FireMon Security Manager Reviews

We use the Security Manager module. We use it to report and audit firewall changes. We also use it to track the hygiene of our firewalls in addition to the changes made to them. Since it normalizes the firewall config, we are able to do custom searches and make custom controls to build out those audits and reports, making sure that we are applying firewall rules correctly. There are a lot of built-in reports as well, which help us to identify rules and objects that are being used. 

We are an enterprise environment. We are definitely not the largest of FireMon's customers, deployment-wise. 

FireMon automatically warns us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. We find this valuable as well, especially from the compliance standards where it has real-time change detection and FireMon watches the firewalls. Whenever there is a change that breaks compliance, we get that immediately. At the same time, whenever you are planning a change inside FireMon, it won't let you make that change when there is a compliance issue that they found.

We have built-in change reporting in Security Manager, which is very helpful. Whenever we have a scheduled change report, we use that as an opportunity to review the report and do a technical review of the changes that were made.

It does a search whenever you are planning a rule in FireMon. So, if the traffic that you are trying to create a rule for is already allowed, FireMon will tell you. This will save you the time of trying to create a duplicate rule if you already have a rule that would allow the traffic.

The change normalization is the most valuable feature. It gives us the ability to just do a search based on time, device, or even device groups. It just shows us one by one what the changes to the config were and what time they were. It even shows which admins made the changes. The individual changes can be searched. You can create reports of the changes. That is probably the most valuable feature that we have.

Cleanup of rules is a huge pro of FireMon. After a change detection, the firewall hygiene is our number two most important feature that we use FireMon for. Right out the gate, they have built-in features and reports that will allow you to go through your firewall and identify objects that are not used in config. They have a report that is called removable rules, which is extremely helpful and very powerful. It goes through your firewall and identifies rules that are unlikely to be hit, either because the rules are set up wrong for your routing or they are completely shadowed, meaning that the rule will never have any impact on traffic going through the firewall. Those are both very powerful built-in reports that we do use extensively. 

The firewall config is normalized in FireMon to do custom searches, so you can search off of any number of things. You can search off of rule names. You can search off of the different addresses that would be inside that rule. You can also search based off of services that are allowed or disallowed by the rule. Therefore, it lets you search any number of firewall types in the same search syntax. You could have an ASA and Juniper, then in FireMon, you can do a search that will return rules from both devices. So, it is very powerful. 

We can create custom controls based on the hygiene. Whenever we have rules that are tagged as temporary, we have custom hygiene controls that will go through and help us make sure those are cleaned up after we are done using them.

The quality of our reports has improved drastically. These are reports that we can use internally from a technical standpoint, we can send up to our own management, or we can even use some of them externally for different auditors or other requirements that we have.

In most firewalls that you use, you have a comment field where you can put a change request ID and a little information about the rule. FireMon scales that up to 10. Within FireMon rules, you have fields for ticket ID. You have fields for the rule owner: the admin who created the rule, the security guy who approved the rule, and the business request, e.g., someone from IP systems or if it is a developer. Therefore, it has very verbose rule documentation inside of FireMon. Those are all searchable as well. 

While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon.

FireMon could improve their support for individual vendors. There are features that are specific to Cisco Firewalls that are not supported in FireMon. That changes a lot because they do release updates pretty regularly. However, if you are using Check Point, and that is what you use as your firewall, and you don't use Cisco Firewalls, then all the features for Cisco just aren't really worth it to you. So, FireMon could improve by making sure that they have full coverage for all the vendor specific uses.

We have been using FireMon for about a year.

The stability is favorable. We have been running it for a year. We have been able to restore from a backup. We did that as an exercise and that process was very straightforward.

They have built-in monitoring that sends out alerts whenever the CPU or disc usage triggers the thresholds, which are set at intelligent levels.

I have heard from the people at FireMon: When going from version 8 to version 9, that upgrade path was a little bit dicey in terms of stability. Since we installed version 9, I feel like we have been pretty good this whole time on stability.

I have good things to say about scalability. They do have multiple ways of deploying it. If you are a very small company, you can have everything FireMon on one appliance, which is kind of cool. As you need to scale, you can add resources to the database and application servers. You can also add data collectors throughout your environment, which is the biggest thing. The data collectors are machines that retrieve the firewall configuration and receive firewalls usage logs.

