FireMon Review

Enables us to very easily identify and remediate firewalls that have overly-complicated rules


What is our primary use case?

We use it for firewall cleanup, redundant rule removal, and unused rule removal.

We are using the solution to identify anything that might have overly permissive rules or things outside of PCI compliance. We use it to proactively find those kinds of issues. There's more we could be doing with it for sure, we just haven't had the time yet.

We currently have it covering every single firewall we have, which is a lot. There are potential plans to add routers and switches into it again, or even start adding in hybrid cloud solutions, things like that, that we won't be able to see. Honestly, we won't have a single pane of glass without FireMon, so we do have intentions of deploying it at a larger scale, and actually turning on some of those features which we don't use today.

How has it helped my organization?

We have some really complex firewalls out there, a lot of rules - too many rules. It's to the point where the firewalls become physically unhealthy. The config is so large that the hardware can't keep up. FireMon allows us not only to very easily identify those firewalls that might be getting overly complicated, but it also allows us to easily remediate those complications. It's probably saved us a lot of downtime that could have resulted from firewall issues caused by the config.

It helps close a visibility gap we previously had. For example, Cisco's primary firewall management tool, either using command-line or GUI, does not cover all the appliances at once. You have to go in one-by-one. FireMon is able to see across every appliance, in a single view and that makes it easier to manage things.

In addition, it reduces our overall audit time. I don't deal enough with the audit side of the house to know by how much it has been reduced.

What is most valuable?

I have found the reporting on unused rules and redundant rules to be the most useful to me. We run those reports and then we can come back and fix things that are bad.

And overall, the reporting mechanism for anything is pretty good. We use it to baseline, to make sure our configs are accurate across all of our devices.

It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise, or find security rules no matter what firewall they're on. We don't use the automation feature, which means we don't do a deployment of any changes, so we don't yet have a single pane for deploying all policies. We know it's capable, it's just that we don't have that function on.

What needs improvement?

Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release. Too many bugs pop up between releases, and that's where I would like to see the most improvement.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It's recently become much more stable. We had an undersized box, and FireMon actually gave us a very much bigger server for free, which was very good of them to do. It brought our stability to about 99-percent-up.

What do I think about the scalability of the solution?

It's highly scalable, as long as you have servers. You can scale it to pretty much anything. We've had thousands of devices in it.

How are customer service and technical support?

There front-end technical support is really good, very responsive. To me, it takes a little bit too much time to resolve some issues, but that's to do with their development team, so I don't know if that should get lumped in with support or not. But the time to resolve problems that we identify is something of an issue. I'd give tech support a six out of ten.

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was on version 7, which is a totally different ballgame, but the setup of both versions 7 and 8 were straightforward enough for me. I can't imagine something being much easier. It required minimal configuration and the documentation was excellent on how to set it up on your own. It's just easy.

A single-server deployment wouldn't have taken more than a day or two. We did multiple virtuals so we got slowed down by our virtual team building the servers. As a result, it probably took a few weeks. But that was not because of the product, it was because of our own internal teams.

Our implementation strategy was just to get the system up and running and onboard all of our firewalls into it.

What about the implementation team?

I deployed it mostly by myself.

What was our ROI?

In my opinion, we have seen ROI. We're able to share data that other groups need, by harvesting it out of FireMon, which is extremely powerful. Another group can look up their own NAT, for instance, even if they're not very savvy. It has helped reduce a lot of casework that was coming into our queue, that was along the lines of, "Hey, what NAT does this belong to?" 

Going back to the complex rules, it has literally prevented devices from falling over and dying. It's maintained uptime, which is invaluable when you're dealing with millions of customers connecting through one firewall.

What's my experience with pricing, setup cost, and licensing?

Our licensing is done yearly. There are different levels of support to pay for, but there are no hidden fees. The pricing is very good, very straightforward. It also came in cheaper than AlgoSec and Tufin.

Which other solutions did I evaluate?

We demoed and looked at other solutions but we did not implement any. AlgoSec and Tufin were the two main solutions that we checked first.

In the end, it really came down to the support. FireMon is more attentive than these very large companies, and we needed that attention. Their attention to our needs is what sold us on the product.

What other advice do I have?

Make sure that you get the correct hardware for whatever size environment you have.

End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for.

There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data.

Two people could do deployment and maintenance, although I tend to do it by myself.

I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email