My advice would be to get familiar with UNIX commands and the VI. Those two are very helpful when you're working on the CLI. Otherwise, the GUI is so easy.

Security Manager, which is what we're using, doesn't automatically warn you when new firewall rules and changes to existing ones violate compliance policies, before they are deployed. However, there is another licensed aspect to Security Manager that does have that ability. What I have will tell me that somebody has made a change, what it was, and when it was made, but for the solution to make it a judgment call, I'd have to license another portion of Security Manager. It will even tell you where to put something. You put the entire enterprise in, with 60 firewalls, and you say, "I want to do this." It will say, "Okay, put it over here on this firewall, on this interface." You don't even have to think about the design. It does all the work for you.

If a colleague at another company said that firewall policy cleanup and management is important, but it's just not a priority, I would tell them that's a misconception. Any rule out there that hasn't been looked at, at least yearly, can become a security problem. Leaving that open, someone else can put another server in its place and now have open ports because you didn't remove a rule that's no longer in use. That's a very big security hazard. You do not want to leave rules in that aren't being used.

I've seen that happen in many companies that I've worked in, where a server had a lot of ports open because it needed to have them open for that application. The server then went away and then someone put another server in there and it automatically had all those rights. You didn't even know that it was changed. All you saw was a name change, and didn't realize that all those open ports are now a security violation because they applied to the old server and not the new one.

Having used it for so long, I'm so inundated with it that I can't see much that needs to be improved without a major redesign, and I can't even see that. When we're putting in automated changes it takes effort, but you realize that if it was too easy you could mess things up pretty quickly. I prefer it the way it is. I really don't want it changing.

It's the only tool we use for our security area that is worth anything.

With more understanding, we could have saved time on what kind of access FireMon needs, since we can't just give full access. We have to gradually allow it until that is enough access to get the information.

I would rate this product as 10 out of 10. 

I would rate FireMon a seven out of ten. There's a lot more I can gain from FireMon, as opposed to just running reports. I am particularly interested in automation and similar functionalities, but I haven't dedicated enough time to fully take advantage of all the features it offers.

There are ten of us using FireMon within our organization.

The maintenance we undergo for FireMon primarily involves upgrades. We have dedicated networking personnel and a development manager who oversees the maintenance.

I suggest spending a significant amount of time watching the videos; there are some beneficial training videos available. Additionally, it would be beneficial to arrange some sessions with their contact. I have an account and have been having sessions with my contact for five months.

Firewall policy clean-up management is undoubtedly a priority. If we have rules that are not correctly configured or overly encrypted, we expose our environment to numerous serious compromises, making it imperative to address this promptly.

My advice would be to do an appraisal of your environment and list out your requirements and what you are hoping to achieve. Then look at a couple of companies that are in competition with FireMon and look at user reviews to see if your requirements are met best by FireMon or their competitors. That is the procedure we used to choose FireMon.

If a colleague at another company said to me that firewall policy rule cleanup and management is important, but it's not a priority compared to more urgent things, I would say that there are a lot of bottlenecks and there is a reduction in service due to misconfigured or old firewall rules. They can prevent people from working properly. In the past, those issues hampered our network bandwidth and data movement. There were too many firewall rules that did recursive checks. There was increased latency and reduced productivity, and that frustrated a lot of end-users. Systems could be slow due to firewall rules that were misconfigured or outdated. FireMon enables you to efficiently manage your network and your firewalls and their rules, and it prevents security breaches.

The biggest lesson I have learned from using FireMon is that automating certain tasks enables you to get them done properly. Those tasks include cleaning up and managing firewalls efficiently. It saves you time, costs, and resource usage, so that people don't have to manage as many mundane tasks. Those tasks can be shifted to a system like FireMon. Usage of FireMon enables you to concentrate on more important tasks, while the system alerts you on things that are not going properly.

I would rate its real-time compliance management at eight out of 10. I can provide more details after we actually deploy it in the cloud, because I've used certain other things in the cloud, in other places, but we've not deployed FireMon in the cloud. But on-prem, it is very effective and an eight out of 10 is good.

We haven't upgraded to the latest version. We're having discussions with FireMon at the moment. Most people are at home because of the pandemic and people have not had the chance to pursue it. About a week or two ago, we had a meeting with them, and a discussion with them not just on how to upgrade it, but also on how to fine-tune it with the new facilities and functionalities that have recently been created.

Our deployment is on-prem, for now. We hope to get to SaaS, because we just started moving things to the cloud. We will do it soon. We are planning ahead for that, but it's dependent on the pandemic exit procedures.

