- The ability to look for shadow-based rules
- The ability to look for rules that are being used
- Change management
- Gets alerts from the system
So far, we're not too much into the product.
It's going on for at least three years now, if not more.
There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.
They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.
We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.
I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.
Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.
If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.
We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.
The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.
I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.
You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.
We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.
We also had to include a few different offices that required their own implementation of data collectors.
This company does a pretty solid job and they're constantly striving to improve their products.