FireMon Security Manager Reviews

The security policy manager: We run reports regularly for the customer to show unused tools and unused objects, and to clean up the firewall policy.

Our firewall policies - we work under the standard ITIL framework - and project managers are very good at adding rules to allow their projects to work. However, they're not so good at coming back when the project is finished or the solution has been terminated and cleaning up the rubbish. So, if we don't use this product, we end up with thousands and thousands and thousands of rules, most of which aren't used.

I basically came on board to do the upgrade, which I've done. So, in the old product, we were able to get things out of the CSV file format and that allows you to then manipulate it, but now it's PDF mainly. Beforehand, we were able to take it into CSV and manipulate it in Excel, but now we can't do that anymore. A revert back on this would be good.

Overall, the product seems pretty good, but the fact that we've taken the CSV out now, that seems to me to be like a step backwards. They should be adding functionality, not taking it away.

I only started using it literally about four months ago.

We haven't had any issues with stability yet. Well, we did during the upgrade, to be honest. So, when we did the upgrade, we had to get new versions written for us so that the upgrade worked. It didn't work just off the bat, but once we had that done, it worked fine.

We haven't had any issues with scalability as we're not using that many devices reporting to it, so we haven't had any problems with scalability at all.

I would rate technical support at around 7/10. I mean the reason for giving it a seven is the guy we spoke to over in Germany. He was quite good, but the problem was that it had to go back to the development team, which took a long time to get resolved.

So, basically what happened was, we raised a fault, we went through the upgrade with them and we were able to go to a particular version, as we were running a really old version; version six. We went to version seven but then stopped accessing the system. We then said to them, 'Well, how do we get to version eight?' The upgrade ping didn't seem to work. So they then had to go off and write us a new thing, but all that took months. Three months, four months and we were without access to that system for a long time.

I don't think we used anything beforehand.

I think there has been an evaluation, but I wasn't party to it.

I don't know what advice I would give to others. We are having a lot of problems with the licensing, to be honest. So, there's an issue with the UK and US date format.

When we renew our licenses, I don't know whether it's through our distributor or whatever, but they keep changing the format. In the American date format, you put the month first, then the date, then the year. In the UK we put the day first, then the month, then the year, and they keep flipping the dates over so we lose about three or four months on the licensing every time. We have to go back to our salesperson to get that fixed.

Also, when we did the upgrade, for some reason, we had enough licenses to start with but after the upgrade, we didn't. So, we didn't add any new devices, and we've got a thing in with the salesperson to find out why; what's changed there.

We only have security management. 

It was deployed on-prem. It used to be on the hardware, and there used to be an appliance, but we have switched to a virtual server. We are now on a VM.

It is a good product. Previously, we were using only spreadsheets to compare the usage, but now with FireMon, we are able to clean up or review the policies to some extent. It is still a work in progress, but we are at a good stage now.

Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that.

I have been using this solution for more than five years.

It has been stable until this year when we had three weeks of downtime. We had an issue with data collectors, and they couldn't figure out what the issue was. They were troubleshooting for more than two weeks. It was up and down. It was probably related to the hardware because since we have moved to the virtual machine, we haven't had that issue.

It is a capable solution. We are in the process of buying more licenses and adding more virtual machines. We started with 20 licenses, and now, we have more than 60 licenses.

Their support is nice. They are very good.

I am not aware of any previous solution.

I wasn't there when they installed it.

It is a very good product. I always tell others to have FireMon people come and give a demo. I encourage people to try it out. We only have security management, but it is really a good product. I have attended a couple of their webinars, and they have a lot more features for more usage and value. It is a capable product. If our company had sent us for training and we had got to know more about the product, it wouldn't have been so hard.

To a colleague at another company who says that firewall policy rule clean-up and management is important, but it is just not a priority compared to other more urgent items, I would say that it is very important. Sometimes, a firewall is created temporarily, and if you don't know, you will forget. So, the usage and hit count information is very important.

In terms of compliance reporting, we have set it up for compliance reports such as PCI, but we didn't use it that much. Similarly, in terms of identifying the risks in our environment, it does show the changes, but we aren't yet able to prioritize them.

It is helpful in automating firewall policy changes across large multi-vendor enterprise environments, but we only have two vendors. We were earlier using it only for the Cisco environment, and now, we are using it for Cisco and Palo Alto. We will probably use it for the core environment. Overall, it notifies you, but we are still not using it that much.

In terms of the clean-up of firewall rules in a large enterprise environment, it didn't affect us, and that's because we are not doing it in the right way. We probably need somebody to help us on that one because we gave them the report, but they haven't cleaned it up. For Panorama, they use their own reporting, and we have to correlate them. One thing about Panorama is that if you have a rule from 20 years ago, and somebody is still modifying it, it doesn't update the new person's name. It doesn't ask you to put any change number. I know FireMon is only pulling the data, and it is not pushing the data, but I wish that it was pulling the changed data. The last time when I talked to FireMon, they said that they are just pulling the data. They don't go and push any data. For that reason, we don't have that much data. So, we have a report, but we haven't used it much for clean-up. We should use it in the future more. We also haven't used it to create a lot of policies.

