We just raised a $30M Series A: Read our story

FireMon OverviewUNIXBusinessApplication

FireMon is the #3 ranked solution in our list of top Firewall Security Management tools. It is most often compared to Tufin: FireMon vs Tufin

What is FireMon?

FireMon, the only agile network security policy management (NSPM) platform, brings visibility, control, and automation to enterprise cloud and hybrid network infrastructures.

  • To drive agility across hybrid networks, the headless orchestration API allows customers to integrate with any existing system or process including IT Service Management platforms like ServiceNow, Security Orchestration Automation and Response (SOAR) tools like Splunk Phantom and Palo Alto Cortex SOAR, and DevOps platforms like Red Hat Ansible and HashiCorp Terraform.
  • To drive security efficiency and eliminate misconfigurations caused by complexity and manual processes, the platform addresses inefficient rule creation and change processes, delivers risk assessment of change through pre-change simulation and provides policy change recommendation.
  • To meet scale and heterogeneity requirements, FireMon normalizes policy across thousands of firewalls, devices, and cloud security groups through a single interface.

FireMon customers routinely experience up to 90% improvements in network security policy efficiency while eliminating common misconfigurations which lead to breaches and compliance violations.

FireMon Buyer's Guide

Download the FireMon Buyer's Guide including reviews and more. Updated: October 2021

FireMon Customers

Convey, MGM Resorts International, Southwest Airlines, Alkami, Costco, Aetna, IBM, Salesforce, Verizon, Wells Fargo

FireMon Video

Archived FireMon Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
NS
Info Assurance Engineer at a aerospace/defense firm with 1,001-5,000 employees
Real User
It helps reduce the complexity of the firewall rule set, but we need the end-to-end mapping feature working

Pros and Cons

  • "It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance."
  • "The AWS integration is still not mature for us to use. It is just not ready for our use case for AWS connectivity. Therefore, it does not provide us with a single pane of glass for our cloud environments, because we can't manage our cloud environment with the tool."

What is our primary use case?

The primary use case is optimizing firewall rules.

How has it helped my organization?

The firewall administrators have gained time back by using this tool, simplifying the firewall rule set. The solution helps to clean up rules which have not been reviewed in several years.

It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance.

What is most valuable?

The policy overview is the most valuable feature for each of the firewalls that we manage right now, as it reduces the complexity of the firewall rule set.

What needs improvement?

The AWS integration is still not mature for us to use. It is just not ready for our use case for AWS connectivity. Therefore, it does not provide us with a single pane of glass for our cloud environments, because we can't manage our cloud environment with the tool.

The map needs improvement in our network. The tool should be able to map out the path of flow from one firewall through our network. However, it does not understand our routing environment, so it cannot do that for us.

We would like it if this solution could provided us with end-to-end change automation for the entire rule lifecycle, but the map feature cannot support our environment, for now.

For how long have I used the solution?

We started our proof of concept in 2017.

What do I think about the stability of the solution?

It is stable, which is acceptable. I don't have any negatives with it. This is not a concern of mine, as we don't have any issues with stability.

We have probably one full-time equivalent managing the tool right now. Our ultimate end goal, that I am envisioning, is that we would need more support to manage the tool.

What do I think about the scalability of the solution?

All the vendors in this space seem to overpromise and underdeliver on scalability. They all claim they scale the best, but none of them really do. This is an area that could be improved. It is the same with high availability. High availability for geographic separation is also an area that could be improved.

Right now, at this stage, only our firewall admins are using it. This is a team of about 20.

How are customer service and technical support?

The technical support has been very responsive. They have helped us with all of the issues that we have encountered.

Which solution did I use previously and why did I switch?

We didn't use a previous solution.

How was the initial setup?

The initial setup was straightforward. The wizard was easy to use. So, the initial installation of the tool was easy. However, when you get back into configuring the details for the map to obtain that single pane of glass view for the entire network, it was not well thought out and it could use improvement.

I would still consider us in an early phase of deployment, even though we've been using it for two years. We don't have all the firewalls licensed, so they are not all being managed by the tool. I would say we're still not done deploying it. We're still waiting on features to be developed by FireMon, so we can use it in our environment.

Our implementation strategy was to license the high value firewalls first, trying to start getting them managed by the tool, then we were hoping to do an initial pilot for firewall rule change management. However, we were never able to get to that step because the tool can't manage our network, or doesn't understand our network.

What about the implementation team?

We used FireMon Professional Services.

What was our ROI?

We have not met a return on investment with this tool yet.

For the firewalls that we manage, it does help reduce our overall audit time.

What's my experience with pricing, setup cost, and licensing?

We don't license all of the devices in our network, so it does not provide us with a comprehensive visibility of all devices in a hybrid network at this time.

I'm not involved in our licensing costs, but I do know that FireMon has a wide variety of different licensing options.

Which other solutions did I evaluate?

During our proof of concept phase, we also evaluated Tufin, AlgoSec, and Skybox. We chose FireMon based on a few different things, but the main one was that they were a US-based vendor and the others were Israeli.

What other advice do I have?

Each deployment scenario will be unique. A robust proof of concept is key to make sure it will meet all of your intended use cases.

The solution is managing 25 percent of our firewalls right now. We probably won't increase usage until we can get the required features for firewall change rule management to work correctly. We probably will not increase usage until that works.

I would rate it as a six (out of ten). We need the end-to-end mapping feature working to make it a ten. That is just our next phase. I don't know what other problems that we will run into. There is a lot to deploy before we can give all the details of what we need to make it a ten. There is integration with ServiceNow and some of our other tools. We have to make sure all that is working before we could give it a ten.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Chris Goodrich
IT Security Architect at a financial services firm with 1,001-5,000 employees
Real User
It is the single place where we go to review all of our firewall changes

Pros and Cons

  • "It is the single place where we go to review all of our firewall changes. The solution makes it easier for us to track all the changes made. It is a central place where we can look at all the firewall rules, because we have three different firewall vendors. It save us time and creates efficiencies by looking at the general picture."
  • "The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support."

What is our primary use case?

The primary use case is for compliance and monitoring of firewall changes. This solution allows us to secure our firewalls.

How has it helped my organization?

It is the single place where we go to review all of our firewall changes. The solution makes it easier for us to track all the changes made. It is a central place where we can look at all the firewall rules, because we have three different firewall vendors. It saves us time and creates efficiencies by looking at the general picture. 

This solution has helped to clean up rules that had not been reviewed in several years. It is used for all of our firewall changes. At the moment, we are not looking to do more than use it for that.

This solution has helped to reduce our overall audit time. We are under PCI, so it was a requirement. We had to do something like this, and it just made it easier. The solution was prebuilt to do that, and we didn't have to build our own spreadsheet.

What is most valuable?

The most valuable feature is being able to review all the firewall changes in the Policy Planner, and then in the policy review feature.

This solution provide us with comprehensive visibility of all our devices in a hybrid network.

It is fairly straightforward to use.

What needs improvement?

We had a few minor issues with it. However, it's worked pretty well for us overall.

For how long have I used the solution?

I have been using the solution for about five years.

What do I think about the stability of the solution?

The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support.

What do I think about the scalability of the solution?

It seems fairly scalable.

There are not a whole lot of users. It is mainly just my team. Every once in a while, one of my users will submit a request for it, but that doesn't happen very often. It is primarily just my team.

How are customer service and technical support?

From what I have heard, the technical support is fairly good. However, I have not used them in a few years.

Which solution did I use previously and why did I switch?

I didn't really have another solution that I was using before it.

We had it when I started here five years ago.

How was the initial setup?

We had another guy who primarily worked on the setup because he actually used to work at FireMon. So, I haven't really done the setup on it in quite a few years.

The deployment was fairly straightforward.

What about the implementation team?

We did the implementation in-house.

We have one guy, who previously worked for FireMon, managing the solution right now. 

What's my experience with pricing, setup cost, and licensing?

We pay for it yearly.

Which other solutions did I evaluate?

We might have looked at Tufin.

What other advice do I have?

It is fairly straightforward to use, and I haven't really had a whole lot of issues with it.

This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle.

We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about FireMon. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,984 professionals have used our research since 2012.
Daniel James
Security Engineer at a transportation company with 10,001+ employees
Real User
Reporting features help us close visibility gaps and decrease auditing time

Pros and Cons

  • "The most valuable feature is the reporting capability because everything that we do is a result of our being able to query a report, based on our environment and our PCI compliance efforts."
  • "The current health and monitoring of the devices is atrocious... Imagine you have a list of 200 devices, and you can grade each of those devices as either green, yellow, or red. However, there might be three different reasons for you to go to red, or eight different reasons to go to yellow, and all of those things could be combined... Out of all those categories, I only find one or two of them that are, perhaps, pertinent."

What is our primary use case?

We use FireMon for compliance reporting. Also, because it provides a roadmap for us to start doing workflow automation - not to be confused with other forms of automation that occur in the firewall realm - we use it to see the processes and procedures that we can automate and enforce. These include approval processes, review processes, and pre- and post-implementation validation.

How has it helped my organization?

Any organization will have a best practice of looking at their firewalls at least once a year, going line-by-line. But whenever we have something like a PCI assessor coming in, we want to make sure we do our due diligence. We want to look at anything that has popped up, or that we might be unaware of, or that we put on the back burner, because it's impactful to the business. We can't really do that unless we can query our environment or set it up to keep us informed of everything that conflicts with our best practices. That's where we get the great majority of the value out of the product.

One of the most concrete examples of how it has helped our organization - and it's not the most spectacular example - is that with Security Manager specifically, we have the ability, as security engineers, to review and approve firewall rules before they are implemented, even though that task is performed by our networking engineers. What that allows us to do is maintain a separation of duties, which is very important for a lot of compliance checks. I can't be the person who makes a rule and the person who says that the rule that I just made is okay and up to standards. There's a conflict of interest there.

So one of the main things that adds value or improves the security posture of our environment is the ability to separate roles and responsibilities. As part of our processes, I can say to the networking team, "Submit to me what it is that you're planning on doing." Using FireMon, I can look at the firewall and the firewall rule without having to have access to the actual firewall. After they are done with their change, I can validate that what I said they could do matches what they actually did do. Having that mechanism as an option in our environment holds everyone up to a higher level of best practices, because they know someone can validate that they're not just doing whatever they want to do without anybody being the wiser about it.

The solution helps to close a visibility gap we previously had. That goes back to reemphasizing the fact that we're trying to maintain that separation between security engineers and network engineers. I don't want access to the firewalls themselves, but I am accountable for every rule that's on them. Everything we do goes through FireMon. Is it instrumental in my being able to see something and correct it? Absolutely.

