FireMon Security Manager Reviews

• Vendor agnostic when it comes to integrating with other product.
• Reliable
• Excellent customer support

This product has enabled Kaiser Permanente Clinical Technology technicians with proactive/remote monitoring of highly critical systems.

A phone app would be nice. This is the reason why it is not perfect yet.

12 months.

No problems.

No problems.

A 10 out of 10.

No previous solutions were used.

Since a non-IT person like me was able to setup the system from scratch, I would say that it is not complex at all.

Relative to what it offers, the price is fair.

FireMon Immediate Insight was the only product that would work for us, due to the limitations that the Clinical Technology Department has at KP.

It is a very versatile and sustainable product.

• The ability to look for shadow-based rules
• The ability to look for rules that are being used
• Change management
• Gets alerts from the system

• The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used.
• Helps us to identify those items and gives us the ability to go back and audit the firewalls.
• It gives us the ability to determine what our security architecture looks like: This helps us secure our company better. This helps us to determine who is making the changes and we then have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
• We were in the middle of a project where we were migrating from one set of firewalls, that were old, to a newer set. This tool allowed us to go through and identify rules that we could get rid of. It allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls. It helps us to understand what's being used and what's not.
• It helps us to research what rules are already in place, so that way we don't have to add anything. It is a quick look up for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked." This is a feature that we like to use and it helps us save time.

So far, we're not too much into the product.

• We don't quite like the web interface.
• We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a huge learning curve for us to use the web interface.
• We have to learn their query language or define the details that we need.
• Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way that it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

It's going on for at least three years now, if not more.

There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.

They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.

We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.

I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.

If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.

We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.

The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.

I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.

Currently, the change management controls for monitoring the firewall configuration changes is the only feature that we really use, at this time.

With the change control functionality, if somebody was to go in and make a rule change on the firewall, it's configured to send a notification as soon as those changes have been made. If this happens outside of a change window, we can track those and go to that person/individual, and find out why they made the change without going through proper change control procedure.

We just updated to the latest version, so I haven't had a chance to play with the enhancements from what we were previously using. What I was looking for in the previous version was better capability of adding change control numbers manually for rule changes that don't allow me to put in a descriptor into the change on the actual device. That will automatically get pulled into FireMon for reporting purposes. Some features don't have a description field that I can populate, and so I need to go back into FireMon later and document those. Even though the field is available as an option in properties, there's no way for me to fill that because of the type of the category of the change. It may not be a security change. It could be just a documentation process that I'm not able to do. That was in a previous version. I haven't validated that in this latest version.

I've only been using it for about a year. My employeer has used it for two to three years.

The product itself has been solid, stable. I haven't had any issues with stability issues at all, now.

The scalability seems to only be limited based on licensing we have installed. It appears to be fairly robust. It does offer a very large variety of devices that it can monitor but it's only limited based on the licenses that we have installed. For example, when I started here over a year ago, the device was licensed just for Cisco ASA5520s, and now we're using it to also monitor 5545s, which is a different tier. Until we licensed it for that different tier, we weren't able to ingest the configurations or monitor those newer devices. It truly comes down just to licensing. So, making sure we have the proper licensing is key. From what I've seen, it can monitor many devices, from routers, switches, up to the firewalls, from across many vendors.

We have asked for help a couple times, mainly about minor questions. There were questions about how to use documentation better, and they helped with that, but most of the questions that we've had have been around upgrading the product. We needed to know what is in the next version.

Based on what I know, there were no previous products. My understanding was they brought this in because they did not have that capability, and so this was an enhancement to the organization overall. Previously, there wasn't any monitoring being done.

Initial setup was done prior to me being here.

From what I've seen of the product, it's fairly robust. Making sure to know everything that you want monitored, to get the proper licensing upfront, is probably the biggest thing. If you're only strictly wanting to do firewalls, make sure you get the right licensing that will match your firewall capabilities. If you want to match a more cross-spectrum of your devices, get licensing to support that. The biggest key is making sure to get all the licensing you need for the devices you want upfront.

The most valuable feature is the Firewall reviews for our company compliance.

The review process is an area that needs improvement. We would like to review the rules and be able to make comments.

The advanced features are complex in setting up the rules.

I would like to see level mapping available with other products improved, to allow other products to build the level mapping. It does not have an export in Visio.

I have been working with FireMon for half a year.

We are using version 8.

This solution is stable.

It's a scalable product. We have five to eight people who are using this solution in our company.

Technical support is fine. I don't have any other issues.

I have not worked with any product that is similar previously.

Most of the setup was easy for us, but the advanced features are more complex.

Pricing is reasonable.

Licensing fees are paid every year.

It's a good solution that is stable, I would recommend this solution to others.

I would rate FireMon an eight out of ten.

FireMon is nice and provides 360-degree user views. You can also find the information you're looking for pretty easily.

I don't like that it comes with bugs, constant issues, and limited functionality. I would like to have enhanced change management reporting support for UTM features in the next release.

I have been using FireMon for six months.

On a scale from one to ten, I would give FireMon a five.

The reports you can run to look for redundant ACL’s in the firewalls, and the policy trace and review. It also allows you to tie to multiple domains so that the administrators for the FireMon servers do not have to deal with the hassle of making 'view only' accounts. You can also use the Insight function to keep records of the ACL’s. Instead of filling up the firewall with remark statements that could lose their position, you can leave all the information in the FireMon server, and you can tie in ticket information. It also allows you to put an expiration date on that ACL so that you can always remove unneeded exceptions.

