People have a tendency to just add rules to firewalls, but they don't go back and take rules away. Some of our customers have thousands of unused rules that have been sitting out there for over a year. In one report, FireMon tells us there are, say, 1,000 rules that can be taken out and it gives us the ability to disable those for a year and to track when we made our changes. After a year, we can go back and eliminate the rules, to bring the configuration down to an almost human-readable level.

It also identifies risks in your environment and helps to prioritize fixes. It actually rates the risk level, meaning you look for the red and try to bring everything to green.

When it comes to real-time compliance management, it is very good because it is able to compare changes in the configuration as well as giving us a timestamp. It also sends email alerts to our environment so we know if someone has made a change on the network. It gives us the whole picture of that change. Whether it is a configuration change or just a small comment, it gives us the before and after snapshot.

FireMon can see firewall rules that may be too open. Then, we need to make them more restrictive. This is extremely important for our security posture. Every minute that passes, where we are not aware of an exposure, could cause major damage to the company.

What I like about FireMon is the ability to track changes made by network engineers on the network. This allows us to run reports based on those changes. We can also track new rules to see if they comply with our standards. Additionally, we can identify rules that haven't been used or those that duplicate others excessively. FireMon enables us to create reports that provide valuable information for making changes within the system.

The dashboard in FireMon is excellent, offering an overview of our network's compliance and security index database, among other things. I have also used FireMon for risk analysis of policies, exploring the possibilities and findings. While primarily focused on cleaning up files for a project, I have utilized many features for removing redundant and unused rules.

However, I am aware that FireMon has even more to offer, such as understanding our network topology and conducting a comprehensive risk analysis. My current work mostly revolves around compliance, change management, and reviewing the alterations made.

• The FireMon interface is very helpful.
• The configuration management for multiple firewalls is very easy to use.
• The backup facilities are very helpful as well.
• The troubleshooting and testing capabilities are very good.

The solution automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. Sometimes we get "white noise," meaning false positives, but it's always good to have more information than less. That way we can switch it off and work when we see that it's giving a false positive. It does send us an alert to let us know that there are changes in the environment. That functionality is very important because automating such tasks is very helpful in managing our environments and preventing attacks. The earlier you notice issues going on in an environment, the easier it is for you to prevent certain incidents or mitigate risk.

We also use the solution’s SASE integration capabilities to extend security policy management for cloud firewall management. It helps in creating one consistent rule across multiple platforms and it improves accuracy. When you automate processes like that, they are able to run themselves. You create one set of rules and automate them to run. That enables you to find problems proactively, before they happen. It also enables you to have a consistent set of firewall rules, wherever you go. If you deploy new sites, you can apply the rules you already have in place to those sites. It creates a single platform, a single source of truth, for managing disparate environments and systems that are connected together.

FireMon provides an automated way of figuring out which rules are redundant and which ones aren't used, based on the sys log data.

The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries.

The most valuable feature is that everything is recorded in the historical logs, including the firewall rules, hit counts, object-level usage, and the rule documentation. The rule certification details are also there, which means that someone can be held accountable for a specific firewall rule.

The logs product documentation and metadata that is very useful for compliance purposes.

Usage reporting, including hit counts, is helpful for analysis. It comes in very handy when we can see how the firewall rules are being used because it can help us clean them up.

Fireman has helped us in terms of being able to clean up firewall rules in a large environment, first of all, by helping to identify the risky rules. Rules are flagged using the filters, based on the zone metric definitions. We then refer to the object usage reports that we get within a group, along with the traffic analysis that we get from Splunk, and all of this is considered when it comes to making a decision. The rule might stay the same, be modified, or be dropped. FireMon has given us the extra ability to be able to do this.

I've been using the reports to see what is going on, and that is a helpful feature. We can track down unused rules, which helps with compliance. We can see rules that have not been used or that are duplicates or overly permissive. We can use FireMon to create reports and use that information to make changes within FireMon. I also like that we can track the kinds of changes that the network engineers are performing on the networks. We can run reports on that.

We have also set up alerts and reports that come into my inbox daily. That gives me a rundown of any changes that have occurred within the environment.