Because of FireMon, we have found several instances of objects that were created where the intent was for it to be four ports, but it got fat-fingered and someone put in a much wider port range. It has helped us to identify misconfigurations. It has helped us to identify out-of-band changes, where stuff was done that wasn't necessarily approved. Because it has its own repository of industry best-practices, it has helped us to highlight hundreds of rules that have unwanted objects in them. If I don't have to spend two days walking through all of our firewalls to do that, and I can run a report that I know is pulling back authoritative information, then I'm able to accomplish more because of it.

It certainly helps reduce our overall auditing time. The alternative to not having the product is doing a manual review. What the product is designed to do is to show me everything that violates this standard or that rule. If I can do that - and even if I have to spend a day or two coming up with standards and the rules for me to check against - in two days I have the results that a manual process would take me several weeks to achieve. Now, cleanup still takes just as long. I can't say, "Fix all of these," and it automatically cuts tickets for me - yet. With proper future-proofing, optimization, and integration, it would be able to do that for us as well. But overall, it definitely helps reduce auditing time.

Another advantage is that is has helped to clean up rules that have not been reviewed in several years. There are thousands of rules every year that we clean up directly, based off of the reports.

To give more context to this answer, one of the main functions of anyone in security is: If we don't need it, we need to get rid of it. But there's always that battle between the needs of enforcing best practices and accommodating the business. Anyone who has ever used this solution, or competitors' solutions, or gone through a firewall cleanup process, has experienced this scenario: "Well, we deleted 300 rules and something broke and now we need to find out which of those rules we need to turn back on." And that happened because they were working from a report that they only ran once a month or once a quarter. What this tool allows me to do is not only disable unused rules, but to specify conditions like, "anything that is unused for at least six months, or at least a year." I can now put unused rules into different categories. Something hasn't been used in a year is very low risk. If it was used two months ago, there's a higher risk if I disable it. So it helps reduce potential impact, which is a unique feature.

What is most valuable?

The most valuable feature is the reporting capability because everything that we do is a result of our being able to query a report, based on our environment and our PCI compliance efforts.

What needs improvement?

The current health and monitoring of the devices is atrocious. I know of several engineers within the company to whom I've mentioned this to and they say, "I know, I've been telling the devs that." They would back me up on my statement.

Here's the bad part, and it's hard to articulate without having like a visual that you and I are sharing. But imagine you have a list of 200 devices, and you can grade each of those devices as either green, yellow, or red. However, there might be three different reasons for you to go to red, or eight different reasons to go to yellow, and all of those things could be combined. As long as all of them are good, that's the only way that you're going to get green. Out of all those categories, I only find one or two of them that are, perhaps, pertinent. I only care if it's not communicating at all, or it hasn't communicated in the last 48 hours. If the last time that it pulled down information it took three minutes instead of one minute, I don't care about that. 

The way that the health and monitoring works right now is that for all these devices, instead of breaking out all those different things, or allowing me to judge what I think is pertinent or not, I have to see the lowest common denominator. I might have 40 percent of my devices saying that they're in a critical state, when in reality, according to my standards, maybe only five percent of them are. I don't have the time to sit here and click on a dropdown and dig into 100 different devices every day of the week. Essentially, because of the way it works right now, I don't resolve something until I've become personally aware that a firewall isn't communicating with FireMon at a given time.

It's not something that is optimized so that an engineer can run a report, take screenshots, and make a little run-book to hand over to level-two support and say, "Here, you guys do this every day as a repeatable process. Make sure that if we have any issues, we open tickets about them." Right now, the overhead of conducting a thorough day-to-day assay of the health of our environment would take several hours. Functionally and logistically, we just can't accomplish that goal right now.

For how long have I used the solution?

I have been using FireMon very actively for about three years.

What do I think about the stability of the solution?

The solution is stable. The main platform has gone through many iterations of version upgrades with no problems, no hitches. The devices themselves are very stable. The most frequent problem that we have is the loss of connectivity between firewalls and FireMon. That's more due to configuration changes on the firewall side, as opposed to anything that has to with the actual FireMon devices.

What do I think about the scalability of the solution?

It's very scalable.

We have about 60 users configured and that's because everyone on both my team and the networking team has access to it. But we never have more than four concurrent users.

We intend to increase usage, but the goal is to move down the path of integration with our ticketing solution and the actual firewalls themselves. Right now they communicate, but they're not necessarily integrated. Once we achieve that, then instead of network engineers logging into firewalls to do firewall things, they'll be shoehorned into performing everything that they're doing now within FireMon - meaning Security Manager - rather than it being something they pull up whenever they have a use for it. The intent is to make it more of a foundational piece of our operational procedures.

How are customer service and technical support?

Tech support is really good. If I've praised anything so far, as far as the vendor or the product goes, it would pale in comparison to how much I want to give credit to all of their tech support and their higher-level engineers, like the regional engineers and some of the folks back at headquarters. Whenever I call in and I say, "Hey, I need someone to walk me through this thing that I'm trying to do and I don't want to open up a ticket for it," at several different levels I've always received some of the best customer support and competent feedback, compared to any other solution that I've used.

I've been an engineer for about 15 years so I've owned a lot of technologies for different things in the security arena. I used to be a Cisco firewall admin. That's not necessarily a competitor, but I know what it's like to own IBM products, or Cisco products, or Check Point, or a whole wealth of smaller vendors. To put FireMon's support service on a pedestal, in comparison to everyone else, is pretty accurate as far as I'm concerned.

Which solution did I use previously and why did I switch?

For this type of use, we did not have a previous solution. Another team already owned this product in our company and we assumed ownership of the product from them.

How was the initial setup?

The initial setup was very straightforward. There are three different versions of the appliance that you can have, but they all come from the same ISO. They're just set up differently, depending on how you go through a configuration process. Everything is virtual. Even if I had to completely rebuild my entire infrastructure, it wouldn't take more than a day.

With all the processes and procedures around testing and only doing stuff during change windows, our original deployment took less than two weeks. For us, that is a pretty good turnaround time for deploying something, going through all the proper procedures and pre-requisites, validation tasks, etc. It wasn't a dedicated two weeks. I only have certain four-hour change windows for when I can accomplish tasks.

Our implementation strategy was that we sat down with a vendor engineer and we talked about how this needs to look. We took that and ran with it. It wasn't a run-book implementation strategy, no. But the vendor made sure that we were very clear on what we were building, how we were building it, how it all needed to talk to each other, and what access it needed to the rest of our network. It's simple enough that we didn't need more of a strategy, the kind you might need with a more complex infrastructure product.

In terms of the staff for maintenance and deployment, maintenance is a vague term. Let me give you two different answers. The actual maintenance of the solution really only occurs whenever the networking team has made a change on a reporting device, and I need them to make sure that they get it working with FireMon again; or, whenever we perform an upgrade. So that's a minimal amount of time, maybe five hours monthly. But, the whole job of one of my operations team's members is to review firewall changes, approve them, validate that they were done correctly, and to run reports monthly and quarterly against out compliance posture. All of that is done within the solution. There are some folks who spend 80 hours per paycheck inside of FireMon.

What about the implementation team?

I, and another engineer from the networking side of the house, managed the deployment independently with FireMon technical support.

What was our ROI?

Even if it wasn't financially related, I don't have the background where I could authoritatively speak to you about any specific ROI. I can say that I'm sure it's paid for itself several times over, but I would actually have to have seen what a calendar year was like before and after having the product.

What other advice do I have?

The best advice that I could give, honestly, would be not to look at a product for a short-term goal. Speak with the vendor about the maturity model that you want to go down and the roadmap that you have for your organization. They have a lot of different components and products that complement each other. I'm still waiting to do stuff now or next year that I wish I could have gotten funding for three years ago.

If you're going to engage and move forward with something, try to future-proof what you're signing yourself up for. Take into consideration where your roadmap is taking you. If there is something you know you're going to do in two years, and they have this other product that supports that effort and can provide greater ROI between now and then, go ahead and lump that into it.

As far as the solution's cloud support automation for public cloud platforms goes, I have used it and looked at it enough to ensure that it aligns with our roadmap. I feel it's there, but we're not currently utilizing the functionality. The solution would provide us with a single pane of glass for on-premise and cloud environments, but we're not using a production cloud environment at this time. However, I have made sure that whenever that does become a bigger footprint in our infrastructure, everything's going to be in place for us, as far as FireMon as a solution is concerned.

The solution provides us with the option to have comprehensive visibility of all devices, but a prerequisite to it being able to provide that information is that the owners of the solution have to optimize and educate FireMon. That has not necessarily been a high concern of ours. It hasn't been a primary responsibility over the years for me to take my network map and input it into the device. For me, it doesn't fulfill that function, but that's not necessarily a reflection of the tool's abilities.

In terms of using the solution to conduct a full inventory of our assets to secure everything, the Security Manager portion of it, alone, won't be able to perform that function. I think that there are a couple of other options that the vendor provides which address that need, but it's not something that we've invested in. Immediate Insight is the tool that associates itself with that kind of task. It's not something that we currently have the plugin for.

End-to-end change automation for the entire rule lifecycle is something we're moving towards. It is something we have on our roadmap and that we've worked out with the vendor, to make sure we'll be getting funding for that integration. Integration is required to create that full automation. FireMon does support that and it's something that we're actively pursuing, but we have not submitted funding for it yet.

I would certainly give it a nine out of ten because there's always room for improvement. Also, once I'm happy with a vendor, I'm not necessarily interested in whatever their competitors are doing. If I was sitting down with FireMon and all of their competitors every year, I might be able to say, "Hey, Tufin is doing this, why aren't you guys doing this?" But I don't do that. I would only feel comfortable giving a ten if I went through that process. I'm very happy with the solution for what it is, for how much it reduces my overhead, and how much it allows me to do things that, otherwise, I just wouldn't have the option of doing.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Orlando Paulino
Information Security Analyst at a retailer with 10,001+ employees
Real User
Helps us clean up our firewall rules and has reduced our overall audit time significantly

Pros and Cons

  • "The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,"
  • "We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement."

What is our primary use case?

We use it to go through unused rules, for cleaning up stuff. We have a bi-weekly meeting where we go through firewalls and look for any unused rules or any rules that are redundant and any high ports that are being used that we're not supposed to use. 

How has it helped my organization?

We want to eliminate all firewall rules that have FTP access on them. We don't want to use FTP any longer. With the help of FireMon, we were able to go in and check all the firewalls that have rules with FTP on them and we opened up a project with the network team so we could eliminate all those rules.

FireMon has been very helpful with closing visibility gaps we previously had. Since I got here, it has helped us dig into stuff. And whatever help we need, any projects we have that we haven't been able to figure out by ourselves, they have gone in and helped us out.

