FireMon Review

The most valuable features are change management and getting alerts from the system. The web interface requires a learning curve.


What is most valuable?

  • The ability to look for shadow-based rules
  • The ability to look for rules that are being used
  • Change management
  • Gets alerts from the system

How has it helped my organization?

  • The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used.
  • Helps us to identify those items and gives us the ability to go back and audit the firewalls.
  • It gives us the ability to determine what our security architecture looks like: This helps us secure our company better. This helps us to determine who is making the changes and we then have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
  • We were in the middle of a project where we were migrating from one set of firewalls, that were old, to a newer set. This tool allowed us to go through and identify rules that we could get rid of. It allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls. It helps us to understand what's being used and what's not.
  • It helps us to research what rules are already in place, so that way we don't have to add anything. It is a quick look up for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked." This is a feature that we like to use and it helps us save time.

What needs improvement?

So far, we're not too much into the product.

  • We don't quite like the web interface.
  • We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a huge learning curve for us to use the web interface.
  • We have to learn their query language or define the details that we need.
  • Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way that it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

For how long have I used the solution?

It's going on for at least three years now, if not more.

What do I think about the stability of the solution?

There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.

They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.

What do I think about the scalability of the solution?

We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.

I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

How is customer service and technical support?

Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.

If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.

Which solutions did we use previously?

We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.

How was the initial setup?

The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.

Which other solutions did I evaluate?

I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.

What other advice do I have?

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email