- Fast analysis of flaws in the rules set
- Dynamic mapping
- Normalize varied platforms into a standard appearance
- Quickly find unused rules and objects
- Useful canned reports
- While you can evaluate potential changes to firewall rules, you can not implement the rules from FireMon.
- The GUI is easy to navigate, but learning where to go for the useful features takes a little practice.
- While the base product has reports for analyzing vulnerabilities, a separate license is required to get the full benefit.
Our primary use case for FireMon was to aid audits of firewall changes and finding weak rules. The base product meets this need 100%. Implementation is easy. Compatibility for all major vendors is present. Support is great. No regrets.
Regular audits are simple. Changing report criteria is possible, but the built-in reports were effective enough.
FireMon is actively being used by our security team to enforce oversight and compliance standards for our firewall environment. Additional business units are also leveraging the solution to help with reporting. Change management will use the tool to identify rogue changes or changes that may have been implemented outside of our internal change management guidelines. Firewall admins will use the solution to improve the quality of the rules that they generate and to assist with the review and approval workflow. Compliance leverages the solution to help prioritize which devices may need more assistance or a greater amount of overhead needed to remediate.
The main benefit at this time is that it helps us help ourselves and reduce the amount of calories we burn each month or quarter in identifying what issues we need to address in our environment. Getting ready for audit, or quarterly reviews of devices is exponentially easier. Having the ability to automate many of our controls into our workflow on an ongoing basis also reduces the amount of time spent in each of those scheduled reviews/clean up efforts.
- BU Reporting - Concerned about role segmentation? Want other business units to peek into how things are going on your devices but without having to give everyone under the sun admin credentials for those devices? Firemon accomplishes that for us. I'm able to take this solution to various business units and shop it around...and increase its ROI by getting additional processes or procedures built around its functionality.
- Remediation Reporting - A flexible interface allows for very granular information to be generated, exported, and manipulated. Want to export a list of expired rules, done. Rules that allow traffic but don't have logging enabled, done. Find a change that took place outside of your change window and identify who's manager to speak to - done.
- Support - Although this isn't a "Security Manager" specific example its worth emphasizing that with such a flexible and vestal tool there are multiple ways of doing things. Usually there is the way that I can find to fit my needs right now - but the support staff have been amazing as offering improvement suggestions for the way that I use the tool to accomplish the tasks I have to complete. Quick turnaround on tickets, and no micro-managing of prerequisites before offering a to schedule a webex or best guess first step.
- More granular documentation - A flexible tool is great, but with flexibility comes gaps in documentation. Nothing serious, but I have found myself asking questions to support on more than one occasion because I couldn't independently find the solution in the default documentation. "How can I generate a query that uses this argument rather than this one..." kinda stuff.
- More granular ability to "whitelist" specific rules - If security teams had perfect security, the business wouldn't be allowed to operate. That being the case there will always be compromises. Although I may care about a specific control as far as my environment is concerned, I will find myself with a laundry list of rules that will take an extended effort to clean up, or there is no good way around. Being able to acknowledge these and then circle back to them at regular intervals for review would be good - as opposed to having to make sure I filter those specific rules out of larger exports that I may dump into a ticket for remediation.
Very well suited for reporting, and identifying control failures. I can single handedly do the analysis work of an entire remediation team - validate my findings - export the information in a format that is friendly to pass along to my admins - track remediation efforts - and update documentation in one interface.
There are some areas in the reporting that could be tweaked a bit to provide more nimble output. FireMon has a wide variety of pre-generated reports that have a lot of value over the query based reporting. Many of those reports you can run against your entire enterprise, but some you can't....meaning you might have to duplicate the report for a handful of devices depending on your need.
- Streamlined change management procedures.
- Great automation capabilities.
- Built-in reporting capabilities.
- Extensibility (customizations).
- Perhaps the ability to add and customize dashboards (e.g. by power users) would be desirable.
- The workflows are still somewhat not that 'intuitive'.
PP is a great tool to keep Change Management procedures 'under control' in large network infrastructures and/or in scenarios where modifications to infrastructure are deemed critical. It is also very useful as an auditing tool.
