We use FireMon for monitoring, reporting, and logging purposes.
Management Trainee at a financial services firm with 1,001-5,000 employees
Can help organizations automate firewall policy changes across large multi-vendor enterprise environments
Pros and Cons
- "The most valuable feature of FireMon is its ability to configure multiple devices and consolidate them into a single desktop, which allows us to manage all of our security devices, such as Palo Alto and Zscaler, from one place."
- "The training for configuring new users or operators is confusing because the UI is not user-friendly and has room for improvement."
What is our primary use case?
How has it helped my organization?
FireMon's real-time compliance management is good.
The ability to evaluate the overall security measures of our organization is beneficial. However, not essential for small to medium-sized companies like ours. These features are also provided by OEMs. For example, Palo Alto and other firewall solutions offer similar features on their devices. This includes the ability to identify unused or excessively permissive rules.
Generating compliance reports is a straightforward process. These are auto-generated reports that are produced once we forward our traffic to the SIEM devices. The devices automatically generate standard compliance reports that we can customize if necessary. This feature is advantageous because it saves time and ensures that the necessary reports are generated.
FireMon can help organizations automate firewall policy changes across large multi-vendor enterprise environments.
FireMon can impact the cleanup of firewall rules in a large enterprise environment. With FireMon, it is possible to view shared rules and assign tasks to different users within our team. Additionally, tagging is available which allows us to easily revisit and save alerts on these rules. This feature is particularly useful for large organizations.
FireMon helps save us significant time by accurately creating, approving, and deploying firewall policy rules and eliminating duplicate rules.
FireMon helps us identify errors in misconfigured policies by displaying the errors in the dashboard allowing us to remove those rules.
What is most valuable?
The most valuable feature of FireMon is its ability to configure multiple devices and consolidate them into a single desktop, which allows us to manage all of our security devices, such as Palo Alto and Zscaler, from one place.
What needs improvement?
The training for configuring new users or operators is confusing because the UI is not user-friendly and has room for improvement.
The technical support team's responsiveness needs improvement.
Buyer's Guide
FireMon Security Manager
November 2024
Learn what your peers think about FireMon Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
For how long have I used the solution?
I have been using FireMon for one year.
What do I think about the stability of the solution?
FireMon is extremely stable with zero downtime.
What do I think about the scalability of the solution?
FireMon is scalable. The scalability is based on the number of licenses.
How are customer service and support?
The technical support team is not promptly addressing any issues. As a result, it can take some time to have the tech engineers available when we require features to be enabled or configurations to be updated.
How would you rate customer service and support?
Neutral
How was the initial setup?
FireMon's initial setup is straightforward. Three individuals from our team and one engineer from FireMon's team participated in the deployment.
What about the implementation team?
The implementation was completed by the professional services team.
What other advice do I have?
I give FireMon a nine out of ten.
I recommend that prospective users thoroughly familiarize themselves with all the features and capabilities of FireMon before configuring it. This will help ensure that no features are overlooked and that all features are utilized correctly.
Firewall policy rule cleanup and management should be a top priority for all organizations. Improper configuration of these rules can pose a significant security risk. It is crucial to have knowledge of the allowed traffic, necessary policies, and unnecessary policies. Additionally, it is essential to monitor web traffic and accessed web port applications within the organization, including which users are accessing them. Configuring policies correctly is crucial to gaining control over malicious activity and user access.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Info Assurance Engineer at a aerospace/defense firm with 1,001-5,000 employees
It helps reduce the complexity of the firewall rule set, but we need the end-to-end mapping feature working
Pros and Cons
- "It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance."
- "The AWS integration is still not mature for us to use. It is just not ready for our use case for AWS connectivity. Therefore, it does not provide us with a single pane of glass for our cloud environments, because we can't manage our cloud environment with the tool."
What is our primary use case?
The primary use case is optimizing firewall rules.
How has it helped my organization?
The firewall administrators have gained time back by using this tool, simplifying the firewall rule set. The solution helps to clean up rules which have not been reviewed in several years.
It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance.
What is most valuable?
The policy overview is the most valuable feature for each of the firewalls that we manage right now, as it reduces the complexity of the firewall rule set.
What needs improvement?
The AWS integration is still not mature for us to use. It is just not ready for our use case for AWS connectivity. Therefore, it does not provide us with a single pane of glass for our cloud environments, because we can't manage our cloud environment with the tool.
