FireMon Reviews

Customer Verified
Top Rated

Do you work for this company? Learn how we help vendors

Ratings and Reviews
(1-25 of 93)

Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Review Source
My team uses Firemon primarily for a firewall reviews due to PCI compliance. Firemon offers a great overview of how our network is built and how it can be utilized better for requirements one in the PCI – DSS. Currently, the software is being used by just a department and not the whole organization however, Firemon does impact the entire organization's compliance program.
  • Customer service
  • Sales presentations
  • Follow up
  • Implementation
  • Data storage
  • Swag
Within my industry I have multiple contacts that are looking for exactly what Firemon does. Not only can the software help compliance professional but also network engineers who need a better picture of how infrastructure is set up. As well as new employees that need to learn the environment quickly.
Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.
No major benefits have been realized with the vendor a nice take approach however this has allowed us to choose Firemon do to ease of use,return on investment, and implementation. As a cloud software company, the designer Firemon works great!
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are currently using FireMon to monitor our primary corporate and DR firewalls. Also we use them to monitor our eCommerce environment firewalls. We are slowly expanding, as we have a number of retail locations, also with firewalls, and need to monitor them. We use this to push update and config changes, as well as backups and restores (when needed). We also use this to troubleshoot and test new policy implementations
  • Configure management - multiple firewalls made easy
  • Backups - a number of times this has come in handy
  • Troubleshooting - being able to chase down a path issue
  • Rule testing - planning before implementing
  • Initial setup requires quick a bit of legwork if you want to do it right
  • Definitely takes some learning if you are new to the system
  • Making sure everything is tagged and tagged correctly is important and time consuming
We have multiple firewalls in our corporate environment that are from the same vendor, and while this vendor does provide a single console for management, it falls short of being able to do the proper kind of management that you'd need to a large, complex network. FireMon allows for the firewall team to management and monitor the firewall, including rules, paths, and issues in a single environment. Along with the ability to test and troubleshoot route and path issues, which makes life much easy and makes fixing problem much quicker
Easily done scaling, ability to add devices quickly without too much hassle. Growing the products footprint is not difficult at all, and that allows for quick deployment in the case of need. While our setup has been static for about a year, we should be growing it as we add our retail stores to the pot, which will need additional resources to process all the additional data. This is easily done with FireMon
We have not delved into the cloud aspect of FireMon yet, but as our cloud footprint grows, and we need the ability to see what is happening 'up there' this should be a great additional to our arsenal.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use FireMon as a firewall configuration management tool as well as our primary software suite for responding to auditors regarding network security. Currently the product is mostly focused at the security administrator/engineer level but we have several users in less technical roles across different business units that have some limited but very useful information thanks to that extra level of deployment. This tool has been crucial in helping us keep our overall rule counts down and also restricting access to only applications that are still valid. Recently I've created controls that were pretty simple to make, they essentially evaluate any new rule created to see if it crosses from outside to inside which allows a tier 3 team to analyze those rules daily/weekly. Compared to how I was doing this in Splunk Firemon is 100x better.
  • Finds overly permissive rules
  • Finds redundant rules/unused object (junk)
  • Acts as a snapshot in time config repository (backup system)
  • Helps compare configs from one day to the next to see exactly what changed and who changed it
  • Creating controls for higher tier engineers to review to ensure policy is being followed in near real time.
  • There are a number of reports both built in and custom that can really help make sure company policy is being followed in rule creation.
  • The administration page alerts are pretty bad and need to be finely tuned.
  • Performance issues impacting large organizations with a massive amount of traffic passing over their firewalls