I would rate it a seven out of 10.

Policy test, access path analysis, and change reports.

Policy test and access path analysis tools in Security Manager enable me to find existing firewall policies quickly across the enterprise, troubleshoot, or to help choose the optimal path for proposed rules. Change reports on the device dashboard show us at a glance what was changed in a particular firewall config, by date, so we can easily troubleshoot problems with implementation.

It streamlined the firewall policy change management process by having all firewalls managed in one tool, and a workflow customized to our needs.

Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified.

4 years

No issues with stability.

No…we easily added a second data collector when needed.

Excellent.

Excellent--tech support engineers go above and beyond to answer questions and resolve issues.

We previously used separate database applications to route change requests for approval, and did not have a tool likeSecurity Managerwith visibility into all the firewall configs and activity.

Infrastructure was simple to set up, but custom workflow was complex, due to customer regulatory environment necessitating a lot of customization. FireMon Professional Services was able to accommodate, though.

In-house project management and equipment configuration; vendor install in the data centers; Firemon Professional Services for extensive custom workflow development.

Pricing model seems fair. Make sure to separate active versus inactive devices, and primary versus standby in HA pairs, as there is a significant cost savings for licensing; licenses on the applications are perpetual.

Customer evaluated other products, but chose FireMon due to its features and rating on Gartner.

Review your current operational requirements and processes well, and determine what can change, internally, to take full advantage of the standard FireMon processes.

The most valuable feature is security management because it allows us to look inside the firewall and see things that the firewall doesn't report. For some of the things the firewall applications lack, we're able to gain insight with the FireMon appliance, as well as having one platform that looks into different vendors of firewalls. That's really important for us.

For me, specifically, I use it for a lot of firewall migrations. We can see rule usage. On a project that I was on, we saw the rules on the migration. We pulled the rules out that weren't being used, and then we could take rules that were overlapping, join those together and make it more efficient.

One area with room for improvement for me is doing the updates. We have to download it from User Center and then put it unto the machine through FTP, or something like that. I would rather just go to the GUI and hit the Update button, and it goes out and gets the update itself. Because these files are large and sometimes the transfers don't go through, the only way that we're able to do it right now is through FTP. That means we have to have CLI access, which sometimes we don't really want to do. I'd rather just go to the update screen, hit Download the Update, and then be able to reboot it and have it go to all of the data collectors, and transfer that file over there automatically. Right now, it's a process and it takes a lot of time.

It's more complex as opposed to being user friendly. It also depends on your level of knowledge on what to do. Some people may not know to do it, and there are some commands in there. If you don't have support, if you haven't read the entire admin guide, you wouldn't know.

I have used it for eight years.

It crashed one time but that's because of a design issue on our part. It's not something that, I think, was on FireMon's part. We need to offload the storage, and our hard drives are filling up, so that causes problems with our servers, but as far as FireMon, I haven't really had a problem with FireMon crashing on its own.

The only scalability problem is having an offloaded log collector, because we do send a lot of logs. We have our own servers that do the log collection and we need to make backups of that. As far as that’s concerned, no, we haven't had any issues with scalability. We can expand much further than what we have.

We've had the FireMon product for eight years. I've only been directly involved with it for the past year. I generally don't call tech support, I usually contact my SE because we're still in the process of these huge migrations, so I talk to my SE a lot. I have contacted support once and they were very helpful, so I would probably rate it 9-10/10 because they know exactly what they're doing.

We did not previously use a different solution, that I know of. I’ve been with my current organization for almost three years and it's always been FireMon, so I don't know. I wasn't a part of that decision-making process.

At the end of last year, we reevaluated which products we wanted to continue going with based on budgets. We reviewed Skybox, Tufin, AlgoSec, and FireMon.

Don't be scared to contact the SE. My SE and I have a very good relationship and we bounce ideas off each other. Leverage your resources. It's not really a complex product to deploy.

Use the User Center. There's a lot of great info there and a lot of your questions can be answered in the User Center.

General recommendations: Make sure that the firewalls you have are supported. Make sure you know how many firewalls you have.

Go with the mindset of what you want to do; general project management-type stuff.

Everything's working fine. The only thing is the automated updates. I’m not giving it a perfect rating because of the usability of the updates. That's my biggest thing that they need to work on.

It's been working very well for us. We’ve got everything we need. We have several groups using it that like it.

We use Security Manager for firewall changes, monitoring, and audits. 

FireMon makes it much easier for us to track firewall changes and perform audits. It has made our compliance process more efficient. Before we implemented FireMon we had to go into each individual firewall and check the rules. Now, we pull a report, and that's it. 