Scalability is good. The appliances themselves are massive. We're not the largest of FireMon's customers, but as we grow, the amount of compute resources just in general that FireMon is going to be using will be huge as we grow. So, it is scalable. The architecture makes it scalable, but they are beefy, i.e., In terms of compute resources that these appliances use, just the specs on them.

We do have plans to increase usage, if pricing and resources permit. Right now, we have all our firewalls reporting in FireMon. We also have our network topology loaded in FireMon.

We have worked with them a good deal. I would give them a solid 9 out of 10. The way that they can do a 10 is just by continuing to do what they do. This year has been pretty good, and we have had several dozen cases open with them. Each one of them has been pretty good. There were a couple that could have been resolved maybe a little faster.

Their management and all the techs with whom we have worked have been very helpful. We did have a couple of calls with their team lead.

Their support is US time zone-based. So, they have people who work well with the people at my company. Their support is native English speakers, so they are very easy to understand.

On the whole, their technical knowledge is pretty good. The documentation is a little bit spotty. Sometimes documentation around a specific issue is not full, but the people on a call are able to explain what is going on, what specific logs are, or what could be causing a specific issue. Therefore, the knowledge of their technical people is high.

They are open to video conferencing. So, if you want to manage your entire case through email or through a written format, you can do that. However, a lot of times it is faster just to do a screen-sharing and do a phone call to explain your issue. They have been open to doing that.

The way to move from 9 to 10: They will point you to their professional services, if they feel like your request is outside the scope of their support. They are a little quick to do that sometimes.

FireMon identifies risks in our environment and helps to prioritize fixes. This has been a good usage. When we first got FireMon, we built out several custom reports, as well as the built-in reports, which have helped us tighten our security rules. FireMon has helped us improve 2000 rules in the span of three months. These were rules that presented a risk to our organization before we had the project with FireMon to fix those rules.

We are spending about the same amount of time creating new reports as we did with our old reporting processes. However, the new compliance reports that we are turning out are across the board better, e.g., we are getting full change histories. We are getting when you have a control that does not allow a risky service out to the Internet. For example, it automatically goes through the rule base and then distills that report for you, rather than cherry-picking like we did on our old processes. These reports are more accurate and much better.

We used a competing vendor before we bought FireMon. During our purchase phase, when we were looking to replace that vendor, we also did evaluations of two other alternatives as well.

The primary reason that we switched to FireMon from our previous firewall administration platform was that there were bugs in it specific to the firewalls that we were using. This made things, like change detection and their version of compliance controls, unworkable so there was inaccurate reporting.

The secondary reason that we switched to FireMon was the previous solution's support. The support of the people, whom we were using before FireMon, was absolutely terrible. 

It took two weeks before we were completely deployed. The actual project took three months, but most of that was knowledge transfer and advanced concepts.

Because FireMon is pretty expensive, our initial purchase was only one module of FireMon, which was Security Manager. We do have licenses for all our firewalls, but we only had the one module, Security Manager, and not the other ones, like Policy Planner and Policy Optimizer. That was our initial implementation setup.

When we purchased FireMon, bundled in our purchase was professional services. So, we got to work with them during the initial implementation, and it was very straightforward and simple to set up. The people who we worked with were knowledgeable and helpful. They shot us the documentation well in advance so we could follow along with that step by step.

We have absolutely seen ROI. We are not tying ROI to automation, time saved, nor reduced headcount. Our return on investment has been primarily in the projects that we are able to accomplish with FireMon. For example, last quarter, our team completed 23 projects with FireMon, and they were each tied to a future-oriented process. For all the projects that my team accomplished, we created FireMon controls and reports as well as a cleanup on the firewalls. We also created automation around the FireMon API so these processes and reports are happening automatically in terms of scheduled reporting and automatic ticket requests into our ticket management system. FireMon's return on investment is due to the massive improvements that we have made on firewall management and firewall hygiene.

FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration.

On an average day, we receive a lot of requests to approve firewall changes, changes to the firewall, and additions to rules. On any given day, we have a request that was not given to us well, e.g., where they have different IPs that are needed or they don't give the right service request. Whenever FireMon gives us a report, we are able to go back through it and correct those changes to make them more accurate.

Whenever we are getting a request where the traffic could hit multiple firewalls, FireMon fact checks us to make sure we are putting the rule in the correct firewall.

FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated.

They license per module. They have four main modules that they license currently. The base license is included with the Security Manager module, which was our initial purchase back a year ago. 

The professional services is an add-on, and it is one where you can purchase more professional services. It is per project. So, it is an add-on for your initial implementation project. At a later time, if you have another project that you would want professional services on, they will quote you for that. 