The solution has a good dashboard that gives you an overview of what's going on within your network in terms of compliance and the security index. The dashboard also gives you an outline of redundant and unused rules. You can run reports and make them a bit more targeted in terms of what you're looking for. That can help with the cleanup.

I've also dabbled in the Policy Analyzer to see what information I can get from that.

The change normalization is the most valuable feature. It gives us the ability to just do a search based on time, device, or even device groups. It just shows us one by one what the changes to the config were and what time they were. It even shows which admins made the changes. The individual changes can be searched. You can create reports of the changes. That is probably the most valuable feature that we have.

Cleanup of rules is a huge pro of FireMon. After a change detection, the firewall hygiene is our number two most important feature that we use FireMon for. Right out the gate, they have built-in features and reports that will allow you to go through your firewall and identify objects that are not used in config. They have a report that is called removable rules, which is extremely helpful and very powerful. It goes through your firewall and identifies rules that are unlikely to be hit, either because the rules are set up wrong for your routing or they are completely shadowed, meaning that the rule will never have any impact on traffic going through the firewall. Those are both very powerful built-in reports that we do use extensively. 

The firewall config is normalized in FireMon to do custom searches, so you can search off of any number of things. You can search off of rule names. You can search off of the different addresses that would be inside that rule. You can also search based off of services that are allowed or disallowed by the rule. Therefore, it lets you search any number of firewall types in the same search syntax. You could have an ASA and Juniper, then in FireMon, you can do a search that will return rules from both devices. So, it is very powerful. 

We can create custom controls based on the hygiene. Whenever we have rules that are tagged as temporary, we have custom hygiene controls that will go through and help us make sure those are cleaned up after we are done using them.

The quality of our reports has improved drastically. These are reports that we can use internally from a technical standpoint, we can send up to our own management, or we can even use some of them externally for different auditors or other requirements that we have.

In most firewalls that you use, you have a comment field where you can put a change request ID and a little information about the rule. FireMon scales that up to 10. Within FireMon rules, you have fields for ticket ID. You have fields for the rule owner: the admin who created the rule, the security guy who approved the rule, and the business request, e.g., someone from IP systems or if it is a developer. Therefore, it has very verbose rule documentation inside of FireMon. Those are all searchable as well. 

The most valuable features are the security assessments and the ability to identify unused rules or objects. 

The real-time compliance management, in general, is also pretty good, as is the cleanup of firewall rules in a large, enterprise environment.

I like the dashboard for the security section of it. It helps you identify the higher risk rules on your firewall so you can mitigate the ones that you were not aware of.

When it comes to real-time compliance management, we can use it to push out rules. We do that manually. But it's a great thing to be able to track and do everything because we were doing all that manually in the past and trying to go back and find something that we had done in the past the manual way was not working well.

FireMon decreased errors and misconfigurations that increased risk in our environment.

It also helped us to identify risks in our environment and helped to prioritize fixes. It does that through the security dashboard. It lists recommendations, zero-hit rules, and things that you just have out there that aren't being used.

It's been great for our security posture. Every hole we button-up is one less out there.

The GUI is easy to use and makes it very easy to manage the platform.

The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead.

The most valuable feature is the reporting capability because everything that we do is a result of our being able to query a report, based on our environment and our PCI compliance efforts.

There are some built-in cleanup reports, out-of-the-box, and we like those. 

Also, the unused objects is another nice feature, where it digs a little bit deeper into comparing the logs that it sees versus the configurations that it sees. As an example, a firewall rule deck could be very complex and might have hundreds of objects. The unused objects feature will go through in a pretty detailed way and show us which ones aren't being used. Or, if they are used, it will show us how often they're used. 

Both those are geared toward cleanup and hygiene of the environment.

It's also good when it comes to real-time compliance management. We used it for our PCI audit this year. It's a situation where we have to prove to our auditors that all the communications that are coming in and out of particular systems, and that process cardholder data, are current, and that we have the documentation, descriptions, and the rules. It's been extremely helpful for that. We used some other tools in the past, but this one is far superior.

In addition, in terms of when new firewall rules and changes to existing ones violate compliance, the way we have it set up, FireMon automatically warns us when they're deployed. We look at those and we compare them with what we have approved for changes to the environment and it's very helpful for us.

