What is most valuable?
The reports you can run to look for redundant ACL’s in the firewalls, and the policy trace and review. It also allows you to tie to multiple domains so that the administrators for the FireMon servers do not have to deal with the hassle of making 'view only' accounts. You can also use the Insight function to keep records of the ACL’s. Instead of filling up the firewall with remark statements that could lose their position, you can leave all the information in the FireMon server, and you can tie in ticket information. It also allows you to put an expiration date on that ACL so that you can always remove unneeded exceptions.
How has it helped my organization?
It improved performance of the organization, as instead of going line through line of the firewall, we were able to quickly find IP addresses or services using Firemon.
What needs improvement?
I believe their network maps have a lot of room for improvement. I think they should allow more customization.
For how long have I used the solution?
I have only worked on this product for a year.
What was my experience with deployment of the solution?
What do I think about the stability of the solution?
We have not had any issues with stability.
What do I think about the scalability of the solution?
My organization only used FireMon for Cisco ASA products, so I am not sure if it works with other firewalls but it does support other vendors.
How are customer service and technical support?
Great, they hold free WebEx sessions for additional training on FireMon. Technical Support
They're extremely responsive and experienced on the product.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
What about the implementation team?
What other advice do I have?
Using this product allows firewall administrators to quickly find a problem with their firewall configurations. It allows the administrators to also look for open services that should not be allowed. One of the most useful features is the ability to use policy trace. If you work in an environment with multiple tiered firewalls you can look at exactly what ACL’s the traffic is going through on each firewall without having to have permission to those firewalls.
It is a smart move to make and makes the administration and troubleshooting of ACL problems clear.