We just raised a $30M Series A: Read our story

FireMon OverviewUNIXBusinessApplication

FireMon is #3 ranked solution in top Firewall Security Management tools. IT Central Station users give FireMon an average rating of 8 out of 10. FireMon is most commonly compared to Tufin: FireMon vs Tufin.FireMon is popular among Large Enterprise, accounting for 41% of users researching this solution on IT Central Station. The top industry researching this solution is Computer Software Company, accounting for 31% of all views.
What is FireMon?

FireMon, the only agile network security policy management (NSPM) platform, brings visibility, control, and automation to enterprise cloud and hybrid network infrastructures.

  • To drive agility across hybrid networks, the headless orchestration API allows customers to integrate with any existing system or process including IT Service Management platforms like ServiceNow, Security Orchestration Automation and Response (SOAR) tools like Splunk Phantom and Palo Alto Cortex SOAR, and DevOps platforms like Red Hat Ansible and HashiCorp Terraform.
  • To drive security efficiency and eliminate misconfigurations caused by complexity and manual processes, the platform addresses inefficient rule creation and change processes, delivers risk assessment of change through pre-change simulation and provides policy change recommendation.
  • To meet scale and heterogeneity requirements, FireMon normalizes policy across thousands of firewalls, devices, and cloud security groups through a single interface.

FireMon customers routinely experience up to 90% improvements in network security policy efficiency while eliminating common misconfigurations which lead to breaches and compliance violations.

FireMon Buyer's Guide

Download the FireMon Buyer's Guide including reviews and more. Updated: October 2021

FireMon Customers

Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Salesforce, Verizon, Wells Fargo

FireMon Video

Pricing Advice

What users are saying about FireMon pricing:
  • "FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated."
  • "This is an expensive solution. The cost of three modules for three years was approximately one million."
  • "Pricing is reasonable."
  • "FireMon is cheaper than AlgoSec."

FireMon Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JE
IT Security Admin at a tech vendor with 1,001-5,000 employees
Real User
Top 20
We have made massive improvements to firewall management and firewall hygiene

Pros and Cons

  • "FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration."
  • "While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon."

What is our primary use case?

We use the Security Manager module. We use it to report and audit firewall changes. We also use it to track the hygiene of our firewalls in addition to the changes made to them. Since it normalizes the firewall config, we are able to do custom searches and make custom controls to build out those audits and reports, making sure that we are applying firewall rules correctly. There are a lot of built-in reports as well, which help us to identify rules and objects that are being used. 

We are an enterprise environment. We are definitely not the largest of FireMon's customers, deployment-wise. 

How has it helped my organization?

FireMon automatically warns us when new firewall rules, and changes to existing ones, violate compliance policies before they are deployed. We find this valuable as well, especially from the compliance standards where it has real-time change detection and FireMon watches the firewalls. Whenever there is a change that breaks compliance, we get that immediately. At the same time, whenever you are planning a change inside FireMon, it won't let you make that change when there is a compliance issue that they found.

We have built-in change reporting in Security Manager, which is very helpful. Whenever we have a scheduled change report, we use that as an opportunity to review the report and do a technical review of the changes that were made.

It does a search whenever you are planning a rule in FireMon. So, if the traffic that you are trying to create a rule for is already allowed, FireMon will tell you. This will save you the time of trying to create a duplicate rule if you already have a rule that would allow the traffic.

What is most valuable?

The change normalization is the most valuable feature. It gives us the ability to just do a search based on time, device, or even device groups. It just shows us one by one what the changes to the config were and what time they were. It even shows which admins made the changes. The individual changes can be searched. You can create reports of the changes. That is probably the most valuable feature that we have.

Cleanup of rules is a huge pro of FireMon. After a change detection, the firewall hygiene is our number two most important feature that we use FireMon for. Right out the gate, they have built-in features and reports that will allow you to go through your firewall and identify objects that are not used in config. They have a report that is called removable rules, which is extremely helpful and very powerful. It goes through your firewall and identifies rules that are unlikely to be hit, either because the rules are set up wrong for your routing or they are completely shadowed, meaning that the rule will never have any impact on traffic going through the firewall. Those are both very powerful built-in reports that we do use extensively. 

The firewall config is normalized in FireMon to do custom searches, so you can search off of any number of things. You can search off of rule names. You can search off of the different addresses that would be inside that rule. You can also search based off of services that are allowed or disallowed by the rule. Therefore, it lets you search any number of firewall types in the same search syntax. You could have an ASA and Juniper, then in FireMon, you can do a search that will return rules from both devices. So, it is very powerful. 

We can create custom controls based on the hygiene. Whenever we have rules that are tagged as temporary, we have custom hygiene controls that will go through and help us make sure those are cleaned up after we are done using them.

The quality of our reports has improved drastically. These are reports that we can use internally from a technical standpoint, we can send up to our own management, or we can even use some of them externally for different auditors or other requirements that we have.