On the other hand, it might not be that necessary for SMB type of infrastructures.
- Security Manager provides a graphical map of your infrastructure and allows you to do a path analysis through the firewall infrastructure.
- Security Manager allows you to view every change made on the specified device. This includes the day, date, time, and user who made the change. You can drill down to detailed information concerning exactly what the change was.
- Security Manager allows you to view all firewall policies including Security Rules, Objects, NAT Rules and more.
- While FireMon provides great reports, the reports that we utilize often can not be edited. We would like to see the reports in an editable format allowing us to remove content that is not relevant or add relevant content to the report for presentation to management.
- A recent change was made in a update to Security Manager that caused problems with the LDAP authentication of users. This change was not adequately communicated to us before the update and took several sessions with Technical Support to correct. A better job of updating the customer of major changes is required.
- Provides well organized, easy to read reports such as rule usage and object usage.
- Provides ability to quickly run a query to identify where particular objects are being used.
- Logging of firewalls over time gives long-term status on rule use on the firewalls.
- Learning how to write syntax to query information was difficult.
- Difficult to rely solely on the results from queries run in FireMon. I have seen different results from FireMon and what is on the firewall using another tool and FireMon was inaccurate.
- Logging stops or malfunctions on FireMon.
- Real-Time email alerting for firewall changes and the availability to review the new configuration and the previous one side by side is one of FireMon Security Manager’s strengths.
- Easy to read Overview Dashboard provides at a glance report charts of the Top 5 devices including control failures, firewall rule complexity and rules available for removal.
- The interactive network topology device mapping feature clearly shows network segments, firewall locations and external access points with the ability to access firewall rules with one click.
- The out of the box reporting is a nice feature, but the ability to build customized report with a report "wizard" would be an added benefit.
- Traffic Flow Analysis is an invaluable tool.
- The ability to run reports on PCI audits has been very useful.
- The logged connections history is great for showing management metrics.
- AD integration was a little difficult to set up.
- Upgrading was tricky but FireMon support did a great job working with us to complete an upgrade.
- I love the insight into what is being done on the network. I can make sure that our network team is doing what they say they are doing. It also gives us the security controls to see what the network team keeps from us.
- The GUI is easy to use.
- I would like to be able to update certain fields, for example the reference field for tickets.
Less appropriate: if you lack time to learn the product interface.
- Tracks all changes made to the firewalls.
- Fairly easy to use ticket request system (policy planner).
- Need to be able to support more types of firewalls (for example the new FTD code for the Cisco ASA's and the NSX firewalls).
- Need better integration between data submitted in policy planner tickets to the security manager (not all the data from those tickets are saved in the security manager).
- Need more customization options on policy planner (require certain fields to be filled out).
Mainly we use FireMon to get the audit reports on the firewalls.
Another feature I like is the API. Checkpoint doesn't have an easy way to search for NATed IP addresses associated with host objects. In v7 we use a PHP script to compile the real IP address, NAT IP address, name, and comment data to be easily searchable to help find available NAT addresses to use. Unfortunately, v8 doesn't pull the NAT data from Checkpoint at this time. Support said they are working on it.
- The API is very useful for extracting data.
- The reporting feature is very usful for finding weaknesses in the firewall rule base.
- Notification of firewall changes to keep administrators abreast of what was changed including rule, objects, etc.
- v8 doesn't import the translated NAT address from Checkpoint like v7 does. This needs to be added back.
- It does a good job of tracking usage of firewall openings. This gives us much better reporting than traditional firewall logs.
- It does a good job of tracking firewall changes. We are able to determine when changes were made and by whom.
- The interface makes it easier to determine which openings are currently present.
- We've occasionally had issues where the product stops receiving and recording access control list hits.
- Sometimes we have issues with comments populating correctly into the Firemon config.
- We've run into a few issues when the system became unavailable.
We are using FireMon to monitor firewall changes as well as to improve the rule base.
It is a really efficient tool, which helps us by having a slimmer and more responsive firewall, which is not cluttered by redundant rules.
