was installed but what information you can get from the product. The customization of reports, whether they can be automated or on demand. So just getting a better understanding of what you can get from the application is useful.

The security policy manager: We run reports regularly for the customer to show unused tools and unused objects, and to clean up the firewall policy.

Our firewall policies - we work under the standard ITIL framework - and project managers are very good at adding rules to allow their projects to work. However, they're not so good at coming back when the project is finished or the solution has been terminated and cleaning up the rubbish. So, if we don't use this product, we end up with thousands and thousands and thousands of rules, most of which aren't used.

I basically came on board to do the upgrade, which I've done. So, in the old product, we were able to get things out of the CSV file format and that allows you to then manipulate it, but now it's PDF mainly. Beforehand, we were able to take it into CSV and manipulate it in Excel, but now we can't do that anymore. A revert back on this would be good.

Overall, the product seems pretty good, but the fact that we've taken the CSV out now, that seems to me to be like a step backwards. They should be adding functionality, not taking it away.

I only started using it literally about four months ago.

We haven't had any issues with stability yet. Well, we did during the upgrade, to be honest. So, when we did the upgrade, we had to get new versions written for us so that the upgrade worked. It didn't work just off the bat, but once we had that done, it worked fine.

We haven't had any issues with scalability as we're not using that many devices reporting to it, so we haven't had any problems with scalability at all.

I would rate technical support at around 7/10. I mean the reason for giving it a seven is the guy we spoke to over in Germany. He was quite good, but the problem was that it had to go back to the development team, which took a long time to get resolved.

So, basically what happened was, we raised a fault, we went through the upgrade with them and we were able to go to a particular version, as we were running a really old version; version six. We went to version seven but then stopped accessing the system. We then said to them, 'Well, how do we get to version eight?' The upgrade ping didn't seem to work. So they then had to go off and write us a new thing, but all that took months. Three months, four months and we were without access to that system for a long time.

I don't think we used anything beforehand.

I think there has been an evaluation, but I wasn't party to it.

I don't know what advice I would give to others. We are having a lot of problems with the licensing, to be honest. So, there's an issue with the UK and US date format.

When we renew our licenses, I don't know whether it's through our distributor or whatever, but they keep changing the format. In the American date format, you put the month first, then the date, then the year. In the UK we put the day first, then the month, then the year, and they keep flipping the dates over so we lose about three or four months on the licensing every time. We have to go back to our salesperson to get that fixed.

Also, when we did the upgrade, for some reason, we had enough licenses to start with but after the upgrade, we didn't. So, we didn't add any new devices, and we've got a thing in with the salesperson to find out why; what's changed there.

The Security Manager is the most valuable feature.

It helps us eliminate rules that are not needed on the firewall and to consolidate them. It saves us a lot of time and makes my work easier.

Make writing the reports easier. There's a lot of canned reports and if you want to write a specific report that you're interested in looking at, it's rather hard because I'm not a programmer. I don't know all the programming languages needed to do that. I can look at what reports exist and try to take that and kind of change it to something that I want to see and it doesn't always work. It's not real easy to do.

I have been using FireMon for about six months.

It's been pretty stable.

I have not had any scalability problems at all.

We have called them and they've always been really helpful. They've resolved our issue in a timely manner. I would rate them a 4/5.

We didn't have any other solution. This is the first of its kind.

Setup was straightforward. The instructions were really simple. We put in the basic information and then they scheduled some time with us to go through the setup and walk us through each one of the screens, what they do, what to look for and things like that. They kind of gave a little bit of a training class or training session.

They set a round of what we wanted to see. They didn't just come in and say, "Here's how it works", because different companies are different. Different companies want to use it in different ways, so they found out what we wanted and helped us set the training up to look at things that we want to be able to use it for. That was nice.

We didn't evaluate any other products.

I think it's a good product. It's very stable. It's quick and it's easy to learn. It's easy to run reports. There are a lot of reports that you can run. That helps the management of your firewall.