  • Cisco integration is less than Palo and Checkpoint in many areas; perhaps this is a Cisco side issue, but either way, it would be nice if all features worked with all vendors to the same degree
  • As of writing this you can't add Firepower devices directly to Firemon, you have to add a FMC and it can read the config from there. That works well for most people to be fair, but I am looking to kill FMC and use Cisco CDO instead. Firemon is adding support that will permit all of this which I'd estimate at 6 months. Keep that in mind when buying. That said, I'd try to work around the limitation as they add support.
FireMon is very well suited to handle small to midsize networks for total configuration management/rule deployment/reporting. I think where FireMon is less suited is handling larger networks with higher amounts of traffic. To be fair to FireMon, we probably should have been informed by the original sales team (no longer with the company) that we would need more hardware in order to function properly with our network. We've had to use clever workarounds to get basic data from our devices into the product. I do not think this is a problem in all larger organizations but in ours where firewall logging accounts for most logs in the environment, we do have some issues. Update: Firemon is using a lot of different scaling tricks so that you can dedicate servers to functions or load balance the same functions across multiple servers. This won't help with a large environment with routes that don't make much sense but it should help permit the ability to log a lot of traffic if you supply the correct hardware to do so.
Update: The ability to scale the product before deployment is very high, after deployment you can still add new servers and combine them to get "ultra" performance out of the product though it is more complicated so if I had to go back in time I'd have started with more hardware. Given the somewhat recent dedication to this (supporting large organizations), I am moving my rating from 8 to 9. I would still like to see some sort of magic plug and play for scaling which is probably unlikely especially since it's not really that hard.
We have yet to deploy FireMon into our public or hybrid cloud strategies, nor do we really need to support many vendors on premises. Our business does have another security department that finds great benefits from the vendor-agnostic support. I have seen what the product can do, and in time, as our need to support multiple vendors across different environments increases, I have no doubt it will get the job done very well.
Score 6 out of 10
Vetted Review
Verified User
Review Source
FireMon is being used to provide detailed historical records of every change/revision made on every network appliance enterprise-wide. It provides instant visibility on what changed when issues arise. Considering outages and time to restoration are measured by duration, having a single pane of glass showing which firewall rule or ACL was updated is priceless. Without FireMon, we would go into every outage--both small and large--blind, trying to figure out where to start.
  • Tracking firewall rule changes.
  • Normalizing data so that it's easily understandable across different vendors and technologies.
  • Providing detailed or summary reports for the data you actually want.
  • It seems like their licensing model is constantly evolving.
  • Often, support will have to escalate cases to engineering.
  • Certifications are always geared to a particular version.
Better suited for:
  1. Compiling a historical record of changes/revisions of network appliances.
  2. Understanding rule set complexity in terms of overlapping rules and redundancy.
  3. Understanding and viewing rule usage.
  4. Understanding network flow--how packets will traverse from this hop to the next.
  5. What compliance risks are present due to failed controls.
FireMon's licensing model appears to constantly evolve, which at times can be frustrating when sizing your environment for scalability. I've experienced a situation where our organization was licensed for a particular feature with FireMon version X but not licensed for it in version Y. This caused a good amount of confusion when the procurement team got involved.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Business Units will request firewall changes using policy planner. This method allow us to ask for all details about what is required to implement the changes. It will also provide the end user a portal and SLA for completion. Auditors love this level of tracking and validation.
  • Tracking Changes
  • Clean UI
  • Good Reporting
  • Hard to Customize Policy Planner workflows
  • UI can be slow in Policy Planner
  • Upgrading FMOS has become more involved
Excellent for enterprise work intake for and managing SLAs.
It definitely meets the requirements of being scalable and flexible.
We have not integrated with cloud firewalls yet.
May 04, 2021

