Try our new research platform with insights from 80,000+ expert users
it_user642174 - PeerSpot reviewer
Information Security Officer at a university with 10,001+ employees
Vendor
The ability to audit our firewall rule base allows us to determine which rules can be removed.

What is most valuable?

The ability to audit our firewall rule base is my favorite feature. It allows us to determine which rules can be removed and it helps us reduce our security footprint.

How has it helped my organization?

Over the past two years, we have been able to identify a bunch of rules that were orphaned and no longer have any need.

These rules were exposing our organization to undue risk associated with devices being exposed to the internet that shouldn’t have been exposed.

We use the feature to identify some rules that were no longer needed. That helps us reduce our overall, organizational risk profile.

What needs improvement?

What's funny is that if I had been asked eight months ago about areas with room for improvement, I would have said the product in general needed to be improved. It wasn't web-based. It was client-based and it was just kind of clunky.

In the last eight months since we upgraded to the web version, there isn't a lot of need for improvement. I feel like it is pretty good. Things have been a lot better for us since we upgraded to the web version. I'm happy with it right now and I don't have any complaints.

For how long have I used the solution?

We’ve been using this solution for just over two years.

Buyer's Guide
FireMon Security Manager
November 2024
Learn what your peers think about FireMon Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.

What do I think about the stability of the solution?

We haven’t had any stability problems. I had one or two minor issues since the upgrade, such as upgrade failures. I couldn’t get the system to accept a maintenance release. Those issues were resolved pretty quickly. There have been no stability issues, nor long-term outage issues.

What do I think about the scalability of the solution?

We have a fairly limited amount of systems that are monitored by FireMon. Our box can support up to 20-25 devices. We only have eight devices to monitor. We still have a lot of overhead. We haven’t noticed any slowdown issues or any problems of a scalable nature on the device.

How was the initial setup?

Back then, it was client-based and the setup was not so straightforward. Most things worked well right out of the box.

Although I haven’t done an actual setup after it became web-based, I can see that it is much easier. You don’t have to download a client. You just have a website. There is no need for a command-line configuration to get it up and running. It was fine for overall level of difficultly before and I can assume it is easier now.

Which other solutions did I evaluate?

We did not evaluate other options. This was the first of its kind. I saw it at a vendor/expo demo and I was interested in it.

Our vendor that we work with threw it into a deal. We paid for support and they were trying to increase the overall install base footprint. They made a couple deals with us for a next generation firewall. I wasn’t budgeted to purchase it, but it was part of a deal, and it fell into our lap for next generation firewall monitoring.

What other advice do I have?

FireMon is a very good product; is a slippery slope in terms of deployment. It can monitor all of your network devices and firewalls. I would imagine a lot of people probably use it for that.

We are a small organization. From a cost and work standpoint, we only wanted the ability to audit and manage our firewall rule sets. It’s been good for us in that way.

People need to think about what’s important to them based on a monitoring point of view, which is regulation-based. That wasn’t an issue for us. I recommend that people considered the best-sized solution for them. Give it a try. It’s worked well for us.

I would rate it as the best firewall monitoring platform that I’ve used, but I’ve only used FireMon.

We are a Palo Alto customer and this is a great tool to augment the Palo Alto tool set. It’s a very beneficial product. It fills the gap of things you can’t get with standard Palo Alto management, such as long-term analysis and knowing what’s really going on with objects and rules in the firewall rule base.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user616515 - PeerSpot reviewer
Sr Network Security Specialist at a government with 1,001-5,000 employees
Vendor
The most valuable features are the reporting for change control as well as rule utilization.

What is most valuable?

The most valuable features are the FireMon reporting for change control as well as rule utilization.

How has it helped my organization?

It allows us to do utilization and cleaning of our policies. For your firewall, you have a series of rules and stuff that identify traffic, sort of whether or not the rules within your firewall policy are actually being used; what part of the rule is being used; whether or not it's identifying issues. You've got 1000 rules and only 900 are actually being used. About 100 of them are not.

