Reviews (1-25 of 33)
- From Cisco to Palo Alto and AWS Security Groups, we are able to pull in all of this information into a centralized location. From the list of supported vendors, we feel like we are not limited to any one firewall vendor. This is very important to us as we are always looking into the best technology to support our ongoing growth.
- The ability to create custom reports or to use the pre-built templates was a very nice feature for us, we want to make sure that our baseline is in line with the compliance standards we are audited against and go the extra mile in some cases to make sure that we are always safe. We are always confident that we are compliant across the organization with the reporting that Firemon provides.
- As we have matured as a company we have adopted a security first policy when it comes to firewall rules. In the past firewall rules were approved and implemented without much thought given to process and tracking. With Policy Planner we are able to track those changes pre-implementation and post implementation to ensure that no changes are made without authorization and they are correctly implemented.
- Upgrades almost always require support intervention if you're going more than a few releases newer, and even then the upgrade process could use improving. Luckily it really doesn't have to be done often if you're happy with your implementation. For us, the only reason to upgrade would be to address security with the product itself.
- It can be a little overwhelming the first time you start to get reporting, especially if the environment has been around awhile. We had difficulty at first because we were overwhelmed by the amount of information we were seeing and we needed pro services to train our staff to use Firemon effectively. We found that even with this assistance it still took time before we were able to wrap our heads around getting everything remediated.
- Some of the built-in templates for things such as PCI remediation are locked from changes and prevented from duplicating, we had to make our own using those standards so that we could begin reporting with it. This took a little time to do and we feel that we should be able to work with it out of the box. It wasn't a big problem but something to look out for.
- Built-in compliance and security reporting - By scheduling reports, we automate the information gathered and get it to the correct department for remediation, freeing up resources for other tasks.
- Ping Path Analysts - this plays a big help in our environment. With over 300 IT personnel, communication is sometimes lost. Changes to architecture happen frequently with our dynamic and worldwide presence, including cloud. It is important to get it right the first time, in a secure and efficient manner.
- Security Manager - Organization, optimization, and metrics that can easily be tracked and help make future decisions on the appropriate coarse of action. For example, I've taken multiple firewalls which had high CPU and memory utilization, reprioritized the policies, and cut those metrics in half.
- Licensing is a nightmare - Depending on the 'size' of your firewall, there are different scu's. There are also costs associated with adding router/switches, as well as centralized management.
- System status and health - while there are ways to display the metrics, you have to go to a different URL and to each appliance. It would be nice if the manager had a health check for all of the collectors associated with it on it dashboard.
- MFA / SSO /SAML2.0 integration - It would be valuable to integrate the before mentioned integrations for secure access and flexibility.
- Configuration changes, it can monitor and alerts any change on the firewall through email alerts.
- Optimised firewall rules , FireMon easily identify the unused firewall rules, duplicate rules, shadowed rules.
- Traffic Flow Analysis help a lot to further discover, tightening rules such as ANY rules configured on the firewall.
- Needs more supported devices and firewall supported vendors.
- Needs to push other add on modules to show the full capability of the FireMon Security Manager. eg policy planner, policy optimiser, risk analysis.
- Needs aggressive marketing in the Philippine Market. A lot of customers are not aware that there is a solution for firewall optimization and management.
- A lot of add on features are not introduced or not being used by the customer.
Well, we are using FireMon in our IT department only. I would like to share my latest concern about it. Since the last major upgrade of FireMon, I am facing a major problem where all my devices are showing the Critical button. While some are having serious issues, others are not but it keeps showing up as Critical. In the last versions, we had three icons and we could directly identify and prioritize the criticality of each. This is my major concern with the update. FireMon also does not recognize Source Object group difference and thus makes my reports unreliable and I have to double check! Otherwise, I love working with FireMon.
- It can be customized in a lot of ways because you can write your own queries and assign them to controls.
- When the system has proper resources, FireMon is quite reliable and quick to pull new firewall rules.
- The user interfaces has a lot of options to use like revisions. It is helpful to look at revisions before and after changes to make sure everything went as planned. It also has some pie graphs that are good for showing in reports.