Review for FireMon

Score 9 out of 10
Vetted Review
Verified User
Review Source
We are primarily using FireMon for Quarterly Compliance.
  • Configuration pulls
  • Drop rule enabled
  • Change History
  • The requirement for syslogs when some of the firewalls are already displaying last hit date, etc. (palo alto)
I think the flexibility of scheduling the config pulls and the flexibility on the architecture (1 box versus as many as you want) are very nice.
We have used it across multiple vendors, but not in the cloud.
December 16, 2020

Secure with Firemon

Score 8 out of 10
Vetted Review
Verified User
Review Source
FireMon is being used by whole organization. It's a second source of firewall rules and we give access to people who can't be given access to firewalls to review the rules. That way many people are using FireMon.

We are also using it for Rule analysis and rule-recertification.
  • Filter search capabilties
  • Rule recertification using Policy Optimizer
  • Ease of use and interactive WEB UI
  • Some features could be added to the existing functionality which include NAT rules usage
  • Rule expiration normalization from firewalls rather than entering them in rule documentation
  • .csv exports of the files from the firewall pane only gives usage for 30 days by default and that should be increased
FireMon is well suited for rule analysis and compliance
Score 9 out of 10
Vetted Review
Verified User
Review Source
FireMon is being used to monitor changes to our existing firewalls. Our firewalls consist of various Palo Alto models.
  • Easy to create custom controls.
  • Good dashboards for visibility.
  • Easy to use interface.
  • Out of the box reporting for compliance needs.
  • Navigation can be daunting for new users.
  • Not enough granularity with regards to documentation.
FireMon is best suited for change control monitoring and compliance in our organization.
FireMon has enabled us to monitor firewalls from one console, and has support for new models from Palo Alto which we currently use.
We recently expanded our FireMon infrastructure, from a one node solution to a four node highly available solution deployment on prem.
The upgrade and migration took less than a week of planning and implementation.
FireMon has helped us consolidate our firewall configurations for similar devices. This promoted consistency and compliance. Most recently, we had upgraded our Cisco Firepower devices and FireMon was instrumental in helping us consolidate our configs.
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use FireMon for compliance purposes. We use it to generate reports whenever a change is made to the Firewall. We can see who pushed policy in Checkpoint, what Change# it is associated with, and what was actually done compared to what the change ticket stated.
  • When working correctly, it generates reports for each firewall when a change is made.
  • It is a great tool to audit Firewall rules, redundant rules, and changes made
  • It doesn't always provide reports for when changes are made.
  • It only shows who pushed policy in the reports, not who made the actual changes to the firewall.
  • You can no longer drill down into reports at a granular level which back in Version 7 you were able to, which provided a great deal of information.
  • Seems to have some issues communicating with Checkpoint retrieving all reports that are split between two data centers.
When working correctly, it is great for audit purposes when you need to show when changes were made, what was made, who made them, and with what change. When the reports aren't working, you have to dig up all this information manually. Back in version 7, you were able to drill down in the reports that provided a very granular detailed information, now the newer version doesn't allow for this.
When working correctly, it can scale well to our environment which runs multiple Firewalls with backup Firewalls.
We use FireMon strictly for reporting purposes, only for audit reasons.
Score 8 out of 10
Vetted Review
Verified User
Review Source
FireMon is deployed by the Corporate Security Team, the network team will check in all of their firewalls and use the tool for audit purposes. The Security Team also aligns witth each Business Unit security leader, if that BU is audited they use the data produced from FireMon as evidence.
  • Firewall Auditing
  • Reporting
  • Ease of use
  • Resources, to much minimun hardware requirements to run
  • Architecture is to big, to many endpoints to deploy
  • Hosted Cloud solution could help in place of System deployments
FireMon is a great tool, but it is very expensive to run. Also the last sale rep we had was very aggresive and didnt respect the fact we told them that we were not interested at the time to upgrade or add any additional licensing.
Scalability is great, just need to deploy a collector locally and it gooes...the main APP + DB server is a resource hog.
We [haven't] deployed FireMon to any Cloud environments currently.
Score 9 out of 10
Vetted Review
Verified User
Review Source
FireMon is used for firewall change management from request to implementation and verification. Security Manager is used extensively for policy test, and to enable cleanup and migration.
  • FireMon provides a live view in to firewalls across the enterprise in a single tool.
  • Policy Planner is customizable, and can be fit to your company's workflow requirements, to include API for Service Now.
  • FireMon provides policy testing capability, and traffic flow analysis, which is critical for timely troubleshooting.
  • The FireMon interface has evolved from a desktop client to a browser-based portal, but added many layers to navigating commands. A simpler interface with most commands and functions one click deep (and all visible) would be more efficient for daily ops workflow.
  • Policy test is great, but doesn't differentiate when a policy is a user-auth rule, so the result may show that policy is already in place, when it is actually not usable.
FireMon is very well suited for an enterprise with any number of firewalls and types. It is scalable, and can be installed as a single appliance, or distributed infrastructure, with as many data collectors as needed. It provides a view in to all firewalls at once, and enables efficient troubleshooting, policy testing, compliance analysis, and detection/validation of changes. For merge and acquisition, or spinoff, of network infrastructure, FireMon is an extremely valuable tool for quickly documenting routes, policies, and zones to execute firewall migrations.
FireMon can be scaled, as needed, with multiple datacollectors, on-prem, or in the cloud.
We have used FireMon Policy Planner for tracking change requests to cloud firewalls and NSG.
Daniel James | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

FireMon is actively being used by our security team to enforce oversight and compliance standards for our firewall environment. Additional business units are also leveraging the solution to help with reporting. Change management will use the tool to identify rogue changes or changes that may have been implemented outside of our internal change management guidelines. Firewall admins will use the solution to improve the quality of the rules that they generate and to assist with the review and approval workflow. Compliance leverages the solution to help prioritize which devices may need more assistance or a greater amount of overhead needed to remediate.

The main benefit at this time is that it helps us help ourselves and reduce the amount of calories we burn each month or quarter in identifying what issues we need to address in our environment. Getting ready for audit, or quarterly reviews of devices is exponentially easier. Having the ability to automate many of our controls into our workflow on an ongoing basis also reduces the amount of time spent in each of those scheduled reviews/clean up efforts.