The support comes in tiers and it's also per module. I don't know of anyone who would purchase a license for a module and not purchase the support that comes with it. 

We evaluated both Tufin and AlgoSec, as competitors of FireMon. FireMon differentiated itself because it was more fully featured on the firewalls that we were deploying.

My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool.

If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base.

We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value.

We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it.

We don't use FireMon to automatically make changes on our firewalls.

I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

We were excited in the beginning about this solution because we have multiple firewalls in different regions, and so many rules. We wanted to find a solution that could organize our firewalls and remove the unused rules and redundant rules.

We use FireMon Security Manager. We don't use the Policy Planner or Policy Optimizer. We don't have a license for them. We started with a limited license and said, "If things go well with this, we'll go to the next step."

The solution has helped when it comes to the time and effort required to create compliance reports.

It has also given me some confidence in the changes I make. Before, I was very hesitant to make changes or remove rules. Now, FireMon has decreased the time I spend on that by 50 percent.

FireMon has also helped us when it comes to misconfigurations that increased risk in our environment. That is something that I have just discovered recently, when using it.

Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use.

During the first year of use we mostly reviewed the results FireMon gave us and used that time to learn about it. We did not go with the recommended changes in-depth, and we did not have many problems. But this year, we tried to go into the details and follow the recommendations. It helped us to remove and clean up a lot of our redundant rules, historically. But in the meantime, especially when we tried to do some advanced rule consolidation or cleanup of historically unused rules, we encountered problems.

The solution does not detect traffic or activities that come and go through our local or site-to-site VPNs. So when we cleaned up some of those rules and encountered issues, we actually had to put them back.

It's not just the VPN, but it also misses some of the rules. Two weeks ago, I cleaned some rules with the FireMon. I ran a report and FireMon suggested that certain tools were not used. When I removed them, while it didn't bring our environment down completely, a lot of our environment started malfunctioning. Our backup system did not work, nor did other things that involve internal and external communication. We are not comfortable with what it did. Since then, I have been busy the whole time just reviewing all those rules and restoring some of them.

FireMon also does not detect the rules with UDP. That's another problem.

Another issue is that our compliance team wants to do some consolidation but that is also a problem because FireMon recommends consolidation based on the ports that we open. We have a grouping system with multiple groups. Under the consolidation grouping, FireMon suggests only based on the port. For example, if we use port 22, we have to share it across the board. It disorganizes the groupings that we have. So the consolidation is not working very well.

Our compliance team also creates reports using FireMon, reports that they send to me. Sometimes I can follow those reports, but most of the time I cannot. In the last two days, I received two huge reports on unused rules and I cannot really use them. At the same time, I'm using my own judgment and my own due diligence. When I doubt a rule, I go back to the firewall and run the history and compare things to help me decide. The problem is that if I always do that, it will take me a lot of time and the solution ends up being 50 percent useful and 50 percent not useful.

I have been using FireMon for roughly two years.

I guess it is scalable, but there is room for improvement. 

I was not involved in the setup of FireMon but, later on, when I became involved working with it, I approached FireMon personnel through remote conferences and remote meetings. They helped over the course of several sessions and that was helpful.

Their technical support is very good, very responsive, and very helpful. They follow up on issues.

Positive

We did not have a previous solution. We just relied on regular reviews of our firewalls and rules by looking at the history.

The pricing was very good during our initial year, but they increased it this year a little bit. The price is okay. It is not cheap, but it is still average.

It is not a bad tool. I still recommend it and I'm not against it. I recommend it because, overall, it has helped us to remove and clean 15,000 to 20,000 redundant unused rules. When we cleaned those, we were confident that they were not usable. They were very old. But we didn't just rely on FireMon's report. At the same time, we used our own judgment. When we blindly relied on the FireMon report, it created issues.

It's a good solution, but it is not something that you can 100 percent rely upon. It is a useful tool. At least it will help you up to a certain percentage.

We work according to the risks FireMon warns us about, but some of those recommendations are false alarms and others are valid. If it gives us 100 warnings, about 10 of them are valid.

Despite all the shortcomings, we still prefer to use it. At least we get some good recommendations and suggestions in the reports. We like it, despite the drawbacks.

Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands. These features are valuable as firewall rules are constantly added but its tough to determine what can get cleaned up over time. Knowing how frequently a rule is used, where redundant rules exist and documenting changes are important.