In most firewalls that you use, you have a comment field where you can put a change request ID and a little information about the rule. FireMon scales that up to 10. Within FireMon rules, you have fields for ticket ID. You have fields for the rule owner: the admin who created the rule, the security guy who approved the rule, and the business request, e.g., someone from IP systems or if it is a developer. Therefore, it has very verbose rule documentation inside of FireMon. Those are all searchable as well. 

What needs improvement?

While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon.

FireMon could improve their support for individual vendors. There are features that are specific to Cisco Firewalls that are not supported in FireMon. That changes a lot because they do release updates pretty regularly. However, if you are using Check Point, and that is what you use as your firewall, and you don't use Cisco Firewalls, then all the features for Cisco just aren't really worth it to you. So, FireMon could improve by making sure that they have full coverage for all the vendor specific uses.

For how long have I used the solution?

We have been using FireMon for about a year.

What do I think about the stability of the solution?

The stability is favorable. We have been running it for a year. We have been able to restore from a backup. We did that as an exercise and that process was very straightforward.

They have built-in monitoring that sends out alerts whenever the CPU or disc usage triggers the thresholds, which are set at intelligent levels.

I have heard from the people at FireMon: When going from version 8 to version 9, that upgrade path was a little bit dicey in terms of stability. Since we installed version 9, I feel like we have been pretty good this whole time on stability.

What do I think about the scalability of the solution?

I have good things to say about scalability. They do have multiple ways of deploying it. If you are a very small company, you can have everything FireMon on one appliance, which is kind of cool. As you need to scale, you can add resources to the database and application servers. You can also add data collectors throughout your environment, which is the biggest thing. The data collectors are machines that retrieve the firewall configuration and receive firewalls usage logs.

Scalability is good. The appliances themselves are massive. We're not the largest of FireMon's customers, but as we grow, the amount of compute resources just in general that FireMon is going to be using will be huge as we grow. So, it is scalable. The architecture makes it scalable, but they are beefy, i.e., In terms of compute resources that these appliances use, just the specs on them.

We do have plans to increase usage, if pricing and resources permit. Right now, we have all our firewalls reporting in FireMon. We also have our network topology loaded in FireMon.

How are customer service and technical support?

We have worked with them a good deal. I would give them a solid 9 out of 10. The way that they can do a 10 is just by continuing to do what they do. This year has been pretty good, and we have had several dozen cases open with them. Each one of them has been pretty good. There were a couple that could have been resolved maybe a little faster.

Their management and all the techs with whom we have worked have been very helpful. We did have a couple of calls with their team lead.

Their support is US time zone-based. So, they have people who work well with the people at my company. Their support is native English speakers, so they are very easy to understand.

On the whole, their technical knowledge is pretty good. The documentation is a little bit spotty. Sometimes documentation around a specific issue is not full, but the people on a call are able to explain what is going on, what specific logs are, or what could be causing a specific issue. Therefore, the knowledge of their technical people is high.

They are open to video conferencing. So, if you want to manage your entire case through email or through a written format, you can do that. However, a lot of times it is faster just to do a screen-sharing and do a phone call to explain your issue. They have been open to doing that.

The way to move from 9 to 10: They will point you to their professional services, if they feel like your request is outside the scope of their support. They are a little quick to do that sometimes.

Which solution did I use previously and why did I switch?

FireMon identifies risks in our environment and helps to prioritize fixes. This has been a good usage. When we first got FireMon, we built out several custom reports, as well as the built-in reports, which have helped us tighten our security rules. FireMon has helped us improve 2000 rules in the span of three months. These were rules that presented a risk to our organization before we had the project with FireMon to fix those rules.

We are spending about the same amount of time creating new reports as we did with our old reporting processes. However, the new compliance reports that we are turning out are across the board better, e.g., we are getting full change histories. We are getting when you have a control that does not allow a risky service out to the Internet. For example, it automatically goes through the rule base and then distills that report for you, rather than cherry-picking like we did on our old processes. These reports are more accurate and much better.

We used a competing vendor before we bought FireMon. During our purchase phase, when we were looking to replace that vendor, we also did evaluations of two other alternatives as well.

The primary reason that we switched to FireMon from our previous firewall administration platform was that there were bugs in it specific to the firewalls that we were using. This made things, like change detection and their version of compliance controls, unworkable so there was inaccurate reporting.

The secondary reason that we switched to FireMon was the previous solution's support. The support of the people, whom we were using before FireMon, was absolutely terrible. 

How was the initial setup?

It took two weeks before we were completely deployed. The actual project took three months, but most of that was knowledge transfer and advanced concepts.

Because FireMon is pretty expensive, our initial purchase was only one module of FireMon, which was Security Manager. We do have licenses for all our firewalls, but we only had the one module, Security Manager, and not the other ones, like Policy Planner and Policy Optimizer. That was our initial implementation setup.

What about the implementation team?

