One more step in protecting firewalls
Updated July 24, 2020
One more step in protecting firewalls
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Security Manager
- Policy Optimizer
Overall Satisfaction with FireMon
FireMon is used for tracking and reviewing firewall rules on a regular basis. It is used to save an old process of manually tracking all of the firewall rules.
- It can be customized in a lot of ways because you can write your own queries and assign them to controls.
- When the system has proper resources, FireMon is quite reliable and quick to pull new firewall rules.
- The user interfaces has a lot of options to use like revisions. It is helpful to look at revisions before and after changes to make sure everything went as planned. It also has some pie graphs that are good for showing in reports.
- There needs to be functionality to roll back changes to FireMon, or save copies of firewall documentation that can be reverted back. There are some manual fields you can fill in for firewall rules in FireMon (things such as notes about audits of the rules, when they were last audited, etc). If they are removed, there is no way to re-add them. There also needs to be an option to copy documentation from one firewall to another in case you have to RMA a firewall. I have been advised that the development team is adding these features sometime in the next year, but it has bit us a few times.
- I get the impression that the development team needs to give better documentation to the support team.
- No root access to the box. This has caused some issues such as not being able to eject a CD rom from a VM and not being able to install a backup client requiring us to code a backup script in house. There used to be sudo access, but it was removed.
- We had a couple of outages on our rule documentation due to changes in the FMOS code that caused the appliance to be down for a while which hurt our ROI.
- Not having to manually track all of the rules has freed up engineers for better things.
- Better auditing of firewall rules significantly decreases security risks to our environment because we are using FireMon to ensure everything is reviewed regularly.
FireMon Feature Ratings
FireMon Support
| Pros | Cons |
|---|---|
Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support cares about my success Quick Initial Response | Need to explain problems multiple times |
Yes - The bugs have been resolved in future releases. Sometimes it is difficult to get the developers to acknowledge the bug, and it feels like the lab testing falls onto the customer.
Note - I wrote that a while ago, and bug support seems to be improving.
Note - I wrote that a while ago, and bug support seems to be improving.
FireMon helped us create a script to copy data from one firewall to another.
Using FireMon
| Pros | Cons |
|---|---|
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient | None |
- The Revisions feature makes change orchestrations easier and I use it daily.
- Creating queries to automate and shorten tasks. For example, checking for certain applications or ports used on rules on perimeter security devices.
- Creating reports based on rule severity scores is very helpful and feels like a vulnerability scanner for firewall rules.
- The difficulty lies more on the administrator of FireMon itself than the user. The system can be very sensitive especially during upgrades.
- Search queries could be easier as far as directives and options to use in the search, but I keep seeing more and more granularity added with each release so I believe FireMon is aware of it and working on it.