It improved performance of the organization, as instead of going line through line of the firewall, we were able to quickly find IP addresses or services using Firemon.

I believe their network maps have a lot of room for improvement. I think they should allow more customization.

I have only worked on this product for a year.

No issues encountered.

We have not had any issues with stability.

My organization only used FireMon for Cisco ASA products, so I am not sure if it works with other firewalls but it does support other vendors.

Great, they hold free WebEx sessions for additional training on FireMon.

They're extremely responsive and experienced on the product.

We did not have a previous solution.

An in-house team did it.

Using this product allows firewall administrators to quickly find a problem with their firewall configurations. It allows the administrators to also look for open services that should not be allowed. One of the most useful features is the ability to use policy trace. If you work in an environment with multiple tiered firewalls you can look at exactly what ACL’s the traffic is going through on each firewall without having to have permission to those firewalls.

It is a smart move to make and makes the administration and troubleshooting of ACL problems clear.

Our main use case is the monitoring of changes on our firewalls. Another of our use cases is keeping firewall rules in good shape by doing regular rule reviews, using FireMon's built-in categories for rules and even deploying our own. Additionally, we used FireMon when we did internal firewall migration, meaning we were switching to a new generation of firewalls.

The solution has decreased errors and misconfigurations that would otherwise increase risk in our environment.

In addition, when we migrated to a new generation of firewalls, FireMon was of help when doing a first benchmark of the new solution and the initial setup.

It also identifies risks in our environment and helps prioritize fixes for them. The compliance module in Security Manager does that by watching overall rules and any changes, and benchmarking them against a pre-setup set of controls. It notifies us if any control has failed. That's how we monitor whether our firewall rules are compliant with a pre-set benchmark.

Firewall policy rule cleanup doesn't need to be a priority for a company to justify using FireMon, given that it makes that job much easier and faster. That means you don't need to allocate as many resources to do that work. It's now incomparably easier to do things like a rule review.

Overall, our monitoring and compliance are on much higher levels. The visibility we have into our firewall rules is much better now than it was prior to having FireMon.

One of the most valuable features is the compliance feature, which is something that we really utilize in Security Manager. It has a set of controls that we tuned a little bit from the way they came out-of-the-box, and created a custom set of rules that we are monitoring and that we want to have inline in our environment. It's a very good solution for real-time compliance management.

And for the cleanup of firewall rules, it performs really well for us. We utilize it in our regular rule cleanup tasks, several times a year. FireMon is our primary tool when doing that, either by going through its out-of-the-box compliance rules or using it to search for certain things in our rules that we want to prune from our firewalls.

When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box. We have tried to work around it by setting up email notifications, but it would be nice if it came with the product. That would really turn it into real-time monitoring for us. 

The workaround works for us, and the out-of-the-box setup is also good, but it expects you to be constantly watching and monitoring the solution itself. That's a bit hard when you have more than one solution to work on. You cannot just watch one and keep an eye on it for something that's non-compliant. Having an alert would be much easier for us. Still, it's a good tool for that kind of monitoring, for us.

I have been using FireMon for about two years.

FireMon is quite stable. We haven't had any stability issues with it so far.

It's quite scalable. The process of adding modules has gone quite well. Anytime we have needed to increase it, there hasn't been a problem.

We use it extensively; if not on a daily basis then on a weekly basis. There are periods when we use it even more intensely when doing reviews.

They really give us great support. When thinking of the level of support that we get from some other vendors, FireMon's support is really good. They have a good, knowledgeable support team around the world. We have offices in Europe and California. Whenever we have had any type of issue and have needed their support, whether the issue is in Europe or California, we have had really great support from them.

We did not have a previous solution.

We had a FireMon support engineer for the initial setup and it looked fairly straightforward, but it definitely needed some FireMon knowledge. Since then, we have onboarded a number of new devices in FireMon on our own, and that part is quite straightforward. But setting up the system itself is something that requires the knowledge of a FireMon engineer.

For the deployment, there was a month of weekly sessions with the engineer to get it working.

We have three people, within our security staff, who are using FireMon regularly. The three of us were involved in deploying and we work on maintaining it. It's a shared effort. None of us is working full-time on FireMon.

There are no costs in addition to the standard licensing fees.

We talked about other solutions with different partners, and based on that we decided to go with FireMon. We did have a proof of concept with them before going live, and we liked it and the options it had, so we decided to go forward.

We are resellers. All of our clients are enterprise companies. 

The firewall assessment feature is great.

FireMon could be easier to use and flexibility regarding reporting could be improved. 

I have been using FireMon for six months.

FireMon is both scalable and stable. 

I've never had to contact technical support. 

I used to work with AlgoSec. They are both very good products but they target different customers in our market. One is more expensive than the other. One is more simple than the other to use. For this reason, we decided to go with FireMon. The profile of our customers is more related to FireMon than AlgoSec.

The initial setup was very easy.

FireMon is cheaper than AlgoSec.

My advice is to make sure you choose the right reseller because it's not a product you should use by itself.

Overall, on a scale from one to ten, I would give FireMon a rating of eight.