One more step in protecting firewalls
No photo available
April 13, 2019

One more step in protecting firewalls

Score 6 out of 101
Vetted Review
Verified User
Review Source

Modules Used

  • Security Manager
  • Policy Optimizer

Overall Satisfaction with FireMon

FireMon is used for tracking and reviewing firewall rules on a regular basis. It is used to save an old process of manually tracking all of the firewall rules.
  • It can be customized in a lot of ways because you can write your own queries and assign them to controls.
  • When the system has proper resources, FireMon is quite reliable and quick to pull new firewall rules.
  • The user interfaces has a lot of options to use like revisions. It is helpful to look at revisions before and after changes to make sure everything went as planned. It also has some pie graphs that are good for showing in reports.
  • There needs to be functionality to roll back changes to FireMon, or save copies of firewall documentation that can be reverted back. There are some manual fields you can fill in for firewall rules in FireMon (things such as notes about audits of the rules, when they were last audited, etc). If they are removed, there is no way to re-add them. There also needs to be an option to copy documentation from one firewall to another in case you have to RMA a firewall. I have been advised that the development team is adding these features sometime in the next year, but it has bit us a few times.
  • I get the impression that the development team needs to give better documentation to the support team.
  • No root access to the box. This has caused some issues such as not being able to eject a CD rom from a VM and not being able to install a backup client requiring us to code a backup script in house. There used to be sudo access, but it was removed.
You can add more data collectors to scale. One issue is that you cannot have multiple data collectors assigned to one device. For example, if you have some heavy hitting firewalls, you can't have two data collectors hooked up to them in a round robin fashion. I have been advised you can accomplish this with a load balancer in front of the data collectors, but I have not looked into it yet.
  • We had a couple of outages on our rule documentation due to changes in the FMOS code that caused the appliance to be down for a while which hurt our ROI.
  • Not having to manually track all of the rules has freed up engineers for better things.
  • Better auditing of firewall rules significantly decreases security risks to our environment because we are using FireMon to ensure everything is reviewed regularly.
There was a multi-week process of reviewing firewall rules multiple times per year in the past, and FireMon has eliminated that. It is also easier to provide documentation to auditors because it is a matter of logging into FireMon and doing a PDF export.
I put 6 because I like the product when it is working well, and the majority of the department likes the product. I will rate higher when they resolve the issues that I mentioned.

FireMon Feature Ratings

Policy planning and rule management
Not Rated
Automated Policy Orchestration
Not Rated
Device Discovery
Policy Compliance Auditing
Attack Path Simulation Testing
Not Rated
Anomalous Event or Behavior Deviation
Not Rated
Vulnerability Scans
Not Rated
Firewall Rule Cleanup