When we purchased FireMon, bundled in our purchase was professional services. So, we got to work with them during the initial implementation, and it was very straightforward and simple to set up. The people who we worked with were knowledgeable and helpful. They shot us the documentation well in advance so we could follow along with that step by step.

What was our ROI?

We have absolutely seen ROI. We are not tying ROI to automation, time saved, nor reduced headcount. Our return on investment has been primarily in the projects that we are able to accomplish with FireMon. For example, last quarter, our team completed 23 projects with FireMon, and they were each tied to a future-oriented process. For all the projects that my team accomplished, we created FireMon controls and reports as well as a cleanup on the firewalls. We also created automation around the FireMon API so these processes and reports are happening automatically in terms of scheduled reporting and automatic ticket requests into our ticket management system. FireMon's return on investment is due to the massive improvements that we have made on firewall management and firewall hygiene.

FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration.

On an average day, we receive a lot of requests to approve firewall changes, changes to the firewall, and additions to rules. On any given day, we have a request that was not given to us well, e.g., where they have different IPs that are needed or they don't give the right service request. Whenever FireMon gives us a report, we are able to go back through it and correct those changes to make them more accurate.

Whenever we are getting a request where the traffic could hit multiple firewalls, FireMon fact checks us to make sure we are putting the rule in the correct firewall.

What's my experience with pricing, setup cost, and licensing?

FireMon is very expensive. I think that they charge a premium. In general, they are very pricey. Compared to their competitors, they cost a little more than the other solutions that we evaluated.

They license per module. They have four main modules that they license currently. The base license is included with the Security Manager module, which was our initial purchase back a year ago. 

The professional services is an add-on, and it is one where you can purchase more professional services. It is per project. So, it is an add-on for your initial implementation project. At a later time, if you have another project that you would want professional services on, they will quote you for that. 

The support comes in tiers and it's also per module. I don't know of anyone who would purchase a license for a module and not purchase the support that comes with it. 

Which other solutions did I evaluate?

We evaluated both Tufin and AlgoSec, as competitors of FireMon. FireMon differentiated itself because it was more fully featured on the firewalls that we were deploying.

What other advice do I have?

My primary advice is take advantage of professional services whenever you are doing the initial implementation. The second piece of advice is just to adopt the tool. We could have purchased FireMon, set it up, and not done anything with it. Then, we would not have gotten our return on investment. By choosing to adopt the tool and creating projects and processes around it, we have our money's worth out of the tool.

If rule hygiene and policy management are a priority, you just have to make the time for it, in terms of setting aside time during the day that you are able to implement proactive changes and being able to measure those times for management. Anyone who does say that it's a priority for them knows that good policy management pays off in the end. Because down the road, you will be spending less time with a cleaner rule base.

We do not currently use it for automatic rule deployments, but that is a feature that is available and we have tested it. From my perspective, that is a feature which provides value.

We don't automatically deploy rules with FireMon, but I do know that is a feature and we have tested it.

We don't use FireMon to automatically make changes on our firewalls.

I would rate it as a nine out of 10. It has been very good. In terms of our use cases, it has met them very well. To move that up to a 10, changes to its reporting features would definitely make this product a lot better. Also, increasing the vendor specific features coverage and making sure that they are normalizing every aspect of each type of firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
JO
IT Manager for Networks and Cloud Infrastructure at a government with 10,001+ employees
Real User
Helps by automating the process of cleaning up firewall rules, reducing costs and increasing accuracy

Pros and Cons

  • "We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy."
  • "The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly."

What is our primary use case?

We use FireMon for security management, to manage our security infrastructure. We also use it to do PCI compliance and to manage personal data and information related to the organization, and to prevent data loss. In addition, we use the admin console for firewall management, including firewall rules and to decommission firewalls when they are not in use. We use it to monitor our primary corporate DR firewalls as well.

How has it helped my organization?

In the past, we've had thousands of firewall rules that came from legacy applications and many years of work. FireMon has helped us to clean up those rules and to manage them properly. We can decommission rules that are old and outdated or clean them up. And we can work on the ones that are not functioning properly or that are configured improperly, to make them compliant and useful to the organization. It has helped us to manage multiple firewall rules and remove legacy ones that are not useful.

It helps by automating the process of cleaning up firewall rules in a large, enterprise environment. It's not done manually, which is a process that is more prone to errors and takes more time. When it's done manually it's more tedious and requires multiple resources dedicated to doing it. It helps reduce the time involved, increasing the efficiency and reducing the cost, as well as making the job more accurate.

The same is true when it comes to accurately creating, approving, and deploying firewall policy rules. It reduces the effort by 75 to 80 percent, compared to how we used to do it before we got FireMon. And we get that same percentage reduction in effort, 75 to 80 percent, when changing firewall policy rules.

It has also been very helpful in terms of the time and effort required to create compliance reports. Previously, when we used other applications or did it manually, we were not able to finish our work efficiently and on time. FireMon has helped us to cut the time it takes to do auditing and reporting of firewall rules, and increased our efficiency. 

