FireMon: Igniting Innovation, Guarding Security.
We currently use the security manager modules to clean and fine-tune our set of policies centrally. We additionally use a policy planner …
Overview
What is FireMon?
FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is FireMon?
FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments. Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the…
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.firemon.com/request-a…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
24 people also want pricing
Alternatives Pricing
What is ManageEngine ADAudit Plus?
ADAudit Plus offers real-time monitoring, user and entity behaviour analytics, and change audit reports that helps users keep AD and IT infrastructure secure and compliant.Track all changes to Windows AD objects including users, groups, computers, GPOs, and OUs.Achieve hybrid AD monitoring with a…
What is Speedify VPN?
Speedify is a new kind of bonding VPN designed from the ground up for speed, security, and reliability. The vendor says Speedify's bonding protocol lets it do things no other VPN can: switching between Wi-Fi and Cellular without breaking sockets, and bonding connections together for speed…
Product Details
- About
- Integrations
- Competitors
- Tech Details
- Downloadables
- FAQs
What is FireMon?
FireMon is a real-time security policy management solution built for today’s complex multi-vendor, enterprise environments.
Supporting the latest firewall and policy enforcement technologies spanning on-premises networks to the cloud, FireMon delivers visibility and control across the entire IT landscape to automate policy changes, meet compliance standards, to minimize policy-related risk.
Since creating their policy management solution in 2004, FireMon states they've helped more than 1,700 enterprises in nearly 70 countries secure their networks.
FireMon provides solutions that extend and integrate policy management with today’s latest technologies including SD-WAN, SASE, XDR, and SOAR.
The vendor states FireMon customers experience up to 90% improvements in network security policy efficiency while eliminating common misconfigurations which lead to breaches and compliance violations.
FireMon Features
- Supported: KPI Dashboards: See the network at a glance with analysis, trending and key performance indicator widgets on a customizable dashboard.
- Supported: Traffic Flow Analysis: Monitor network traffic behavior – down to the application level – to isolate overly permissive configurations.
- Supported: Access Path Analysis: Trace every available access path across the network and visualize relationships between network devices to identify risk access points.
- Supported: Network Mapping: Visualize and interact with highly complex network security environments or segmentations.
- Supported: Change Detection & Reporting: Isolate, document and alert on every ongoing change implemented throughout an existing firewall policies.
- Supported: Assessments & Controls: Define and employ unique security controls for customized, repeatable analysis and reporting on firewall policies.
FireMon Videos
Improve Security Operations. Improve Security Outcomes.
FireMon: Enforce Compliance
FireMon: Manage Change
FireMon Integrations
- Palo Alto Networks Next-Generation Firewalls - PA Series
- Palo Alto Networks Advanced URL Filtering
- Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
- VMware NSX
- VMware ESXi
- Check Point Quantum Security Gateway Next Generation Firewall
- Check Point Quantum Smart-1 Security Management
- AhnLab TrusGuard
- Check Point FireWall-1 / SmartCenter / VPN-1 Edge including VSX
- Cisco ASA / PIX / FWSM / ASA Context
- Dell SonicWall
- F5 AFM
- Fortinet Fortigate / VDOM
- Huawei USG / Eduemon
- Hillstone SG-6000 series
- IBM Proventia MFS
- Juniper Netscreen / SRX / ScreenOS / VSYS
- Secui NXG / MF2
- Stonesoft Management Center and detected firewalls
- Topsec Firewall
- WeGuardia FW
FireMon Competitors
FireMon Technical Details
| Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Web based browser UI |
| Mobile Application | No |
| Supported Countries | All countries except North Korea, Iran, Sudan, Syria and Cuba |
| Supported Languages | English |
FireMon Downloadables
Frequently Asked Questions
Reviewers rate Support Rating highest, with a score of 7.7.
The most common users of FireMon are from Enterprises (1,001+ employees).