We're now getting hit counts within Check Point that give us that information, but sometimes a rule says that it has been hit a lot even though it's not all the services within that rule. So it allows us to edit, modify and clean in order to remove anything that's not used.

What needs improvement?

I would say the most recent release caused us a lot of trouble as we couldn't get it working for a while, so we weren't getting the reports that we wanted, but it has improved. It's just very, very different. The most recent release level was dramatically different.

Maybe better videos or whatever could be included as to how to work with the updated product.

For how long have I used the solution?

I believe it's going on about five years, maybe as much as six.

What do I think about the stability of the solution?

When we transferred from one release to the next, the most recent upgrade, the integration with Check Point gateways was very poor and so it was for almost a year that the product was unusable to us.

What do I think about the scalability of the solution?

I think the scalability seems fine, although not all of our gateways are licensed so that in itself also caused some issues, because the product had to be more tuned to the fact that our environment doesn't utilize FireMon for all of its gateways.

How are customer service and technical support?

I would say technical support is about 8/10. Some issues just weren't handled quickly enough, I guess.

Which solution did I use previously and why did I switch?

We previously used an earlier release of FireMon and they had good success with that. In the newest release, we had a lot of problems. Prior to that, we really didn't have a tool to do that type of analysis for us. Although the most recent releases from Check Point have given us better analytics within our environment, FireMon has provided us with a better view into our environment. We didn't have anything prior to that.

How was the initial setup?

I haven't really been involved much with the licensing. It seems fairly straightforward. Regarding the training after setup, I find the videos maybe could be a little bit better in respect to how to work with your FireMon product to get the best out of it; so maybe some better training videos on how to work with the product.

Which other solutions did I evaluate?

I believe the only other option I looked at was Check Point's reporting option and it was quite costly.

What other advice do I have?

When using this product, you have to spend time understanding not only how it was installed but what information you can get from the product. The customization of reports, whether they can be automated or on demand. So just getting a better understanding of what you can get from the application is useful.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user632862 - PeerSpot reviewer
it_user632862Technical Account Manager at a computer software company with 201-500 employees
Real User

Thanks for your review and feedback. The changes in our products from Version 7 to Version 8 were significant and many customers asked for help making the transition. Not only did we move from a client-based to web-based user interface, we focused much of that UI on metric Dashboards with Key Performance Indicators (KPIs) and drill-down capability to explore those KPIs. One of our responses to the demand for help transitioning to Version 8 was to add a free, online, instructor-led Post-Migration training course available to all customers following their migration. Hopefully, you have been able to avail yourself of that training. If not, you can get more information from our User Center - along with links to topic videos.

Buyer's Guide
FireMon Security Manager
November 2024
Learn what your peers think about FireMon Security Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
IT Security Architect at a financial services firm with 1,001-5,000 employees
Real User
It is the single place where we go to review all of our firewall changes
Pros and Cons
  • "It is the single place where we go to review all of our firewall changes. The solution makes it easier for us to track all the changes made. It is a central place where we can look at all the firewall rules, because we have three different firewall vendors. It save us time and creates efficiencies by looking at the general picture."
  • "The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support."

What is our primary use case?

The primary use case is for compliance and monitoring of firewall changes. This solution allows us to secure our firewalls.

How has it helped my organization?

It is the single place where we go to review all of our firewall changes. The solution makes it easier for us to track all the changes made. It is a central place where we can look at all the firewall rules, because we have three different firewall vendors. It saves us time and creates efficiencies by looking at the general picture. 

This solution has helped to clean up rules that had not been reviewed in several years. It is used for all of our firewall changes. At the moment, we are not looking to do more than use it for that.

This solution has helped to reduce our overall audit time. We are under PCI, so it was a requirement. We had to do something like this, and it just made it easier. The solution was prebuilt to do that, and we didn't have to build our own spreadsheet.

What is most valuable?