It has cut both the man-hours spent as well as the number of staff members who are dedicated to firewall policy changes and the firewall policy update process, because it enables automation and simplifies the task. The reporting is also more efficient and more correct and useful.

FireMon has decreased errors and misconfigurations, issues that had increased risk in our environment, by 75 percent.

It also identifies risks in your environment and helps to prioritize fixes, if you have the necessary set of eyes to look at the rules and the resources. When FireMon gives you reports on what's going on in the environment, you assign staff members to rectify whatever issues it has reported and proactively prevent issues from arising in the future. It has improved our security posture drastically, and cut down the cost related to having third parties manage those things. We can do some of those things in-house. It has improved our security posture and senior management is happy because of that.

What is most valuable?

  • The FireMon interface is very helpful.
  • The configuration management for multiple firewalls is very easy to use.
  • The backup facilities are very helpful as well.
  • The troubleshooting and testing capabilities are very good.

The solution automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. Sometimes we get "white noise," meaning false positives, but it's always good to have more information than less. That way we can switch it off and work when we see that it's giving a false positive. It does send us an alert to let us know that there are changes in the environment. That functionality is very important because automating such tasks is very helpful in managing our environments and preventing attacks. The earlier you notice issues going on in an environment, the easier it is for you to prevent certain incidents or mitigate risk.

We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy. When you automate processes like that, they are able to run themselves. You create one set of rules and automate them to run. That enables you to find problems proactively, before they happen. It also enables you to have a consistent set of firewall rules, wherever you go. If you deploy new sites, you can apply the rules you already have in place to those sites. It creates a single platform, a single source of truth, for managing disparate environments and systems that are connected together.

For how long have I used the solution?

I've used FireMon for nearly six years.

What do I think about the stability of the solution?

We don't have too many issues with FireMon. When it comes to the application, we don't have any issues. Sometimes we get white noise, meaning false positives, but that is just in terms of performance, and not necessarily the system itself.

What do I think about the scalability of the solution?

Scaling is simple. You can easily scale it and maintain it with any size team.

We are using FireMon in a couple of departments. I work for a government office, and we have a lot of different departments under us. We have a need to increase our usage, because we always have people coming in. We're at the very beginning of moving to the cloud. When we move to the cloud, we're going to multiply our usage by at least tenfold, because people at remote locations will then be able to make use of the services.

We have at least half a dozen people using FireMon. Their roles include the people that manage the hardware that it's installed on as well as the admin managers who look at it day-to-day to see what the configuration is like. The admin guys can do analysis but there are also analysts who get the alerts and who work on the action items related to the alerts. They investigate and then they know what mitigation actions to take to prevent attacks or to deal with whatever FireMon is reporting on. For deployment and maintenance we need just three people.

Maintenance is connected with the need to upgrade. They have to seek funding for it to happen and get the funding arranged. If it doesn't require any funding, if it's just internal work that needs to be done, then the admin guys can do it without having to involve anyone else. If there's any need to connect with FireMon, that is done as well.

How are customer service and support?

I would rate their tech support at seven out of 10. They do respond to us and they provide good service, but sometimes it takes time for them to get back to us or to get people to work on stuff. Overall, they are good.

Which solution did I use previously and why did I switch?

Before FireMon, we used native solutions provided by Check Point. We switched because each of our departments has its requirements. They needed a product that would provide them with better service. They came to the central unit, which is where I work, to ask that something be procured, and that's why we procured FireMon. There are certain facilities in FireMon that give it an advantage over certain other companies or providers.

How was the initial setup?

The initial setup can take some time, including connecting it and configuring it. It's not something that is easy for anybody to do. There is time and energy required because of the number of systems you have to configure to get it to work properly. The setup is a bit complex and tedious, especially for a new user who will need someone to hold their hand as they go through it. But after doing it a couple of times, or upgrading it a couple of times, it's not as tedious.

Our deployment took about two weeks. We first did a discovery of what we wanted FireMon to do for us, a discovery of our requirements. We determined the prerequisites that had to be installed and the system requirements. We then moved on to an initial assessment through a deployment in a test environment. After the testing and everything working out, we further configured it to fine-tune it to our own specific environment. After all that was working okay, we went ahead to the final deployment. But for subsequent sites, it might just take a couple of days.

There is a learning curve as well to get used to the system and all the nitty-gritty knowledge needed to configure it and run it properly. Another thing that is time-consuming and tough to do is tagging stuff the right way.

What about the implementation team?

We used a consultant, either DXC, which is a subsidiary of HPE, or Epic, which is a local consultant. Our experience with them was good.

What's my experience with pricing, setup cost, and licensing?

We're billed monthly.

Sometimes, if there's a need for an upgrade or there is a system failure, there might be extra cost involved, such as for consultants or to procure the necessary equipment. We might be needing an upgrade very soon, and there will be costs connected with that.

Which other solutions did I evaluate?