FireMon can also help automate firewall policy changes across large, multi-vendor enterprise environments, depending on how it's managed and how it's tuned. It requires knowledge to configure it to do that. We are hoping to implement that in the future, in hybrid, multi-cloud environments.

FireMon can be used for real-time compliance management, and this is something that we're working on right now. We're working on doing a better job of creating our own custom compliances. The default ones are okay but we're trying to create our own compliance so that we can use that feature a little bit more. Right now, it's just sitting there with most of the defaults but that's one of the goals.

We do not have FireMon fully integrated with anything. It operates mainly in a standalone fashion. If we wanted to, it could be used with the other security appliances. They are also standalone and operate independently.

My advice for anybody who is considering FireMon is to check to make sure that FireMon is capable of pulling data from all of the devices. We have found some gaps in the support for some devices, and we've had to go back and forth for a custom device pack.  It is important to look at the environment to ensure that all of the necessary devices can be monitored.

If FireMon is being used but rule cleanup isn't a priority, then standing it up for the Security Manager and pulling data from all of the devices still allows you to clean things up when there is downtime. As long as the firewall rules are logged, then it should be left to run and collect data until it's a priority. When there is time for a cleanup, it will find the redundant rules, shadow rules, and rules that haven't been used for a while. The reporting functionality auto generates that information and it will provide a stepping stone for easier cleanup.

The capability is there with this product but it has to be refined. Most of the time when we try to add a new device, it should work but we run into issues. It's not hiccup-free. The software is getting there but for now, we run into issues too often.

I would rate this solution a five out of ten.

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are.

We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it.

This is definitely a product that I recommend, based primarily on how it compares with other similar tools. 

I would rate this solution a nine out of ten.

My advice would be to spend a good amount of time on the training videos. And if you can set up some sessions with your FireMon contact, that would also help. I do so many different things that I don't get enough time to spend on FireMon. I do use it pretty often, but maybe in terms of training, especially, there's a lot more I could gain from it, as opposed to just running reports. I could get into automation, for example.

In addition to what I've been using it for, I know there's a lot more within FireMon, like getting an understanding of your network topology, bringing many different points together, and analyzing the risk factors. FireMon also helps automate firewall policy changes across large, enterprise environments, but we don't have it set up to that yet.

Real-time compliance management is great. That's something that we are looking into and we have created some PCI rules. It's just a matter of learning how to make the reports. It's not very difficult at all.

The maintenance that we go through with FireMon is mainly upgrades. I'm the point of contact and we have a couple of networking guys who are hands-on as well.

Firewall policy cleanup is definitely a priority. If you have rules that are not properly configured or overly permissive, you open your environment to a lot of serious compromises.

My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool.

If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base.

We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value.

We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it.

We don't use FireMon to automatically make changes on our firewalls.

I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

If a colleague at another company were to say to me that firewall policy cleanup and management is important, but it's just not a priority compared to other more urgent items, I would say that firewall cleanup is pretty subjective. We think it's important because if you don't clean things up it leaves potential holes where vulnerabilities can come into your network. I would tell them it ought to be a priority.

In a small organization, I think FireMon would be absolutely fantastic. Just be sure you do a good job of documenting your use cases in terms of the scalability you need, before you talk to FireMon. You need to be clear with FireMon about what kind of scale you need to be able to scale up to.

When you get into an organization like ours, with hundreds upon hundreds of firewalls for different purposes, our firewalls don't line up in a linear fashion. It's not a case of "more of the same, more of the same," when it comes to our firewalls. They all have their own risks and nuances, their own rule sets, and their own security implications. Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric.

I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there.

We have an open issue list that we are working through with FireMon little by little, including things it doesn't do well. We meet with a technical account manager on a weekly basis. Of course, we're not their only customer, so we can't dictate what they do or don't do regarding Palo Alto, but we're making our concerns known.

We've had to customize a lot of the security. Their out-of-the-box risk situation was too restrictive in some areas and not restrictive enough in others. So we have had to tailor the risk conditions by firewall type and create custom risk reports by firewall type, because not all our firewalls are the same.

We haven't been using it for compliance at this point. The auditors use a different application for compliance. So we've been running that to check with security compliance.

I would rate FireMon a ten out of ten. 

If I were explaining to a friend of mine at another company what the benefits of FireMon are, I would tell them that it integrates well with other vendors. It is easy to use, help is available by looking through the menus, and the support team is good. You don't need to hire a professional service to set it up and use it. Rather, management of this solution is very easy.

