Try our new research platform with insights from 80,000+ expert users
FireMon Security Manager Logo

FireMon Security Manager pros and cons

Vendor: FireMon
4.1 out of 5
1,768 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

FireMon Security Manager is valued for its comprehensive firewall rule auditing, including traffic analysis, flow discovery, and identification of hidden or shadow rules across multiple firewall brands.
FireMon Security Manager enables unified security management through a single interface, simplifying the monitoring and management of configurations for multi-brand firewall environments.
FireMon Security Manager facilitates efficient policy optimization and compliance by automating rule review processes, thus saving time and reducing errors in firewall rule administration.
FireMon Security Manager provides robust reporting and query capabilities which are critical for achieving compliance and understanding security environments.
FireMon Security Manager enhances operational efficiency with features like automated ticketing systems, which reduce manual overhead and the risk of human error in security management processes.

CONS

Migration for 7.x customers requires improvement and can be time-consuming.
Lack of mature AWS integration limits cloud management capabilities.
Reporting issues exist, with hit count inaccuracies and lack of report sharing among users.
Some core functionality is buggy, requiring better Q&A in code releases.
Pricing is considered expensive.
 

FireMon Security Manager Pros review quotes

DJ
May 13, 2019
The most valuable feature is the reporting capability because everything that we do is a result of our being able to query a report, based on our environment and our PCI compliance efforts.
JE
Aug 4, 2021
FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration.
JeffReese - PeerSpot reviewer
Jul 25, 2022
In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level.
Learn what your peers think about FireMon Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
JO
Aug 26, 2021
We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy.
RN
Aug 26, 2021
The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, headcounts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.
MH
Nov 25, 2021
The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries.
BK
Nov 29, 2021
The most valuable features are the security assessments and the ability to identify unused rules or objects.
SG
Sep 4, 2022
The unused objects is another nice feature, where it digs a little bit deeper into comparing the logs that it sees versus the configurations that it sees... The unused objects feature will go through in a pretty detailed way and show us which ones aren't being used. Or, if they are used, it will show us how often they're used.
OP
May 9, 2019
The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,
SW
Apr 30, 2019
It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on.
 

FireMon Security Manager Cons review quotes

DJ
May 13, 2019
The current health and monitoring of the devices is atrocious... Imagine you have a list of 200 devices, and you can grade each of those devices as either green, yellow, or red. However, there might be three different reasons for you to go to red, or eight different reasons to go to yellow, and all of those things could be combined... Out of all those categories, I only find one or two of them that are, perhaps, pertinent.
JE
Aug 4, 2021
While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon.
JeffReese - PeerSpot reviewer
Jul 25, 2022
When it comes to documentation, they need to start putting together a basic command manual. With Cisco, you can look up a command and it gives you examples of three or four different ways that command can be used. It tells you how to put it into the GUI and the CLI. FireMon does need to start doing that.
Learn what your peers think about FireMon Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
JO
Aug 26, 2021
The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly.
RN
Aug 26, 2021
We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.
MH
Nov 25, 2021
I think that having a more open system and providing documentation for it would be helpful for users like us. We are pretty adept and can navigate through the Linux software that the on-premises FireMon is based on. It would help us in the long run.
BK
Nov 29, 2021
Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric. I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there.
SG
Sep 4, 2022
To my knowledge, there's no cloud component to FireMon whatsoever. We're on the hook for any updates to versioning of the operating system or the application that runs on the operating system. It would be nice if it was a little bit more automated.
OP
May 9, 2019
We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement.
SW
Apr 30, 2019
Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release.