  • BU Reporting - Concerned about role segmentation? Want other business units to peek into how things are going on your devices but without having to give everyone under the sun admin credentials for those devices? FireMon accomplishes that for us. I'm able to take this solution to various business units and shop it around...and increase its ROI by getting additional processes or procedures built around its functionality.
  • Remediation Reporting - A flexible interface allows for very granular information to be generated, exported, and manipulated. Want to export a list of expired rules, done. Rules that allow traffic but don't have logging enabled, done. Find a change that took place outside of your change window and identify who's manager to speak to - done.
  • Support - Although this isn't a "Security Manager" specific example its worth emphasizing that with such a flexible and vestal tool there are multiple ways of doing things. Usually there is the way that I can find to fit my needs right now - but the support staff have been amazing as offering improvement suggestions for the way that I use the tool to accomplish the tasks I have to complete. Quick turnaround on tickets, and no micro-managing of prerequisites before offering a to schedule a webex or best guess first step.
  • More granular documentation - A flexible tool is great, but with flexibility comes gaps in documentation. Nothing serious, but I have found myself asking questions to support on more than one occasion because I couldn't independently find the solution in the default documentation. "How can I generate a query that uses this argument rather than this one..." kinda stuff.
  • More granular ability to "whitelist" specific rules - If security teams had perfect security, the business wouldn't be allowed to operate. That being the case there will always be compromises. Although I may care about a specific control as far as my environment is concerned, I will find myself with a laundry list of rules that will take an extended effort to clean up, or there is no good way around. Being able to acknowledge these and then circle back to them at regular intervals for review would be good - as opposed to having to make sure I filter those specific rules out of larger exports that I may dump into a ticket for remediation.

Very well suited for reporting, and identifying control failures. I can single-handedly do the analysis work of an entire remediation team - validate my findings, export the information in a format that is friendly to pass along to my admins, track remediation efforts, and update documentation - in one interface.

There are some areas in the reporting that could be tweaked a bit to provide more nimble output. FireMon has a wide variety of pre-generated reports that have a lot of value over the query based reporting. Many of those reports you can run against your entire enterprise, but some you can't....meaning you might have to duplicate the report for a handful of devices depending on your need.

As a security professional let me first acknowledge that I know better than to say or document much in a public forum. That being said I have recently had reasons to sit down and future proof our current implementation. We're as virtual as virtual can be - if we acquired 300% of our current device load tomorrow responding to that need (aside from licensing) would just be a matter of spinning up more VM's in house, and cutting the appropriate tickets for where syslog info gets sent.
October 16, 2020

FireMon: Great Product

Score 9 out of 10
Vetted Review
Verified User
Review Source
We currently use FireMon for reviewing/cleaning up rules and plan to implement policy planner by the EOY. It improves and simplifies documentation.
  • Lets you know what is unused so you can lock it down
  • Improves the process of review rules
  • Open up knowledge base on Google, to make searching easier with better results
Still learning the FireMon package, but the more I learn the better I like it. We have a small shop so I tend to jump between priorities.
Works great for our two failover pairs--this question may be better for a larger organization.
We are currently not using it for cloud support.
It save me time and I'm able to have the review - review the rule independently with using my time.
August 03, 2020

FireMon Review

Score 10 out of 10
Vetted Review
Verified User
Review Source
Cybersecurity and Network departments use the product, for auditing, keeping track of changes, security, real-time change information, historic log information, dupe rules/object cleanup. and long term trend reports.
  • Correlate large rule sets and uncountable objects into a human usable format
  • Allows you to pick a supplied compliance assessment and allows you to create a custom one to fulfill your needs
  • Gives you an Enterprise dashboard with percentages that you can drill down to the devices--as the rules are constantly changing to fit business needs this helps reduce security flaws a human will miss.
  • It centers on policy, compliance, and change--the three areas we all need help in.
  • Setting up a new compliance assessment or modifying an existing one
It's a must-have tool for the security department.
You count the current and new devices for the years and you're done. Not a set as in most other applications where you buy 10, 25, or 100, and end up paying for something you are not using.
We have Fortinet, Cisco, and Palo Alto in-house, and FireMon works with all of these. We are moving into the cloud now using Palo Alto, and we don't see any Issue adding this to FireMon.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Currently, we are using FireMon to catalogue our firewall policies, assign owners to rules, and audit those rules.
  • Policy Optimization - helping us remove shadow rules
  • Rule analysis for gaps in security
  • Unused rule identification
  • Bugs, Bugs, Bugs, Bugs, Bugs
  • Upgrades are often problematic.
  • Sometimes what the reports show isn't what's in the database.
Firewall rule analysis, removing shadow rules, finding gaps in policies are all great areas for FireMon use. We have limited use of FireMon in our organization because we don't have a good understanding of the product and its capabilities (outside of one or two individuals). It would be good for FireMon to look at our setup and advise us on what we can use it for.
Easily understanding how many firewalls, routers, switches, etc. can be used from a hardware/CPU/memory perspective has been challenging. The real reason I gave the "8" is because of all the bugs in the systems that we encounter when we upgrade. It's guaranteed we run into a minimum of two to three bugs immediately after upgrading.
We have not used that to my knowledge yet. But, I know it's coming.
July 28, 2020