I would rate this solution a nine out of ten.

The best advice that I could give, honestly, would be not to look at a product for a short-term goal. Speak with the vendor about the maturity model that you want to go down and the roadmap that you have for your organization. They have a lot of different components and products that complement each other. I'm still waiting to do stuff now or next year that I wish I could have gotten funding for three years ago.

If you're going to engage and move forward with something, try to future-proof what you're signing yourself up for. Take into consideration where your roadmap is taking you. If there is something you know you're going to do in two years, and they have this other product that supports that effort and can provide greater ROI between now and then, go ahead and lump that into it.

As far as the solution's cloud support automation for public cloud platforms goes, I have used it and looked at it enough to ensure that it aligns with our roadmap. I feel it's there, but we're not currently utilizing the functionality. The solution would provide us with a single pane of glass for on-premise and cloud environments, but we're not using a production cloud environment at this time. However, I have made sure that whenever that does become a bigger footprint in our infrastructure, everything's going to be in place for us, as far as FireMon as a solution is concerned.

The solution provides us with the option to have comprehensive visibility of all devices, but a prerequisite to it being able to provide that information is that the owners of the solution have to optimize and educate FireMon. That has not necessarily been a high concern of ours. It hasn't been a primary responsibility over the years for me to take my network map and input it into the device. For me, it doesn't fulfill that function, but that's not necessarily a reflection of the tool's abilities.

In terms of using the solution to conduct a full inventory of our assets to secure everything, the Security Manager portion of it, alone, won't be able to perform that function. I think that there are a couple of other options that the vendor provides which address that need, but it's not something that we've invested in. Immediate Insight is the tool that associates itself with that kind of task. It's not something that we currently have the plugin for.

End-to-end change automation for the entire rule lifecycle is something we're moving towards. It is something we have on our roadmap and that we've worked out with the vendor, to make sure we'll be getting funding for that integration. Integration is required to create that full automation. FireMon does support that and it's something that we're actively pursuing, but we have not submitted funding for it yet.

I would certainly give it a nine out of ten because there's always room for improvement. Also, once I'm happy with a vendor, I'm not necessarily interested in whatever their competitors are doing. If I was sitting down with FireMon and all of their competitors every year, I might be able to say, "Hey, Tufin is doing this, why aren't you guys doing this?" But I don't do that. I would only feel comfortable giving a ten if I went through that process. I'm very happy with the solution for what it is, for how much it reduces my overhead, and how much it allows me to do things that, otherwise, I just wouldn't have the option of doing.

Make sure that you've got somebody from your non-cyber-security teams, somebody from one of the other IT teams, such as infrastructure, servers, or networks, who understands and who does really good documentation around the initial setup. Our cyber security or information security team is the one that uses it mostly, but we do need assistance from the other team. Make sure that you have stakeholders from other groups, even though they're not going to be the primary users.

The idea that firewall policy rule cleanup and management is important, but it's just not a priority compared to other more urgent items, is a pretty tough statement to make, especially in a regulated environment or if any sort of compliance is needed. It's just not really a valid statement. If someone said that, I would ask them to go back and make sure that they're following all the rules of the road.

It comes down to what your priorities are and what's important. Most regulations have some sort of a component around zoning and limiting communications between different systems. It's of utmost importance if you think about it from a compliance standpoint.

I give FireMon a nine out of ten.

I recommend that prospective users thoroughly familiarize themselves with all the features and capabilities of FireMon before configuring it. This will help ensure that no features are overlooked and that all features are utilized correctly.

Firewall policy rule cleanup and management should be a top priority for all organizations. Improper configuration of these rules can pose a significant security risk. It is crucial to have knowledge of the allowed traffic, necessary policies, and unnecessary policies. Additionally, it is essential to monitor web traffic and accessed web port applications within the organization, including which users are accessing them. Configuring policies correctly is crucial to gaining control over malicious activity and user access.

Regarding automating firewall policy changes, we don't like the word "automation" for the simple fact that automation is dangerous. We don't want it to take over. We want to be able to review everything before it happens.

In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product.

In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud.

We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it.

We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with.

When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this.  We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there.

We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker.

I rate FireMon at ten out of ten. I am very happy with the tool.

Perform the installation and utilize FireMon support to optimize the installation. Perform a post installation review of the configuration a couple of months after it’s implemented and running so that you can decide what features to use, which are useful. There are a lot of built in features that aren’t apparent until you get the whole system set up, all of your devices discovered, and the system collects information for a few weeks.