Since our network is large, someone new like myself has a challenge when we need to make changes to permit certain traffic. Often this traffic will traverse multiple firewalls and FireMon can help demystify where needed rules need to be implemented.

We just went from the v7.x to their latest web based v8.x which was a welcome change. One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was. Another area that could use improvement is the traffic path analysis. FireMon uses learned zone data against interfaces to help determine traffic pathways. The catch here is in v8.x, you now have to specify a source or destination network which may throw off the results sending you to the incorrect firewall. Since we just upgraded last week, there aren't many other items that we can see as improvements as we are just getting familiar with this version.

I've used this solution for a little over one year.

The migration from v7 to v8 needs to be improved but we had no issues in the initial deployment.

We have a centralized server with data collector appliances placed between two data centers. We were losing change data because one of the collectors had too much load on it but we never knew. Support had to dig deep when we had our 7.x install and help balance out our firewall to collector ratio to ensure we weren't flooding any one collector.

It's been able to scale for our needs.

Their support is very good. They are generally responsive and I have needed to escalate only a couple of times.

We had no solution in place prior to this. FireMon was the best choice as they really specialize in this niche market.

Like anything new, we needed help from support to get our initial setup moving along. However once you learn the basics, it's not hard moving around the system.

We did get FireMon's assistance during our initial implementation. I encourage this as every environment is different and for me it was worth the investment to get that initial startup help to get things going.

Like any implementation, take time and plan. Engage users and stakeholders letting them know what this system can do and get it integrated within the organizational ecosystem. Like any solution, if it isn't used you simply don't get that potential dividend.

We use Security Manager for firewall changes, monitoring, and audits. 

FireMon makes it much easier for us to track firewall changes and perform audits. It has made our compliance process more efficient. Before we implemented FireMon we had to go into each individual firewall and check the rules. Now, we pull a report, and that's it. 

We can monitor and implement changes across different firewall vendors. It lets us clean up our firewall rules regularly, which we do as part of our audit. It helps us save time managing firewall policies. We don't make changes to our firewall policies through FireMon, but we use it to track changes across various firewalls. It makes our internal processes more efficient and improves our visibility. 

It reduces risks. Better visibility and cross-vendor integration give us more control and context about potential changes. Having a product for monitoring critical changes is crucial for our security posture. 

I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement. That's useful for regular audits and monitoring some critical events we want to know about. We can configure alerts that notify us about policy changes. This is pretty beneficial for monitoring and helps us track changes in the projects. 

We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us.

We have used FireMon for about two and a half years. 

FireMon is more or less stable. We've had some issues with backups failing. 

I believe that FireMon is scalable. 

I rate FireMon support seven out of 10. It varies depending on who you get. We sometimes get a highly knowledgeable agent, but other times, it seems like we just go in circles. It sometimes takes them a while to understand what we want. 

FireMon professional services helped us during deployment, and it was relatively straightforward. Deployment took us around two months. 

FireMon is working on our project scope. We save some labor power on our side. 

I rate FireMon Security Manager eight out of 10. It has many more features than we use, but we have a limited scope. I think we could've done more had we used that momentum when we were implementing it. 

Even if you think having a firewall management solution isn't a priority, the FireMon can provide more visibility and make some tasks easier, faster, and more efficient.

We act as a business partner for our clients. We're implementors. Each client has a different use case. 

The solution is very stable. We haven't found there are any issues with its reliability.

The product scales well. You can really expand it if you need to.

This product is very simple to use. In that sense, it's one of the best on the market.

The technical support is very good. They've always been helpful.

I personally have started using it recently, therefore it's hard to pinpoint if anything is lacking. I need more time with the product.

The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing.

My company has been using the solution for around five years or so. It's been a while at this point.

The solution is very stable. We've found it to be reliable. It doesn't crash or freeze. It's not buggy or glitchy.

If a company needs to expand the solution they can. The product is very scalable. We've been satisfied with it.

We've currently applied for 20 users.

We occasionally need the assistance of technical support. We've always found them to be helpful and responsive. We're satisfied with the level of support we get.

The installation is pretty straightforward. It didn't take much time to install. It will take around 10 days of time to install in an environment similar to ours.

We have 30 people that deploy the solution to different organizations.

We're the deployment team. We implement this solution for clients.

The solution is expensive. It's not the cheapest option.

We've pre-paid for the license. We don't have to pay for it on a monthly basis.

We're using the latest version of the solution currently. 

I'd rate the solution ten out of ten. I've been very happy with the product overall. 