I called them once because I wanted to see if they had a report that I could run for rules that have not been used in 365 days. With their help, I was able to run that report and provide it to the network team so they could eliminate those rules that had not been hit in a year. The list I gave to the network team had 7,917 rules.

Finally, the solution has helped to reduce our overall audit time by about 50 percent. That's awesome.

What is most valuable?

I'm working mostly with the Security Manager part of FireMon. It gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong.

We also use FireMon to conduct a full inventory of our assets so that we can secure everything. For example, our parent company has three retail brands. The other day, my director asked me for an inventory of all brands: every firewall, Cisco device, whatever we are using, and to give him a break down. I was able to go to FireMon, grab everything, put it in an Excel sheet, and break it down by brand and by DMZ and PCI environment as well.

In addition, it's very easy to navigate. Very easy.

What needs improvement?

We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement. I believe they said that they are working on that for the future. That would help us out a lot. For example, when somebody wants to open a request for a firewall change, we'll go through ServiceNow, and then go through FireMon, make the changes, and make sure everything is recorded, who did it, etc.

For how long have I used the solution?

I started at my current company in January 2018. That's when I started using FireMon. But the company has had it since 2014.

What do I think about the stability of the solution?

The stability is very good.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and technical support?

Technical support is very helpful. On a scale from one to ten, I give them a high ten. You can either use their User Center and open up a ticket via the web, they're pretty quick about it, or you can call them directly. They have a number to call their Help Desk and they pretty much pick up right away. 

They'll go into your machine right away if you need help. I have hardly escalated anything to a Level 2 or Level 3 because right away, whoever picks up the phone is knowledgeable and will resolve it.

What was our ROI?

I'm not sure if FireMon has saved us money, but I know it has saved time in cleaning up the whole company and has helped reduce all that ugliness that we had.

What's my experience with pricing, setup cost, and licensing?

We pay on a yearly basis but my manager takes care of it. Regarding additional costs, if you want things like Policy Optimizer, extra features, that's extra.

Which other solutions did I evaluate?

Before the parent company bought us, we used to have another product - I don't want to say its name - but it wasn't like FireMon. FireMon is way out there. It has all these features. I'm still learning it and I have almost a year-and-a-half of experience using it. It just has a lot of stuff that my other tool did not have at all. There's so much visibility in it and stuff to play with that my other tool did not have. I really like FireMon.

One of the products I used was Tufin. It wasn't like anything like FireMon. You couldn't do the stuff you can do with FireMon, in terms of the Policy Planner option and the Policy Optimizer. All you could do in Tufin was view the rules, how many hits; basic stuff.

What other advice do I have?

In terms of what I've used so far in my career, FireMon is one of the best. Try it out, it won't hurt. Give it a shot. It's the best, for me. It has everything that any company would need. It's easy to navigate, there is a lot of helpful stuff in their User Center, in their Knowledge Base. Everything's there. You don't really need to bother them a lot. If you want to know something, they have documents in their User Center. It's a very good product.

In terms of FireMon's cloud support automation for public cloud platforms, we did ask for that. We are actually going to the cloud in a few months. We just asked that question last week. They did say that they do support that, but that's all we've talked about in terms of cloud.

We use FireMon every day. And we have plans to increase usage. Where I came from, we only have regular firewalls in there right now. We're looking to implement our retail stores' firewall devices as well, which is about 200 stores. We're definitely going to implement that so we can see our retail stores' environments in it.

We do have Policy Planner, but I haven't started playing with it yet. We're also looking to get Policy Optimizer, but we still haven't gotten the license for it. Security Manager is the one I mostly play with.

When I came to this company, I have to say, they were very sloppy. That's why they gave me this role, to focus on stuff like this.  We have cleaned out a lot in a year-and-a-half and we're still cleaning. It's so big, so many firewalls out there.

We have the network team as read-only users. There are about six of them on that team. The network team members are the ones who handle the firewall; they're the ones that make the actual changes. So sometimes they go into FireMon and run reports to view things. I don't know what types of reports they run, but we gave them the read-only access for that. In addition, there are three admins: me, as an InfoSec ops technician, my coworker, and my manager. My director is also a user. For deployment and maintenance of FireMon, it's just me and my coworker.

I rate FireMon at ten out of ten. I am very happy with the tool.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SW
Network Security Engineer- Senior at a financial services firm with 1,001-5,000 employees
Real User
Enables us to very easily identify and remediate firewalls that have overly-complicated rules

Pros and Cons

  • "It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on."
  • "Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release."

What is our primary use case?

We use it for firewall cleanup, redundant rule removal, and unused rule removal.

We are using the solution to identify anything that might have overly permissive rules or things outside of PCI compliance. We use it to proactively find those kinds of issues. There's more we could be doing with it for sure, we just haven't had the time yet.

We currently have it covering every single firewall we have, which is a lot. There are potential plans to add routers and switches into it again, or even start adding in hybrid cloud solutions, things like that, that we won't be able to see. Honestly, we won't have a single pane of glass without FireMon, so we do have intentions of deploying it at a larger scale, and actually turning on some of those features which we don't use today.

How has it helped my organization?

We have some really complex firewalls out there, a lot of rules - too many rules. It's to the point where the firewalls become physically unhealthy. The config is so large that the hardware can't keep up. FireMon allows us not only to very easily identify those firewalls that might be getting overly complicated, but it also allows us to easily remediate those complications. It's probably saved us a lot of downtime that could have resulted from firewall issues caused by the config.

It helps close a visibility gap we previously had. For example, Cisco's primary firewall management tool, either using command-line or GUI, does not cover all the appliances at once. You have to go in one-by-one. FireMon is able to see across every appliance, in a single view and that makes it easier to manage things.

In addition, it reduces our overall audit time. I don't deal enough with the audit side of the house to know by how much it has been reduced.

What is most valuable?

I have found the reporting on unused rules and redundant rules to be the most useful to me. We run those reports and then we can come back and fix things that are bad.

And overall, the reporting mechanism for anything is pretty good. We use it to baseline, to make sure our configs are accurate across all of our devices.

It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise, or find security rules no matter what firewall they're on. We don't use the automation feature, which means we don't do a deployment of any changes, so we don't yet have a single pane for deploying all policies. We know it's capable, it's just that we don't have that function on.

What needs improvement?

Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release. Too many bugs pop up between releases, and that's where I would like to see the most improvement.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It's recently become much more stable. We had an undersized box, and FireMon actually gave us a very much bigger server for free, which was very good of them to do. It brought our stability to about 99-percent-up.

What do I think about the scalability of the solution?

It's highly scalable, as long as you have servers. You can scale it to pretty much anything. We've had thousands of devices in it.

How are customer service and technical support?

There front-end technical support is really good, very responsive. To me, it takes a little bit too much time to resolve some issues, but that's to do with their development team, so I don't know if that should get lumped in with support or not. But the time to resolve problems that we identify is something of an issue. I'd give tech support a six out of ten.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup was on version 7, which is a totally different ballgame, but the setup of both versions 7 and 8 were straightforward enough for me. I can't imagine something being much easier. It required minimal configuration and the documentation was excellent on how to set it up on your own. It's just easy.

A single-server deployment wouldn't have taken more than a day or two. We did multiple virtuals so we got slowed down by our virtual team building the servers. As a result, it probably took a few weeks. But that was not because of the product, it was because of our own internal teams.

Our implementation strategy was just to get the system up and running and onboard all of our firewalls into it.

What about the implementation team?

I deployed it mostly by myself.

What was our ROI?

In my opinion, we have seen ROI. We're able to share data that other groups need, by harvesting it out of FireMon, which is extremely powerful. Another group can look up their own NAT, for instance, even if they're not very savvy. It has helped reduce a lot of casework that was coming into our queue, that was along the lines of, "Hey, what NAT does this belong to?" 

Going back to the complex rules, it has literally prevented devices from falling over and dying. It's maintained uptime, which is invaluable when you're dealing with millions of customers connecting through one firewall.

What's my experience with pricing, setup cost, and licensing?

Our licensing is done yearly. There are different levels of support to pay for, but there are no hidden fees. The pricing is very good, very straightforward. It also came in cheaper than AlgoSec and Tufin.

Which other solutions did I evaluate?

We demoed and looked at other solutions but we did not implement any. AlgoSec and Tufin were the two main solutions that we checked first.

In the end, it really came down to the support. FireMon is more attentive than these very large companies, and we needed that attention. Their attention to our needs is what sold us on the product.

What other advice do I have?

Make sure that you get the correct hardware for whatever size environment you have.

End-to-end change automation for the entire rule lifecycle is not something we're using yet. It's something that I'm looking to get a beta for.

There are about 20 people currently using the solution. However, the functionality allows us to extend the information that FireMon can gather out to hundreds of people, if not more. In some ways, there are hundreds consuming the information that FireMon gathers, and using it in some way. Network security engineers are the primary consumers, and network engineers are another consumer. In addition, anything related to our audit teams means those guys consume the data.

Two people could do deployment and maintenance, although I tend to do it by myself.

I'd put FireMon at an eight out of ten right now. To me, ten is something you only get if have no bugs or have very few bugs, and everything works perfectly. If you want a ten you've got to be perfect. I don't think any product would get a ten from me.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user883929
Manager Security Solutions at Retail/Food Business
User
The most valuable features are Policy Optimizer and Firewall Manager for different brands of firewall

What is our primary use case?

Optimizing and cleaning firewall rules and objects to maintain the security of the firewall and other devices.

How has it helped my organization?

Not experienced yet with the product. We are still doing our evaluations and having other discussions with different vendors to understand product capabilities.

What is most valuable?

The Policy Optimizer and Firewall Manager for different brands of firewall. 

What needs improvement?

Continuous firewall policy improvement should available out-of-the-box for firewall operation. We are also looking for more integration with SIEM and other tools.

For how long have I used the solution?

Trial/evaluations only.

What other advice do I have?

The version is an important choice for the product.

What is our primary use case?

Optimizing and cleaning firewall rules and objects to maintain the security of the firewall and other devices.

How has it helped my organization?

Not experienced yet with the product. We are still doing our evaluations and having other discussions with different vendors to understand product capabilities.

What is most valuable?

The Policy Optimizer and Firewall Manager for different brands of firewall. 

What needs improvement?

Continuous firewall policy improvement should available out-of-the-box for firewall operation. We are also looking for more integration with SIEM and other tools.

For how long have I used the solution?

Trial/evaluations only.

What other advice do I have?

The version is an important choice for the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user560244
Clinical Systems Engineer So Cal Regional Office at a healthcare company with 1,001-5,000 employees
Vendor
Easy setup, where a non-IT person can install the tool

Pros and Cons

  • "Vendor agnostic when it comes to integrating with other product."
  • "A phone app would be nice. This is the reason why it is not perfect yet."