A Review of FireMon

Score 9 out of 10
Vetted Review
Verified User
Review Source
FireMon is used for firewall governance, including the creation of reports to satisfy PCI requirements, to identify and prioritize remediation of overly permissive rules and rulesets, and as the principal platform for performing firewall policy audits against internal standards.
  • PCI Reporting - After identifying which firewalls and rulesets are in scope, producing a report artifact to satisfy PCI requirements on Firewall reviews is literally a two-click operation.
  • Storing Rule Metadata - FireMon stores metadata (prefilled fields, standard fields, and custom fields) for each rule in each policy which is valuable for context during firewall reviews in particular
  • API - FireMon exposes most if not all of its functionality via REST API
  • FireMon does not yet support URL filtering (the identification of or implementation of) for Palo Alto firewalls
  • Direct integration with other systems takes place through workflows, which are not documented (the intent I believe is Pro Services should be engaged in order to do integrations, e.g. with ServiceNow).
I would strongly recommend FireMon for any IT/Security department that must maintain and support multiple firewall platforms. FireMon's ability to create a unified interface to view, audit, and even implement rules in a vendor-agnostic manner is excellent.

If PCI audits are an issue, and providing firewall reports for PCI is difficult, FireMon solves this immediately out of the box.

If a business is entirely using a single firewall platform, FireMon still provides benefits, but the recommendation would not be quite as strong depending on the capabilities of the native management platform.
With a distributed architecture available for larger deployments, FireMon is excellent at scaling during or after implementation.
We do not use multiple vendors for cloud, so I cannot speak to this aspect.
Score 4 out of 10
Vetted Review
Verified User
Review Source
FireMon is being used within my team. It allows us to view all of our rules in one console and run queries against those rules.
  • Runs queries against existing rules.
  • Requires a lot of care and feeding, often our log collector disconnects and must be reconnected.
  • Service Packs are required to be added/updated much too often.
  • Whenever we make any changes in our firewall environment, FireMon takes a ton of time to get working properly again.
  • The canned queries are lacking, more should be added and improved.
If the information is in FireMon, I can run an unused rule report which helps with rule cleanup.
FireMon isn't an intuitive tool and wouldn't be much use across departments outside of IT.
FireMon doesn't seem to work well with CheckPoint so maybe they should focus more on a specific vendor to be sure the tool works well with one vendor before moving to the next.
Score 10 out of 10
Vetted Review
Verified User
Review Source
FireMon is used in conjunction between the Network and Security team for security purposes like evaluating current security posture of the firewalls as far as rules and configurations in place. We are aiming to use it to automate yearly recurring review activities by our teams and to facilitate the amount of time it takes to complete them.
  • Rule review.
  • Best practice guidelines review.
  • Configuration review.
  • CIS benchmark integration would be great.
  • The reporting inside the platform is great, but the exported versions could be improved to facilitate reading and get a high summary executive view.
It is a nice monitor tool, don't expect anything more. Organisation processes are needed around its integration to enhance its use. Everything related to firewall optimization and cleanup is nicely done by FireMon, the solutions are also well presented and easy to implement. The reports are great, but it still require human interaction to fix things, don't expect the process to be automated.
We only use FireMon for on-premise purposes at the moment. I'm not aware of any initiative to take it to another level, but if there's an opportunity we're aware the solution is well suited for all our needs, regardless of the environment where it is implemented and in which it is operating.
Score 7 out of 10
Vetted Review
Verified User
Review Source
FireMon Policy Planner (version 7) is currently being used as our firewall request system across the IT organization. This allows us to have a central location for managing and tracking all firewall change requests. The workflow allows tickets to proceed through various levels of approval prior to implementation. Maintaining audit records of firewall changes is a business requirement, FireMon Security Manager (versions 7 and 8) is currently being used by our security team to satisfy audit requirements through compliance assessments and reports.
  • Version 8 addressed some shortcomings of the previous version regarding response time and administration capabilities. Reports are generated quickly and there are more customization options for administrators.
  • New dashboards provide a quick overview that is much more informative than the previous version.
  • The enterprise view is a nice way to view devices across the organization at a glance.
  • The search functionality is much improved in version 8 and allows you to search across all devices if you so choose. It is quick and has a query syntax builder that is a vast improvement over searching capabilities in version 7.
  • Creating custom controls is much better in the newer version. The syntax helper will build the correct query for you.
  • When they moved from version 7 to version 8 there were some areas that seemed neglected. The generated reports did not always render properly when viewed as a PDF, though they looked fine in HTML. Another lost function was reporting usage on NAT rules in firewalls.
  • The scheduling function for reports/assessments is not the easiest thing to find or administer. It would be nice to be able to schedule reports directly from the Security Manager without having to go to Administration.
  • I would like to see customizable reports. Right now you must create custom controls and add them to custom assessments.
  • The GUI does not always maintain your filters or settings if you drill down into an object and then return.
  • There are not always enough search filter options and they are sometimes hard to view.
  • Some reports are not very useful. It would be nice to see those re-evaluated or re-worked into a usable report.
I have found FireMon very useful for auditing, reporting, and compliance purposes. It has become a quick resource for firewall policy information across the organizational footprint. Some of the reports, particularly those with recommendations, ought to be taken with a grain of salt as the recommendations do not account for rule/object utilization or business requirements.
The current environment has not been scaled out, but replacing a data collector was relatively straightforward. I imagine it would be similar when scaling the environment to include more data collectors.
Score 8 out of 10
Vetted Review
Verified User
Review Source
FireMon is used for tracking and reviewing firewall rules on a regular basis. It is used to save an old process of manually tracking all of the firewall rules.
  • It can be customized in a lot of ways because you can write your own queries and assign them to controls.
  • When the system has proper resources, FireMon is quite reliable and quick to pull new firewall rules.
  • The user interfaces has a lot of options to use like revisions. It is helpful to look at revisions before and after changes to make sure everything went as planned. It also has some pie graphs that are good for showing in reports.
  • There needs to be functionality to roll back changes to FireMon, or save copies of firewall documentation that can be reverted back. There are some manual fields you can fill in for firewall rules in FireMon (things such as notes about audits of the rules, when they were last audited, etc). If they are removed, there is no way to re-add them. There also needs to be an option to copy documentation from one firewall to another in case you have to RMA a firewall. I have been advised that the development team is adding these features sometime in the next year, but it has bit us a few times.
  • I get the impression that the development team needs to give better documentation to the support team.
  • No root access to the box. This has caused some issues such as not being able to eject a CD rom from a VM and not being able to install a backup client requiring us to code a backup script in house. There used to be sudo access, but it was removed.
I put 6 because I like the product when it is working well, and the majority of the department likes the product. I will rate higher when they resolve the issues that I mentioned.

