IT Central Station is now PeerSpot: Here's why

What advice do you have for others considering FireMon?

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)

If you were talking to someone whose organization is considering FireMon, what would you say?

How would you rate it and why? Any other tips or advice?

PeerSpot user
1414 Answers

reviewer1703760 - PeerSpot reviewer
Real User

It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard. To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important. In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them. It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much. In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies. I would rate it a seven out of 10.

reviewer1658859 - PeerSpot reviewer
Top 20Real User

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are. We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it. This is definitely a product that I recommend, based primarily on how it compares with other similar tools. I would rate this solution a nine out of ten.

reviewer1643730 - PeerSpot reviewer
Top 20Real User

My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool. If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base. We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value. We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it. We don't use FireMon to automatically make changes on our firewalls. I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

Jeff Plotkin - PeerSpot reviewer
Real User

We haven't been using it for compliance at this point. The auditors use a different application for compliance. So we've been running that to check with security compliance. I would rate FireMon a ten out of ten.

MikaKwok - PeerSpot reviewer
Real User

It's a good solution that is stable, I would recommend this solution to others. I would rate FireMon an eight out of ten.

Joao Manso - PeerSpot reviewer
Top 5Reseller

My advice is to make sure you choose the right reseller because it's not a product you should use by itself. Overall, on a scale from one to ten, I would give FireMon a rating of eight.

reviewer1489200 - PeerSpot reviewer
Real User

On a scale from one to ten, I would give FireMon a five.

Pranav Gupta - PeerSpot reviewer
Top 5Real User

We're using the latest version of the solution currently. I'd rate the solution ten out of ten. I've been very happy with the product overall. I'd recommend the solution as it's so easy to use. Clients are very happy with it.

Chris Goodrich - PeerSpot reviewer
Real User

It is fairly straightforward to use, and I haven't really had a whole lot of issues with it. This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle. We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise.

InfoAssu7204 - PeerSpot reviewer
Real User

Each deployment scenario will be unique. A robust proof of concept is key to make sure it will meet all of your intended use cases. The solution is managing 25 percent of our firewalls right now. We probably won't increase usage until we can get the required features for firewall change rule management to work correctly. We probably will not increase usage until that works. I would rate it as a six (out of ten). We need the end-to-end mapping feature working to make it a ten. That is just our next phase. I don't know what other problems that we will run into. There is a lot to deploy before we can give all the details of what we need to make it a ten. There is integration with ServiceNow and some of our other tools. We have to make sure all that is working before we could give it a ten.

Daniel James - PeerSpot reviewer
Real User

The best advice that I could give, honestly, would be not to look at a product for a short-term goal. Speak with the vendor about the maturity model that you want to go down and the roadmap that you have for your organization. They have a lot of different components and products that complement each other. I'm still waiting to do stuff now or next year that I wish I could have gotten funding for three years ago. If you're going to engage and move forward with something, try to future-proof what you're signing yourself up for. Take into consideration where your roadmap is taking you. If there is something you know you're going to do in two years, and they have this other product that supports that effort and can provide greater ROI between now and then, go ahead and lump that into it. As far as the solution's cloud support automation for public cloud platforms goes, I have used it and looked at it enough to ensure that it aligns with our roadmap. I feel it's there, but we're not currently utilizing the functionality. The solution would provide us with a single pane of glass for on-premise and cloud environments, but we're not using a production cloud environment at this time. However, I have made sure that whenever that does become a bigger footprint in our infrastructure, everything's going to be in place for us, as far as FireMon as a solution is concerned. The solution provides us with the option to have comprehensive visibility of all devices, but a prerequisite to it being able to provide that information is that the owners of the solution have to optimize and educate FireMon. That has not necessarily been a high concern of ours. It hasn't been a primary responsibility over the years for me to take my network map and input it into the device. For me, it doesn't fulfill that function, but that's not necessarily a reflection of the tool's abilities. In terms of using the solution to conduct a full inventory of our assets to secure everything, the Security Manager portion of it, alone, won't be able to perform that function. I think that there are a couple of other options that the vendor provides which address that need, but it's not something that we've invested in. Immediate Insight is the tool that associates itself with that kind of task. It's not something that we currently have the plugin for. End-to-end change automation for the entire rule lifecycle is something we're moving towards. It is something we have on our roadmap and that we've worked out with the vendor, to make sure we'll be getting funding for that integration. Integration is required to create that full automation. FireMon does support that and it's something that we're actively pursuing, but we have not submitted funding for it yet. I would certainly give it a nine out of ten because there's always room for improvement. Also, once I'm happy with a vendor, I'm not necessarily interested in whatever their competitors are doing. If I was sitting down with FireMon and all of their competitors every year, I might be able to say, "Hey, Tufin is doing this, why aren't you guys doing this?" But I don't do that. I would only feel comfortable giving a ten if I went through that process. I'm very happy with the solution for what it is, for how much it reduces my overhead, and how much it allows me to do things that, otherwise, I just wouldn't have the option of doing.

Orlando Paulino - PeerSpot reviewer
Real User

In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product. In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud. We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it. We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with. When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this. We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there. We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker. I rate FireMon at ten out of ten. I am very happy with the tool.

NetworkSad34 - PeerSpot reviewer
Real User

Make sure that you get the correct hardware for whatever size environment you have. End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for. There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data. Two people could do deployment and maintenance, although I tend to do it by myself. I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me.

it_user883929 - PeerSpot reviewer

The version is an important choice for the product.

Buyer's Guide
June 2022
Learn what your peers think about FireMon. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
608,010 professionals have used our research since 2012.