- There needs to be functionality to roll back changes to FireMon, or save copies of firewall documentation that can be reverted back. There are some manual fields you can fill in for firewall rules in FireMon (things such as notes about audits of the rules, when they were last audited, etc). If they are removed, there is no way to re-add them. There also needs to be an option to copy documentation from one firewall to another in case you have to RMA a firewall. I have been advised that the development team is adding these features sometime in the next year, but it has bit us a few times.
- I get the impression that the development team needs to give better documentation to the support team.
- No root access to the box. This has caused some issues such as not being able to eject a CD rom from a VM and not being able to install a backup client requiring us to code a backup script in house. There used to be sudo access, but it was removed.
- Customization of reporting is a nice feature. This is not available with other similar tools in the industry.
- Traffic Flow Analysis is widely used for looking at overly permissive rules.
- The dashboards are simple and enable us to do a presentation for non-technical audiences.
- The integration of firewalls is quite easy.
- Support is fast to respond and generally knowledgeable.
- The main area where FireMon will need improvement is a true knowledge base for customers and users. There is a lack of documentation and known facts. This means that as a user, the need for opening tickets for simple tasks is sometimes frustrating.
- Automate validation of compliance feature saved us time for auditing. It will generate report so we can provide to auditor for further review.
- Traffic flow analysis is one of the feature we used on daily basis, especially when there is a new request for adding policy for a complex environment, this feature provided accurate information on which security device is passing the traffic.
- Firewall cleanup recommendations helped us to improve firewall efficiency and avoid unnecessary changes. We scheduled to using this feature every 6 months to clean up zero hit rules and firewalls performance have been improved since.
- We had an issue when FireMon takes a long time to process the logs from over a dozen chatty firewalls. I understand when there are huge data sending to FireMon it needs time to process it, but FireMon might need to optimize how the data is handled.
- It finds unused or shadowed rules and shows them to you well.
- It makes auditing of baseline standards easy.
- Makes it easy to search across multiple firewalls.
- Makes it easy to see if traffic should get through the firewalls.
- Sometimes the search filter syntax doesn't make it easy to find what you are looking for. It uses its own syntax.
- Lacks the ability to go back in time and create a compliance report from older data.
- Tracking all changes that occur on assets.
- Able to quickly identify duplicate or unused rules.
- Automation and workflow.
- Network maps have a lot of room for improvement
- How FireMon is updated; not able to pull updates directly from the system.
- Fast analysis of flaws in the rules set
- Dynamic mapping
- Normalize varied platforms into a standard appearance
- Quickly find unused rules and objects
- Useful canned reports
- While you can evaluate potential changes to firewall rules, you can not implement the rules from FireMon.
- The GUI is easy to navigate, but learning where to go for the useful features takes a little practice.
- While the base product has reports for analyzing vulnerabilities, a separate license is required to get the full benefit.
Our primary use case for FireMon was to aid audits of firewall changes and finding weak rules. The base product meets this need 100%. Implementation is easy. Compatibility for all major vendors is present. Support is great. No regrets.
Regular audits are simple. Changing report criteria is possible, but the built-in reports were effective enough.
FireMon is actively being used by our security team to enforce oversight and compliance standards for our firewall environment. Additional business units are also leveraging the solution to help with reporting. Change management will use the tool to identify rogue changes or changes that may have been implemented outside of our internal change management guidelines. Firewall admins will use the solution to improve the quality of the rules that they generate and to assist with the review and approval workflow. Compliance leverages the solution to help prioritize which devices may need more assistance or a greater amount of overhead needed to remediate.
The main benefit at this time is that it helps us help ourselves and reduce the amount of calories we burn each month or quarter in identifying what issues we need to address in our environment. Getting ready for audit, or quarterly reviews of devices is exponentially easier. Having the ability to automate many of our controls into our workflow on an ongoing basis also reduces the amount of time spent in each of those scheduled reviews/clean up efforts.
- BU Reporting - Concerned about role segmentation? Want other business units to peek into how things are going on your devices but without having to give everyone under the sun admin credentials for those devices? Firemon accomplishes that for us. I'm able to take this solution to various business units and shop it around...and increase its ROI by getting additional processes or procedures built around its functionality.