FireMon Customer Size Distribution
| Consumers | 0% |
|---|---|
| Small Businesses (1-50 employees) | 8% |
| Mid-Size Companies (51-500 employees) | 15% |
| Enterprises (more than 500 employees) | 77% |
Comparisons
Compare with
Reviews and Ratings
(113)Attribute Ratings
Reviews
(26-50 of 69)Companies can't remove reviews or game the system. Here's why
December 03, 2020
Firewall change reports help with audits and compliance.
- When working correctly, it generates reports for each firewall when a change is made.
- It is a great tool to audit Firewall rules, redundant rules, and changes made
- It doesn't always provide reports for when changes are made.
- It only shows who pushed policy in the reports, not who made the actual changes to the firewall.
- You can no longer drill down into reports at a granular level which back in Version 7 you were able to, which provided a great deal of information.
- Seems to have some issues communicating with Checkpoint retrieving all reports that are split between two data centers.
October 16, 2020
FireMon: Great Product
- Lets you know what is unused so you can lock it down
- Improves the process of review rules
- Open up knowledge base on Google, to make searching easier with better results
October 15, 2020
Not the best in a CheckPoint environment
- Runs queries against existing rules.
- Requires a lot of care and feeding, often our log collector disconnects and must be reconnected.
- Service Packs are required to be added/updated much too often.
- Whenever we make any changes in our firewall environment, FireMon takes a ton of time to get working properly again.
- The canned queries are lacking, more should be added and improved.
October 15, 2020
The honest FireMon review
- Rule review.
- Best practice guidelines review.
- Configuration review.
- CIS benchmark integration would be great.
- The reporting inside the platform is great, but the exported versions could be improved to facilitate reading and get a high summary executive view.
August 03, 2020
FireMon Review
- Correlate large rule sets and uncountable objects into a human usable format
- Allows you to pick a supplied compliance assessment and allows you to create a custom one to fulfill your needs
- Gives you an Enterprise dashboard with percentages that you can drill down to the devices--as the rules are constantly changing to fit business needs this helps reduce security flaws a human will miss.
- It centers on policy, compliance, and change--the three areas we all need help in.
- Setting up a new compliance assessment or modifying an existing one
July 28, 2020
A Review of FireMon
- PCI Reporting - After identifying which firewalls and rulesets are in scope, producing a report artifact to satisfy PCI requirements on Firewall reviews is literally a two-click operation.
- Storing Rule Metadata - FireMon stores metadata (prefilled fields, standard fields, and custom fields) for each rule in each policy which is valuable for context during firewall reviews in particular
- API - FireMon exposes most if not all of its functionality via REST API
- FireMon does not yet support URL filtering (the identification of or implementation of) for Palo Alto firewalls
- Direct integration with other systems takes place through workflows, which are not documented (the intent I believe is Pro Services should be engaged in order to do integrations, e.g. with ServiceNow).
July 27, 2020
FireMon, but without bugs
- Policy Optimization - helping us remove shadow rules
- Rule analysis for gaps in security
- Unused rule identification
- Bugs, Bugs, Bugs, Bugs, Bugs
- Upgrades are often problematic.
- Sometimes what the reports show isn't what's in the database.
July 24, 2020
One more step in protecting firewalls
- It can be customized in a lot of ways because you can write your own queries and assign them to controls.
- When the system has proper resources, FireMon is quite reliable and quick to pull new firewall rules.
- The user interfaces has a lot of options to use like revisions. It is helpful to look at revisions before and after changes to make sure everything went as planned. It also has some pie graphs that are good for showing in reports.
- There needs to be functionality to roll back changes to FireMon, or save copies of firewall documentation that can be reverted back. There are some manual fields you can fill in for firewall rules in FireMon (things such as notes about audits of the rules, when they were last audited, etc). If they are removed, there is no way to re-add them. There also needs to be an option to copy documentation from one firewall to another in case you have to RMA a firewall. I have been advised that the development team is adding these features sometime in the next year, but it has bit us a few times.