What is most valuable?

  • Vendor agnostic when it comes to integrating with other product.
  • Reliable
  • Excellent customer support

How has it helped my organization?

This product has enabled Kaiser Permanente Clinical Technology technicians with proactive/remote monitoring of highly critical systems.

What needs improvement?

A phone app would be nice. This is the reason why it is not perfect yet.

For how long have I used the solution?

12 months.

What do I think about the stability of the solution?

No problems.

What do I think about the scalability of the solution?

No problems.

How are customer service and technical support?

A 10 out of 10.

Which solution did I use previously and why did I switch?

No previous solutions were used.

How was the initial setup?

Since a non-IT person like me was able to setup the system from scratch, I would say that it is not complex at all.

What's my experience with pricing, setup cost, and licensing?

Relative to what it offers, the price is fair.

Which other solutions did I evaluate?

FireMon Immediate Insight was the only product that would work for us, due to the limitations that the Clinical Technology Department has at KP.

What other advice do I have?

It is a very versatile and sustainable product.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
ITCS user
IT Security Consultant and Platform Architect at a pharma/biotech company with 10,001+ employees
Consultant
Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly, troubleshoot, or to help choose the optimal path for proposed rules.

Pros and Cons

  • "Policy test, access path analysis, and change reports."
  • "Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified."

What is most valuable?

Policy test, access path analysis, and change reports.

Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly across the enterprise, troubleshoot, or to help choose the optimal path for proposed rules. Change reports on the device dashboard show us at a glance what was changed in a particular firewall config, by date, so we can easily troubleshoot problems with implementation.

How has it helped my organization?

It streamlined the firewall policy change management process by having all firewalls managed in one tool, and a workflow customized to our needs.

What needs improvement?

Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified.

For how long have I used the solution?

4 years

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No…we easily added a second data collector when needed.

How are customer service and technical support?

Customer Service:

Excellent.

Technical Support:

Excellent--tech support engineers go above and beyond to answer questions and resolve issues.

Which solution did I use previously and why did I switch?

We previously used separate database applications to route change requests for approval, and did not have a tool likeSecurity Managerwith visibility into all the firewall configs and activity.

How was the initial setup?

Infrastructure was simple to set up, but custom workflow was complex, due to customer regulatory environment necessitating a lot of customization. FireMon Professional Services was able to accommodate, though.

What about the implementation team?

In-house project management and equipment configuration; vendor install in the data centers; Firemon Professional Services for extensive custom workflow development.

What's my experience with pricing, setup cost, and licensing?

Pricing model seems fair. Make sure to separate active versus inactive devices, and primary versus standby in HA pairs, as there is a significant cost savings for licensing; licenses on the applications are perpetual.

Which other solutions did I evaluate?

Customer evaluated other products, but chose FireMon due to its features and rating on Gartner.

What other advice do I have?

Review your current operational requirements and processes well, and determine what can change, internally, to take full advantage of the standard FireMon processes.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: My consulting company is a vendor neutral reseller of FireMon products and services, along with other vendor’s products, implementing what solutions are best for a particular customer.
it_user494268
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Vendor
It was valuable for auditing purposes.

What is most valuable?

It was used for firewall change review. For our company, it became an invaluable tool for auditing purposes.

How has it helped my organization?

It allowed us to track every change made to the firewall. We were able to see who made the changes, when the changes were made, and exactly what was modified.

What needs improvement?

We monitored multiple firewalls. In the version we used, we had to check the changes made on each firewall individually. We didn’t see a condensed list of changes across our environment.

For how long have I used the solution?

I used it for 1.5 yrs.

What was my experience with deployment of the solution?

We encountered minor issues with FireMon and its collection of data from Palo Alto firewalls. It required a small amount of additional time with system engineers on our side and on FireMon’s side to complete the deployment.

How are customer service and technical support?

Customer Service:

The customer service was excellent.

Technical Support:

At the time we were using the product, it did seem like the tech support staff was very limited in size. I am sure they have grown more since we used this product.

Which solution did I use previously and why did I switch?

We used another product (Tufin). For us, we needed to make a change because they lacked the ability to support Palo Alto (at that time). FireMon was a better fit with that firewall.

How was the initial setup?

The initial setup was straightforward. Minimal support was required to complete it.

What about the implementation team?

We implemented it through an in-house team. We required minimal assistance from the vendor.

What other advice do I have?

There are very few products that can do what FireMon can. I would definitely recommend it if there is a need to review firewall changes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user642174
Information Security Officer at a university with 10,001+ employees
Vendor
The ability to audit our firewall rule base allows us to determine which rules can be removed.

What is most valuable?

The ability to audit our firewall rule base is my favorite feature. It allows us to determine which rules can be removed and it helps us reduce our security footprint.

How has it helped my organization?

Over the past two years, we have been able to identify a bunch of rules that were orphaned and no longer have any need.

These rules were exposing our organization to undue risk associated with devices being exposed to the internet that shouldn’t have been exposed.

We use the feature to identify some rules that were no longer needed. That helps us reduce our overall, organizational risk profile.

What needs improvement?

What's funny is that if I had been asked eight months ago about areas with room for improvement, I would have said the product in general needed to be improved. It wasn't web-based. It was client-based and it was just kind of clunky.

In the last eight months since we upgraded to the web version, there isn't a lot of need for improvement. I feel like it is pretty good. Things have been a lot better for us since we upgraded to the web version. I'm happy with it right now and I don't have any complaints.

For how long have I used the solution?

We’ve been using this solution for just over two years.

What do I think about the stability of the solution?

We haven’t had any stability problems. I had one or two minor issues since the upgrade, such as upgrade failures. I couldn’t get the system to accept a maintenance release. Those issues were resolved pretty quickly. There have been no stability issues, nor long-term outage issues.

What do I think about the scalability of the solution?

We have a fairly limited amount of systems that are monitored by FireMon. Our box can support up to 20-25 devices. We only have eight devices to monitor. We still have a lot of overhead. We haven’t noticed any slowdown issues or any problems of a scalable nature on the device.

How was the initial setup?

Back then, it was client-based and the setup was not so straightforward. Most things worked well right out of the box.

Although I haven’t done an actual setup after it became web-based, I can see that it is much easier. You don’t have to download a client. You just have a website. There is no need for a command-line configuration to get it up and running. It was fine for overall level of difficultly before and I can assume it is easier now.

Which other solutions did I evaluate?

We did not evaluate other options. This was the first of its kind. I saw it at a vendor/expo demo and I was interested in it.

Our vendor that we work with threw it into a deal. We paid for support and they were trying to increase the overall install base footprint. They made a couple deals with us for a next generation firewall. I wasn’t budgeted to purchase it, but it was part of a deal, and it fell into our lap for next generation firewall monitoring.

What other advice do I have?

FireMon is a very good product; is a slippery slope in terms of deployment. It can monitor all of your network devices and firewalls. I would imagine a lot of people probably use it for that.

We are a small organization. From a cost and work standpoint, we only wanted the ability to audit and manage our firewall rule sets. It’s been good for us in that way.

People need to think about what’s important to them based on a monitoring point of view, which is regulation-based. That wasn’t an issue for us. I recommend that people considered the best-sized solution for them. Give it a try. It’s worked well for us.

I would rate it as the best firewall monitoring platform that I’ve used, but I’ve only used FireMon.

We are a Palo Alto customer and this is a great tool to augment the Palo Alto tool set. It’s a very beneficial product. It fills the gap of things you can’t get with standard Palo Alto management, such as long-term analysis and knowing what’s really going on with objects and rules in the firewall rule base.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user617493
Network Support Systems Manager at a retailer with 1,001-5,000 employees
Vendor
The most valuable features are change management and getting alerts from the system. The web interface requires a learning curve.

What is most valuable?

  • The ability to look for shadow-based rules
  • The ability to look for rules that are being used
  • Change management
  • Gets alerts from the system

How has it helped my organization?

  • The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used.
  • Helps us to identify those items and gives us the ability to go back and audit the firewalls.
  • It gives us the ability to determine what our security architecture looks like: This helps us secure our company better. This helps us to determine who is making the changes and we then have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
  • We were in the middle of a project where we were migrating from one set of firewalls, that were old, to a newer set. This tool allowed us to go through and identify rules that we could get rid of. It allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls. It helps us to understand what's being used and what's not.
  • It helps us to research what rules are already in place, so that way we don't have to add anything. It is a quick look up for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked." This is a feature that we like to use and it helps us save time.

What needs improvement?

So far, we're not too much into the product.

  • We don't quite like the web interface.
  • We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a huge learning curve for us to use the web interface.
  • We have to learn their query language or define the details that we need.
  • Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way that it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

For how long have I used the solution?

It's going on for at least three years now, if not more.

What do I think about the stability of the solution?

There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.

They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.

What do I think about the scalability of the solution?

We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.

I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

How are customer service and technical support?

Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.

If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.

Which solution did I use previously and why did I switch?

We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.

How was the initial setup?

The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.

Which other solutions did I evaluate?

I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.

What other advice do I have?

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user613533
Sr. Systems and Network Engineer at a recruiting/HR firm with 1,001-5,000 employees
Vendor
The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used.

What is most valuable?

The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the changes and have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."

The ability for spotting the shadowed-based rules helps us to eliminate overlapping rules that may not be otherwise needed or maybe under-used. It helps us to identify that stuff and gives us the ability to go back and audit the firewalls.

On the whole, it gives us the ability to determine what our security architecture looks like, so as to help secure our company better.

How has it helped my organization?

It's kind of a two-fold type thing for us. We were in the middle of a project, where we were migrating from one set of firewalls that were old to a newer set. So, this tool has allowed us to go through and identify rules that we could get rid off and allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls, so as to understand what's being used and what's not.

It helps us to just do a research into what rules are already in place, so that way we don't have to add anything and it is a quick lookup for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked at." This is a feature that we like to use and it helps us save time.

What needs improvement?

So far, we're not too much into the product yet. However, we're not really liking the web interface. We enjoy the so-called fat client a lot better because it just gives a bit more of the opportunities to work with the software faster, whereas there's been a huge learning curve for us to use the web interface. Then, we also have to learn their query language or define the details that we need.

Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

For how long have I used the solution?

It's going on for at least three years now, if not more.

What do I think about the stability of the solution?

There were a few issues with stability initially, but luckily FireMon is very supportive in terms of their support staff. They have been able to identify the issues that we've been having, and in turn implement some kind of compensating mechanism or come up with a solution in order to fix it, so as to help us resolve our issues. Overall, we've been pretty happy with the support team.