The most valuable feature is being able to review all the firewall changes in the Policy Planner, and then in the policy review feature.

This solution provide us with comprehensive visibility of all our devices in a hybrid network.

It is fairly straightforward to use.

What needs improvement?

We had a few minor issues with it. However, it's worked pretty well for us overall.

For how long have I used the solution?

I have been using the solution for about five years.

What do I think about the stability of the solution?

The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support.

What do I think about the scalability of the solution?

It seems fairly scalable.

There are not a whole lot of users. It is mainly just my team. Every once in a while, one of my users will submit a request for it, but that doesn't happen very often. It is primarily just my team.

How are customer service and technical support?

From what I have heard, the technical support is fairly good. However, I have not used them in a few years.

Which solution did I use previously and why did I switch?

I didn't really have another solution that I was using before it.

We had it when I started here five years ago.

How was the initial setup?

We had another guy who primarily worked on the setup because he actually used to work at FireMon. So, I haven't really done the setup on it in quite a few years.

The deployment was fairly straightforward.

What about the implementation team?

We did the implementation in-house.

We have one guy, who previously worked for FireMon, managing the solution right now. 

What's my experience with pricing, setup cost, and licensing?

We pay for it yearly.

Which other solutions did I evaluate?

We might have looked at Tufin.

What other advice do I have?

It is fairly straightforward to use, and I haven't really had a whole lot of issues with it.

This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle.

We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Conseiller sécurité des TI at a tech services company with 1,001-5,000 employees
Consultant
It is possible to highlight differences between policy revisions.

What is most valuable?

  • The possibility to highlight differences between policy revisions
  • FireMon Insight with FMSQL
  • Hidden reports
  • Rule usage/unused rules report
  • Object usage report

How has it helped my organization?

FMSQL allows us to quickly query our ruleset to check which trafic is allowed. That greatly helps us to fill in the compliance report.

What needs improvement?

  • Support of checkpoint clusters: Rule usage is logged for each cluster member but not for the whole cluster. It may lead to wrong conclusions when you clean rules.
  • Comments with special characters (French accent) are not supported. So we can't use the report for uncommented rules.

For how long have I used the solution?

I have used it for >5 years.

What was my experience with deployment of the solution?

We first had FireMon 5 on Windows Platform. It was a pain in the ...

Now, with the FireMon appliances, you just have to connect your Check Point SmartCenters and ... enjoy!

What do I think about the stability of the solution?

I have not encountered any stability issues because we purchased Linux appliances.

What do I think about the scalability of the solution?

We have quite a large Check Point environment (>60) with a lot of rules. Reports may be a bit slow but they are so valuable that they are worth the wait. Newer, beefier appliances may also be available from FireMon.

How are customer service and technical support?

Customer Service:

I don't have to deal with customer support, so I won't rate them.

Technical Support:

With Windows, it was difficult to get support.

I only had to open once a ticket with the FireMon appliances; fast handling of the case.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was quite simple.

What about the implementation team?

I was not in charge of the implementation project. I think we installed the FireMon appliances on our own.

What was our ROI?

I'm not an accountant !!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user632862 - PeerSpot reviewer
it_user632862Technical Account Manager at a computer software company with 201-500 employees
Real User

Thanks for your review and feedback. FireMon re-architected our Version 8 with scalability and better performance in mind, so faster reporting should be attainable. As you suspected, we do have newer, beefier appliances available. But the most significant performance and scalability impact comes from horizontal scaling and a more distributed architecture availability in Version 8.

Technology Engineer at a financial services firm with 501-1,000 employees
Real User
With the change control functionality, we can track firewall rule changes made outside of change windows.

What is most valuable?

Currently, the change management controls for monitoring the firewall configuration changes is the only feature that we really use, at this time.

How has it helped my organization?

With the change control functionality, if somebody was to go in and make a rule change on the firewall, it's configured to send a notification as soon as those changes have been made. If this happens outside of a change window, we can track those and go to that person/individual, and find out why they made the change without going through proper change control procedure.