The map needs improvement in our network. The tool should be able to map out the path of flow from one firewall through our network. However, it does not understand our routing environment, so it cannot do that for us.
We would like it if this solution could provided us with end-to-end change automation for the entire rule lifecycle, but the map feature cannot support our environment, for now.
For how long have I used the solution?
We started our proof of concept in 2017.
What do I think about the stability of the solution?
It is stable, which is acceptable. I don't have any negatives with it. This is not a concern of mine, as we don't have any issues with stability.
We have probably one full-time equivalent managing the tool right now. Our ultimate end goal, that I am envisioning, is that we would need more support to manage the tool.
What do I think about the scalability of the solution?
All the vendors in this space seem to overpromise and underdeliver on scalability. They all claim they scale the best, but none of them really do. This is an area that could be improved. It is the same with high availability. High availability for geographic separation is also an area that could be improved.
Right now, at this stage, only our firewall admins are using it. This is a team of about 20.
How are customer service and technical support?
The technical support has been very responsive. They have helped us with all of the issues that we have encountered.
Which solution did I use previously and why did I switch?
We didn't use a previous solution.
How was the initial setup?
The initial setup was straightforward. The wizard was easy to use. So, the initial installation of the tool was easy. However, when you get back into configuring the details for the map to obtain that single pane of glass view for the entire network, it was not well thought out and it could use improvement.
I would still consider us in an early phase of deployment, even though we've been using it for two years. We don't have all the firewalls licensed, so they are not all being managed by the tool. I would say we're still not done deploying it. We're still waiting on features to be developed by FireMon, so we can use it in our environment.
Our implementation strategy was to license the high value firewalls first, trying to start getting them managed by the tool, then we were hoping to do an initial pilot for firewall rule change management. However, we were never able to get to that step because the tool can't manage our network, or doesn't understand our network.
What about the implementation team?
We used FireMon Professional Services.
What was our ROI?
We have not met a return on investment with this tool yet.
For the firewalls that we manage, it does help reduce our overall audit time.
What's my experience with pricing, setup cost, and licensing?
We don't license all of the devices in our network, so it does not provide us with a comprehensive visibility of all devices in a hybrid network at this time.
I'm not involved in our licensing costs, but I do know that FireMon has a wide variety of different licensing options.
Which other solutions did I evaluate?
During our proof of concept phase, we also evaluated Tufin, AlgoSec, and Skybox. We chose FireMon based on a few different things, but the main one was that they were a US-based vendor and the others were Israeli.
What other advice do I have?
Each deployment scenario will be unique. A robust proof of concept is key to make sure it will meet all of your intended use cases.
The solution is managing 25 percent of our firewalls right now. We probably won't increase usage until we can get the required features for firewall change rule management to work correctly. We probably will not increase usage until that works.
I would rate it as a six (out of ten). We need the end-to-end mapping feature working to make it a ten. That is just our next phase. I don't know what other problems that we will run into. There is a lot to deploy before we can give all the details of what we need to make it a ten. There is integration with ServiceNow and some of our other tools. We have to make sure all that is working before we could give it a ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
FireMon Security Manager
November 2024
Learn what your peers think about FireMon Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,660 professionals have used our research since 2012.
IT Security Consultant and Platform Architect at a pharma/biotech company with 10,001+ employees
Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly, troubleshoot, or to help choose the optimal path for proposed rules.
Pros and Cons
- "Policy test, access path analysis, and change reports."
- "Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified."
What is most valuable?
Policy test, access path analysis, and change reports.
Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly across the enterprise, troubleshoot, or to help choose the optimal path for proposed rules. Change reports on the device dashboard show us at a glance what was changed in a particular firewall config, by date, so we can easily troubleshoot problems with implementation.
How has it helped my organization?
It streamlined the firewall policy change management process by having all firewalls managed in one tool, and a workflow customized to our needs.
What needs improvement?
Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified.
For how long have I used the solution?
4 years
What do I think about the stability of the solution?
No issues with stability.
What do I think about the scalability of the solution?
No…we easily added a second data collector when needed.
How are customer service and technical support?
Customer Service:
Excellent.
Technical Support:Excellent--tech support engineers go above and beyond to answer questions and resolve issues.
Which solution did I use previously and why did I switch?
We previously used separate database applications to route change requests for approval, and did not have a tool likeSecurity Managerwith visibility into all the firewall configs and activity.
How was the initial setup?
