FireMon Security Manager Reviews

We have multiple use cases but most of our use of Firemon is around our security focus. We use it to make sure that bad things don't happen within the infrastructure.

We're able to push policy changes on a daily basis. Before, we had to schedule certain timeframes, but now we can push them throughout the day without having any issues. For us, it's only on-prem and for the cloud, but it does make things a lot easier to deploy.

Also, the cleanup of firewall rules in a large environment is a huge benefit. It allows us to stay current and get rid of all the junk that is in there. It's huge. 

It definitely saves us time in accurately creating, approving, and deploying firewall policy rules. And that is true as well for changing firewall policy rules. We're able to review them and either reject or agree with what the policies are trying to do.

Another advantage is that Firemon has decreased human error by taking all the human factors out of it. That's a good thing.

The ease of use is the most valuable feature. There are a lot of products out there, but the ability to navigate through and use Firemon is very good.

It's also a pretty good solution when it comes to real-time compliance management. We get feeds on a daily basis and they're real-time. It does its job well. There are only a couple of players in the market that do the job well, and FireMon is one of them.

For compliance reporting, the reports are definitely easier to create. We still have to massage them into something different, but it's helped out a little bit. The information is there.

Another pretty important feature is that it automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. With security, you have to be able to react fast. You can't allow a threat to get deeply into your infrastructure. You have to catch it at the beginning. It's important to us to know that it's acting.

When it comes to identifying risk in our environment and prioritizing fixes, it is really about the different priorities within the organization. FireMon is not so smart that it can tell what's important to us. It's up to us to figure that out.

FireMon has been within our infrastructure for at least 10 years.

Regarding automating firewall policy changes, we don't like the word "automation" for the simple fact that automation is dangerous. We don't want it to take over. We want to be able to review everything before it happens.

There are different groups within our organization that are plugging their routers into the FireMon solution. They have central monitoring and also a central repository, which allows them to look at all of the rule sets.

Basically, there are a few core sites that we plug into and we use FireMon to clean up the firewalls and help with any troubleshooting that comes up. It helps because it provides visibility into everything.

We are only using the Security Manager and we don't have any auditing on that.

When a rule comes in, we audit whether the rule is placed in the correct order and if it matches the request that came in. We do that after the fact.

Using FireMon has sped up our process a little bit.

We had a fairly big hiatus where we weren't really utilizing it to the degree that we wanted. This is because, after the upgrade, there were a few critical things that broke. We worked with FireMon to alleviate those issues and to get them fixed. Now, it's to the point where it was before the upgrade, and we're trying to utilize it more for what we need. This includes compliance, security checks, and a lot of cleaning up.

In terms of cleaning up firewall rules, FireMon helps in the sense that we can determine which rules are justified. One of my teammates actually created a script using the API to pull all the rules for a few of the core devices. Then, we give them to the respective group within the organization to look at and audit. This is something that is done on an annual basis. In that sense, we have started to utilize FireMon a lot, and it gives users a clean look at all of the firewall policies they have and provides them the opportunity to justify them. That helps cleanup because anything that's not justified or that needs to go, we can submit a request and get those taken care of.

For creating, approving, and deploying firewall rules, FireMon saves us time when it comes to the troubleshooting aspect. When there are issues with blocks that happen for users, or if they are trying to go from one end to another end, either outside the internet or internally, FireMon homes in and helps us. We use FireMon more for this, rather than to audit specific rules.

We are using it read-only right now, so it helps us to find the policy in question that could be the cause of the issue, but we alleviate it by submitting a request. There's a lengthy process for validating and verifying requests that come in, so the product doesn't save us time in this regard. We have the visual but then we tell the respective team to handle the writing on the device.

Using FireMon has decreased errors and misconfigurations that would have otherwise increased risk in our environment. I can't estimate an exact number but when we did the initial cleanup a year ago, on the core devices it helped us to eliminate rules that weren't really being used. It was between 300 and 400 rules per device, which is a significant amount.

FireMon has helped us to identify risks in the environment and to prioritize the fixes. This is mainly with some of the security blocking rules that we have, which are pretty intense. Firemon found issues where they were blocking too much or too little. It didn't have a very large impact on our security posture because we have other security tools that we're utilizing for intrusion detection, as well as other vulnerabilities. Because we're using it read-only, its primary use is as a monitoring solution. It doesn't do too much but does help with finding security issues before something goes wrong.

