1. Home
  2. Network Security Software
  3. FireMon Reviews
  4. User Review of FireMon
Cost effective and operationaly acceptable for basic operations
Updated February 24, 2023

Cost effective and operationaly acceptable for basic operations

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Modules Used

  • Security Manager
  • Policy Optimizer
  • Policy Planner
  • Risk Analyzer

Overall Satisfaction with FireMon

We use it to get an analysis of our firewall policies and get some recommendations on what policies have not been used for a long time and can be removed, policy re-ordering, optimization, and risks over risky protocols being allowed in policies like telnet or FTP. We use it to push policy automation changes, This enables a zero-touch framework to implement policy changes.
  • Policy overview and optimisation suggestions
  • Risk analysis over wide open policies, risky ports open on policies
  • Zero-touch automation for policies
  • Using with in house ticketing solution to make a framework for policy change approval.
  • The firemon had have some issues after almost every update. They need to improve on that.
  • Cisco is one of the products that has best support, The scope of other products can be improved.
  • Automation of policie implementation breaks very often
Once provisioned the size of VMs cannot be changed, This is something that we heard they are working on. I haven't heard about a solution to this as of now. A number of collectors can be deployed without a need for extra licenses of you have remote firewalls.
  • We are using this as a migration our our legacy policy manager solution.
  • The support with our in house ticketing solution and approval process has made it easier.
  • The admins have to do many sessions with support to resolve the issues. Most break cannot be fixed by users themselves.
We have a hybrid environment in our organization, we are using the Firemon solution for both our on-prem and cloud firewalls. The collectors have been deployed in both environments to collect from the firewalls.
The above statement is absolutely true. Firemon does present the ability to be customized and work with most existing ticketing solutions to incorporate the approval process and identify the in-path firewalls and push relevant policies while maintaining an audit trail.
Firemon does offer most PCI ISO audit compliance results as a report on the analysis for different firewalls. It tags risks based on the compliance model and offers solutions to remdiate the same. Not all of these can be achieved via the zero-touch automation though.
The zero-touch policy automation does minimize the risks of mistakes over policies being pushed on the firewalls. It selects the right firewalls that fall in path and push only what is needed.

Do you think FireMon delivers good value for the price?

Yes

Are you happy with FireMon's feature set?

Yes

Did FireMon live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of FireMon go as expected?

Yes

Would you buy FireMon again?

Yes

AlgoSec and Tufin both are good tools but the cost involved for what they offer as services led us to go with Firemon.
Firemon is a more budget option one can look up if they are looking to manage something like cisco, Paloalto, checkpoint or FortiGate. It is not that great with another brand of firewalls like NSX or other ones that are not that much out there.

Using FireMon

20 - We use firemon for policy analysis, tuning, and cleanup.
We are using it to analyze the traffic for our ASAs and fortigates.
We also use the security module for compliance scans and auditing.
We are working on implementation of policy automation and integration of firemon with our remedy and service now.
20 - We have an in-house operations team to manage the operations of all our firewalls. These people have network routing and network firewall skills. They have skills in firewall policy creation, dynamic routing protocols, NAT, PAT, IPSEC tunnels, GRE tunnels and Next generation firewall features like IPS, DNSSEC and Web application firewall.
  • Policy tuning and ananlysis.
  • Security compliances.
  • Audit trailing.
  • Tagging and adding description to rules.
  • We are integrating with Gitlab and remedy for automating policy creation tickets.
  • We have created customized compliances standards to scan firewalls and policies
  • We are creating change reports being sent to soc to analyze the policy or configuration changes.
  • Create compliance scans as per soc policies.
  • To analyze and manage aws security groups
  • To maintain zscaler internet access security policies and groups.
The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.

Evaluating FireMon and Competitors

  • Price
  • Product Usability
The product provided some good pricing competition to algosec and tufin. It also provided the policy analysis, automation and complaince requirements for this price segment
Yes, We would like to analyze algosec and tufin more.

FireMon Support

ProsCons
Support understands my problem
Support cares about my success
Less knowledgeable
Escalation required
Yes, we have enterprise support as we have a large number of firewalls being managed by firemon
Firemon helped us with complex collector deployment: Some collectors were on prem and some were on cloud. It took some help from the support team but they were of great help.