It has been a year since I reviewed this product. I feel like I can bump the review up to a 8 because a lot of features are being added to the product that make things such as search queries easier to perform. I still feel like the system administration piece of Firemon needs improvement.
Note - I bumped this to a 9/10 when it was originally a 6/10. This is because they added "datacollector groups" which resolves the issue that I was complaining about when I put the 6/10.
No comment. I do not enough use w/FireMon in the cloud yet to say.
The usability is fantastic for the user.

The usability for the system administrator could be improved.
Score 7 out of 10
Vetted Review
Verified User
Review Source
FireMon is being used for firewall optimization and activity monitoring. It also leverages the firewall operations management supporting daily operations and assisting the firewall security team focusing on the exact activities needed. Audit teams are getting the outputs of firewall operations. It’s an effective tool to be compliant with several regulations and determining which items/rules should be changed or modified to be compliant. Additional controls can be integrated throughout the firewall operations from the very beginning to the last degree. Overall solutions decrease the auditing of firewalls internally as well as externally. Hidden risks are visible through FireMon to the operation team as well as to information security and upper-level management.
  • Integration with different vendors
  • Enrichment capabilities
  • Risk analyzer
  • Global dashboard
  • Reporting features
  • GUI is somewhat cumbersome for the beginners
  • Policy planner has a lack of customization. The templates are very strict.
  • Again for the beginners, it has its own custom language and familiarization takes time.
  • Planning and deployment guide is lacking.
  • Local support should be improved or additional support options could be offered.
For a scenario with multiple firewall/security vendors with lots of devices in the company, FireMon is the perfect solution. However, in the case of having only a few devices, it’s somewhat pricey for an initial investment and in the ongoing operational costs. In the case of regulatory and compliance requirements, FireMon is very effective. If you have time to dig into software for firewall management, this product is perfect. But if you don’t have time or work with limited resources, I advise you to check the other convenient products.
It's highly scalable, multiple collectors can be set up and integrated with different vendors. With solid hardware incredible EPS rates can be achieved. Customization for device monitoring options is the key point for high EPS rates. Smart and dedicated monitoring of FireMon data collectors is a major advantage in scalability.
It's a very solid product in private networks and can also be used in public clouds. It's also effective for hybrid cloud deployments. The same security posture that aligns with private deployment can be set at the public cloud. Even if you deploy the same firewall vendors (checkpoint, Paloalto, etc.) to the cloud you get the same output. Within the usage of policy planner, you can apply the related rules wherever needed. We don’t see any difference between public or private cloud. Public cloud tags or security groups are also supported in the solution.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use FireMon Security Manager, not only for our internal FW administration but also as part of our Managed Services. More specifically, it's part of our offer for managed firewalls service. This allows us to include more task to offer in the service like periodically cleaning firewall policies and other complains repots, i.e PCI reports.
  • TFA reports - show very detailed information that allows the admin to replace a wide-open FW policy to one or several accurate and narrow FW policies.
  • Change reports - In a very simple way, shows clearly who made what change and when. Also, it's able to highlight changes made between not consecutive configurations.
  • Dashboards - Allows us to drill-down in a simple and intuitive way, find the information needed in an investigation or any other search.
  • For TFA logging if we can have more options to run to choose, not only 1 day, 1 week, 1 month.
Well suited in firewalls with legacy configurations, for companies that are PCI compliant and need specific reports for internal/external audits, or for companies with co-administration.
Less appropriate for new network and security implementations.
I'd like a better way to increase the licenses in MSSP firewall model, to manage multi-tenancy in an easy way.
For our organization, it makes a lot of sense because our expertise is not across all firewall vendors. FireMon's tools allow the analysis of the different type of FW devices
Score 7 out of 10
Vetted Review
Verified User
Review Source
Currently, FireMon is used as an auditing tool to track all changes. Also, we use it for quarterly reviews to do rule cleanup on firewall rules. It is only being used by our IT Security Team for our firewall assets. This tool is required for record retention.
  • Tracking all changes that occur on assets.
  • Able to quickly identify duplicate or unused rules.
  • Automation and workflow.
  • Network maps have a lot of room for improvement
  • How FireMon is updated; not able to pull updates directly from the system.
FireMon is great when used with IT Security and Risk Management. It is a great tool to help quickly identify duplicate rules, rules that allow too much access, and rules that are rarely used.
It seems the scalability is pretty simple in a VM environment. However, if you have hardware appliances, you want to make sure it is futureproofed for any acquisitions or additional hardware that may come up.
Howard Wall | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
As the complexity of our environment has increased, we found it difficult to audit our firewalls and keep track of changes. Most importantly was the compliance aspect. Traditionally this has been done with a manual review, but as we have added firewalls and from different vendors, this had become a time-consuming process that was unsustainable. With FireMon we are able to continually audit our firewalls and flag any issues that would cause a problem with a security audit. The initial remediation was difficult, but we are now able to quickly identify any issues and get them remediated quickly. It also gives us the ability to supply reports to our auditors to address any questions they may have about the security of our network.