FireMon provides an automated way of figuring out which rules are redundant and which ones aren't used, based on the sys log data.

The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries.

One way FireMon could be improved is to open up a little bit. Our team is pretty Linux-savvy and when we're troubleshooting on our own, we're limited by the way the backend is locked down. For example, if we're running into issues with a device not being read properly into the system, we have to go offsite and this doesn't give us the answers we want. We have to wait to create a ticket.

I think that having a more open system and providing documentation for it would be helpful for users like us. We are pretty adept and can navigate through the Linux software that the on-premises FireMon is based on. It would help us in the long run.

Again, having a more open system that we can operate using our own scripting and automation would be useful. The API is there, which helps a lot, but a more open system would let us better dig into issues.

I have been using FireMon since I joined the company, approximately two years ago. The company had already been using it in production before that.

It's pretty stable. We do have false negatives about things going awry, but when we submit a CRQ, or submit a ticket to FireMon about it, they're usually aware of the problem. In some cases, we've had swap file issues, which goes into the yellow, and that's normal.

The on-premises deployment is pretty scalable. We have four or five collectors, which is a pretty decently sized deployment. Adding more connectors is just spinning up a new VM in most cases.

We don't have too many connected devices, although that is something that we're working on. It's part of the initiative. We're also looking into gathering information from AWS, the Amazon Web Services, although we're hitting a few roadblocks and we're working with FireMon about.

In that sense, in the way that we want to scale in the Amazon environment, we're just getting clarification from them about it. That's the only downside for scalability that we've found so far. It may be a non-issue but we're working with them to figure it out.

We use technical support pretty regularly and they are prompt. We have a point of contact, who is a project manager that is appointed to us from them. If we have any issues then we contact them directly, and they are pretty quick to respond and remediate any problems.

If it's a small issue, we submit a ticket and they get back to us within a few hours. 

I would rate the technical support a seven out of ten, as there are some areas that need improvement. For example, sometimes when we have a very detailed question, it takes them a bit to get back to us, rather than having knowledgeable people there. Usually, these are detailed questions that we have and we expect the technical resource to have the answers, or to get the answers very quickly.

We did not use another similar solution prior to this one. FireMon was purely stood up to clean up the firewall rules.

I was not with the company for the initial setup but it was pretty straightforward when we did the upgrade. There were no real issues in the process.

Initially, we did have some high-maintenance requirements for it. That was at a point when we were having issues with it. However, after those were fixed within the system, it's been pretty low-maintenance. It runs as it needs to.

FireMon can be used for real-time compliance management, and this is something that we're working on right now. We're working on doing a better job of creating our own custom compliances. The default ones are okay but we're trying to create our own compliance so that we can use that feature a little bit more. Right now, it's just sitting there with most of the defaults but that's one of the goals.

We do not have FireMon fully integrated with anything. It operates mainly in a standalone fashion. If we wanted to, it could be used with the other security appliances. They are also standalone and operate independently.

My advice for anybody who is considering FireMon is to check to make sure that FireMon is capable of pulling data from all of the devices. We have found some gaps in the support for some devices, and we've had to go back and forth for a custom device pack.  It is important to look at the environment to ensure that all of the necessary devices can be monitored.

If FireMon is being used but rule cleanup isn't a priority, then standing it up for the Security Manager and pulling data from all of the devices still allows you to clean things up when there is downtime. As long as the firewall rules are logged, then it should be left to run and collect data until it's a priority. When there is time for a cleanup, it will find the redundant rules, shadow rules, and rules that haven't been used for a while. The reporting functionality auto generates that information and it will provide a stepping stone for easier cleanup.

The capability is there with this product but it has to be refined. Most of the time when we try to add a new device, it should work but we run into issues. It's not hiccup-free. The software is getting there but for now, we run into issues too often.

I would rate this solution a five out of ten.

We are using FireMon Policy Planner because we have a lot of tickets every day, and we are trying to automate the resolution for each ticket. This is our primary use case.

We are not specifically using FireMon for compliance management at this point. However, we will be looking at using more of the features within the next year.