- Remediation Reporting - A flexible interface allows for very granular information to be generated, exported, and manipulated. Want to export a list of expired rules, done. Rules that allow traffic but don't have logging enabled, done. Find a change that took place outside of your change window and identify who's manager to speak to - done.
- Support - Although this isn't a "Security Manager" specific example its worth emphasizing that with such a flexible and vestal tool there are multiple ways of doing things. Usually there is the way that I can find to fit my needs right now - but the support staff have been amazing as offering improvement suggestions for the way that I use the tool to accomplish the tasks I have to complete. Quick turnaround on tickets, and no micro-managing of prerequisites before offering a to schedule a webex or best guess first step.
- More granular documentation - A flexible tool is great, but with flexibility comes gaps in documentation. Nothing serious, but I have found myself asking questions to support on more than one occasion because I couldn't independently find the solution in the default documentation. "How can I generate a query that uses this argument rather than this one..." kinda stuff.
- More granular ability to "whitelist" specific rules - If security teams had perfect security, the business wouldn't be allowed to operate. That being the case there will always be compromises. Although I may care about a specific control as far as my environment is concerned, I will find myself with a laundry list of rules that will take an extended effort to clean up, or there is no good way around. Being able to acknowledge these and then circle back to them at regular intervals for review would be good - as opposed to having to make sure I filter those specific rules out of larger exports that I may dump into a ticket for remediation.
Very well suited for reporting, and identifying control failures. I can single handedly do the analysis work of an entire remediation team - validate my findings - export the information in a format that is friendly to pass along to my admins - track remediation efforts - and update documentation in one interface.
There are some areas in the reporting that could be tweaked a bit to provide more nimble output. FireMon has a wide variety of pre-generated reports that have a lot of value over the query based reporting. Many of those reports you can run against your entire enterprise, but some you can't....meaning you might have to duplicate the report for a handful of devices depending on your need.
- Security Manager provides a graphical map of your infrastructure and allows you to do a path analysis through the firewall infrastructure.
- Security Manager allows you to view every change made on the specified device. This includes the day, date, time, and user who made the change. You can drill down to detailed information concerning exactly what the change was.
- Security Manager allows you to view all firewall policies including Security Rules, Objects, NAT Rules and more.
- While FireMon provides great reports, the reports that we utilize often can not be edited. We would like to see the reports in an editable format allowing us to remove content that is not relevant or add relevant content to the report for presentation to management.
- A recent change was made in a update to Security Manager that caused problems with the LDAP authentication of users. This change was not adequately communicated to us before the update and took several sessions with Technical Support to correct. A better job of updating the customer of major changes is required.
- Provides well organized, easy to read reports such as rule usage and object usage.
- Provides ability to quickly run a query to identify where particular objects are being used.
- Logging of firewalls over time gives long-term status on rule use on the firewalls.
- Learning how to write syntax to query information was difficult.
- Difficult to rely solely on the results from queries run in FireMon. I have seen different results from FireMon and what is on the firewall using another tool and FireMon was inaccurate.
- Logging stops or malfunctions on FireMon.
- Real-Time email alerting for firewall changes and the availability to review the new configuration and the previous one side by side is one of FireMon Security Manager’s strengths.
- Easy to read Overview Dashboard provides at a glance report charts of the Top 5 devices including control failures, firewall rule complexity and rules available for removal.
- The interactive network topology device mapping feature clearly shows network segments, firewall locations and external access points with the ability to access firewall rules with one click.
- The out of the box reporting is a nice feature, but the ability to build customized report with a report "wizard" would be an added benefit.
- Traffic Flow Analysis is an invaluable tool.
- The ability to run reports on PCI audits has been very useful.
- The logged connections history is great for showing management metrics.
- AD integration was a little difficult to set up.
- Upgrading was tricky but FireMon support did a great job working with us to complete an upgrade.
- I love the insight into what is being done on the network. I can make sure that our network team is doing what they say they are doing. It also gives us the security controls to see what the network team keeps from us.