We looked at a couple of other companies. We chose FireMon because of its cost and its simplicity, as well as its deployment and provisioning. We read reviews like this one, and we were quite confident because of what they described as their use and what their outcomes were.

What other advice do I have?

My advice would be to do an appraisal of your environment and list out your requirements and what you are hoping to achieve. Then look at a couple of companies that are in competition with FireMon and look at user reviews to see if your requirements are met best by FireMon or their competitors. That is the procedure we used to choose FireMon.

If a colleague at another company said to me that firewall policy rule cleanup and management is important, but it's not a priority compared to more urgent things, I would say that there are a lot of bottlenecks and there is a reduction in service due to misconfigured or old firewall rules. They can prevent people from working properly. In the past, those issues hampered our network bandwidth and data movement. There were too many firewall rules that did recursive checks. There was increased latency and reduced productivity, and that frustrated a lot of end-users. Systems could be slow due to firewall rules that were misconfigured or outdated. FireMon enables you to efficiently manage your network and your firewalls and their rules, and it prevents security breaches.

The biggest lesson I have learned from using FireMon is that automating certain tasks enables you to get them done properly. Those tasks include cleaning up and managing firewalls efficiently. It saves you time, costs, and resource usage, so that people don't have to manage as many mundane tasks. Those tasks can be shifted to a system like FireMon. Usage of FireMon enables you to concentrate on more important tasks, while the system alerts you on things that are not going properly.

I would rate its real-time compliance management at eight out of 10. I can provide more details after we actually deploy it in the cloud, because I've used certain other things in the cloud, in other places, but we've not deployed FireMon in the cloud. But on-prem, it is very effective and an eight out of 10 is good.

We haven't upgraded to the latest version. We're having discussions with FireMon at the moment. Most people are at home because of the pandemic and people have not had the chance to pursue it. About a week or two ago, we had a meeting with them, and a discussion with them not just on how to upgrade it, but also on how to fine-tune it with the new facilities and functionalities that have recently been created.

Our deployment is on-prem, for now. We hope to get to SaaS, because we just started moving things to the cloud. We will do it soon. We are planning ahead for that, but it's dependent on the pandemic exit procedures.

FireMon can also help automate firewall policy changes across large, multi-vendor enterprise environments, depending on how it's managed and how it's tuned. It requires knowledge to configure it to do that. We are hoping to implement that in the future, in hybrid, multi-cloud environments.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about FireMon. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,424 professionals have used our research since 2012.
RN
Network Engineer at a insurance company with 10,001+ employees
Real User
Top 20
Decreases configuration errors, facilitates compliance, and the support is helpful

Pros and Cons

  • "The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, headcounts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule."
  • "We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless."

What is our primary use case?

I am a contractor and I work on security. At this company, we primarily use FireMon for firewall rule analysis and as part of our firewall rule certification process.

Our environment is on-premises using VM hosts.

How has it helped my organization?

With respect to compliance management, this product does cover some of the compliance factors, although not all of them. For example, in terms of accountability, it has all of the data available for third-party rules and auditing. It can produce a comprehensive report. However, compliance has its own set of requirements.

We planned on having divisions for about 400 days but at 700 gigabytes, the file size was too large and it was interfering with our database backups. Consequently, we had to cut it down to 100 days, which means that we're missing 300 days of divisions. The fact that we no longer had a complete view of 400 days of data was a setback for us. Otherwise, the metadata has been pretty handy.

We do not run assessments on new firewall rules before they are deployed, but we can set it up in such a way that compliance can be checked automatically once we push a rule to the firewall. If there is a problem then the new rule will be flagged. As it is now, we do all of the compliance assessments manually. The reason that we don't use the compliance module in FireMon is that it creates a heavy load on our CPU.

Prior to FireMon being implemented, the company had Tufin running to conduct assessments. They were flagging some rules, based on the subnet categorization that is defined in Tufin. However, those kinds of assessments were not really accurate. They also weren't making any changes to the rules that were problematic.

When they brought in FireMon, we started to run reports that are pretty precise. They were more accurate, and based on the firewall zone definitions. We began to flag rules that made sense and we also started to analyze them. Afterward, we were able to get rid of a lot of risky rules. There were a lot of shadow rules identified that we cleaned up. The agenda was to make sure that the security compound or security footprint within the company is safe.

For this task, FireMon has been very helpful in terms of flagging such rules so we can drop them and improve the security of the infrastructure.

FireMon has improved our compliance process in terms of the time and effort required to create compliance reports. As far as the rule recertification is concerned, it's made it easier for us because it's just one click to explore the metadata of each firewall rule and its information. For example, we use owner fields, technical descriptions, review dates, next review dates, and exceptions, if there are any exceptions. With all of the metadata in place, it can be given to the compliance team.

This solution has helped us to decrease errors and misconfiguration that increased risk in our environment. By using the system that we did to flag risky rules, we were able to identify problems and mediate or eliminate them. We are still working on this but at this point, we have completed 80% of our cleanup. It has been helpful.