What do I think about the scalability of the solution?

We have not had any scalability issues and I've been very impressed in that aspect. At one point, we had a single server and we overloaded it pretty quickly, with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as syslog goes. So, I had to out-size our environment to compensate for the additional logs and had to deploy to a couple of other different sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

How are customer service and technical support?

Overall, I would give the technical support team a 10/10. There have been maybe a few issues, here and there. Unfortunately, it has taken some time for them to resolve and it goes back to them, i.e., asking for updates, and working with myself and the team to understand what issues we're having. They try to help us resolve issues either through training or going back to the development team and asking for a feature.

Which solution did I use previously and why did I switch?

We didn't previously use any other solution. This was definitely one of the best of its breed that we researched. Eventually, this tool is what we selected to go with.

How was the initial setup?

The setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things, so that it could go out and fetch the configurations/settings. Thus, it was relatively easy.

Which other solutions did I evaluate?

I believe the other option that we looked at was Infoblox and maybe one other tool. However, Infoblox was just too cumbersome and didn't offer a lot of features. In comparison, we felt that FireMon had those out-of-the-box features built-in.

What other advice do I have?

Definitely, you should look into how many syslogs you're getting because there is a limitation on how many syslog messages it can handle per second. We felt in a more distributed environment, it allowed us to support our network more adequately. So even with our main data centers, we had to usually have three or more collectors in order to deal with the amount of syslogs we're sending. We also had to include a few different offices needing their own implementation of data collectors.

This company does a pretty solid job and they're always constantly wanting to improve their products.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user616515
Sr Network Security Specialist at a government with 1,001-5,000 employees
Vendor
The most valuable features are the reporting for change control as well as rule utilization.

What is most valuable?

The most valuable features are the FireMon reporting for change control as well as rule utilization.

How has it helped my organization?

It allows us to do utilization and cleaning of our policies. For your firewall, you have a series of rules and stuff that identify traffic, sort of whether or not the rules within your firewall policy are actually being used; what part of the rule is being used; whether or not it's identifying issues. You've got 1000 rules and only 900 are actually being used. About 100 of them are not.

We're now getting hit counts within Check Point that give us that information, but sometimes a rule says that it has been hit a lot even though it's not all the services within that rule. So it allows us to edit, modify and clean in order to remove anything that's not used.

What needs improvement?

I would say the most recent release caused us a lot of trouble as we couldn't get it working for a while, so we weren't getting the reports that we wanted, but it has improved. It's just very, very different. The most recent release level was dramatically different.

Maybe better videos or whatever could be included as to how to work with the updated product.

For how long have I used the solution?

I believe it's going on about five years, maybe as much as six.

What do I think about the stability of the solution?

When we transferred from one release to the next, the most recent upgrade, the integration with Check Point gateways was very poor and so it was for almost a year that the product was unusable to us.

What do I think about the scalability of the solution?

I think the scalability seems fine, although not all of our gateways are licensed so that in itself also caused some issues, because the product had to be more tuned to the fact that our environment doesn't utilize FireMon for all of its gateways.

How are customer service and technical support?

I would say technical support is about 8/10. Some issues just weren't handled quickly enough, I guess.

Which solution did I use previously and why did I switch?

We previously used an earlier release of FireMon and they had good success with that. In the newest release, we had a lot of problems. Prior to that, we really didn't have a tool to do that type of analysis for us. Although the most recent releases from Check Point have given us better analytics within our environment, FireMon has provided us with a better view into our environment. We didn't have anything prior to that.

How was the initial setup?

I haven't really been involved much with the licensing. It seems fairly straightforward. Regarding the training after setup, I find the videos maybe could be a little bit better in respect to how to work with your FireMon product to get the best out of it; so maybe some better training videos on how to work with the product.

Which other solutions did I evaluate?

I believe the only other option I looked at was Check Point's reporting option and it was quite costly.

What other advice do I have?

When using this product, you have to spend time understanding not only how it was installed but what information you can get from the product. The customization of reports, whether they can be automated or on demand. So just getting a better understanding of what you can get from the application is useful.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user617394
3rd Line Senior Engineer (Security) at a comms service provider with 10,001+ employees
Vendor
We use it to run reports that show unused tools and unused objects. Removing the CSV export functionality seems to me to be like a step backwards.

What is most valuable?

The security policy manager: We run reports regularly for the customer to show unused tools and unused objects, and to clean up the firewall policy.

How has it helped my organization?

Our firewall policies - we work under the standard ITIL framework - and project managers are very good at adding rules to allow their projects to work. However, they're not so good at coming back when the project is finished or the solution has been terminated and cleaning up the rubbish. So, if we don't use this product, we end up with thousands and thousands and thousands of rules, most of which aren't used.

What needs improvement?

I basically came on board to do the upgrade, which I've done. So, in the old product, we were able to get things out of the CSV file format and that allows you to then manipulate it, but now it's PDF mainly. Beforehand, we were able to take it into CSV and manipulate it in Excel, but now we can't do that anymore. A revert back on this would be good.

Overall, the product seems pretty good, but the fact that we've taken the CSV out now, that seems to me to be like a step backwards. They should be adding functionality, not taking it away.

For how long have I used the solution?

I only started using it literally about four months ago.

What do I think about the stability of the solution?

We haven't had any issues with stability yet. Well, we did during the upgrade, to be honest. So, when we did the upgrade, we had to get new versions written for us so that the upgrade worked. It didn't work just off the bat, but once we had that done, it worked fine.

What do I think about the scalability of the solution?

We haven't had any issues with scalability as we're not using that many devices reporting to it, so we haven't had any problems with scalability at all.

How are customer service and technical support?

I would rate technical support at around 7/10. I mean the reason for giving it a seven is the guy we spoke to over in Germany. He was quite good, but the problem was that it had to go back to the development team, which took a long time to get resolved.

So, basically what happened was, we raised a fault, we went through the upgrade with them and we were able to go to a particular version, as we were running a really old version; version six. We went to version seven but then stopped accessing the system. We then said to them, 'Well, how do we get to version eight?' The upgrade ping didn't seem to work. So they then had to go off and write us a new thing, but all that took months. Three months, four months and we were without access to that system for a long time.

Which solution did I use previously and why did I switch?

I don't think we used anything beforehand.

Which other solutions did I evaluate?

I think there has been an evaluation, but I wasn't party to it.

What other advice do I have?

I don't know what advice I would give to others. We are having a lot of problems with the licensing, to be honest. So, there's an issue with the UK and US date format.

When we renew our licenses, I don't know whether it's through our distributor or whatever, but they keep changing the format. In the American date format, you put the month first, then the date, then the year. In the UK we put the day first, then the month, then the year, and they keep flipping the dates over so we lose about three or four months on the licensing every time. We have to go back to our salesperson to get that fixed.

Also, when we did the upgrade, for some reason, we had enough licenses to start with but after the upgrade, we didn't. So, we didn't add any new devices, and we've got a thing in with the salesperson to find out why; what's changed there.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user620586
User at a financial services firm with 501-1,000 employees
Vendor
The Security Manager is the most valuable feature. It's been pretty stable.

What is most valuable?

The Security Manager is the most valuable feature.

How has it helped my organization?

It helps us eliminate rules that are not needed on the firewall and to consolidate them. It saves us a lot of time and makes my work easier.

What needs improvement?

Make writing the reports easier. There's a lot of canned reports and if you want to write a specific report that you're interested in looking at, it's rather hard because I'm not a programmer. I don't know all the programming languages needed to do that. I can look at what reports exist and try to take that and kind of change it to something that I want to see and it doesn't always work. It's not real easy to do.

For how long have I used the solution?

I have been using FireMon for about six months.

What do I think about the stability of the solution?

It's been pretty stable.

What do I think about the scalability of the solution?

I have not had any scalability problems at all.

How are customer service and technical support?

We have called them and they've always been really helpful. They've resolved our issue in a timely manner. I would rate them a 4/5.

Which solution did I use previously and why did I switch?

We didn't have any other solution. This is the first of its kind.

How was the initial setup?

Setup was straightforward. The instructions were really simple. We put in the basic information and then they scheduled some time with us to go through the setup and walk us through each one of the screens, what they do, what to look for and things like that. They kind of gave a little bit of a training class or training session.

What's my experience with pricing, setup cost, and licensing?

They set a round of what we wanted to see. They didn't just come in and say, "Here's how it works", because different companies are different. Different companies want to use it in different ways, so they found out what we wanted and helped us set the training up to look at things that we want to be able to use it for. That was nice.

Which other solutions did I evaluate?

We didn't evaluate any other products.

What other advice do I have?

I think it's a good product. It's very stable. It's quick and it's easy to learn. It's easy to run reports. There are a lot of reports that you can run. That helps the management of your firewall.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user617388
User at a financial services firm with 1,001-5,000 employees
Vendor
We use the forwarding capabilities and we use it for cleanup.

What is most valuable?

We use the forwarding capabilities because we don't have another way to report on the firewall. We use it for cleanup and also for our biannual firewall review. Pretty much that's the big reason that we use FireMon.

How has it helped my organization?

The time that it takes for us to do the review: Previous to FireMon, we would have to go through the firewall pretty much manually, every line. This took an incredible amount of time. With the FireMon product, we did notice a significant decrease in the time that it takes for us to do any type of review. Also, just a general report, if you have an inquiry throughout the year, without actually doing a full review, you can just go to FireMon and click a few buttons and it tells you what you need to know. There's no need to dig around and spend additional time. So, it's mainly time.

What needs improvement?

We've had issues with backups. We almost lost our database at one point. It would be nice to be able to back up the backup configuration to a network share or some other function. The only way that we know how to do it right now is to do a manual backup. Or the server backs itself up to itself, which is not helpful. If you lose the server, the backup that's stored on the server is also lost. So, it's not that helpful.

One thing that is missing is the ability to export the entire rule base of a firewall. Suppose we were going to be migrating to a different firewall. Not getting rid of FireMon, but moving to a different firewall; either a different vendor or a different model of a firewall. So instead of taking bad stuff, or maybe old stuff out of the current firewall and going to a new firewall and using the exact same configuration, we may want to export that information into an Excel spreadsheet or some other format, so that we could work with that data outside of FireMon. That would be really helpful. I've called FireMon, I've also played around trying to figure out if I could get it to work and I still didn't get it. Nobody knew how to get the info out of FireMon to work on it. Also, potentially the ability to import it back into the system and maybe get some sort of a diff report; a difference of the configuration from the system.

For how long have I used the solution?

I have used FireMin for about four years.

What do I think about the stability of the solution?

