Blind to what changes are being made in your network? FireMon is the answer!
Updated March 06, 2023

Blind to what changes are being made in your network? FireMon is the answer!

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Modules Used

  • Security Manager
  • Risk Analyzer

Overall Satisfaction with FireMon

FireMon is being used to provide detailed historical records of every change/revision made on every network appliance enterprise-wide. It provides instant visibility on what changed when issues arise. Considering outages and time to restoration are measured by duration, having a single pane of glass showing which firewall rule or ACL was updated is priceless. Without FireMon, we would go into every outage--both small and large--blind, trying to figure out where to start.
  • Tracking firewall rule changes.
  • Normalizing data so that it's easily understandable across different vendors and technologies.
  • Providing detailed or summary reports for the data you actually want.
  • It seems like their licensing model is constantly evolving.
  • Often, support will have to escalate cases to engineering.
  • Certifications are always geared to a particular version.
FireMon's licensing model appears to constantly evolve, which at times can be frustrating when sizing your environment for scalability. I've experienced a situation where our organization was licensed for a particular feature with FireMon version X but not licensed for it in version Y. This caused a good amount of confusion when the procurement team got involved.
  • Reduced complexity
  • Reduction in inactive firewall rules
  • Quicker times to restoration during outages knowing what changed
We created a default benchmark assessment for our firewalls based on vendor and have been using it for onboarding new hardware such as firewalls and switches. It has helped tremendously in ensuring that the hardware has the appropriate configurations such as security policies or dynamic update schedules before going into production. It has also allowed us to apply these same standards to our existing firewalls and switches that are owned by other network teams.
In today's PCI and/or SOX compliance world, having the visibility that FireMon provides is immeasurable. You can easily see which devices are causing a failed compliance control in detail. For example, FireMon will show you where there are any rules that are allowing more traffic than they should.
We recently had an issue where our SIEM stopped receiving all syslog data from several devices. Within minutes of using FireMon, we were able to easily pinpoint what changes were made and restore functionality. What complicated matters was that a proper change control was not submitted to document what was being changed.

Do you think FireMon delivers good value for the price?


Are you happy with FireMon's feature set?


Did FireMon live up to sales and marketing promises?


Did implementation of FireMon go as expected?


Would you buy FireMon again?


Both perform admirably with regards to providing that single pane of glass and visibility in a normalized view. They both provide great insight into where your organization stands in terms of compliance controls. In terms of upgrading and scalability, I would have to give the edge to Tufin.
Better suited for: Compiling a historical record of changes/revisions of network appliances. Understanding rule set complexity in terms of overlapping rules and redundancy. Understanding and viewing rule usage. Understanding network flow--how packets will traverse from this hop to the next. What compliance risks are present due to failed controls.

Using FireMon

20 - Al users of FireMon are either in IT Security or Network Services.
5 - All users that aid in the maintenance of our FireMon implementation are in the IT Security Engineering group.
  • Standardized security policy rule sets
  • Standardized configuration maintenance
  • Standardized logging and reporting
  • Visibility into our cloud environments
  • Prevent misconfigurations
  • Auditing
Once all the customization has been completed, the business is starting to see the return on investment. The visibility it provides into the network gear that is owned by other IT groups is immeasurable and has allowed us to apply standards across the board. The only thing I have concern with is their support documentation.

FireMon Reliability

FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.
I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.