I'd recommend the solution as it's so easy to use. Clients are very happy with it.

We use the forwarding capabilities because we don't have another way to report on the firewall. We use it for cleanup and also for our biannual firewall review. Pretty much that's the big reason that we use FireMon.

The time that it takes for us to do the review: Previous to FireMon, we would have to go through the firewall pretty much manually, every line. This took an incredible amount of time. With the FireMon product, we did notice a significant decrease in the time that it takes for us to do any type of review. Also, just a general report, if you have an inquiry throughout the year, without actually doing a full review, you can just go to FireMon and click a few buttons and it tells you what you need to know. There's no need to dig around and spend additional time. So, it's mainly time.

We've had issues with backups. We almost lost our database at one point. It would be nice to be able to back up the backup configuration to a network share or some other function. The only way that we know how to do it right now is to do a manual backup. Or the server backs itself up to itself, which is not helpful. If you lose the server, the backup that's stored on the server is also lost. So, it's not that helpful.

One thing that is missing is the ability to export the entire rule base of a firewall. Suppose we were going to be migrating to a different firewall. Not getting rid of FireMon, but moving to a different firewall; either a different vendor or a different model of a firewall. So instead of taking bad stuff, or maybe old stuff out of the current firewall and going to a new firewall and using the exact same configuration, we may want to export that information into an Excel spreadsheet or some other format, so that we could work with that data outside of FireMon. That would be really helpful. I've called FireMon, I've also played around trying to figure out if I could get it to work and I still didn't get it. Nobody knew how to get the info out of FireMon to work on it. Also, potentially the ability to import it back into the system and maybe get some sort of a diff report; a difference of the configuration from the system.

I have used FireMin for about four years.

We have an issue sometimes with the listener for logging. Sometimes the listeners, the ports, go down and the server has to be rebooted. It's very, very rare that that happens, but we have noticed that's really the only stability issue that we've had. The server application itself seems to be very, very stable. Even when the port goes down, the app stays up. It just has to be reset. That may be every three months or so we may notice that.

We have three major production firewalls pushing thousands of logs every hour to this one box. We have two boxes in both of our data centers but they push a lot of logs to these guys. We've never had any issues.

I would rate support a 4/5. I sort of get the feeling when I send an email that it's a little bit of a slow response time. There are things that we do need immediate attention on and sometimes when you call, they'll ask you to send an email in. That's sort of a backwards approach to technical support. If I've already got somebody on the phone, they should be able to take my information and proceed with handling the triage of the call. I shouldn't have to hang up the phone, write an email, and then wait for a telephone call back from them. I would rather see some sort of support model that has a better flow to it.

Previously, we did not have a different solution.

Setup was fairly straightforward. Our system is in a virtual environment. We pretty much turned logging on for the firewall, pointed it to the FireMon server, added the firewall to the FireMon server. Within seconds, there were tens of blocks being pushed over there. The reports pretty much created themselves. You just had to run them.

If someone asked me for advice, I would definitely say that it would help them, especially with being able to navigate through if you have a complex rule set. I would definitely suggest FireMon. It's been extremely helpful for us to have. Even though they're missing a few functions, it's still workable from our standpoint.

Being able to export to Excel isn't a huge turnoff. It's a nice feature to have but I would definitely suggest purchasing FireMon. Especially if you have a large environment where you're trying to trim down your rule base, you're trying to optimize your firewall, or you're just trying to find stuff that's sort of lost in your configuration.

Also change management: I believe it's a PCI requirement. We use FireMon as well for notifications and that's helped satisfy a PCI. I don't have anything in front of me that shows me all the requirements but I believe a review of rules that are changed is part of that requirement, so they help fulfill that, too.

Holistically, the product is well thought out. The normalization of the rule sets across different firewall platforms is all valuable to us. You can't really separate it out; for me, you can’t.

I can mention high-level stuff. Basically, it gives us visibility that we were lacking; having everything being able to be viewed in one pane of glass. Instead of having to go jumping all over the place into the different platforms, you can use the tool to get a single pane of glass view.

It's not a jack-of-all-trades product; it's very focused. It does what it does and it does it well. We use it that way. Basically, that's the reason we obtained it. That's what we use it for: to normalize the platforms all into one single view. A place for us to do our analysis, review of rules and things of that sort.

I can mention a ton of areas with room for improvement, but from a high-level standpoint, I just don't think version 8 was ready for prime time, yet. They're still working on it. There are still major swaths of the tool that need attention. To get into the details, I would have to engage my engineers.