  • From Cisco to Palo Alto and AWS Security Groups, we are able to pull in all of this information into a centralized location. From the list of supported vendors, we feel like we are not limited to any one firewall vendor. This is very important to us as we are always looking into the best technology to support our ongoing growth.
  • The ability to create custom reports or to use the pre-built templates was a very nice feature for us, we want to make sure that our baseline is in line with the compliance standards we are audited against and go the extra mile in some cases to make sure that we are always safe. We are always confident that we are compliant across the organization with the reporting that FireMon provides.
  • As we have matured as a company we have adopted a security first policy when it comes to firewall rules. In the past firewall rules were approved and implemented without much thought given to process and tracking. With Policy Planner we are able to track those changes pre-implementation and post implementation to ensure that no changes are made without authorization and they are correctly implemented.
  • Upgrades almost always require support intervention if you're going more than a few releases newer, and even then the upgrade process could use improving. Luckily it really doesn't have to be done often if you're happy with your implementation. For us, the only reason to upgrade would be to address security with the product itself.
  • It can be a little overwhelming the first time you start to get reporting, especially if the environment has been around awhile. We had difficulty at first because we were overwhelmed by the amount of information we were seeing and we needed pro services to train our staff to use FireMon effectively. We found that even with this assistance it still took time before we were able to wrap our heads around getting everything remediated.
  • Some of the built-in templates for things such as PCI remediation are locked from changes and prevented from duplicating, we had to make our own using those standards so that we could begin reporting with it. This took a little time to do and we feel that we should be able to work with it out of the box. It wasn't a big problem but something to look out for.
You might be able to get away without using a solution like this in a smaller environment, but as you grow you will find it far more difficult to go back and remediate as we did. FireMon is best suited for an environment that has strict requirements for reporting and auditing, such as the financial sector, but really wouldn't be suitable for a small office or an industry that does not have these requirements.
It has some hefty requirements for system specs, but that's due to the firewall logging. You can have multiple nodes to distribute the load and grow as you need. We found that our initial setup went beyond what we initially needed, but we were able to see the increasing load and plan accordingly to add resources and nodes to handle the additional firewalls.
We required the ability to manage firewalls from any vendor or cloud provider, as we did not want to become dependent on any one firewall solution. It was also important because we would be using FireMon for a very long time and we did not want to change solutions for monitoring and compliance. FireMon has been great in that aspect and we are now able to automatically add new firewalls to FireMon as they are deployed to the environment.
Score 8 out of 10
Vetted Review
Verified User
Review Source
FireMon is being leveraged across several IT Departments, including IT Security, Risk Management, Engineering, and Architecture teams. For us, it helps across many of our business models. We are in a highly regulated industry, SOX, MICS (gaming), and PCI, to name a few. For security best practices, we leverage integrated reports to help identify unused rules and objects. From an engineering and architectural approach, we leverage anything from policy creation and optimization, to ping path analysts to make sure the correct firewalls and policies are submitted the first time. With close to 100 firewalls, this helps streamline the process.
  • Built-in compliance and security reporting - By scheduling reports, we automate the information gathered and get it to the correct department for remediation, freeing up resources for other tasks.
  • Ping Path Analysts - this plays a big help in our environment. With over 300 IT personnel, communication is sometimes lost. Changes to architecture happen frequently with our dynamic and worldwide presence, including cloud. It is important to get it right the first time, in a secure and efficient manner.
  • Security Manager - Organization, optimization, and metrics that can easily be tracked and help make future decisions on the appropriate coarse of action. For example, I've taken multiple firewalls which had high CPU and memory utilization, reprioritized the policies, and cut those metrics in half.
  • Licensing is a nightmare - Depending on the 'size' of your firewall, there are different scu's. There are also costs associated with adding router/switches, as well as centralized management.
  • System status and health - while there are ways to display the metrics, you have to go to a different URL and to each appliance. It would be nice if the manager had a health check for all of the collectors associated with it on it dashboard.
  • MFA / SSO /SAML2.0 integration - It would be valuable to integrate the before mentioned integrations for secure access and flexibility.
I think the product is well suited for an environment with multiple, complex firewall deployments. Environments that are highly regulated and a have need for automation and reporting, would gain value. However, if you are a small company, or the deployment/environment is cookie cutter, then I don't think you would be able to justify the cost.... it's not cheap!
I've had some challenges keeping this system up with the volume of traffic being sent to the collectors. We've engaged the vendor, but still have on-going issues.
Yes, we have benefited from the multiple vendor, multiple environments quite well. Using tools such as ping path analysts, we can traverse multiple vendor and infrastructures, to gather information to correctly secure and create policy before ever touching a firewall or router. We can create accurate change control and execute right the first time. This is HUGE, as we are hybrid across multiple cloud vendors around the world to our properties.