Infrastructure was simple to set up, but custom workflow was complex, due to customer regulatory environment necessitating a lot of customization. FireMon Professional Services was able to accommodate, though.
What about the implementation team?
In-house project management and equipment configuration; vendor install in the data centers; Firemon Professional Services for extensive custom workflow development.
What's my experience with pricing, setup cost, and licensing?
Pricing model seems fair. Make sure to separate active versus inactive devices, and primary versus standby in HA pairs, as there is a significant cost savings for licensing; licenses on the applications are perpetual.
Which other solutions did I evaluate?
Customer evaluated other products, but chose FireMon due to its features and rating on Gartner.
What other advice do I have?
Review your current operational requirements and processes well, and determine what can change, internally, to take full advantage of the standard FireMon processes.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: My consulting company is a vendor neutral reseller of FireMon products and services, along with other vendor’s products, implementing what solutions are best for a particular customer.
Security Engineer at a logistics company with 1,001-5,000 employees
Assists us in our ability to review and validate firewall rule changes and implementations.
What is most valuable?
Although we have a very mature infrastructure, one of the thorns that come with that maturity is developing policies and processes to support that infrastructure.
This solution assists us in our ability to review and validate firewall rule changes and implementations across a wide audience of users.
How has it helped my organization?
Here are some of the ways change management has improved our organization:
- Ensures that proper change controls were enforced.
- Engineers can check if a change was implemented properly.
- Compliance can easily monitor the environment for potential PCI concerns.
- We can heavily leverage the solution for firewall remediation.
- We can pull policy reports from various technologies.
- We can standardize those reports for analysis.
- When we make changes in our environment, we can run usage reports to gauge impact before we make permanent changes to our rules.
What needs improvement?
With fifteen years as a security administrator, I have used few solutions that are as polished as Security Manager. That being said, every solution has room for improvement.
I would like to see the ability to export reports to .xls. This would help me for the following reasons:
- It would allow for greater data manipulation.
- When I run a report, I have the option of saving or exporting that report as .html or .pdf. As someone who catalogs much of their work in .xls, it would be convenient if I were able to export a policy report to .xls.
- This would allow me to manipulate the data better.
- I would no longer need to copy and paste from the .html to .xls and clean up the information.
For how long have I used the solution?
I used version 7 for several years. We have upgraded to version 8, and we have been using that version for the last three months.
What do I think about the stability of the solution?
There have been no stability issues so far.
What do I think about the scalability of the solution?
There were absolutely no scalability issues.
How are customer service and technical support?
Technical support has been amazing. I would give them a rating of 10/10, an A+, and I would buy from them again.
Which solution did I use previously and why did I switch?
In this environment, there were no previous solutions.
I have used other solutions at previous jobs. However, this is a solution I would like to bring with me if I ever ended up elsewhere in the future.
How was the initial setup?
The initial setup using VMs was rather straightforward. The use of VM images sped up the process greatly. Professional services added a great deal of value in optimizing the environment.
What's my experience with pricing, setup cost, and licensing?
Much of this information is not applicable to me based on my relationship with the product.
That being said, the ROI for securing dedicated professional services (vendor support) is amazing. It is relatively inexpensive, very customizable, and is a great help when approaching projects with the solution.
What other advice do I have?
Consider investing in the policy planner. Further integration with a ticketing solution is on our roadmap. I certainly wish it was something we pulled the trigger on years ago.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network Security Engineer- Senior at a financial services firm with 1,001-5,000 employees
Enables us to very easily identify and remediate firewalls that have overly-complicated rules
Pros and Cons
- "It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on."
- "Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release."
What is our primary use case?
We use it for firewall cleanup, redundant rule removal, and unused rule removal.
We are using the solution to identify anything that might have overly permissive rules or things outside of PCI compliance. We use it to proactively find those kinds of issues. There's more we could be doing with it for sure, we just haven't had the time yet.
We currently have it covering every single firewall we have, which is a lot. There are potential plans to add routers and switches into it again, or even start adding in hybrid cloud solutions, things like that, that we won't be able to see. Honestly, we won't have a single pane of glass without FireMon, so we do have intentions of deploying it at a larger scale, and actually turning on some of those features which we don't use today.
How has it helped my organization?
We have some really complex firewalls out there, a lot of rules - too many rules. It's to the point where the firewalls become physically unhealthy. The config is so large that the hardware can't keep up. FireMon allows us not only to very easily identify those firewalls that might be getting overly complicated, but it also allows us to easily remediate those complications. It's probably saved us a lot of downtime that could have resulted from firewall issues caused by the config.