What needs improvement?

We just updated to the latest version, so I haven't had a chance to play with the enhancements from what we were previously using. What I was looking for in the previous version was better capability of adding change control numbers manually for rule changes that don't allow me to put in a descriptor into the change on the actual device. That will automatically get pulled into FireMon for reporting purposes. Some features don't have a description field that I can populate, and so I need to go back into FireMon later and document those. Even though the field is available as an option in properties, there's no way for me to fill that because of the type of the category of the change. It may not be a security change. It could be just a documentation process that I'm not able to do. That was in a previous version. I haven't validated that in this latest version.

For how long have I used the solution?

I've only been using it for about a year. My employeer has used it for two to three years.

What do I think about the stability of the solution?

The product itself has been solid, stable. I haven't had any issues with stability issues at all, now.

What do I think about the scalability of the solution?

The scalability seems to only be limited based on licensing we have installed. It appears to be fairly robust. It does offer a very large variety of devices that it can monitor but it's only limited based on the licenses that we have installed. For example, when I started here over a year ago, the device was licensed just for Cisco ASA5520s, and now we're using it to also monitor 5545s, which is a different tier. Until we licensed it for that different tier, we weren't able to ingest the configurations or monitor those newer devices. It truly comes down just to licensing. So, making sure we have the proper licensing is key. From what I've seen, it can monitor many devices, from routers, switches, up to the firewalls, from across many vendors.

How are customer service and technical support?

We have asked for help a couple times, mainly about minor questions. There were questions about how to use documentation better, and they helped with that, but most of the questions that we've had have been around upgrading the product. We needed to know what is in the next version.

Which solution did I use previously and why did I switch?

Based on what I know, there were no previous products. My understanding was they brought this in because they did not have that capability, and so this was an enhancement to the organization overall. Previously, there wasn't any monitoring being done.

How was the initial setup?

Initial setup was done prior to me being here.

What other advice do I have?

From what I've seen of the product, it's fairly robust. Making sure to know everything that you want monitored, to get the proper licensing upfront, is probably the biggest thing. If you're only strictly wanting to do firewalls, make sure you get the right licensing that will match your firewall capabilities. If you want to match a more cross-spectrum of your devices, get licensing to support that. The biggest key is making sure to get all the licensing you need for the devices you want upfront.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user631122 - PeerSpot reviewer
it_user631122Customer Success Manager at a tech vendor with 201-500 employees
Real User

Technolo63ef,

Thank you for taking the time to write a review of FireMon. I am glad to see you are finding overall satisfaction with the product.

it_user273759 - PeerSpot reviewer
Network Engineer at a tech services company with 501-1,000 employees
Consultant
It allows you to put expiration dates on ACL's to remove unneeded exceptions, but network maps need more improvement.

What is most valuable?

The reports you can run to look for redundant ACL’s in the firewalls, and the policy trace and review. It also allows you to tie to multiple domains so that the administrators for the FireMon servers do not have to deal with the hassle of making 'view only' accounts. You can also use the Insight function to keep records of the ACL’s. Instead of filling up the firewall with remark statements that could lose their position, you can leave all the information in the FireMon server, and you can tie in ticket information. It also allows you to put an expiration date on that ACL so that you can always remove unneeded exceptions.

How has it helped my organization?

It improved performance of the organization, as instead of going line through line of the firewall, we were able to quickly find IP addresses or services using Firemon.

What needs improvement?

I believe their network maps have a lot of room for improvement. I think they should allow more customization.

For how long have I used the solution?

I have only worked on this product for a year.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

We have not had any issues with stability.

What do I think about the scalability of the solution?

My organization only used FireMon for Cisco ASA products, so I am not sure if it works with other firewalls but it does support other vendors.

How are customer service and technical support?

Customer Service:

Great, they hold free WebEx sessions for additional training on FireMon.

Technical Support:

They're extremely responsive and experienced on the product.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

What about the implementation team?