FireMon is really for us useful when needing to streamline the rule base as well as to have an audit of all the changes made to the firewall, as it is sending emails for every change as well as weekly reports.
Our team is using it daily and we are really happy with its functionality.
- FireMon gives a great overview of all firewalls on the network.
- FireMon tells us what rules are and aren't being used to help us keep our policies manageable.
- FireMon gives us a better understanding of what areas might need more security.
- It's great that it can tell us what rules are redundant but it doesn't lay out the rules side by side.
- Could provide more online training like videos and documentation, to maximize our use of FireMon.
- Tracks Firewall rule usage.
- Tracks and documents all Firewall changes.
- Holds all Firewall ACLs in one centralized location.
- Compatibility to see VPN tunnel ACLs.
- Reports could be easier to customize.
- Single licensing Enterprise option. Added other firewalls and needed another license - cumbersome.
- FireMon Security Manager does a great job in validating firewall policies against regulatory requirements and in the utility business there is a lot of regulation to comply to. I think this is a strength because it's getting harder and harder to follow up on all regulation that applies.
- FireMon Security Manager does a pretty good analysis of all the firewall configurations and it helps to identify rules that are hidden, too permissive or shadowed. It helps keep the firewall configurations clean at all time.
- Custom compliance assessments. Even [though] FireMon Security Manager has a complete suite of compliance assessments, it's a strength that we are able to build custom compliance assessments to review the status of the network based on our internal policies.
- Rule Search. Is an awesome tool because we can verify before creating a new firewall policy in the network if there is any other policy that is already created that fulfills the request. It lets you keep your firewalls clean.
- Building the maps is still a complex task to complete. It requires a lot of time to do it and it's not too intuitive.
- Within complex networks with devices from different vendors
- Companies merging with other companies
- FireMon does a great job at monitoring any changes on the firewall rules
- Monitor any user accounts that perform the changes on the firewall
- Easy to set up
- Collecting logs of logs usage on the firewall from a SIEM device would be useful
- A report to generate all firewall rule changes within the last year
- Monitor changes
- Provides easy review of the configuration
- Shows if there are duplicate rules
- The way it is licensed. It is licensed by device type and IP address.
- Process to upgrade to major versions. Right now you have to reimage the appliance or VM and it is not always just an update.
FireMon Scorecard Summary
FireMon's Network Security Policy Management (NSPM) platform gives security and operations teams automated visibility and analysis for network security devices. FireMon's web-based UI allows users to dissect their network security policies, locate compliance failures, and assess security vulnerabilities. The vendor says the platform proactively delivers intelligence around IT security and compliance so organizations can make better decisions about their network security.
FireMon platform offers:
- Real-time monitoring for security and network operations to see details in complex IT and security systems. With granular, sub-second views into the network infrastructure, FireMon provides automated analysis to improve security posture, maintain compliance and detect advanced threats.
- Automated Security Configuration Assessments (SCA) for continuous compliance, automated rule and cleanup recommendations, and risk-based simulation for policy changes. Users can create "what if" scenarios for analysis and model the impact of potential changes. This reduces time and gives greater assurance that firewall changes provide appropriate security and accessibility to IT assets.
- Continuous assessment of all security device configurations in real-time, complying to regulatory and internal standards. Audits are automated with sub-second analysis and documentation across the security infrastructure.
FireMon Videos (2)
- FireMon Datasheet
- Whitepaper: Security policy remains the bedrock for data protection. Security and operations teams are swamped in access request, audit requirements, and cyberattacks. Organizations need a better way to manage the security policies that protect the enterprise.
- Quantifying the Value of Firewall Management
FireMon Customer Size Distribution
|Small Businesses (1-50 employees)||8%|
|Mid-Size Companies (51-500 employees)||15%|
|Enterprises (> 500 employees)||77%|
FireMon Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
FireMon Technical Details
|Deployment Types:||On-premise, SaaS|
|Operating Systems:||Web based browser UI|
|Supported Countries:||All countries except North Korea, Iran, Sudan, Syria and Cuba|