FireMon helps to identify and prioritize fixes, although we do the repairs manually. This is something that is necessary when you consider our network and how our firewalls are configured. FireMon does provide suggestions and we make use of them, but we conduct our own manual analysis in addition to the reports. This acts as a valuable double-check for us, which is very important for our security posture.

What is most valuable?

The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, hit counts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.

The logs product documentation and metadata that is very useful for compliance purposes.

Usage reporting, including hit counts, is helpful for analysis. It comes in very handy when we can see how the firewall rules are being used because it can help us clean them up.

Fireman has helped us in terms of being able to clean up firewall rules in a large environment, first of all, by helping to identify the risky rules. Rules are flagged using the filters, based on the zone metric definitions. We then refer to the object usage reports that we get within a group, along with the traffic analysis that we get from Splunk, and all of this is considered when it comes to making a decision. The rule might stay the same, be modified, or be dropped. FireMon has given us the extra ability to be able to do this.

What needs improvement?

We have not used the Policy Planner but even so, we have identified areas of improvement with it during our testing. For example, it could be better when it comes to ease of integration or ease of policy automation. Another problem is that there is a console where it has too many options and is not very straightforward. Essentially, controlling it could be made more seamless.

For how long have I used the solution?

We have been using FireMon since the start of 2019.

What do I think about the stability of the solution?

Stability-wise, we did not have any issues.

What do I think about the scalability of the solution?

There are no issues with scalability.

We have different business units in different countries. For example, we have users in Hungary and they're a different business unit. They're not given access to the firewalls or Panorama, although they were given access to FireMon where they can view the policies related to the Hungarian firewalls. There are between 10 and 15 people in the Hungarian business unit that use FireMon on a regular basis and their role is to view the policies.

We have a few people from the NetOps team and the network technical center team that use the rule certification process, and they collect statistics on rule usage. These teams have mid-level privileges on the system.

I have superuser privileges, and there is one other person that has the same access I do. He uses it for documentation on the firewalls for our offices in the Netherlands and Poland. Aside from these, we have other people who use it more generally for things like viewing rules.

FireMon is being extensively used within the company and we have a few new users being onboarded next week. They are part of a third-party contract and the user count will increase, although I don't think that any new modules will be added.

How are customer service and technical support?

I would rate the support a nine and a half out of ten.

They were really proactive and helpful in terms of support when we had issues. The servers have been pretty good and we haven't had any problems with them. There will be minor bugs and all of that, but they're always helpful and things get fixed with the next release.

Which solution did I use previously and why did I switch?

Prior to FireMon, the company was using Tufin.

The reason that we switched is that somebody in the company decided that they wanted to have a one-stop solution for pushing the policies to the firewall, and for automation of policies to facilitate compliance. FireMon had the capability, which was proven with a PoC.

Everybody liked the solution and that's why it was implemented. Ultimately, the one-stop solution was not used because, with our Palo Alto firewalls, it has been decided that Panorama will push the rules, rather than FireMon. At this point, I can't see that changing in the future. Panorama is not going anywhere because that is how the firewalls are managed. At the same time, they wouldn't want to rely on FireMon to push rules to Panorama, so this is why the system will stay as it is.

Overall, however, the capabilities are better compared to other similar products.

How was the initial setup?

The basic implementation was straightforward but when you're talking about configuring the servers and all of the other steps, for a tool of this size, it's never straightforward.

For example, when configuring the servers, you will still have minor or major issues that you have to tackle or have to fix during the initial implementation. It may be straightforward to do so, but fixing problems will always lead to other problems in the process.

Overall, it was an easy implementation, but at the same time, it was ongoing. Our deployment did not take more than a month to complete. This included adding the firewalls from Check Point, which was done in advance of setting up FireMon. We had to set up the CPMI log collectors and then configure the Check Point dashboard to forward all of the logs to FireMon. Although it was time-consuming, I think it took less than 20 days in total.

With respect to our implementation strategy, we followed a basic approach. We started with installing all of the servers, and then we had to move all of the devices from Tufin to FireMon. We had three vendors including Cisco, Check Point, and Palo Alto.

We added each firewall vendor separately and we made sure that all of the logs were being forwarded to the data collector. This is where we get all of the log data hit counts, and we have to make sure that all of the devices are being retrieved successfully, without any issues. We also had to ensure that nothing was impacting the performance of the servers and there were instances where we had to wait for the specifications of the server just so they could meet all of the performance requirements. For example, the retrievals and all of the log data had to work properly.

All in all, there were a lot of steps and we had to get support tickets throughout. Thankfully, the support was great. They were very helpful during the initial implementation stage.

What about the implementation team?

I was part of the implementation, testing, and onboarding processes. I have been part of the day-to-day operations, as well. I am the only person doing the maintenance and taking care of the tool.