The most valuable feature of FireMon is its ability to configure multiple devices and consolidate them into a single desktop, which allows us to manage all of our security devices, such as Palo Alto and Zscaler, from one place.

The ease of use is the most valuable feature. There are a lot of products out there, but the ability to navigate through and use Firemon is very good.

It's also a pretty good solution when it comes to real-time compliance management. We get feeds on a daily basis and they're real-time. It does its job well. There are only a couple of players in the market that do the job well, and FireMon is one of them.

For compliance reporting, the reports are definitely easier to create. We still have to massage them into something different, but it's helped out a little bit. The information is there.

Another pretty important feature is that it automatically warns you when new firewall rules, and changes to existing ones, violate compliance policies, before they are deployed. With security, you have to be able to react fast. You can't allow a threat to get deeply into your infrastructure. You have to catch it at the beginning. It's important to us to know that it's acting.

I'm working mostly with the Security Manager part of FireMon. It gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong.

We also use FireMon to conduct a full inventory of our assets so that we can secure everything. For example, our parent company has three retail brands. The other day, my director asked me for an inventory of all brands: every firewall, Cisco device, whatever we are using, and to give him a break down. I was able to go to FireMon, grab everything, put it in an Excel sheet, and break it down by brand and by DMZ and PCI environment as well.

In addition, it's very easy to navigate. Very easy.

FireMon has served as a change monitoring and notification tool for a number of years, but recently we’ve decided to utilize the policy review capabilities to automate our periodic firewall rule review process.

Our primary use case for Firemon initially was to perform change notification for our ASA firewalls. This was the case for about 5 years.

With the introduction of version 8, we decided to reconsider other capabilities of Firemon – specifically the policy review reports that show unused or duplicative policy rules. We intend to use these features to automate our firewall policy review process.

The policy overview is the most valuable feature for each of the firewalls that we manage right now, as it reduces the complexity of the firewall rule set.

Policy test, access path analysis, and change reports.

Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly across the enterprise, troubleshoot, or to help choose the optimal path for proposed rules. Change reports on the device dashboard show us at a glance what was changed in a particular firewall config, by date, so we can easily troubleshoot problems with implementation.

Although we have a very mature infrastructure, one of the thorns that come with that maturity is developing policies and processes to support that infrastructure.

This solution assists us in our ability to review and validate firewall rule changes and implementations across a wide audience of users.

I have found the reporting on unused rules and redundant rules to be the most useful to me. We run those reports and then we can come back and fix things that are bad.

And overall, the reporting mechanism for anything is pretty good. We use it to baseline, to make sure our configs are accurate across all of our devices.

It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise, or find security rules no matter what firewall they're on. We don't use the automation feature, which means we don't do a deployment of any changes, so we don't yet have a single pane for deploying all policies. We know it's capable, it's just that we don't have that function on.

The security policy manager: We run reports regularly for the customer to show unused tools and unused objects, and to clean up the firewall policy.

The most valuable feature is security management because it allows us to look inside the firewall and see things that the firewall doesn't report. For some of the things the firewall applications lack, we're able to gain insight with the FireMon appliance, as well as having one platform that looks into different vendors of firewalls. That's really important for us.

It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now.

Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use.

Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands. These features are valuable as firewall rules are constantly added but its tough to determine what can get cleaned up over time. Knowing how frequently a rule is used, where redundant rules exist and documenting changes are important.

I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement. That's useful for regular audits and monitoring some critical events we want to know about. We can configure alerts that notify us about policy changes. This is pretty beneficial for monitoring and helps us track changes in the projects. 

The solution is very stable. We haven't found there are any issues with its reliability.

The product scales well. You can really expand it if you need to.

This product is very simple to use. In that sense, it's one of the best on the market.

The technical support is very good. They've always been helpful.

We use the forwarding capabilities because we don't have another way to report on the firewall. We use it for cleanup and also for our biannual firewall review. Pretty much that's the big reason that we use FireMon.

Holistically, the product is well thought out. The normalization of the rule sets across different firewall platforms is all valuable to us. You can't really separate it out; for me, you can’t.