An in-house team did it.

What other advice do I have?

Using this product allows firewall administrators to quickly find a problem with their firewall configurations. It allows the administrators to also look for open services that should not be allowed. One of the most useful features is the ability to use policy trace. If you work in an environment with multiple tiered firewalls you can look at exactly what ACL’s the traffic is going through on each firewall without having to have permission to those firewalls.

It is a smart move to make and makes the administration and troubleshooting of ACL problems clear.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user631122 - PeerSpot reviewer
it_user631122Customer Success Manager at a tech vendor with 201-500 employees
Real User

Michael,

Thank you for taking the time to write a review of FireMon. I am glad to see you are finding overall satisfaction with the product.

In regards customization on the map, you can always open a RFE (Request For Enhancement) ticket. This is closely monitored by our Product Management Team, and allow us to understand our customer's needs.

We look forward to working with your team more in the future.

it_user617493 - PeerSpot reviewer
Network Support Systems Manager at a retailer with 1,001-5,000 employees
Vendor
The most valuable features are change management and getting alerts from the system. The web interface requires a learning curve.

What is most valuable?

  • The ability to look for shadow-based rules
  • The ability to look for rules that are being used
  • Change management
  • Gets alerts from the system

How has it helped my organization?

  • The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used.
  • Helps us to identify those items and gives us the ability to go back and audit the firewalls.
  • It gives us the ability to determine what our security architecture looks like: This helps us secure our company better. This helps us to determine who is making the changes and we then have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
  • We were in the middle of a project where we were migrating from one set of firewalls, that were old, to a newer set. This tool allowed us to go through and identify rules that we could get rid of. It allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls. It helps us to understand what's being used and what's not.
  • It helps us to research what rules are already in place, so that way we don't have to add anything. It is a quick look up for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked." This is a feature that we like to use and it helps us save time.

What needs improvement?

So far, we're not too much into the product.

  • We don't quite like the web interface.
  • We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a huge learning curve for us to use the web interface.
  • We have to learn their query language or define the details that we need.
  • Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way that it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

For how long have I used the solution?

It's going on for at least three years now, if not more.

What do I think about the stability of the solution?

There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.

They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.

What do I think about the scalability of the solution?

We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.

I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

How are customer service and technical support?

Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.

If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.

Which solution did I use previously and why did I switch?

We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.

How was the initial setup?

The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.

Which other solutions did I evaluate?

I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.

What other advice do I have?

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user494268 - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Vendor
It was valuable for auditing purposes.

What is most valuable?

It was used for firewall change review. For our company, it became an invaluable tool for auditing purposes.

How has it helped my organization?

It allowed us to track every change made to the firewall. We were able to see who made the changes, when the changes were made, and exactly what was modified.

What needs improvement?

We monitored multiple firewalls. In the version we used, we had to check the changes made on each firewall individually. We didn’t see a condensed list of changes across our environment.

For how long have I used the solution?

I used it for 1.5 yrs.

What was my experience with deployment of the solution?

We encountered minor issues with FireMon and its collection of data from Palo Alto firewalls. It required a small amount of additional time with system engineers on our side and on FireMon’s side to complete the deployment.

How are customer service and technical support?

Customer Service:

The customer service was excellent.

Technical Support:

At the time we were using the product, it did seem like the tech support staff was very limited in size. I am sure they have grown more since we used this product.

Which solution did I use previously and why did I switch?

We used another product (Tufin). For us, we needed to make a change because they lacked the ability to support Palo Alto (at that time). FireMon was a better fit with that firewall.

How was the initial setup?

The initial setup was straightforward. Minimal support was required to complete it.

What about the implementation team?

We implemented it through an in-house team. We required minimal assistance from the vendor.

What other advice do I have?

There are very few products that can do what FireMon can. I would definitely recommend it if there is a need to review firewall changes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free FireMon Security Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free FireMon Security Manager Report and get advice and tips from experienced pros sharing their opinions.