What is most valuable?
The Configuration Change Management feature was something we were interested in as it helped us to identify who made the change, when and why. Also, the workflow was easy to set up to ease operations.
The second important feature I liked was determining unused rules - rules placed incorrectly in the ACL - this helped us to reduce the load on the firewalls, thus we didn’t have to buy a new firewall due to high CPU or memory consumption. With the help of FireMon, we fine-tuned the rules and were able to save money for buying a new firewall.
How has it helped my organization?
As mentioned, we were able to ease the operations and set up a workflow that allowed the firewall and other network-related requests to go through a formal approval process. This helped to track who, when and why the request was done.
Also, removing redundant rules and placing the rules at the correct place helped lower CPU and memory consumption.
What needs improvement?
I would have preferred fewer updates, as there were quite a few updates made every now and then. Secondly, the Risk Management Module didn’t work well until you have the all of the subnets mapped. This can be improved.
For how long have I used the solution?
What was my experience with deployment of the solution?
I didn’t really encounter any deployment issues. However, sometimes the GUI used to crash when it tried to populate the device map; we had a lot of devices. At times, the map displayed fine, even though it took some time to show up; and at other times, the GUI crashed. This should be fixed.
How are customer service and technical support?
Technical support was fine; they have good technical people. However, support can be improved, if they become more responsive.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
Initial setup was fine; you just need to map certificates between the sensor and the Application Server, which was something different. It can be sorted out through some other methods as well. I don’t exactly remember, but we faced one issue and to resolve it, we had to install the certificates again to get it working.
What about the implementation team?
Implementation was done by the vendor team.
What's my experience with pricing, setup cost, and licensing?
Although I have left the company, I heard that since the license renewal cost was too high, management decided not to renew it. The vendor should reduce the license renewal cost.
Which other solutions did I evaluate?
I personally did not test any other alternative, but I heard management evaluated Skybox as well; they eventually chose FireMon. It was a management decision, so I don’t know why others were rejected.
What other advice do I have?
Check the renewal cost, and determine whether the Risk Management Module is mature enough and whether GUI crash issues have been fixed or not. Maybe for small companies, it comes up fine, but for large environments, it might cause issues.