We have an issue sometimes with the listener for logging. Sometimes the listeners, the ports, go down and the server has to be rebooted. It's very, very rare that that happens, but we have noticed that's really the only stability issue that we've had. The server application itself seems to be very, very stable. Even when the port goes down, the app stays up. It just has to be reset. That may be every three months or so we may notice that.

What do I think about the scalability of the solution?

We have three major production firewalls pushing thousands of logs every hour to this one box. We have two boxes in both of our data centers but they push a lot of logs to these guys. We've never had any issues.

How are customer service and technical support?

I would rate support a 4/5. I sort of get the feeling when I send an email that it's a little bit of a slow response time. There are things that we do need immediate attention on and sometimes when you call, they'll ask you to send an email in. That's sort of a backwards approach to technical support. If I've already got somebody on the phone, they should be able to take my information and proceed with handling the triage of the call. I shouldn't have to hang up the phone, write an email, and then wait for a telephone call back from them. I would rather see some sort of support model that has a better flow to it.

Which solution did I use previously and why did I switch?

Previously, we did not have a different solution.

How was the initial setup?

Setup was fairly straightforward. Our system is in a virtual environment. We pretty much turned logging on for the firewall, pointed it to the FireMon server, added the firewall to the FireMon server. Within seconds, there were tens of blocks being pushed over there. The reports pretty much created themselves. You just had to run them.

What other advice do I have?

If someone asked me for advice, I would definitely say that it would help them, especially with being able to navigate through if you have a complex rule set. I would definitely suggest FireMon. It's been extremely helpful for us to have. Even though they're missing a few functions, it's still workable from our standpoint.

Being able to export to Excel isn't a huge turnoff. It's a nice feature to have but I would definitely suggest purchasing FireMon. Especially if you have a large environment where you're trying to trim down your rule base, you're trying to optimize your firewall, or you're just trying to find stuff that's sort of lost in your configuration.

Also change management: I believe it's a PCI requirement. We use FireMon as well for notifications and that's helped satisfy a PCI. I don't have anything in front of me that shows me all the requirements but I believe a review of rules that are changed is part of that requirement, so they help fulfill that, too.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
GI
Technology Engineer at a financial services firm with 501-1,000 employees
Real User
With the change control functionality, we can track firewall rule changes made outside of change windows.

What is most valuable?

Currently, the change management controls for monitoring the firewall configuration changes is the only feature that we really use, at this time.

How has it helped my organization?

With the change control functionality, if somebody was to go in and make a rule change on the firewall, it's configured to send a notification as soon as those changes have been made. If this happens outside of a change window, we can track those and go to that person/individual, and find out why they made the change without going through proper change control procedure.

What needs improvement?

We just updated to the latest version, so I haven't had a chance to play with the enhancements from what we were previously using. What I was looking for in the previous version was better capability of adding change control numbers manually for rule changes that don't allow me to put in a descriptor into the change on the actual device. That will automatically get pulled into FireMon for reporting purposes. Some features don't have a description field that I can populate, and so I need to go back into FireMon later and document those. Even though the field is available as an option in properties, there's no way for me to fill that because of the type of the category of the change. It may not be a security change. It could be just a documentation process that I'm not able to do. That was in a previous version. I haven't validated that in this latest version.

For how long have I used the solution?

I've only been using it for about a year. My employeer has used it for two to three years.

What do I think about the stability of the solution?

The product itself has been solid, stable. I haven't had any issues with stability issues at all, now.

What do I think about the scalability of the solution?

The scalability seems to only be limited based on licensing we have installed. It appears to be fairly robust. It does offer a very large variety of devices that it can monitor but it's only limited based on the licenses that we have installed. For example, when I started here over a year ago, the device was licensed just for Cisco ASA5520s, and now we're using it to also monitor 5545s, which is a different tier. Until we licensed it for that different tier, we weren't able to ingest the configurations or monitor those newer devices. It truly comes down just to licensing. So, making sure we have the proper licensing is key. From what I've seen, it can monitor many devices, from routers, switches, up to the firewalls, from across many vendors.

How are customer service and technical support?

We have asked for help a couple times, mainly about minor questions. There were questions about how to use documentation better, and they helped with that, but most of the questions that we've had have been around upgrading the product. We needed to know what is in the next version.

Which solution did I use previously and why did I switch?

Based on what I know, there were no previous products. My understanding was they brought this in because they did not have that capability, and so this was an enhancement to the organization overall. Previously, there wasn't any monitoring being done.

How was the initial setup?

Initial setup was done prior to me being here.

What other advice do I have?

From what I've seen of the product, it's fairly robust. Making sure to know everything that you want monitored, to get the proper licensing upfront, is probably the biggest thing. If you're only strictly wanting to do firewalls, make sure you get the right licensing that will match your firewall capabilities. If you want to match a more cross-spectrum of your devices, get licensing to support that. The biggest key is making sure to get all the licensing you need for the devices you want upfront.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user600747
Security Engineer at a logistics company with 1,001-5,000 employees
Vendor
Assists us in our ability to review and validate firewall rule changes and implementations.

What is most valuable?

Although we have a very mature infrastructure, one of the thorns that come with that maturity is developing policies and processes to support that infrastructure.

This solution assists us in our ability to review and validate firewall rule changes and implementations across a wide audience of users.

How has it helped my organization?

Here are some of the ways change management has improved our organization:

  • Ensures that proper change controls were enforced.
  • Engineers can check if a change was implemented properly.
  • Compliance can easily monitor the environment for potential PCI concerns.
  • We can heavily leverage the solution for firewall remediation.
  • We can pull policy reports from various technologies.
  • We can standardize those reports for analysis.
  • When we make changes in our environment, we can run usage reports to gauge impact before we make permanent changes to our rules.

What needs improvement?

With fifteen years as a security administrator, I have used few solutions that are as polished as Security Manager. That being said, every solution has room for improvement.

I would like to see the ability to export reports to .xls. This would help me for the following reasons:

  • It would allow for greater data manipulation.
  • When I run a report, I have the option of saving or exporting that report as .html or .pdf. As someone who catalogs much of their work in .xls, it would be convenient if I were able to export a policy report to .xls.
  • This would allow me to manipulate the data better.
  • I would no longer need to copy and paste from the .html to .xls and clean up the information.

For how long have I used the solution?

I used version 7 for several years. We have upgraded to version 8, and we have been using that version for the last three months.

What do I think about the stability of the solution?

There have been no stability issues so far.

What do I think about the scalability of the solution?

There were absolutely no scalability issues.

How are customer service and technical support?

Technical support has been amazing. I would give them a rating of 10/10, an A+, and I would buy from them again.

Which solution did I use previously and why did I switch?

In this environment, there were no previous solutions.

I have used other solutions at previous jobs. However, this is a solution I would like to bring with me if I ever ended up elsewhere in the future.

How was the initial setup?

The initial setup using VMs was rather straightforward. The use of VM images sped up the process greatly. Professional services added a great deal of value in optimizing the environment.

What's my experience with pricing, setup cost, and licensing?

Much of this information is not applicable to me based on my relationship with the product.

That being said, the ROI for securing dedicated professional services (vendor support) is amazing. It is relatively inexpensive, very customizable, and is a great help when approaching projects with the solution.

What other advice do I have?

Consider investing in the policy planner. Further integration with a ticketing solution is on our roadmap. I certainly wish it was something we pulled the trigger on years ago.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user453555
President at a tech services company with 51-200 employees
Consultant
efficient way to clean the firewall from unused, redundant, shadowed rules that create unnecessary risks and impacts performance.

What is most valuable?

  • Firewall cleanup - the best and most efficient way to clean the firewall from unused, redundant, shadowed rules that create unnecessary risks and impacts the firewalls performance overtime. Also, it helps with the PCI compliance.
  • Rule use analysis.

How has it helped my organization?

  • Improved change workflow
  • Optimized my firewalls
  • Meet PCI compliance
  • Enhanced security

What needs improvement?

Needs more functional basic workflow for the Policy Planner for those who do not need a fully customized workflow.

For how long have I used the solution?

One year.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How is customer service and technical support?

I've found technical support to be a 9/10.

How was the initial setup?

Straightforward.

What's my experience with pricing, setup cost, and licensing?

Add infrastructure devices to the firewalls and negotiate an overall discount that way. Needed to get insight into configurations.

Which other solutions did I evaluate?

Tufin and AlgoSec were evaluated as well.

What other advice do I have?

The customized workflow is worth it. If you are considering to migrate to new firewalls, implement FireMon because it will make your migration much easier. Also, cleaning up some slow firewalls will help you extend its life.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partners
it_user587580
Network Security Engineer at a tech company with 10,001+ employees
Vendor
The security management feature allows us to look inside the firewall and see things that the firewall doesn't report.

What is most valuable?

The most valuable feature is security management because it allows us to look inside the firewall and see things that the firewall doesn't report. For some of the things the firewall applications lack, we're able to gain insight with the FireMon appliance, as well as having one platform that looks into different vendors of firewalls. That's really important for us.

How has it helped my organization?

For me, specifically, I use it for a lot of firewall migrations. We can see rule usage. On a project that I was on, we saw the rules on the migration. We pulled the rules out that weren't being used, and then we could take rules that were overlapping, join those together and make it more efficient.

What needs improvement?

One area with room for improvement for me is doing the updates. We have to download it from User Center and then put it unto the machine through FTP, or something like that. I would rather just go to the GUI and hit the Update button, and it goes out and gets the update itself. Because these files are large and sometimes the transfers don't go through, the only way that we're able to do it right now is through FTP. That means we have to have CLI access, which sometimes we don't really want to do. I'd rather just go to the update screen, hit Download the Update, and then be able to reboot it and have it go to all of the data collectors, and transfer that file over there automatically. Right now, it's a process and it takes a lot of time.

It's more complex as opposed to being user friendly. It also depends on your level of knowledge on what to do. Some people may not know to do it, and there are some commands in there. If you don't have support, if you haven't read the entire admin guide, you wouldn't know.

For how long have I used the solution?

I have used it for eight years.

What do I think about the stability of the solution?

It crashed one time but that's because of a design issue on our part. It's not something that, I think, was on FireMon's part. We need to offload the storage, and our hard drives are filling up, so that causes problems with our servers, but as far as FireMon, I haven't really had a problem with FireMon crashing on its own.

What do I think about the scalability of the solution?

The only scalability problem is having an offloaded log collector, because we do send a lot of logs. We have our own servers that do the log collection and we need to make backups of that. As far as that’s concerned, no, we haven't had any issues with scalability. We can expand much further than what we have.

How are customer service and technical support?