The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the changes and have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."

The ability for spotting the shadowed-based rules helps us to eliminate overlapping rules that may not be otherwise needed or maybe under-used. It helps us to identify that stuff and gives us the ability to go back and audit the firewalls.

On the whole, it gives us the ability to determine what our security architecture looks like, so as to help secure our company better.

The Security Manager is the most valuable feature.

The ability to audit our firewall rule base is my favorite feature. It allows us to determine which rules can be removed and it helps us reduce our security footprint.

The most valuable features are the FireMon reporting for change control as well as rule utilization.

The most valuable feature is the Firewall reviews for our company compliance.

The most valuable feature is being able to review all the firewall changes in the Policy Planner, and then in the policy review feature.

This solution provide us with comprehensive visibility of all our devices in a hybrid network.

It is fairly straightforward to use.

• The possibility to highlight differences between policy revisions
• FireMon Insight with FMSQL
• Hidden reports
• Rule usage/unused rules report
• Object usage report

Currently, the change management controls for monitoring the firewall configuration changes is the only feature that we really use, at this time.

The reports you can run to look for redundant ACL’s in the firewalls, and the policy trace and review. It also allows you to tie to multiple domains so that the administrators for the FireMon servers do not have to deal with the hassle of making 'view only' accounts. You can also use the Insight function to keep records of the ACL’s. Instead of filling up the firewall with remark statements that could lose their position, you can leave all the information in the FireMon server, and you can tie in ticket information. It also allows you to put an expiration date on that ACL so that you can always remove unneeded exceptions.

• The ability to look for shadow-based rules
• The ability to look for rules that are being used
• Change management
• Gets alerts from the system

It was used for firewall change review. For our company, it became an invaluable tool for auditing purposes.

FireMon is nice and provides 360-degree user views. You can also find the information you're looking for pretty easily.

• Vendor agnostic when it comes to integrating with other product.
• Reliable
• Excellent customer support

One of the most valuable features is the compliance feature, which is something that we really utilize in Security Manager. It has a set of controls that we tuned a little bit from the way they came out-of-the-box, and created a custom set of rules that we are monitoring and that we want to have inline in our environment. It's a very good solution for real-time compliance management.

And for the cleanup of firewall rules, it performs really well for us. We utilize it in our regular rule cleanup tasks, several times a year. FireMon is our primary tool when doing that, either by going through its out-of-the-box compliance rules or using it to search for certain things in our rules that we want to prune from our firewalls.

The Configuration Change Management feature was something we were interested in as it helped us to identify who made the change, when and why. Also, the workflow was easy to set up to ease operations.

The second important feature I liked was determining unused rules - rules placed incorrectly in the ACL - this helped us to reduce the load on the firewalls, thus we didn’t have to buy a new firewall due to high CPU or memory consumption. With the help of FireMon, we fine-tuned the rules and were able to save money for buying a new firewall.

Security Manager (SM) and Risk Analyzer (RA) are the most valuable features to me. SM assesses a network's security posture in terms of deployed policies, redundant policies, duplicate policies, etc. RA takes a snapshot of everything connected to and within the network down to the end points. It recommends security policies that would improve and further secure the network from potential threats etc.

The instant and complete network graphical view it provides is amazing. Alerts give you complete control of firewall changes, its amazing for compliance and security policy validation. Rule comparison and filters are an easy way to check if you policy is concise and clean, giving your firewall the best performance and readability.

The firewall assessment feature is great.

• Firewall cleanup - the best and most efficient way to clean the firewall from unused, redundant, shadowed rules that create unnecessary risks and impacts the firewalls performance overtime. Also, it helps with the PCI compliance.
• Rule use analysis.

Security Manager: It effectively manages the complexity and change associated with today’s network security infrastructure and has a good hold in the market.

We can check the compliance of each firewall, check the KPI of each firewall to determine the security posture of the network, monitor changes done on the firewalls and provide overview of all the rules, either unused, duplicate or risky rules.

It’s provided us with proactive security intelligence so we can act before we have a security breach.

The Policy Optimizer and Firewall Manager for different brands of firewall.