It helps close a visibility gap we previously had. For example, Cisco's primary firewall management tool, either using command-line or GUI, does not cover all the appliances at once. You have to go in one-by-one. FireMon is able to see across every appliance, in a single view and that makes it easier to manage things.
In addition, it reduces our overall audit time. I don't deal enough with the audit side of the house to know by how much it has been reduced.
What is most valuable?
I have found the reporting on unused rules and redundant rules to be the most useful to me. We run those reports and then we can come back and fix things that are bad.
And overall, the reporting mechanism for anything is pretty good. We use it to baseline, to make sure our configs are accurate across all of our devices.
It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise, or find security rules no matter what firewall they're on. We don't use the automation feature, which means we don't do a deployment of any changes, so we don't yet have a single pane for deploying all policies. We know it's capable, it's just that we don't have that function on.
What needs improvement?
Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release. Too many bugs pop up between releases, and that's where I would like to see the most improvement.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It's recently become much more stable. We had an undersized box, and FireMon actually gave us a very much bigger server for free, which was very good of them to do. It brought our stability to about 99-percent-up.
What do I think about the scalability of the solution?
It's highly scalable, as long as you have servers. You can scale it to pretty much anything. We've had thousands of devices in it.
How are customer service and technical support?
There front-end technical support is really good, very responsive. To me, it takes a little bit too much time to resolve some issues, but that's to do with their development team, so I don't know if that should get lumped in with support or not. But the time to resolve problems that we identify is something of an issue. I'd give tech support a six out of ten.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
How was the initial setup?
The initial setup was on version 7, which is a totally different ballgame, but the setup of both versions 7 and 8 were straightforward enough for me. I can't imagine something being much easier. It required minimal configuration and the documentation was excellent on how to set it up on your own. It's just easy.
A single-server deployment wouldn't have taken more than a day or two. We did multiple virtuals so we got slowed down by our virtual team building the servers. As a result, it probably took a few weeks. But that was not because of the product, it was because of our own internal teams.
Our implementation strategy was just to get the system up and running and onboard all of our firewalls into it.
What about the implementation team?
I deployed it mostly by myself.
What was our ROI?
In my opinion, we have seen ROI. We're able to share data that other groups need, by harvesting it out of FireMon, which is extremely powerful. Another group can look up their own NAT, for instance, even if they're not very savvy. It has helped reduce a lot of casework that was coming into our queue, that was along the lines of, "Hey, what NAT does this belong to?"
Going back to the complex rules, it has literally prevented devices from falling over and dying. It's maintained uptime, which is invaluable when you're dealing with millions of customers connecting through one firewall.
What's my experience with pricing, setup cost, and licensing?
Our licensing is done yearly. There are different levels of support to pay for, but there are no hidden fees. The pricing is very good, very straightforward. It also came in cheaper than AlgoSec and Tufin.
Which other solutions did I evaluate?
We demoed and looked at other solutions but we did not implement any. AlgoSec and Tufin were the two main solutions that we checked first.
In the end, it really came down to the support. FireMon is more attentive than these very large companies, and we needed that attention. Their attention to our needs is what sold us on the product.
What other advice do I have?
Make sure that you get the correct hardware for whatever size environment you have.
End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for.
There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data.
Two people could do deployment and maintenance, although I tend to do it by myself.
I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
3rd Line Senior Engineer (Security) at a comms service provider with 10,001+ employees
We use it to run reports that show unused tools and unused objects. Removing the CSV export functionality seems to me to be like a step backwards.
What is most valuable?
The security policy manager: We run reports regularly for the customer to show unused tools and unused objects, and to clean up the firewall policy.
How has it helped my organization?
Our firewall policies - we work under the standard ITIL framework - and project managers are very good at adding rules to allow their projects to work. However, they're not so good at coming back when the project is finished or the solution has been terminated and cleaning up the rubbish. So, if we don't use this product, we end up with thousands and thousands and thousands of rules, most of which aren't used.
What needs improvement?
I basically came on board to do the upgrade, which I've done. So, in the old product, we were able to get things out of the CSV file format and that allows you to then manipulate it, but now it's PDF mainly. Beforehand, we were able to take it into CSV and manipulate it in Excel, but now we can't do that anymore. A revert back on this would be good.