Maintenance involves upgrading the servers, and we have to make sure that all of the backup files are generated on time. Also, we have to check that they are being transferred via SFTP to our backup server. Basically, we have to make sure that the servers are healthy and nothing's causing any problems.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution. The cost of three modules for three years was approximately one million. There are no costs in addition to the standard licensing fees.

Which other solutions did I evaluate?

The company evaluated AlgoSec and a few other tools, ultimately zooming in on FireMon. It was after the initial evaluation that the PoC was done.

What other advice do I have?

The latest release is version 9.4.2 but we only upgrade to the version behind the most recent release. This is so that we are more aware of what the issues with it are.

We have a module called Policy Planner that facilitates the automation of firewall policies across large multi-vendor enterprise environments, but we never use it in practice. We bought the module and we tested it. In fact, we had plans to integrate with ServiceNow for the automatic policy portion, but the organizational policy here is to make changes only within the Panorama. Essentially, we have the technology, but we can't make use of it.

This is definitely a product that I recommend, based primarily on how it compares with other similar tools. 

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
JP
Lead Network Specialist at a university with 5,001-10,000 employees
Real User
Enables us to consolidate and have fewer, more meaningful rules

Pros and Cons

  • "FireMon saves us a lot of time and it's nice because if you're adding a rule that's similar to another rule, it'll tell you so sometimes you can just edit the one and add another source or destination in there without creating a duplicate rule. It enables you to consolidate and have fewer, more meaningful rules. We're saving around 30% of our time."
  • "It comes as a Linux appliance on a server and we're not a Linux shop, we're more of a Windows shop. It would be great if they could automate or integrate the backups into it and other things through their GUI interface, just to make the management of Linux a little more transparent."

What is our primary use case?

We have a single server and we're a small group. We use FireMon to track all of our firewall rule changes.

The security section lets you see where your unused rules are and it lets us go in there, optimize it, and make the firewall more secure.

How has it helped my organization?

FireMon saves us a lot of time and it's nice because if you're adding a rule that's similar to another rule, it'll tell you so sometimes you can just edit the one and add another source or destination in there without creating a duplicate rule. It enables us to consolidate and have fewer, more meaningful rules. We're saving around 30% of our time.

What is most valuable?

I like the dashboard for the security section of it. It helps you identify the higher risk rules on your firewall so you can mitigate the ones that you were not aware of.

When it comes to real-time compliance management, we can use it to push out rules. We do that manually. But it's a great thing to be able to track and do everything because we were doing all that manually in the past and trying to go back and find something that we had done in the past the manual way was not working well.

FireMon decreased errors and misconfigurations that increased risk in our environment.

It also helped us to identify risks in our environment and helped to prioritize fixes. It does that through the security dashboard. It lists recommendations, zero-hit rules, and things that you just have out there that aren't being used.

It's been great for our security posture. Every hole we button-up is one less out there.

What needs improvement?

It comes as a Linux appliance on a server and we're not a Linux shop, we're more of a Windows shop. It would be great if they could automate or integrate the backups into it and other things through their GUI interface, just to make the management of Linux a little more transparent.

For how long have I used the solution?

I have been using FireMon for two to three years. 

What do I think about the stability of the solution?

The stability has been great. We have not had any problems whatsoever. It's very reliable and always available.

What do I think about the scalability of the solution?

We're a small shop. We have everything on a single server, but I know you can put it across multiple servers for larger organizations. We're just not one of them.

There is one network engineer who uses it. But we have about a dozen people on there all together who are system admins that add rules.

We have our main site and a remote site, so it's two firewalls.

It's at 100% of the implementation.

How are customer service and technical support?

Technical support has been very good. They always answer my questions. They'll stay on with you until they resolve the issue.

Which solution did I use previously and why did I switch?

FireMon is a totally new implementation. We previously did everything manually.

We chose FireMon because it was recommended to us by the auditors and it was time to automate it as much as we could.

How was the initial setup?

The initial setup was straightforward. We sat back and they installed it for the most part.

What about the implementation team?

I don't remember anything bad about our FireMon consultant so I'm sure everything went smooth. We set up the servers, they set up a backup server and they had everything working when we got off the phone. They also had some additional training online for me, which I found helpful.

What was our ROI?

Our ROI is that it saves time and helps us improve security. 

Which other solutions did I evaluate?

Other than the initial purchase, we just put in for the renewals every year and somebody else worries about budgeting and everything. 

What other advice do I have?

We haven't been using it for compliance at this point. The auditors use a different application for compliance. So we've been running that to check with security compliance.

I would rate FireMon a ten out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PG
Asst. Manager Finance at a insurance company with 5,001-10,000 employees
Real User
Top 5
Stable with good support and very easy to use

Pros and Cons

  • "The technical support is very good. They've always been helpful."
  • "The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing."

What is our primary use case?

We act as a business partner for our clients. We're implementors. Each client has a different use case. 

What is most valuable?

The solution is very stable. We haven't found there are any issues with its reliability.