- I get the impression that the development team needs to give better documentation to the support team.
- No root access to the box. This has caused some issues such as not being able to eject a CD rom from a VM and not being able to install a backup client requiring us to code a backup script in house. There used to be sudo access, but it was removed.
- Integration with different vendors
- Enrichment capabilities
- Risk analyzer
- Global dashboard
- Reporting features
- GUI is somewhat cumbersome for the beginners
- Policy planner has a lack of customization. The templates are very strict.
- Again for the beginners, it has its own custom language and familiarization takes time.
- Planning and deployment guide is lacking.
- Local support should be improved or additional support options could be offered.
July 03, 2020
FireMon provides a nice view
- FireMon provides a live view in to firewalls across the enterprise in a single tool.
- Policy Planner is customizable, and can be fit to your company's workflow requirements, to include API for Service Now.
- FireMon provides policy testing capability, and traffic flow analysis, which is critical for timely troubleshooting.
- The FireMon interface has evolved from a desktop client to a browser-based portal, but added many layers to navigating commands. A simpler interface with most commands and functions one click deep (and all visible) would be more efficient for daily ops workflow.
- Policy test is great, but doesn't differentiate when a policy is a user-auth rule, so the result may show that policy is already in place, when it is actually not usable.
July 01, 2020
Secure through a glass of FireMon
- TFA reports - show very detailed information that allows the admin to replace a wide-open FW policy to one or several accurate and narrow FW policies.
- Change reports - In a very simple way, shows clearly who made what change and when. Also, it's able to highlight changes made between not consecutive configurations.
- Dashboards - Allows us to drill-down in a simple and intuitive way, find the information needed in an investigation or any other search.
- For TFA logging if we can have more options to run to choose, not only 1 day, 1 week, 1 month.
June 26, 2020
FireMon – Bringing the heat!!
- BU Reporting - Concerned about role segmentation? Want other business units to peek into how things are going on your devices but without having to give everyone under the sun admin credentials for those devices? FireMon accomplishes that for us. I'm able to take this solution to various business units and shop it around...and increase its ROI by getting additional processes or procedures built around its functionality.
- Remediation Reporting - A flexible interface allows for very granular information to be generated, exported, and manipulated. Want to export a list of expired rules, done. Rules that allow traffic but don't have logging enabled, done. Find a change that took place outside of your change window and identify who's manager to speak to - done.
- Support - Although this isn't a "Security Manager" specific example its worth emphasizing that with such a flexible and vestal tool there are multiple ways of doing things. Usually there is the way that I can find to fit my needs right now - but the support staff have been amazing as offering improvement suggestions for the way that I use the tool to accomplish the tasks I have to complete. Quick turnaround on tickets, and no micro-managing of prerequisites before offering a to schedule a webex or best guess first step.
- More granular documentation - A flexible tool is great, but with flexibility comes gaps in documentation. Nothing serious, but I have found myself asking questions to support on more than one occasion because I couldn't independently find the solution in the default documentation. "How can I generate a query that uses this argument rather than this one..." kinda stuff.
- More granular ability to "whitelist" specific rules - If security teams had perfect security, the business wouldn't be allowed to operate. That being the case there will always be compromises. Although I may care about a specific control as far as my environment is concerned, I will find myself with a laundry list of rules that will take an extended effort to clean up, or there is no good way around. Being able to acknowledge these and then circle back to them at regular intervals for review would be good - as opposed to having to make sure I filter those specific rules out of larger exports that I may dump into a ticket for remediation.
June 01, 2020
Firemon Security Manager v7/v8
- Version 8 addressed some shortcomings of the previous version regarding response time and administration capabilities. Reports are generated quickly and there are more customization options for administrators.
- New dashboards provide a quick overview that is much more informative than the previous version.
- The enterprise view is a nice way to view devices across the organization at a glance.