Using FireMon means that we can quickly implement new firewall rules.

FireMon provides the capability for automating firewall policy changes. This helps to reduce errors and overall expense, which are the most important things for our company right now.

Prior to using FireMon, we had to use another procedure that would check every rule that we created. Now, we don't need to do this anymore. Everything is done automatically.

By using the Policy Planner when we are going to create a new rule, it will stop us if there is a similar one that has already been created. Often, we don't have to create new objects because we can reuse the ones that are already in place for the firewall.

FireMon helps us to reduce our policy rule set by cleaning up unused and redundant rules. Prior to using FireMon, our firewall had approximately 10,000 rules. After the cleanup,  that was cut in half to approximately 5,000 rules.

Because we are using automation, FireMon has reduced the time it takes to create new rules in our firewalls. It used to take approximately 15 minutes to create a rule, whereas now, with FireMon, it takes about 7 minutes.

FireMon saves us time when it comes to changing firewall policy rules. On average, we receive 16 tickets per day that relate to changing policy. All of these are now handled by FireMon, which means that we can spend more time on other activities or different operations.

This solution has improved our security posture because before implementing it, we had firewall rules with many sources and destinations. As it is now, our ruleset is very fine-tuned. We have only the source or destination defined that we need.

The GUI is easy to use and makes it very easy to manage the platform.

The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead.

We have had some stability issues that are affecting operations. We rely heavily on this solution and if it isn't working then we have to create rules manually.

We have had some stability issues where the solution could not be used.

The technical support team is very good. When I have to call or create a support ticket, the response is very fast and they are always very helpful.

Prior to FireMon, we were using Tufin. We switched to FireMon because the support for Tufin is not good. When I created a ticket, their response time was very poor.

FireMon is working to integrate with different vendors and different solutions like Palo Alto and Check Point. Tufin does not have many options when it comes to working with other vendors.

It is very easy to set up and deploy this solution. It took perhaps one hour to complete.

I didn't have to use a professional service to create the environment. I received a couple of files and then deployed the product myself.

If I were explaining to a friend of mine at another company what the benefits of FireMon are, I would tell them that it integrates well with other vendors. It is easy to use, help is available by looking through the menus, and the support team is good. You don't need to hire a professional service to set it up and use it. Rather, management of this solution is very easy.

I would rate this solution a nine out of ten.

We use it for firewall management and security management, firewall health, and processing firewall change requests.

Firewalls are very complex, and FireMon allows us to identify a firewall rule that may have a lot of sources, destinations, and paths, and identify various high-risk ports and high-risk situations that either shouldn't be implemented or need to be rectified prior to implementation.

It has not really saved us time yet because there is still some pretty significant manual intervention involved. We haven't implemented it on all firewall types yet because we have hundreds and hundreds of firewalls that do different things and because different firewalls have different risk conditions. But for the ones we have implemented it on, while it doesn't really save time, per se, it does provide higher visibility into high-risk situations, which were very difficult to identify before. As a result, it has decreased risk.

The most valuable features are the security assessments and the ability to identify unused rules or objects. 

The real-time compliance management, in general, is also pretty good, as is the cleanup of firewall rules in a large, enterprise environment.

It doesn't yet handle our firewall brand very well and some of the complexities that exist in a very large organization like ours. For example, it doesn't handle network address translation very well for cleanup and it doesn't handle nested objects very well for cleanup. It does unused-firewall-rule cleanup pretty well, but we have had to do some extensive modification because it sometimes gave us false positives. It would identify a firewall rule as unused when it really wasn't unused, due to the nature of how Palo Alto works and how FireMon works. That has required some manual workarounds.

I also wouldn't say the solution automatically warns before new firewall rules, or changes to existing ones, violate compliance policies. Not totally. When a change request comes through, it runs through the FireMon process and if it is a high-risk situation, FireMon will flag it. It then requires manual intervention or manual evaluation or correction. Other than that, we work from a monthly audit report that runs to flag any rules that are high-risk. We want to streamline our operations and make them more effective and automated so that high-risk requests are filtered out and validated automatically or semi-automatically, prior to implementation.

We're working on automating the request process, but we're at a standstill right now because FireMon doesn't handle Palo Alto attributes very well yet. It's very Check Point-centric. We've had limited success with automating, as a result. They need to be able to handle Palo Alto firewalls better. For example, they don't do App-ID very well.