Overall, the product seems pretty good, but the fact that we've taken the CSV out now, that seems to me to be like a step backwards. They should be adding functionality, not taking it away.
For how long have I used the solution?
I only started using it literally about four months ago.
What do I think about the stability of the solution?
We haven't had any issues with stability yet. Well, we did during the upgrade, to be honest. So, when we did the upgrade, we had to get new versions written for us so that the upgrade worked. It didn't work just off the bat, but once we had that done, it worked fine.
What do I think about the scalability of the solution?
We haven't had any issues with scalability as we're not using that many devices reporting to it, so we haven't had any problems with scalability at all.
How are customer service and technical support?
I would rate technical support at around 7/10. I mean the reason for giving it a seven is the guy we spoke to over in Germany. He was quite good, but the problem was that it had to go back to the development team, which took a long time to get resolved.
So, basically what happened was, we raised a fault, we went through the upgrade with them and we were able to go to a particular version, as we were running a really old version; version six. We went to version seven but then stopped accessing the system. We then said to them, 'Well, how do we get to version eight?' The upgrade ping didn't seem to work. So they then had to go off and write us a new thing, but all that took months. Three months, four months and we were without access to that system for a long time.
Which solution did I use previously and why did I switch?
I don't think we used anything beforehand.
Which other solutions did I evaluate?
I think there has been an evaluation, but I wasn't party to it.
What other advice do I have?
I don't know what advice I would give to others. We are having a lot of problems with the licensing, to be honest. So, there's an issue with the UK and US date format.
When we renew our licenses, I don't know whether it's through our distributor or whatever, but they keep changing the format. In the American date format, you put the month first, then the date, then the year. In the UK we put the day first, then the month, then the year, and they keep flipping the dates over so we lose about three or four months on the licensing every time. We have to go back to our salesperson to get that fixed.
Also, when we did the upgrade, for some reason, we had enough licenses to start with but after the upgrade, we didn't. So, we didn't add any new devices, and we've got a thing in with the salesperson to find out why; what's changed there.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Thank you for taking the time to review our product. I am very glad to hear that Security Manager has helped you with your rule cleanup efforts! I do understand your frustration in migrating to version 8 of our software. It is a major leap in functionality and the upgrade process (especially all the way back from version 6) could be challenging at times.
Regarding CSV format in reporting, although it is less available in reports, CSV is one of the primary export formats for SIQL queries. If you can query it in SIQL in Security Manager, you can export it to a CSV. That said, there are certainly canned reports where this used to be an option and isn't anymore. If you haven't already done so, please reach out to your Customer Success Manager or Sales Engineer here at FireMon to get an RFE created. If you don't don't who your CSM or SE are, definitely open a Support ticket asking them to reach out to you.
At FireMon we take pride in our solution and the value that it brings to your environment. We look forward to continuing to work with you and your team in the future.
Network Security Engineer at a tech company with 10,001+ employees
The security management feature allows us to look inside the firewall and see things that the firewall doesn't report.
What is most valuable?
The most valuable feature is security management because it allows us to look inside the firewall and see things that the firewall doesn't report. For some of the things the firewall applications lack, we're able to gain insight with the FireMon appliance, as well as having one platform that looks into different vendors of firewalls. That's really important for us.
How has it helped my organization?
For me, specifically, I use it for a lot of firewall migrations. We can see rule usage. On a project that I was on, we saw the rules on the migration. We pulled the rules out that weren't being used, and then we could take rules that were overlapping, join those together and make it more efficient.
What needs improvement?
One area with room for improvement for me is doing the updates. We have to download it from User Center and then put it unto the machine through FTP, or something like that. I would rather just go to the GUI and hit the Update button, and it goes out and gets the update itself. Because these files are large and sometimes the transfers don't go through, the only way that we're able to do it right now is through FTP. That means we have to have CLI access, which sometimes we don't really want to do. I'd rather just go to the update screen, hit Download the Update, and then be able to reboot it and have it go to all of the data collectors, and transfer that file over there automatically. Right now, it's a process and it takes a lot of time.
It's more complex as opposed to being user friendly. It also depends on your level of knowledge on what to do. Some people may not know to do it, and there are some commands in there. If you don't have support, if you haven't read the entire admin guide, you wouldn't know.
For how long have I used the solution?
I have used it for eight years.
What do I think about the stability of the solution?