- The search functionality is much improved in version 8 and allows you to search across all devices if you so choose. It is quick and has a query syntax builder that is a vast improvement over searching capabilities in version 7.
- Creating custom controls is much better in the newer version. The syntax helper will build the correct query for you.
- When they moved from version 7 to version 8 there were some areas that seemed neglected. The generated reports did not always render properly when viewed as a PDF, though they looked fine in HTML. Another lost function was reporting usage on NAT rules in firewalls.
- The scheduling function for reports/assessments is not the easiest thing to find or administer. It would be nice to be able to schedule reports directly from the Security Manager without having to go to Administration.
- I would like to see customizable reports. Right now you must create custom controls and add them to custom assessments.
- The GUI does not always maintain your filters or settings if you drill down into an object and then return.
- There are not always enough search filter options and they are sometimes hard to view.
- Some reports are not very useful. It would be nice to see those re-evaluated or re-worked into a usable report.
May 18, 2020
FireMon - Great tool for a clean environment
- Tracking all changes that occur on assets.
- Able to quickly identify duplicate or unused rules.
- Automation and workflow.
- Network maps have a lot of room for improvement
- How FireMon is updated; not able to pull updates directly from the system.
October 18, 2019
I love FireMon
- Organized.
- Easy to use.
- It helps improve FWs.
- Trying to reset forgotten passwords was sometimes difficult, the timing with technical was sometimes hard, but they were always helpful and very nice.
April 13, 2019
FireMon consolidates well
- It finds unused or shadowed rules and shows them to you well.
- It makes auditing of baseline standards easy.
- Makes it easy to search across multiple firewalls.
- Makes it easy to see if traffic should get through the firewalls.
- Sometimes the search filter syntax doesn't make it easy to find what you are looking for. It uses its own syntax.
- Lacks the ability to go back in time and create a compliance report from older data.
April 10, 2019
Another Fire-something, but a good one!
- Customization of reporting is a nice feature. This is not available with other similar tools in the industry.
- Traffic Flow Analysis is widely used for looking at overly permissive rules.
- The dashboards are simple and enable us to do a presentation for non-technical audiences.
- The integration of firewalls is quite easy.
- Support is fast to respond and generally knowledgeable.
- The main area where FireMon will need improvement is a true knowledge base for customers and users. There is a lack of documentation and known facts. This means that as a user, the need for opening tickets for simple tasks is sometimes frustrating.
January 25, 2019
All in one firewall compliance and reporting that really works!
- From Cisco to Palo Alto and AWS Security Groups, we are able to pull in all of this information into a centralized location. From the list of supported vendors, we feel like we are not limited to any one firewall vendor. This is very important to us as we are always looking into the best technology to support our ongoing growth.
- The ability to create custom reports or to use the pre-built templates was a very nice feature for us, we want to make sure that our baseline is in line with the compliance standards we are audited against and go the extra mile in some cases to make sure that we are always safe. We are always confident that we are compliant across the organization with the reporting that FireMon provides.
- As we have matured as a company we have adopted a security first policy when it comes to firewall rules. In the past firewall rules were approved and implemented without much thought given to process and tracking. With Policy Planner we are able to track those changes pre-implementation and post implementation to ensure that no changes are made without authorization and they are correctly implemented.
- Upgrades almost always require support intervention if you're going more than a few releases newer, and even then the upgrade process could use improving. Luckily it really doesn't have to be done often if you're happy with your implementation. For us, the only reason to upgrade would be to address security with the product itself.
- It can be a little overwhelming the first time you start to get reporting, especially if the environment has been around awhile. We had difficulty at first because we were overwhelmed by the amount of information we were seeing and we needed pro services to train our staff to use FireMon effectively. We found that even with this assistance it still took time before we were able to wrap our heads around getting everything remediated.