I have been using FireMon for almost two years.

We've had some stability issues in the past with FireMon. We still have a few that they say are fixed in version 9.5. But we can't run version 9.5 yet because they took out the SNMP management and our ability to remotely monitor our FireMon instance. As a result, we can't put that version into production yet. They're putting that ability back. That's a feature that we absolutely require. We're not the only ones that require It. In talking with them, a number of customers have complained about that.

We've had some issues with file systems filling up because it identifies unused or unlicensed firewalls and it adds them to the list. It's trying to pull unused firewalls and that is filling up the file system and crashing the system. It still does that on version 9.3, but they say it's fixed in version 9.5.

It's hard to scale FireMon. You have to add a lot more appliances or virtual machines to run the software and scale it appropriately. Because we're a worldwide organization, we've had to do a lot of that. We've had to split out our application servers and databases. We have three instances around the world and we're probably going to need to add more as we go forward, because it does have some limitations in how much it can process at any point in time.

It's also, in part, a Palo Alto issue because Palo Alto processing is very slow. So in the handoff between Palo Alto and FireMon, we've had some issues where FireMon doesn't always retrieve the configurations in a timely manner. When we run a report that is not necessarily running on the current data for all firewall rules, a firewall rule will suddenly be flagged as "not used," for example, when it really is used.

In general, their tech support is pretty good. 

I do have a concern with them, and I did express it to them already: Sometimes, it seems that when a new release comes out and changes take place, their development team doesn't always let the field support people know what the changes are. We have run into something on several occasions that caught the technical account manager off guard because he wasn't aware of it. It was only when we surfaced it that he realized it and said, "Oh yeah, that has changed and they never told me."

But generally, their technical support has been able to resolve issues. They're good, but I don't think they have enough expertise yet in Palo Alto.

Some of our requests are feature requests. We're working with them on a lot of those and they take more time. Some have to be put into a future release, and some are on their roadmap but haven't been pushed out yet. 

Positive

Before FireMon everything was manual.

Our initial setup of FireMon was pretty complex, but we're trying to simplify things by choosing where we start. We're starting with some of our simpler, more straightforward firewalls. We haven't even gotten to the complex ones yet. It's a very slow process.

We haven't calculated ROI but the return when it comes to value is getting there. FireMon doesn't scale well enough with the complexity of our Palo Alto environment yet. I think the value will get there. We're at about the midway point when it comes to value. On a scale of one to 10, we're at about a four or five. On the simple firewalls, it works pretty well. On the complex firewalls, it kind of works, but there are a lot of exceptions that it doesn't know about or can't handle, and that causes us to have to backtrack into a lot of manual work.

I don't see an issue with the pricing.

AlgoSec was one of the three other products we looked at. FireMon seemed to be a better fit for where we're going and what we're doing. It seemed to have more capabilities and features than some of the others did, features that fit our environment.

If a colleague at another company were to say to me that firewall policy cleanup and management is important, but it's just not a priority compared to other more urgent items, I would say that firewall cleanup is pretty subjective. We think it's important because if you don't clean things up it leaves potential holes where vulnerabilities can come into your network. I would tell them it ought to be a priority.

In a small organization, I think FireMon would be absolutely fantastic. Just be sure you do a good job of documenting your use cases in terms of the scalability you need, before you talk to FireMon. You need to be clear with FireMon about what kind of scale you need to be able to scale up to.

When you get into an organization like ours, with hundreds upon hundreds of firewalls for different purposes, our firewalls don't line up in a linear fashion. It's not a case of "more of the same, more of the same," when it comes to our firewalls. They all have their own risks and nuances, their own rule sets, and their own security implications. Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric.

I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there.

We have an open issue list that we are working through with FireMon little by little, including things it doesn't do well. We meet with a technical account manager on a weekly basis. Of course, we're not their only customer, so we can't dictate what they do or don't do regarding Palo Alto, but we're making our concerns known.

We've had to customize a lot of the security. Their out-of-the-box risk situation was too restrictive in some areas and not restrictive enough in others. So we have had to tailor the risk conditions by firewall type and create custom risk reports by firewall type, because not all our firewalls are the same.