What is FireMon?

FireMon, a network security policy management (NSPM) platform, is designed to bring visibility, control, and automation to enterprise cloud and hybrid network infrastructures.

  • To drive agility across hybrid networks, the headless orchestration API allows customers to integrate with any existing system or process including IT Service Management platforms like ServiceNow, Security Orchestration Automation and Response (SOAR) tools like Splunk Phantom and Palo Alto Cortex SOAR, and DevOps platforms like Red Hat Ansible and HashiCorp Terraform.
  • To drive security efficiency and eliminate misconfigurations caused by complexity and manual processes, the platform addresses inefficient rule creation and change processes, delivers risk assessment of change through pre-change simulation and provides policy change recommendation.
  • To meet scale and heterogeneity requirements, FireMon normalizes policy across thousands of firewalls, devices, and cloud security groups through a single interface.

The vendor states FireMon customers experience up to 90% improvements in network security policy efficiency while eliminating common misconfigurations which lead to breaches and compliance violations.

FireMon Features

  • Supported: KPI Dashboards: See your network at a glance with analysis, trending and key performance indicator widgets on a customizable dashboard.
  • Supported: Traffic Flow Analysis: Monitor network traffic behavior – down to the application level – to isolate overly permissive configurations.
  • Supported: Access Path Analysis: Trace every available access path across the network and visualize relationships between network devices to identify risk access points.
  • Supported: Network Mapping: Visualize and interact with highly complex network security environments or segmentations.
  • Supported: Change Detection & Reporting: Isolate, document and alert on every ongoing change implemented throughout your existing firewall policies.
  • Supported: Assessments & Controls: Define and employ unique security controls for customized, repeatable analysis and reporting on your firewall policies.

FireMon Videos

FireMon Agile NSPM
See Everything with FireMon
Integrate Anywhere with FireMon

FireMon Downloadables

FireMon Integrations

FireMon Competitors

FireMon Pricing

FireMon Customer Size Distribution

Small Businesses (1-50 employees)8%
Mid-Size Companies (51-500 employees)15%
Enterprises (more than 500 employees)77%

FireMon Technical Details

Deployment TypesOn-premise, SaaS
Operating SystemsWeb based browser UI
Mobile ApplicationNo
Supported CountriesAll countries except North Korea, Iran, Sudan, Syria and Cuba
Supported LanguagesEnglish

Frequently Asked Questions

What is FireMon's best feature?

Reviewers rate Support Rating highest, with a score of 7.7.

Who uses FireMon?

The most common users of FireMon are from Enterprises and the Financial Services industry.