Each deployment scenario will be unique. A robust proof of concept is key to make sure it will meet all of your intended use cases.

The solution is managing 25 percent of our firewalls right now. We probably won't increase usage until we can get the required features for firewall change rule management to work correctly. We probably will not increase usage until that works.

I would rate it as a six (out of ten). We need the end-to-end mapping feature working to make it a ten. That is just our next phase. I don't know what other problems that we will run into. There is a lot to deploy before we can give all the details of what we need to make it a ten. There is integration with ServiceNow and some of our other tools. We have to make sure all that is working before we could give it a ten.

Review your current operational requirements and processes well, and determine what can change, internally, to take full advantage of the standard FireMon processes.

Consider investing in the policy planner. Further integration with a ticketing solution is on our roadmap. I certainly wish it was something we pulled the trigger on years ago.

Make sure that you get the correct hardware for whatever size environment you have.

End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for.

There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data.

Two people could do deployment and maintenance, although I tend to do it by myself.

I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me.

I don't know what advice I would give to others. We are having a lot of problems with the licensing, to be honest. So, there's an issue with the UK and US date format.

When we renew our licenses, I don't know whether it's through our distributor or whatever, but they keep changing the format. In the American date format, you put the month first, then the date, then the year. In the UK we put the day first, then the month, then the year, and they keep flipping the dates over so we lose about three or four months on the licensing every time. We have to go back to our salesperson to get that fixed.

Also, when we did the upgrade, for some reason, we had enough licenses to start with but after the upgrade, we didn't. So, we didn't add any new devices, and we've got a thing in with the salesperson to find out why; what's changed there.

Don't be scared to contact the SE. My SE and I have a very good relationship and we bounce ideas off each other. Leverage your resources. It's not really a complex product to deploy.

Use the User Center. There's a lot of great info there and a lot of your questions can be answered in the User Center.

General recommendations: Make sure that the firewalls you have are supported. Make sure you know how many firewalls you have.

Go with the mindset of what you want to do; general project management-type stuff.

Everything's working fine. The only thing is the automated updates. I’m not giving it a perfect rating because of the usability of the updates. That's my biggest thing that they need to work on.

It's been working very well for us. We’ve got everything we need. We have several groups using it that like it.

It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard.

To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important.

In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them.

It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much.

In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies.

I would rate it a seven out of 10.

It is not a bad tool. I still recommend it and I'm not against it. I recommend it because, overall, it has helped us to remove and clean 15,000 to 20,000 redundant unused rules. When we cleaned those, we were confident that they were not usable. They were very old. But we didn't just rely on FireMon's report. At the same time, we used our own judgment. When we blindly relied on the FireMon report, it created issues.

It's a good solution, but it is not something that you can 100 percent rely upon. It is a useful tool. At least it will help you up to a certain percentage.

We work according to the risks FireMon warns us about, but some of those recommendations are false alarms and others are valid. If it gives us 100 warnings, about 10 of them are valid.

Despite all the shortcomings, we still prefer to use it. At least we get some good recommendations and suggestions in the reports. We like it, despite the drawbacks.

Like any implementation, take time and plan. Engage users and stakeholders letting them know what this system can do and get it integrated within the organizational ecosystem. Like any solution, if it isn't used you simply don't get that potential dividend.

I rate FireMon Security Manager eight out of 10. It has many more features than we use, but we have a limited scope. I think we could've done more had we used that momentum when we were implementing it. 

Even if you think having a firewall management solution isn't a priority, the FireMon can provide more visibility and make some tasks easier, faster, and more efficient.

We're using the latest version of the solution currently. 

I'd rate the solution ten out of ten. I've been very happy with the product overall. 

I'd recommend the solution as it's so easy to use. Clients are very happy with it.

If someone asked me for advice, I would definitely say that it would help them, especially with being able to navigate through if you have a complex rule set. I would definitely suggest FireMon. It's been extremely helpful for us to have. Even though they're missing a few functions, it's still workable from our standpoint.

Being able to export to Excel isn't a huge turnoff. It's a nice feature to have but I would definitely suggest purchasing FireMon. Especially if you have a large environment where you're trying to trim down your rule base, you're trying to optimize your firewall, or you're just trying to find stuff that's sort of lost in your configuration.

Also change management: I believe it's a PCI requirement. We use FireMon as well for notifications and that's helped satisfy a PCI. I don't have anything in front of me that shows me all the requirements but I believe a review of rules that are changed is part of that requirement, so they help fulfill that, too.