We use Security Manager for firewall changes, monitoring, and audits. 

FireMon makes it much easier for us to track firewall changes and perform audits. It has made our compliance process more efficient. Before we implemented FireMon we had to go into each individual firewall and check the rules. Now, we pull a report, and that's it. 

We can monitor and implement changes across different firewall vendors. It lets us clean up our firewall rules regularly, which we do as part of our audit. It helps us save time managing firewall policies. We don't make changes to our firewall policies through FireMon, but we use it to track changes across various firewalls. It makes our internal processes more efficient and improves our visibility. 

It reduces risks. Better visibility and cross-vendor integration give us more control and context about potential changes. Having a product for monitoring critical changes is crucial for our security posture. 

I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement. That's useful for regular audits and monitoring some critical events we want to know about. We can configure alerts that notify us about policy changes. This is pretty beneficial for monitoring and helps us track changes in the projects. 

We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us.

We have used FireMon for about two and a half years. 

FireMon is more or less stable. We've had some issues with backups failing. 

I believe that FireMon is scalable. 

I rate FireMon support seven out of 10. It varies depending on who you get. We sometimes get a highly knowledgeable agent, but other times, it seems like we just go in circles. It sometimes takes them a while to understand what we want. 

FireMon professional services helped us during deployment, and it was relatively straightforward. Deployment took us around two months. 

FireMon is working on our project scope. We save some labor power on our side. 

I rate FireMon Security Manager eight out of 10. It has many more features than we use, but we have a limited scope. I think we could've done more had we used that momentum when we were implementing it. 

Even if you think having a firewall management solution isn't a priority, the FireMon can provide more visibility and make some tasks easier, faster, and more efficient.

We were excited in the beginning about this solution because we have multiple firewalls in different regions, and so many rules. We wanted to find a solution that could organize our firewalls and remove the unused rules and redundant rules.

We use FireMon Security Manager. We don't use the Policy Planner or Policy Optimizer. We don't have a license for them. We started with a limited license and said, "If things go well with this, we'll go to the next step."

The solution has helped when it comes to the time and effort required to create compliance reports.

It has also given me some confidence in the changes I make. Before, I was very hesitant to make changes or remove rules. Now, FireMon has decreased the time I spend on that by 50 percent.

FireMon has also helped us when it comes to misconfigurations that increased risk in our environment. That is something that I have just discovered recently, when using it.

Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use.

During the first year of use we mostly reviewed the results FireMon gave us and used that time to learn about it. We did not go with the recommended changes in-depth, and we did not have many problems. But this year, we tried to go into the details and follow the recommendations. It helped us to remove and clean up a lot of our redundant rules, historically. But in the meantime, especially when we tried to do some advanced rule consolidation or cleanup of historically unused rules, we encountered problems.

The solution does not detect traffic or activities that come and go through our local or site-to-site VPNs. So when we cleaned up some of those rules and encountered issues, we actually had to put them back.

It's not just the VPN, but it also misses some of the rules. Two weeks ago, I cleaned some rules with the FireMon. I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did. Since then, I have been busy the whole time just reviewing all those rules and restoring some of them.

FireMon also does not detect the rules with UDP. That's another problem.

Another issue is that our compliance team wants to do some consolidation but that is also a problem because FireMon recommends consolidation based on the ports that we open. We have a grouping system with multiple groups. Under the consolidation grouping, FireMon suggests only based on the port. For example, if we use port 22, we have to share it across the board. It disorganizes the groupings that we have. So the consolidation is not working very well.

Our compliance team also creates reports using FireMon, reports that they send to me. Sometimes I can follow those reports, but most of the time I cannot. In the last two days, I received two huge reports on unused rules and I cannot really use them. At the same time, I'm using my own judgment and my own due diligence. When I doubt a rule, I go back to the firewall and run the history and compare things to help me decide. The problem is that if I always do that, it will take me a lot of time and the solution ends up being 50 percent useful and 50 percent not useful.

I have been using FireMon for roughly two years.

I guess it is scalable, but there is room for improvement. 

I was not involved in the setup of FireMon but, later on, when I became involved working with it, I approached FireMon personnel through remote conferences and remote meetings. They helped over the course of several sessions and that was helpful.

