Firewall change reports help with audits and compliance.
Updated December 03, 2020
Firewall change reports help with audits and compliance.
Score 7 out of 10
Vetted Review
Verified User
Modules Used
- Security Manager
Overall Satisfaction with FireMon
We use FireMon for compliance purposes. We use it to generate reports whenever a change is made to the Firewall. We can see who pushed policy in Checkpoint, what Change# it is associated with, and what was actually done compared to what the change ticket stated.
- When working correctly, it generates reports for each firewall when a change is made.
- It is a great tool to audit Firewall rules, redundant rules, and changes made
- It doesn't always provide reports for when changes are made.
- It only shows who pushed policy in the reports, not who made the actual changes to the firewall.
- You can no longer drill down into reports at a granular level which back in Version 7 you were able to, which provided a great deal of information.
- Seems to have some issues communicating with Checkpoint retrieving all reports that are split between two data centers.
- When working correctly, it works well for audit purposes providing needed information for our auditors and compliance.
AlgoSec and Tufin both have initial issues during the POC stage, and FireMon even though with the changes they have made still works better and is more user friendly.
FireMon Feature Ratings
Evaluating FireMon and Competitors
- Product Features
- Product Usability
During the POC stage before buying the full product, make sure the product you are getting works with the Firewall solution you have, like Checkpoint.
FireMon Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
Not Sure
Yes - Issue with FireMon servers working in vSphere where RAM and CPU usage doesn't show spikes. The management station will lag out and not provide reports when policy is pushed in Checkpoint causing us to have to do fake installs to generate reports because the servers resources capped out and lagged but the VM doesn't reflect this.
We had our rep visit us onsite to assist us in standing up a second data collector to work with our management station to help alleviate the work load the management station was under as we have the management station in one data center and have two data centers. The second data collector was configured in our second data center.