- Some of the built-in templates for things such as PCI remediation are locked from changes and prevented from duplicating, we had to make our own using those standards so that we could begin reporting with it. This took a little time to do and we feel that we should be able to work with it out of the box. It wasn't a big problem but something to look out for.
January 24, 2019
FireMon is excellent, but review my comments
- Redundancy checks
- Cleaning rules
- Keep consistency on your firewalls
- Tracking problems
- Compliance check
- For redundant rules, adding source object group check
January 23, 2019
A Life with FireMon.
- Configuration changes, it can monitor and alerts any change on the firewall through email alerts.
- Optimised firewall rules , FireMon easily identify the unused firewall rules, duplicate rules, shadowed rules.
- Traffic Flow Analysis help a lot to further discover, tightening rules such as ANY rules configured on the firewall.
- Needs more supported devices and firewall supported vendors.
- Needs to push other add on modules to show the full capability of the FireMon Security Manager. eg policy planner, policy optimiser, risk analysis.
- Needs aggressive marketing in the Philippine Market. A lot of customers are not aware that there is a solution for firewall optimization and management.
- A lot of add on features are not introduced or not being used by the customer.
January 22, 2019
FireMon, great tools for managing cyber security devices!
- Automate validation of compliance feature saved us time for auditing. It will generate report so we can provide to auditor for further review.
- Traffic flow analysis is one of the feature we used on daily basis, especially when there is a new request for adding policy for a complex environment, this feature provided accurate information on which security device is passing the traffic.
- Firewall cleanup recommendations helped us to improve firewall efficiency and avoid unnecessary changes. We scheduled to using this feature every 6 months to clean up zero hit rules and firewalls performance have been improved since.
- We had an issue when FireMon takes a long time to process the logs from over a dozen chatty firewalls. I understand when there are huge data sending to FireMon it needs time to process it, but FireMon might need to optimize how the data is handled.
January 16, 2019
FireMon - Great Enterprise Tool
- Built-in compliance and security reporting - By scheduling reports, we automate the information gathered and get it to the correct department for remediation, freeing up resources for other tasks.
- Ping Path Analysts - this plays a big help in our environment. With over 300 IT personnel, communication is sometimes lost. Changes to architecture happen frequently with our dynamic and worldwide presence, including cloud. It is important to get it right the first time, in a secure and efficient manner.
- Security Manager - Organization, optimization, and metrics that can easily be tracked and help make future decisions on the appropriate coarse of action. For example, I've taken multiple firewalls which had high CPU and memory utilization, reprioritized the policies, and cut those metrics in half.
- Licensing is a nightmare - Depending on the 'size' of your firewall, there are different scu's. There are also costs associated with adding router/switches, as well as centralized management.
- System status and health - while there are ways to display the metrics, you have to go to a different URL and to each appliance. It would be nice if the manager had a health check for all of the collectors associated with it on it dashboard.
- MFA / SSO /SAML2.0 integration - It would be valuable to integrate the before mentioned integrations for secure access and flexibility.
January 16, 2018
Great tool for check and balances
- Notification of changes to firewalls
- Mapping capabilities
- Reporting on existing rules
- Help in firewall rules review
- Provide capability to view software defined networks (private cloud infrastructure)
January 08, 2018
FireMon - Worth it.
- Fast analysis of flaws in the rules set
- Dynamic mapping
- Normalize varied platforms into a standard appearance
- Quickly find unused rules and objects
- Useful canned reports
- While you can evaluate potential changes to firewall rules, you can not implement the rules from FireMon.
- The GUI is easy to navigate, but learning where to go for the useful features takes a little practice.
- While the base product has reports for analyzing vulnerabilities, a separate license is required to get the full benefit.
October 19, 2017
Streamlined Change Management procedures
- Streamlined change management procedures.
- Great automation capabilities.
- Built-in reporting capabilities.
- Extensibility (customizations).
- Perhaps the ability to add and customize dashboards (e.g. by power users) would be desirable.
- The workflows are still somewhat not that 'intuitive'.