- The GUI is easy to use.
- I would like to be able to update certain fields, for example the reference field for tickets.
Less appropriate: if you lack time to learn the product interface.
- Tracks all changes made to the firewalls.
- Fairly easy to use ticket request system (policy planner).
- Need to be able to support more types of firewalls (for example the new FTD code for the Cisco ASA's and the NSX firewalls).
- Need better integration between data submitted in policy planner tickets to the security manager (not all the data from those tickets are saved in the security manager).
- Need more customization options on policy planner (require certain fields to be filled out).
Mainly we use FireMon to get the audit reports on the firewalls.
- Streamlined change management procedures.
- Great automation capabilities.
- Built-in reporting capabilities.
- Extensibility (customizations).
- Perhaps the ability to add and customize dashboards (e.g. by power users) would be desirable.
- The workflows are still somewhat not that 'intuitive'.
PP is a great tool to keep Change Management procedures 'under control' in large network infrastructures and/or in scenarios where modifications to infrastructure are deemed critical. It is also very useful as an auditing tool.
On the other hand, it might not be that necessary for SMB type of infrastructures.
Another feature I like is the API. Checkpoint doesn't have an easy way to search for NATed IP addresses associated with host objects. In v7 we use a PHP script to compile the real IP address, NAT IP address, name, and comment data to be easily searchable to help find available NAT addresses to use. Unfortunately, v8 doesn't pull the NAT data from Checkpoint at this time. Support said they are working on it.
- The API is very useful for extracting data.
- The reporting feature is very usful for finding weaknesses in the firewall rule base.
- Notification of firewall changes to keep administrators abreast of what was changed including rule, objects, etc.
- v8 doesn't import the translated NAT address from Checkpoint like v7 does. This needs to be added back.
- It does a good job of tracking usage of firewall openings. This gives us much better reporting than traditional firewall logs.
- It does a good job of tracking firewall changes. We are able to determine when changes were made and by whom.
- The interface makes it easier to determine which openings are currently present.
- We've occasionally had issues where the product stops receiving and recording access control list hits.
- Sometimes we have issues with comments populating correctly into the Firemon config.
- We've run into a few issues when the system became unavailable.
FireMon Scorecard Summary
Feature Scorecard Summary
FireMon's Network Security Policy Management (NSPM) platform gives security and operations teams automated visibility and analysis for network security devices. FireMon's web-based UI allows users to dissect their network security policies, locate compliance failures, and assess security vulnerabilities. The vendor says the platform proactively delivers intelligence around IT security and compliance so organizations can make better decisions about their network security.
FireMon platform offers:
- Real-time monitoring for security and network operations to see details in complex IT and security systems. With granular, sub-second views into the network infrastructure, FireMon provides automated analysis to improve security posture, maintain compliance and detect advanced threats.
- Automated Security Configuration Assessments (SCA) for continuous compliance, automated rule and cleanup recommendations, and risk-based simulation for policy changes. Users can create "what if" scenarios for analysis and model the impact of potential changes. This reduces time and gives greater assurance that firewall changes provide appropriate security and accessibility to IT assets.
- Continuous assessment of all security device configurations in real-time, complying to regulatory and internal standards. Audits are automated with sub-second analysis and documentation across the security infrastructure.
FireMon Videos (2)
- FireMon Datasheet
- Whitepaper: Security policy remains the bedrock for data protection. Security and operations teams are swamped in access request, audit requirements, and cyberattacks. Organizations need a better way to manage the security policies that protect the enterprise.
- Quantifying the Value of Firewall Management
FireMon Customer Size Distribution
|Small Businesses (1-50 employees)||8%|
|Mid-Size Companies (51-500 employees)||15%|
|Enterprises (> 500 employees)||77%|
FireMon Support Options
|Free Version||Paid Version|
|Video Tutorials / Webinar|
FireMon Technical Details
|Deployment Types:||On-premise, SaaS|
|Operating Systems:||Web based browser UI|
|Supported Countries:||All countries except North Korea, Iran, Sudan, Syria and Cuba|