We've had the FireMon product for eight years. I've only been directly involved with it for the past year. I generally don't call tech support, I usually contact my SE because we're still in the process of these huge migrations, so I talk to my SE a lot. I have contacted support once and they were very helpful, so I would probably rate it 9-10/10 because they know exactly what they're doing.

Which solution did I use previously and why did I switch?

We did not previously use a different solution, that I know of. I’ve been with my current organization for almost three years and it's always been FireMon, so I don't know. I wasn't a part of that decision-making process.

Which other solutions did I evaluate?

At the end of last year, we reevaluated which products we wanted to continue going with based on budgets. We reviewed Skybox, Tufin, AlgoSec, and FireMon.

What other advice do I have?

Don't be scared to contact the SE. My SE and I have a very good relationship and we bounce ideas off each other. Leverage your resources. It's not really a complex product to deploy.

Use the User Center. There's a lot of great info there and a lot of your questions can be answered in the User Center.

General recommendations: Make sure that the firewalls you have are supported. Make sure you know how many firewalls you have.

Go with the mindset of what you want to do; general project management-type stuff.

Everything's working fine. The only thing is the automated updates. I’m not giving it a perfect rating because of the usability of the updates. That's my biggest thing that they need to work on.

It's been working very well for us. We’ve got everything we need. We have several groups using it that like it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user588591
Enterprise Security Architect at a insurance company with 1,001-5,000 employees
Vendor
The normalization of the rule sets across different firewall platforms is valuable. Version 8 wasn't ready for prime time.

What is most valuable?

Holistically, the product is well thought out. The normalization of the rule sets across different firewall platforms is all valuable to us. You can't really separate it out; for me, you can’t.

How has it helped my organization?

I can mention high-level stuff. Basically, it gives us visibility that we were lacking; having everything being able to be viewed in one pane of glass. Instead of having to go jumping all over the place into the different platforms, you can use the tool to get a single pane of glass view.

It's not a jack-of-all-trades product; it's very focused. It does what it does and it does it well. We use it that way. Basically, that's the reason we obtained it. That's what we use it for: to normalize the platforms all into one single view. A place for us to do our analysis, review of rules and things of that sort.

What needs improvement?

I can mention a ton of areas with room for improvement, but from a high-level standpoint, I just don't think version 8 was ready for prime time, yet. They're still working on it. There are still major swaths of the tool that need attention. To get into the details, I would have to engage my engineers.

For how long have I used the solution?

We've had it in our portfolio since July of 2013.

What do I think about the stability of the solution?

We have not encountered any stability issues with the product itself. It's been easy to maintain, to upgrade and to do all of the support work for it. There hasn't been an issue with that at all.

What do I think about the scalability of the solution?

We have not encountered any scalability issues. We haven't run into a limitation yet.

How are customer service and technical support?

Any time we've engaged technical support for assistance, we've come away with a resolution, so the only thing that we've had difficulty with is programming or making fixes that require coding. That sometimes can take a little while.

Technical support is at least 8/10.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. This was the first firewall management platform that we've used, except for the built-in, out-of-the-box tool that came with the platform.

How was the initial setup?

Initial setup was all pretty straightforward. You stand up your platform, get your database ready to go, and that all happens out of the box. Then, you start to populate it with your devices. It's all pretty straightforward.

Which other solutions did I evaluate?

Before choosing this product, we also evaluated Tufin and AlgoSec.

What other advice do I have?

Just like any other IT product on the market today, everything is green grass and high tides. Everything is beautiful. During the sales process, it's all, "Oh, just do this, do that." It's a little more than that. It's a little more complex and a little more effort than just, plug it in and go.

I think that's the mistake of many of the sales teams; that they sell the ease of implementation. I think they should just be straight up and honest with the purchaser, saying, "Look, it's going to take some effort and you're going to have to understand your environment. You're going to have to understand the network flows. You're going to have to understand how your network is segmented, so you can properly implement the tool."

I think when they try to make it seem easier than it really is, then that's inviting problems.

FireMon is just better than average. It's better than average, but not quite stellar yet. They've got a little work to do to address some of the challenges that could be introduced perhaps by the customer and the way the customer has used the different platforms. They have to be able to account for that, and react to it in a timely manner; at least come up with some sort of usable solution in the meantime when they do encounter a problem.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
ITCS user
Conseiller sécurité des TI at a tech services company with 1,001-5,000 employees
Consultant
It is possible to highlight differences between policy revisions.

What is most valuable?

  • The possibility to highlight differences between policy revisions
  • FireMon Insight with FMSQL
  • Hidden reports
  • Rule usage/unused rules report
  • Object usage report

How has it helped my organization?

FMSQL allows us to quickly query our ruleset to check which trafic is allowed. That greatly helps us to fill in the compliance report.

What needs improvement?

  • Support of checkpoint clusters: Rule usage is logged for each cluster member but not for the whole cluster. It may lead to wrong conclusions when you clean rules.
  • Comments with special characters (French accent) are not supported. So we can't use the report for uncommented rules.

For how long have I used the solution?

I have used it for >5 years.

What was my experience with deployment of the solution?

We first had FireMon 5 on Windows Platform. It was a pain in the ...

Now, with the FireMon appliances, you just have to connect your Check Point SmartCenters and ... enjoy!

What do I think about the stability of the solution?

I have not encountered any stability issues because we purchased Linux appliances.

What do I think about the scalability of the solution?

We have quite a large Check Point environment (>60) with a lot of rules. Reports may be a bit slow but they are so valuable that they are worth the wait. Newer, beefier appliances may also be available from FireMon.

How are customer service and technical support?

Customer Service:

I don't have to deal with customer support, so I won't rate them.

Technical Support:

With Windows, it was difficult to get support.

I only had to open once a ticket with the FireMon appliances; fast handling of the case.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was quite simple.

What about the implementation team?

I was not in charge of the implementation project. I think we installed the FireMon appliances on our own.

What was our ROI?

I'm not an accountant !!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user563418
Network Security Architect at a healthcare company with 1,001-5,000 employees
Vendor
Recently we’ve decided to utilize the policy review capabilities to automate our periodic firewall rule review process.

What is most valuable?

FireMon has served as a change monitoring and notification tool for a number of years, but recently we’ve decided to utilize the policy review capabilities to automate our periodic firewall rule review process.

Our primary use case for Firemon initially was to perform change notification for our ASA firewalls. This was the case for about 5 years.

With the introduction of version 8, we decided to reconsider other capabilities of Firemon – specifically the policy review reports that show unused or duplicative policy rules. We intend to use these features to automate our firewall policy review process.


How has it helped my organization?

Instead of having to utilize a manual review process, we can automate most of the process. Change notifications for our ASA firewalls that do not have built in change notification is also automated for us.

For how long have I used the solution?

7 years.

What do I think about the stability of the solution?

Yes, after an upgrade to version 8 from version 7, we experienced several issues with the Data Collector component. They were all resolved pretty quickly by FireMon support.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

FireMon’s technical support is capable and responsive. I’ve had no issues with getting the right resources engaged when I need them.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The upgrade from version 7 to version 8 seemed to be unnecessarily complicated, so we opted to to a clean install on version 8, and have had no issues with using this approach. In fact, it helped us clean up our installation.

What's my experience with pricing, setup cost, and licensing?

Understand that the licensing exercise, is intended to right size the costs to your actual firewall models, but that Firemon v8 does not make a distinction between firewall models in the tool itself.

Which other solutions did I evaluate?

No other solutions were considered.

What other advice do I have?

Perform the installation and utilize FireMon support to optimize the installation. Perform a post installation review of the configuration a couple of months after it’s implemented and running so that you can decide what features to use, which are useful. There are a lot of built in features that aren’t apparent until you get the whole system set up, all of your devices discovered, and the system collects information for a few weeks.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user494874
Network Security Sr. Advisor at a tech services company with 1,001-5,000 employees
Consultant
It’s helpful during our firewall and network devices audit.

What is most valuable?

Security Manager: It effectively manages the complexity and change associated with today’s network security infrastructure and has a good hold in the market.

How has it helped my organization?

It’s very helpful during our firewall and network devices audit, and also beneficial when backup is required of network security devices.

What needs improvement?

I am desperately looking forward to seeing FireMon considered as a good backup solution for network security devices, which can store up to the last 10 incremental backups. This way, the business can grow with multiple solutions to customer.

For how long have I used the solution?

I have been using it for five years.

What was my experience with deployment of the solution?

I have not really encountered any deployment, stability or scalability issues. Installation and upgrade are quite simple and easy.

How are customer service and technical support?

Technical support is satisfactory.

Which solution did I use previously and why did I switch?

Previously we were using AlgoSec, but it requires to be updated from time to time. Also, it wasn’t found to be a fruitful solution and has a lot of room for improvement.

How was the initial setup?

We recently installed FireMon on VMware architecture and it was very smooth and without issues.

What about the implementation team?

Implementation was easy and documents are available in FireMon Center, so the in-house support team implemented it without any issues.

What's my experience with pricing, setup cost, and licensing?

Per-device license is little costly, but with such good features it’s understandable.

What other advice do I have?

It is a good solution for audit trails and end-user visibility.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user494046
Information Security Engineer at a energy/utilities company with 51-200 employees
Vendor
It helped us identify unused rules, reducing the load on the firewalls.

What is most valuable?

The Configuration Change Management feature was something we were interested in as it helped us to identify who made the change, when and why. Also, the workflow was easy to set up to ease operations.

The second important feature I liked was determining unused rules - rules placed incorrectly in the ACL - this helped us to reduce the load on the firewalls, thus we didn’t have to buy a new firewall due to high CPU or memory consumption. With the help of FireMon, we fine-tuned the rules and were able to save money for buying a new firewall.

How has it helped my organization?

As mentioned, we were able to ease the operations and set up a workflow that allowed the firewall and other network-related requests to go through a formal approval process. This helped to track who, when and why the request was done.

Also, removing redundant rules and placing the rules at the correct place helped lower CPU and memory consumption.

What needs improvement?

I would have preferred fewer updates, as there were quite a few updates made every now and then. Secondly, the Risk Management Module didn’t work well until you have the all of the subnets mapped. This can be improved.

For how long have I used the solution?

I used it for two years.

What was my experience with deployment of the solution?

I didn’t really encounter any deployment issues. However, sometimes the GUI used to crash when it tried to populate the device map; we had a lot of devices. At times, the map displayed fine, even though it took some time to show up; and at other times, the GUI crashed. This should be fixed.

How are customer service and technical support?

Technical support was fine; they have good technical people. However, support can be improved, if they become more responsive.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

How was the initial setup?

Initial setup was fine; you just need to map certificates between the sensor and the Application Server, which was something different. It can be sorted out through some other methods as well. I don’t exactly remember, but we faced one issue and to resolve it, we had to install the certificates again to get it working.