Just like any other IT product on the market today, everything is green grass and high tides. Everything is beautiful. During the sales process, it's all, "Oh, just do this, do that." It's a little more than that. It's a little more complex and a little more effort than just, plug it in and go.

I think that's the mistake of many of the sales teams; that they sell the ease of implementation. I think they should just be straight up and honest with the purchaser, saying, "Look, it's going to take some effort and you're going to have to understand your environment. You're going to have to understand the network flows. You're going to have to understand how your network is segmented, so you can properly implement the tool."

I think when they try to make it seem easier than it really is, then that's inviting problems.

FireMon is just better than average. It's better than average, but not quite stellar yet. They've got a little work to do to address some of the challenges that could be introduced perhaps by the customer and the way the customer has used the different platforms. They have to be able to account for that, and react to it in a timely manner; at least come up with some sort of usable solution in the meantime when they do encounter a problem.

Definitely, you should look into how many syslogs you're getting because there is a limitation on how many syslog messages it can handle per second. We felt in a more distributed environment, it allowed us to support our network more adequately. So even with our main data centers, we had to usually have three or more collectors in order to deal with the amount of syslogs we're sending. We also had to include a few different offices needing their own implementation of data collectors.

This company does a pretty solid job and they're always constantly wanting to improve their products.

I think it's a good product. It's very stable. It's quick and it's easy to learn. It's easy to run reports. There are a lot of reports that you can run. That helps the management of your firewall.

FireMon is a very good product; is a slippery slope in terms of deployment. It can monitor all of your network devices and firewalls. I would imagine a lot of people probably use it for that.

We are a small organization. From a cost and work standpoint, we only wanted the ability to audit and manage our firewall rule sets. It’s been good for us in that way.

People need to think about what’s important to them based on a monitoring point of view, which is regulation-based. That wasn’t an issue for us. I recommend that people considered the best-sized solution for them. Give it a try. It’s worked well for us.

I would rate it as the best firewall monitoring platform that I’ve used, but I’ve only used FireMon.

We are a Palo Alto customer and this is a great tool to augment the Palo Alto tool set. It’s a very beneficial product. It fills the gap of things you can’t get with standard Palo Alto management, such as long-term analysis and knowing what’s really going on with objects and rules in the firewall rule base.

When using this product, you have to spend time understanding not only how it was installed but what information you can get from the product. The customization of reports, whether they can be automated or on demand. So just getting a better understanding of what you can get from the application is useful.

It's a good solution that is stable, I would recommend this solution to others.

I would rate FireMon an eight out of ten.

It is fairly straightforward to use, and I haven't really had a whole lot of issues with it.

This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle.

We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise.

From what I've seen of the product, it's fairly robust. Making sure to know everything that you want monitored, to get the proper licensing upfront, is probably the biggest thing. If you're only strictly wanting to do firewalls, make sure you get the right licensing that will match your firewall capabilities. If you want to match a more cross-spectrum of your devices, get licensing to support that. The biggest key is making sure to get all the licensing you need for the devices you want upfront.

Using this product allows firewall administrators to quickly find a problem with their firewall configurations. It allows the administrators to also look for open services that should not be allowed. One of the most useful features is the ability to use policy trace. If you work in an environment with multiple tiered firewalls you can look at exactly what ACL’s the traffic is going through on each firewall without having to have permission to those firewalls.

It is a smart move to make and makes the administration and troubleshooting of ACL problems clear.

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.

There are very few products that can do what FireMon can. I would definitely recommend it if there is a need to review firewall changes.

On a scale from one to ten, I would give FireMon a five.

It is a very versatile and sustainable product.

Check the renewal cost, and determine whether the Risk Management Module is mature enough and whether GUI crash issues have been fixed or not. Maybe for small companies, it comes up fine, but for large environments, it might cause issues.

Be sure you read all the specs, and test the application as deeply as you can to ensure it meets all your requirements.

My advice is to make sure you choose the right reseller because it's not a product you should use by itself.

Overall, on a scale from one to ten, I would give FireMon a rating of eight. 

The customized workflow is worth it. If you are considering to migrate to new firewalls, implement FireMon because it will make your migration much easier. Also, cleaning up some slow firewalls will help you extend its life.

It is a good solution for audit trails and end-user visibility.

Prepare the necessary details and make sure you configure the needed firewall according to their guide for a smooth implementation.

The version is an important choice for the product.