Long time User. The value is worth it, despite challenges.
February 25, 2023

Long time User. The value is worth it, despite challenges.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Security Manager
  • Policy Optimizer
  • Policy Planner
  • Risk Analyzer

Overall Satisfaction with FireMon

We use FireMon Daily. It helps to organize and monitor Firewall policy Health, identify issues and act on them. It is great for rule cleanup and compliance checks. It generates data that can be given to management as well as auditors. Policy Optimizer as well as Custom Reports free up a lot of time that engineers can spend on more valuable tasks.

Pros

  • Hitcount Data and Integrity checks of Firewall Rules
  • Traffic Flow Analysis and Rule Usage Reports to help clean up overly permissive rules.
  • Easy way to check specific access allowed in a company across multiple vendors.
  • Automate reviews of Rules with Policy Optimizer tickets.

Cons

  • Focus on the 20% of the product that appears unpolished, such as Mapping and Risk Analyzer
  • Understand that certain changes might benefit compatibility with one vendor, but hurt compatibility with another
  • Add more support for more advanced features that vendors have to offer
  • Clean up deployment images, such as wasted disk space on directories not applicable to a server role
It is scalable in the fact that it supports a lot of vendors. Giving it a medium rating that I will share with a hypothetical example.

I feel that there are some scenarios where a large group of customers using one vendor (Palo for example), are demanding a change to improve their product. The change is made, but it is at the expense of the compatibility of another product (Cisco for example).
  • Saves hundreds of hours per year on research.
  • Improves security, as you can find insecure rules much easier with Severity ratings.
  • Cleaned up thousands of unused rules.
  • Use TFA and object usage to harden existing rules.

Do you think FireMon delivers good value for the price?

Not sure

Are you happy with FireMon's feature set?

Yes

Did FireMon live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of FireMon go as expected?

Yes

Would you buy FireMon again?

Yes

I recommend FireMon to consultants or companies needing improvement or monitoring of a rulebase, as if you are looking at 100s or 1000s of firewalls, it the single pane of glass allows you to get a picture rather quickly (especially if multivendor). Companies who must follow PCI, as their reports are exactly what PCI auditors are looking for. I would not recommend FireMon or its competitors to a company that has less than 10 firewalls (or vsyses), as I don't feel it would be worth it.

Comments

More Reviews of FireMon