What about the implementation team?

Implementation was done by the vendor team.

What's my experience with pricing, setup cost, and licensing?

Although I have left the company, I heard that since the license renewal cost was too high, management decided not to renew it. The vendor should reduce the license renewal cost.

Which other solutions did I evaluate?

I personally did not test any other alternative, but I heard management evaluated Skybox as well; they eventually chose FireMon. It was a management decision, so I don’t know why others were rejected.

What other advice do I have?

Check the renewal cost, and determine whether the Risk Management Module is mature enough and whether GUI crash issues have been fixed or not. Maybe for small companies, it comes up fine, but for large environments, it might cause issues.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user501963
Systems Engineer at a tech company with 51-200 employees
Vendor
It provides clear visibility of our firewall, and clear auditing of each firewall rule and changes.

Valuable Features

We can check the compliance of each firewall, check the KPI of each firewall to determine the security posture of the network, monitor changes done on the firewalls and provide overview of all the rules, either unused, duplicate or risky rules.

Improvements to My Organization

We now have clear visibility of our firewall, clear auditing of each firewall rule and changes, and of course, it helps us comply with governing bodies.

Room for Improvement

They should add SMB firewall support and not only the big players.

Use of Solution

I have used it for one year.

Stability Issues

I did not encounter any stability issues.

Scalability Issues

I did not encounter any scalability issues.

Customer Service and Technical Support

Technical support is 9/10.

Initial Setup

Initial setup was straightforward and it was easy to follow the installation steps.

Pricing, Setup Cost and Licensing

It has great pricing with big discounts.

Other Advice

Prepare the necessary details and make sure you configure the needed firewall according to their guide for a smooth implementation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user489861
Regional Manager Enterprise Data Infrastructure and Information Security at a comms service provider with 51-200 employees
Vendor
RA excels at identifying risk exposure areas.

Valuable Features

Security Manager (SM) and Risk Analyzer (RA) are the most valuable features to me. SM assesses a network's security posture in terms of deployed policies, redundant policies, duplicate policies, etc. RA takes a snapshot of everything connected to and within the network down to the end points. It recommends security policies that would improve and further secure the network from potential threats etc.

Improvements to My Organization

The product is extremely helpful in policy analysis and improvement. RA was exceptional is identifying risk exposure areas.

Room for Improvement

Although there is nothing 'wrong' in FireMon's support for other vendors, with the advent of SDN, NGFW, etc., I think FireMon will have to cover more layer 3 devices from different vendors. Again, their current database covers almost all of the major vendors: Cisco, Juniper, Fortinet, etc. However, there is always room for growth in this particular area.

Use of Solution

I have used this solution since 2012.

Stability Issues

We have not encountered any issues with stability so far.

Scalability Issues

We have not encountered any issues with scalability so far.

Customer Service and Technical Support

Their technical support is superior.

Pricing, Setup Cost and Licensing

Pricing and licensing is structured well and FireMon was very helpful in meeting the target budget for this project.

Other Solutions Considered

We looked at AlgoSec before choosing FireMon.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user456099
Information Security Engineer at a insurance company with 1,001-5,000 employees
Vendor
It allows us to monitor and assess our network and provides proactive security intelligence.

What is most valuable?

It’s provided us with proactive security intelligence so we can act before we have a security breach.

How has it helped my organization?

FireMon allows us to monitor and assess our network, giving continuous visibility into and control over firewall infrastructure, network security policies and underlying IT risk.

What needs improvement?

The reporting needs some improvement to ensure that we are provided with consistent data accross each firewall device on the network.

For how long have I used the solution?

I’ve been using it for two years.

What was my experience with deployment of the solution?

There were no issues with the deployment.

What do I think about the stability of the solution?

We had no issues with the performance.

What do I think

What is most valuable?

It’s provided us with proactive security intelligence so we can act before we have a security breach.

How has it helped my organization?

FireMon allows us to monitor and assess our network, giving continuous visibility into and control over firewall infrastructure, network security policies and underlying IT risk.

What needs improvement?

The reporting needs some improvement to ensure that we are provided with consistent data accross each firewall device on the network.

For how long have I used the solution?

I’ve been using it for two years.

What was my experience with deployment of the solution?

There were no issues with the deployment.

What do I think about the stability of the solution?

We had no issues with the performance.

What do I think about the scalability of the solution?

It's been able to scale for our needs.

How are customer service and technical support?

8/10

Which solution did I use previously and why did I switch?

This is my first time using a solution like this.

How was the initial setup?

It’s quite straightforward.

What about the implementation team?

We had it implemented by a vendor team.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user448857
Security Consultant at a tech services company with 501-1,000 employees
Consultant
Rule comparison and filters are an easy way to check if you policy is concise and clean.

Valuable Features

The instant and complete network graphical view it provides is amazing. Alerts give you complete control of firewall changes, its amazing for compliance and security policy validation. Rule comparison and filters are an easy way to check if you policy is concise and clean, giving your firewall the best performance and readability.

Improvements to My Organization

We managed around 70 different firewalls in more than 25 countries all over the world. The firewalls were from different vendors such as Palo Alto, Checkpoint, Cisco, Juniper, etc. FireMon helped to decrease the workload on risk analysis and also firewall rulebase review time by 50%, at least due to its very elaborate and easy to use filters.

Room for Improvement

It’s been a constant need not only to analyze firewall rules and configurations but also implement them, for which FireMon has no support. Also some of the firewall analysis involve weak password policy, FireMon could implement a way to send firewall hashes, when they exist, to third party cracking softwares.

Use of Solution

I used this solution for about three years in my previous job. I primarily used the Policy Planner and Policy Optimizer modules.

Deployment Issues

The deployment was already easy for v7.0, the upgrade to v8.0 is even easier.

Stability Issues

We had no issues with the performance.

Scalability Issues

It's been able to scale for our needs.

Customer Service and Technical Support

I would rate it 8/10. The only reason I don’t rate it 10/10 is because of the response time which, for us, sometimes took a little bit longer then expected. Customer service and technical support is very good.

Initial Setup

The initial setup was very easy and straightforward and we had no problems implementing it.

Implementation Team

It was initially implemented by a vendor team, but the implementation could easily be done in house.

Pricing, Setup Cost and Licensing

FireMon is not a cheap solution but its price is well balance for what it has to offer.

Other Solutions Considered

We have evaluated FireMon’s competitors like AlgoSec and others, but found FireMon to be the best solution for our needs due to having a complete set of tools.

Other Advice

Be sure you read all the specs, and test the application as deeply as you can to ensure it meets all your requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user456090
Senior Network Security Engineer at a local government with 1,001-5,000 employees
Vendor
In addition to firewall auditing, we use it for rule traffic analysis, traffic flow discovery and hidden/shadow rules.

Pros and Cons

  • "Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands."
  • "One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was."

What is most valuable?

Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands. These features are valuable as firewall rules are constantly added but its tough to determine what can get cleaned up over time. Knowing how frequently a rule is used, where redundant rules exist and documenting changes are important.

How has it helped my organization?

Since our network is large, someone new like myself has a challenge when we need to make changes to permit certain traffic. Often this traffic will traverse multiple firewalls and FireMon can help demystify where needed rules need to be implemented.

What needs improvement?

We just went from the v7.x to their latest web based v8.x which was a welcome change. One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was. Another area that could use improvement is the traffic path analysis. FireMon uses learned zone data against interfaces to help determine traffic pathways. The catch here is in v8.x, you now have to specify a source or destination network which may throw off the results sending you to the incorrect firewall. Since we just upgraded last week, there aren't many other items that we can see as improvements as we are just getting familiar with this version.

For how long have I used the solution?

I've used this solution for a little over one year.

What was my experience with deployment of the solution?

The migration from v7 to v8 needs to be improved but we had no issues in the initial deployment.

What do I think about the stability of the solution?

We have a centralized server with data collector appliances placed between two data centers. We were losing change data because one of the collectors had too much load on it but we never knew. Support had to dig deep when we had our 7.x install and help balance out our firewall to collector ratio to ensure we weren't flooding any one collector.

What do I think about the scalability of the solution?

It's been able to scale for our needs.

How are customer service and technical support?

Their support is very good. They are generally responsive and I have needed to escalate only a couple of times.

Which solution did I use previously and why did I switch?

We had no solution in place prior to this. FireMon was the best choice as they really specialize in this niche market.

How was the initial setup?

Like anything new, we needed help from support to get our initial setup moving along. However once you learn the basics, it's not hard moving around the system.

What about the implementation team?

We did get FireMon's assistance during our initial implementation. I encourage this as every environment is different and for me it was worth the investment to get that initial startup help to get things going.

What other advice do I have?

Like any implementation, take time and plan. Engage users and stakeholders letting them know what this system can do and get it integrated within the organizational ecosystem. Like any solution, if it isn't used you simply don't get that potential dividend.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user273759
Network Engineer at a tech services company with 501-1,000 employees
Consultant
It allows you to put expiration dates on ACL's to remove unneeded exceptions, but network maps need more improvement.

What is most valuable?

The reports you can run to look for redundant ACL’s in the firewalls, and the policy trace and review. It also allows you to tie to multiple domains so that the administrators for the FireMon servers do not have to deal with the hassle of making 'view only' accounts. You can also use the Insight function to keep records of the ACL’s. Instead of filling up the firewall with remark statements that could lose their position, you can leave all the information in the FireMon server, and you can tie in ticket information. It also allows you to put an expiration date on that ACL so that you can always remove unneeded exceptions.

How has it helped my organization?

It improved performance of the organization, as instead of going line through line of the firewall, we were able to quickly find IP addresses or services using Firemon.

What needs improvement?

I believe their network maps have a lot of room for improvement. I think they should allow more customization.

For how long have I used the solution?

I have only worked on this product for a year.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

We have not had any issues with stability.

What do I think about the scalability of the solution?

My organization only used FireMon for Cisco ASA products, so I am not sure if it works with other firewalls but it does support other vendors.

How are customer service and technical support?

Customer Service:

Great, they hold free WebEx sessions for additional training on FireMon.

Technical Support:

They're extremely responsive and experienced on the product.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

What about the implementation team?

An in-house team did it.

What other advice do I have?

Using this product allows firewall administrators to quickly find a problem with their firewall configurations. It allows the administrators to also look for open services that should not be allowed. One of the most useful features is the ability to use policy trace. If you work in an environment with multiple tiered firewalls you can look at exactly what ACL’s the traffic is going through on each firewall without having to have permission to those firewalls.

It is a smart move to make and makes the administration and troubleshooting of ACL problems clear.

Disclosure: I am a real user, and this review is based on my own experience and opinions.