We've had it in our portfolio since July of 2013.

We have not encountered any stability issues with the product itself. It's been easy to maintain, to upgrade and to do all of the support work for it. There hasn't been an issue with that at all.

We have not encountered any scalability issues. We haven't run into a limitation yet.

Any time we've engaged technical support for assistance, we've come away with a resolution, so the only thing that we've had difficulty with is programming or making fixes that require coding. That sometimes can take a little while.

Technical support is at least 8/10.

We did not previously use a different solution. This was the first firewall management platform that we've used, except for the built-in, out-of-the-box tool that came with the platform.

Initial setup was all pretty straightforward. You stand up your platform, get your database ready to go, and that all happens out of the box. Then, you start to populate it with your devices. It's all pretty straightforward.

Before choosing this product, we also evaluated Tufin and AlgoSec.

Just like any other IT product on the market today, everything is green grass and high tides. Everything is beautiful. During the sales process, it's all, "Oh, just do this, do that." It's a little more than that. It's a little more complex and a little more effort than just, plug it in and go.

I think that's the mistake of many of the sales teams; that they sell the ease of implementation. I think they should just be straight up and honest with the purchaser, saying, "Look, it's going to take some effort and you're going to have to understand your environment. You're going to have to understand the network flows. You're going to have to understand how your network is segmented, so you can properly implement the tool."

I think when they try to make it seem easier than it really is, then that's inviting problems.

FireMon is just better than average. It's better than average, but not quite stellar yet. They've got a little work to do to address some of the challenges that could be introduced perhaps by the customer and the way the customer has used the different platforms. They have to be able to account for that, and react to it in a timely manner; at least come up with some sort of usable solution in the meantime when they do encounter a problem.

The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the changes and have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."

The ability for spotting the shadowed-based rules helps us to eliminate overlapping rules that may not be otherwise needed or maybe under-used. It helps us to identify that stuff and gives us the ability to go back and audit the firewalls.

On the whole, it gives us the ability to determine what our security architecture looks like, so as to help secure our company better.

It's kind of a two-fold type thing for us. We were in the middle of a project, where we were migrating from one set of firewalls that were old to a newer set. So, this tool has allowed us to go through and identify rules that we could get rid off and allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls, so as to understand what's being used and what's not.

It helps us to just do a research into what rules are already in place, so that way we don't have to add anything and it is a quick lookup for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked at." This is a feature that we like to use and it helps us save time.

So far, we're not too much into the product yet. However, we're not really liking the web interface. We enjoy the so-called fat client a lot better because it just gives a bit more of the opportunities to work with the software faster, whereas there's been a huge learning curve for us to use the web interface. Then, we also have to learn their query language or define the details that we need.

Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

It's going on for at least three years now, if not more.

There were a few issues with stability initially, but luckily FireMon is very supportive in terms of their support staff. They have been able to identify the issues that we've been having, and in turn implement some kind of compensating mechanism or come up with a solution in order to fix it, so as to help us resolve our issues. Overall, we've been pretty happy with the support team.

We have not had any scalability issues and I've been very impressed in that aspect. At one point, we had a single server and we overloaded it pretty quickly, with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as syslog goes. So, I had to out-size our environment to compensate for the additional logs and had to deploy to a couple of other different sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

Overall, I would give the technical support team a 10/10. There have been maybe a few issues, here and there. Unfortunately, it has taken some time for them to resolve and it goes back to them, i.e., asking for updates, and working with myself and the team to understand what issues we're having. They try to help us resolve issues either through training or going back to the development team and asking for a feature.

We didn't previously use any other solution. This was definitely one of the best of its breed that we researched. Eventually, this tool is what we selected to go with.

The setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things, so that it could go out and fetch the configurations/settings. Thus, it was relatively easy.

I believe the other option that we looked at was Infoblox and maybe one other tool. However, Infoblox was just too cumbersome and didn't offer a lot of features. In comparison, we felt that FireMon had those out-of-the-box features built-in.

Definitely, you should look into how many syslogs you're getting because there is a limitation on how many syslog messages it can handle per second. We felt in a more distributed environment, it allowed us to support our network more adequately. So even with our main data centers, we had to usually have three or more collectors in order to deal with the amount of syslogs we're sending. We also had to include a few different offices needing their own implementation of data collectors.

This company does a pretty solid job and they're always constantly wanting to improve their products.