FireMon Review

It helped us identify unused rules, reducing the load on the firewalls.


What is most valuable?

The Configuration Change Management feature was something we were interested in as it helped us to identify who made the change, when and why. Also, the workflow was easy to set up to ease operations.

The second important feature I liked was determining unused rules - rules placed incorrectly in the ACL - this helped us to reduce the load on the firewalls, thus we didn’t have to buy a new firewall due to high CPU or memory consumption. With the help of FireMon, we fine-tuned the rules and were able to save money for buying a new firewall.

How has it helped my organization?

As mentioned, we were able to ease the operations and set up a workflow that allowed the firewall and other network-related requests to go through a formal approval process. This helped to track who, when and why the request was done.

Also, removing redundant rules and placing the rules at the correct place helped lower CPU and memory consumption.

What needs improvement?

I would have preferred fewer updates, as there were quite a few updates made every now and then. Secondly, the Risk Management Module didn’t work well until you have the all of the subnets mapped. This can be improved.

For how long have I used the solution?

I used it for two years.

What was my experience with deployment of the solution?

I didn’t really encounter any deployment issues. However, sometimes the GUI used to crash when it tried to populate the device map; we had a lot of devices. At times, the map displayed fine, even though it took some time to show up; and at other times, the GUI crashed. This should be fixed.

How are customer service and technical support?

Technical support was fine; they have good technical people. However, support can be improved, if they become more responsive.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was fine; you just need to map certificates between the sensor and the Application Server, which was something different. It can be sorted out through some other methods as well. I don’t exactly remember, but we faced one issue and to resolve it, we had to install the certificates again to get it working.

What about the implementation team?

Implementation was done by the vendor team.

What's my experience with pricing, setup cost, and licensing?

Although I have left the company, I heard that since the license renewal cost was too high, management decided not to renew it. The vendor should reduce the license renewal cost.

Which other solutions did I evaluate?

I personally did not test any other alternative, but I heard management evaluated Skybox as well; they eventually chose FireMon. It was a management decision, so I don’t know why others were rejected.

What other advice do I have?

Check the renewal cost, and determine whether the Risk Management Module is mature enough and whether GUI crash issues have been fixed or not. Maybe for small companies, it comes up fine, but for large environments, it might cause issues.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More FireMon reviews from users
...who work at a Financial Services Firm
...who compared it with AlgoSec
Find out what your peers are saying about FireMon, Tufin, AlgoSec and others in Firewall Security Management. Updated: July 2021.
522,281 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest
1 Comment

author avatarit_user630399 (FireMon Customer Success Manager at FireMon)
Vendor

Thank you for providing your detailed feedback on FireMon Security Manager. We truly appreciate the investment of your time to post a review.

In regards to your statement about issues displaying the device map; It is highly recommended to organize devices into device groups. This improves usability for organizations with a large number of devices, and reduces the amount of time taken to display the device map.