Their technical support is very good, very responsive, and very helpful. They follow up on issues.

Positive

We did not have a previous solution. We just relied on regular reviews of our firewalls and rules by looking at the history.

The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average.

It is not a bad tool. I still recommend it and I'm not against it. I recommend it because, overall, it has helped us to remove and clean 15,000 to 20,000 redundant unused rules. When we cleaned those, we were confident that they were not usable. They were very old. But we didn't just rely on FireMon's report. At the same time, we used our own judgment. When we blindly relied on the FireMon report, it created issues.

It's a good solution, but it is not something that you can 100 percent rely upon. It is a useful tool. At least it will help you up to a certain percentage.

We work according to the risks FireMon warns us about, but some of those recommendations are false alarms and others are valid. If it gives us 100 warnings, about 10 of them are valid.

Despite all the shortcomings, we still prefer to use it. At least we get some good recommendations and suggestions in the reports. We like it, despite the drawbacks.

We only have security management. 

It was deployed on-prem. It used to be on the hardware, and there used to be an appliance, but we have switched to a virtual server. We are now on a VM.

It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now.

Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that.

I have been using this solution for more than five years.

It has been stable until this year when we had three weeks of downtime. We had an issue with data collectors, and they couldn't figure out what the issue was. They were troubleshooting for more than two weeks. It was up and down. It was probably related to the hardware because since we have moved to the virtual machine, we haven't had that issue.

It is a capable solution. We are in the process of buying more licenses and adding more virtual machines. We started with 20 licenses, and now, we have more than 60 licenses.

Their support is nice. They are very good.

I am not aware of any previous solution.

I wasn't there when they installed it.

It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard.

To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important.

In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them.

It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much.

In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies.

I would rate it a seven out of 10.

We have a single server and we're a small group. We use FireMon to track all of our firewall rule changes.

The security section lets you see where your unused rules are and it lets us go in there, optimize it, and make the firewall more secure.

FireMon saves us a lot of time and it's nice because if you're adding a rule that's similar to another rule, it'll tell you so sometimes you can just edit the one and add another source or destination in there without creating a duplicate rule. It enables us to consolidate and have fewer, more meaningful rules. We're saving around 30% of our time.

I like the dashboard for the security section of it. It helps you identify the higher risk rules on your firewall so you can mitigate the ones that you were not aware of.

When it comes to real-time compliance management, we can use it to push out rules. We do that manually. But it's a great thing to be able to track and do everything because we were doing all that manually in the past and trying to go back and find something that we had done in the past the manual way was not working well.

FireMon decreased errors and misconfigurations that increased risk in our environment.

It also helped us to identify risks in our environment and helped to prioritize fixes. It does that through the security dashboard. It lists recommendations, zero-hit rules, and things that you just have out there that aren't being used.

It's been great for our security posture. Every hole we button-up is one less out there.

It comes as a Linux appliance on a server and we're not a Linux shop, we're more of a Windows shop. It would be great if they could automate or integrate the backups into it and other things through their GUI interface, just to make the management of Linux a little more transparent.

I have been using FireMon for two to three years. 

The stability has been great. We have not had any problems whatsoever. It's very reliable and always available.

We're a small shop. We have everything on a single server, but I know you can put it across multiple servers for larger organizations. We're just not one of them.

There is one network engineer who uses it. But we have about a dozen people on there all together who are system admins that add rules.

We have our main site and a remote site, so it's two firewalls.

It's at 100% of the implementation.

Technical support has been very good. They always answer my questions. They'll stay on with you until they resolve the issue.

FireMon is a totally new implementation. We previously did everything manually.

We chose FireMon because it was recommended to us by the auditors and it was time to automate it as much as we could.

The initial setup was straightforward. We sat back and they installed it for the most part.

I don't remember anything bad about our FireMon consultant so I'm sure everything went smooth. We set up the servers, they set up a backup server and they had everything working when we got off the phone. They also had some additional training online for me, which I found helpful.

Our ROI is that it saves time and helps us improve security. 

Other than the initial purchase, we just put in for the renewals every year and somebody else worries about budgeting and everything. 

We haven't been using it for compliance at this point. The auditors use a different application for compliance. So we've been running that to check with security compliance.

I would rate FireMon a ten out of ten.