The product scales well. You can really expand it if you need to.

This product is very simple to use. In that sense, it's one of the best on the market.

The technical support is very good. They've always been helpful.

What needs improvement?

I personally have started using it recently, therefore it's hard to pinpoint if anything is lacking. I need more time with the product.

The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing.

For how long have I used the solution?

My company has been using the solution for around five years or so. It's been a while at this point.

What do I think about the stability of the solution?

The solution is very stable. We've found it to be reliable. It doesn't crash or freeze. It's not buggy or glitchy.

What do I think about the scalability of the solution?

If a company needs to expand the solution they can. The product is very scalable. We've been satisfied with it.

We've currently applied for 20 users.

How are customer service and technical support?

We occasionally need the assistance of technical support. We've always found them to be helpful and responsive. We're satisfied with the level of support we get.

How was the initial setup?

The installation is pretty straightforward. It didn't take much time to install. It will take around 10 days of time to install in an environment similar to ours.

We have 30 people that deploy the solution to different organizations.

What about the implementation team?

We're the deployment team. We implement this solution for clients.

What's my experience with pricing, setup cost, and licensing?

The solution is expensive. It's not the cheapest option.

We've pre-paid for the license. We don't have to pay for it on a monthly basis.

What other advice do I have?

We're using the latest version of the solution currently. 

I'd rate the solution ten out of ten. I've been very happy with the product overall. 

I'd recommend the solution as it's so easy to use. Clients are very happy with it.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
MK
IT Security Assistant Manager at Octopus Cards Limited
Real User
Compliant, stable, scalable, with good support

Pros and Cons

  • "The most valuable feature is the Firewall reviews for our company compliance."
  • "The advanced features are complex in setting up the rules."

What is most valuable?

The most valuable feature is the Firewall reviews for our company compliance.

What needs improvement?

The review process is an area that needs improvement. We would like to review the rules and be able to make comments.

The advanced features are complex in setting up the rules.

I would like to see level mapping available with other products improved, to allow other products to build the level mapping. It does not have an export in Visio.

For how long have I used the solution?

I have been working with FireMon for half a year.

We are using version 8.

What do I think about the stability of the solution?

This solution is stable.

What do I think about the scalability of the solution?

It's a scalable product. We have five to eight people who are using this solution in our company.

How are customer service and technical support?

Technical support is fine. I don't have any other issues.

Which solution did I use previously and why did I switch?

I have not worked with any product that is similar previously.

How was the initial setup?

Most of the setup was easy for us, but the advanced features are more complex.

What's my experience with pricing, setup cost, and licensing?

Pricing is reasonable.

Licensing fees are paid every year.

What other advice do I have?

It's a good solution that is stable, I would recommend this solution to others.

I would rate FireMon an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Joao Manso
CEO at a tech services company with 11-50 employees
Reseller
Top 5
Improved our network security

Pros and Cons

  • "The firewall assessment feature is great."
  • "FireMon could be easier to use and flexibility regarding reporting could be improved."

What is our primary use case?

We are resellers. All of our clients are enterprise companies. 

What is most valuable?

The firewall assessment feature is great.

What needs improvement?

FireMon could be easier to use and flexibility regarding reporting could be improved. 

For how long have I used the solution?

I have been using FireMon for six months.

What do I think about the scalability of the solution?

FireMon is both scalable and stable. 

How are customer service and technical support?

I've never had to contact technical support. 

Which solution did I use previously and why did I switch?

I used to work with AlgoSec. They are both very good products but they target different customers in our market. One is more expensive than the other. One is more simple than the other to use. For this reason, we decided to go with FireMon. The profile of our customers is more related to FireMon than AlgoSec.

How was the initial setup?

The initial setup was very easy.

What's my experience with pricing, setup cost, and licensing?

FireMon is cheaper than AlgoSec.

What other advice do I have?

My advice is to make sure you choose the right reseller because it's not a product you should use by itself.

Overall, on a scale from one to ten, I would give FireMon a rating of eight. 

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
JK
Network Solution Architect at a manufacturing company with 10,001+ employees
Real User
An agile network security policy platform that provides 360-degree views, but comes with limited functionality

What is most valuable?

FireMon is nice and provides 360-degree user views. You can also find the information you're looking for pretty easily.

What needs improvement?

I don't like that it comes with bugs, constant issues, and limited functionality. I would like to have enhanced change management reporting support for UTM features in the next release.

For how long have I used the solution?

I have been using FireMon for six months.

What other advice do I have?

On a scale from one to ten, I would give FireMon a five.

What is most valuable?

FireMon is nice and provides 360-degree user views. You can also find the information you're looking for pretty easily.

What needs improvement?

I don't like that it comes with bugs, constant issues, and limited functionality. I would like to have enhanced change management reporting support for UTM features in the next release.

For how long have I used the solution?

I have been using FireMon for six months.

What other advice do I have?

On a scale from one to ten, I would give FireMon a five.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate