Likelihood to Recommend
When it comes to security on the edge of your network (downstream) Cisco's IOS security features provide pretty much everything you need when it comes to securing your network, network devices, and access. I would absolutely recommend Cisco switches due to many reasons, but a big reason is security.
Read full review
Firemon product is overall good a product. It gives us a summary of who made what change, when it occurred and at what time, in real time. Their Out of box tools do satisfy the common requests for reporting and there options to create customized report allows us for more options as every environment is different. That is why I gave it an 8 rating.
Read full review Pros Authentication. Access lists. Port security. Read full review PCI Reporting - After identifying which firewalls and rulesets are in scope, producing a report artifact to satisfy PCI requirements on Firewall reviews is literally a two-click operation. Storing Rule Metadata - FireMon stores metadata (prefilled fields, standard fields, and custom fields) for each rule in each policy which is valuable for context during firewall reviews in particular API - FireMon exposes most if not all of its functionality via REST API Read full review Cons Cisco could provide an initial set up script for those are not used to the CLI (Command Line Interface). With that initial script, people could easily deploy the security features instead of having to learn how to use the commands. The web interface that Cisco provides with the routers, although it’s useful to set up the security features, it could also have some sort of tutorials to help people understand the main concepts of iOS security. You have to license iOS security separately from the main OS. For that reason, sometimes it tends to be a little expensive if you have a small business. Read full review Some features could be added to the existing functionality which include NAT rules usage Rule expiration normalization from firewalls rather than entering them in rule documentation .csv exports of the files from the firewall pane only gives usage for 30 days by default and that should be increased Read full review Likelihood to Renew
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.
Read full review Usability
It save me time and I'm able to have the review - review the rule independently with using my time.
Read full review Reliability and Availability
FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
Read full review Performance
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.
Read full review Support Rating
Cisco has the best Support team that gives us 24/7 support as we need. Cisco has huge detailed documentation for design, implementation, and troubleshooting all areas of the IOS security. There are many communities discussing all Cisco devices and solutions for studying groups and for customers to share their stories, technical problem and solutions.
Read full review
FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.
Read full review Implementation Rating
Implementation is fairly simple. Most issues can be resolved by referencing manuals.
Read full review Alternatives Considered
I also like HP Procurve. It is my choice when the customer cannot afford Cisco. Cisco is better all round but HP is the only other [product] I will use if I have a choice.
Read full review
I has worked with
and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them
Read full review Scalability
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
Read full review Return on Investment Cisco iOS security helped our business deploy a relatively safe solution for a small amount of money. If you don’t have enough budget to invest in a robust and expensive firewall solution, you can safely use Cisco iOS security to protect your branch or remote office without compromise your network. Because Cisco iOS security uses a simple command-line based interface, you can deploy standardized scripts and keep the operational costs low. Read full review The use of FireMon has eliminated the backlog in firewall policy changes, approval, and implementation. FireMon has greatly increased the accuracy of changes, and reduced the risk of planned changes (3 incidents in over 27000 change tickets--most with multiple policy changes in each, is a stellar record) Read full review ScreenShots