It crashed one time but that's because of a design issue on our part. It's not something that, I think, was on FireMon's part. We need to offload the storage, and our hard drives are filling up, so that causes problems with our servers, but as far as FireMon, I haven't really had a problem with FireMon crashing on its own.
What do I think about the scalability of the solution?
The only scalability problem is having an offloaded log collector, because we do send a lot of logs. We have our own servers that do the log collection and we need to make backups of that. As far as that’s concerned, no, we haven't had any issues with scalability. We can expand much further than what we have.
How are customer service and technical support?
We've had the FireMon product for eight years. I've only been directly involved with it for the past year. I generally don't call tech support, I usually contact my SE because we're still in the process of these huge migrations, so I talk to my SE a lot. I have contacted support once and they were very helpful, so I would probably rate it 9-10/10 because they know exactly what they're doing.
Which solution did I use previously and why did I switch?
We did not previously use a different solution, that I know of. I’ve been with my current organization for almost three years and it's always been FireMon, so I don't know. I wasn't a part of that decision-making process.
Which other solutions did I evaluate?
At the end of last year, we reevaluated which products we wanted to continue going with based on budgets. We reviewed Skybox, Tufin, AlgoSec, and FireMon.
What other advice do I have?
Don't be scared to contact the SE. My SE and I have a very good relationship and we bounce ideas off each other. Leverage your resources. It's not really a complex product to deploy.
Use the User Center. There's a lot of great info there and a lot of your questions can be answered in the User Center.
General recommendations: Make sure that the firewalls you have are supported. Make sure you know how many firewalls you have.
Go with the mindset of what you want to do; general project management-type stuff.
Everything's working fine. The only thing is the automated updates. I’m not giving it a perfect rating because of the usability of the updates. That's my biggest thing that they need to work on.
It's been working very well for us. We’ve got everything we need. We have several groups using it that like it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
David, Thank you for taking the time to write a review of FireMon. I am glad to see you are finding overall satisfaction with the product. Please feel free to drop us a note at customersuccess@firemon.com with any future questions or concerns.
Security Analyst at a government with 501-1,000 employees
A capable product with good support, but it needs better reporting
Pros and Cons
- "It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now."
- "Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that."
What is our primary use case?
We only have security management.
It was deployed on-prem. It used to be on the hardware, and there used to be an appliance, but we have switched to a virtual server. We are now on a VM.
What is most valuable?
It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now.
What needs improvement?
Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that.
For how long have I used the solution?
I have been using this solution for more than five years.
What do I think about the stability of the solution?
It has been stable until this year when we had three weeks of downtime. We had an issue with data collectors, and they couldn't figure out what the issue was. They were troubleshooting for more than two weeks. It was up and down. It was probably related to the hardware because since we have moved to the virtual machine, we haven't had that issue.
What do I think about the scalability of the solution?
It is a capable solution. We are in the process of buying more licenses and adding more virtual machines. We started with 20 licenses, and now, we have more than 60 licenses.
How are customer service and support?
Their support is nice. They are very good.
Which solution did I use previously and why did I switch?
I am not aware of any previous solution.
How was the initial setup?
I wasn't there when they installed it.
What other advice do I have?
It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard.
To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important.
In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them.
It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much.
In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies.
I would rate it a seven out of 10.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free FireMon Security Manager Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Firewall Security ManagementPopular Comparisons
Tufin Orchestration Suite
Fortinet FortiGate Cloud
Skybox Security Suite
Palo Alto Networks Panorama
AWS Firewall Manager
Azure Firewall Manager
ManageEngine Firewall Analyzer
Cisco Defense Orchestrator
Cisco Secure Firewall Management Center
Buyer's Guide
Download our free FireMon Security Manager Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Tasks to Perform on Preventive Maintenance.
- From your experience, what are the technical differences between AlgoSec and FireMon?
- What Is The Biggest Difference Between AlgoSec and FireMon?
- Comparing network security vendors and devices
- When should companies use SSL Inspection?
- When evaluating Firewall Security Management, what aspect do you think is the most important to look for?
- What are the most important features you would be looking for in a firewall?
- How do I estimate the required firewall throughput for my organization?
- What are the pros and cons of Tufin, AlgoSec and RedSeal?
- Tasks to Perform on Preventive Maintenance.
Ken,
Thank you for taking a few moments to write a review of FireMon. I am glad to hear we have been able to streamline your firewall policy management. I would agree that our support engineers and professional services teams are great and help with the overall customer experience.