We can monitor and implement changes across different firewall vendors. It lets us clean up our firewall rules regularly, which we do as part of our audit. It helps us save time managing firewall policies. We don't make changes to our firewall policies through FireMon, but we use it to track changes across various firewalls. It makes our internal processes more efficient and improves our visibility. 

It reduces risks. Better visibility and cross-vendor integration give us more control and context about potential changes. Having a product for monitoring critical changes is crucial for our security posture. 

I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement. That's useful for regular audits and monitoring some critical events we want to know about. We can configure alerts that notify us about policy changes. This is pretty beneficial for monitoring and helps us track changes in the projects. 

We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us.

We have used FireMon for about two and a half years. 

FireMon is more or less stable. We've had some issues with backups failing. 

I believe that FireMon is scalable. 

I rate FireMon support seven out of 10. It varies depending on who you get. We sometimes get a highly knowledgeable agent, but other times, it seems like we just go in circles. It sometimes takes them a while to understand what we want. 

FireMon professional services helped us during deployment, and it was relatively straightforward. Deployment took us around two months. 

FireMon is working on our project scope. We save some labor power on our side. 

I rate FireMon Security Manager eight out of 10. It has many more features than we use, but we have a limited scope. I think we could've done more had we used that momentum when we were implementing it. 

Even if you think having a firewall management solution isn't a priority, the FireMon can provide more visibility and make some tasks easier, faster, and more efficient.

The primary use case is for compliance and monitoring of firewall changes. This solution allows us to secure our firewalls.

It is the single place where we go to review all of our firewall changes. The solution makes it easier for us to track all the changes made. It is a central place where we can look at all the firewall rules, because we have three different firewall vendors. It saves us time and creates efficiencies by looking at the general picture. 

This solution has helped to clean up rules that had not been reviewed in several years. It is used for all of our firewall changes. At the moment, we are not looking to do more than use it for that.

This solution has helped to reduce our overall audit time. We are under PCI, so it was a requirement. We had to do something like this, and it just made it easier. The solution was prebuilt to do that, and we didn't have to build our own spreadsheet.

The most valuable feature is being able to review all the firewall changes in the Policy Planner, and then in the policy review feature.

This solution provide us with comprehensive visibility of all our devices in a hybrid network.

It is fairly straightforward to use.

We had a few minor issues with it. However, it's worked pretty well for us overall.

The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support.

It seems fairly scalable.

There are not a whole lot of users. It is mainly just my team. Every once in a while, one of my users will submit a request for it, but that doesn't happen very often. It is primarily just my team.

From what I have heard, the technical support is fairly good. However, I have not used them in a few years.

I didn't really have another solution that I was using before it.

We had it when I started here five years ago.

We had another guy who primarily worked on the setup because he actually used to work at FireMon. So, I haven't really done the setup on it in quite a few years.

The deployment was fairly straightforward.

We did the implementation in-house.

We have one guy, who previously worked for FireMon, managing the solution right now. 

We pay for it yearly.

We might have looked at Tufin.

It is fairly straightforward to use, and I haven't really had a whole lot of issues with it.

This solution provide us with end-to-end change automation for the entire rule lifecycle of firewalls. It does it from the request, then all the way through the approval cycle.

We really haven't done much with this solution’s cloud support automation for public cloud platforms. We are just doing on-premise.

Holistically, the product is well thought out. The normalization of the rule sets across different firewall platforms is all valuable to us. You can't really separate it out; for me, you can’t.

I can mention high-level stuff. Basically, it gives us visibility that we were lacking; having everything being able to be viewed in one pane of glass. Instead of having to go jumping all over the place into the different platforms, you can use the tool to get a single pane of glass view.

It's not a jack-of-all-trades product; it's very focused. It does what it does and it does it well. We use it that way. Basically, that's the reason we obtained it. That's what we use it for: to normalize the platforms all into one single view. A place for us to do our analysis, review of rules and things of that sort.

I can mention a ton of areas with room for improvement, but from a high-level standpoint, I just don't think version 8 was ready for prime time, yet. They're still working on it. There are still major swaths of the tool that need attention. To get into the details, I would have to engage my engineers.

We've had it in our portfolio since July of 2013.

We have not encountered any stability issues with the product itself. It's been easy to maintain, to upgrade and to do all of the support work for it. There hasn't been an issue with that at all.

We have not encountered any scalability issues. We haven't run into a limitation yet.

Any time we've engaged technical support for assistance, we've come away with a resolution, so the only thing that we've had difficulty with is programming or making fixes that require coding. That sometimes can take a little while.

Technical support is at least 8/10.

We did not previously use a different solution. This was the first firewall management platform that we've used, except for the built-in, out-of-the-box tool that came with the platform.

Initial setup was all pretty straightforward. You stand up your platform, get your database ready to go, and that all happens out of the box. Then, you start to populate it with your devices. It's all pretty straightforward.

Before choosing this product, we also evaluated Tufin and AlgoSec.

Just like any other IT product on the market today, everything is green grass and high tides. Everything is beautiful. During the sales process, it's all, "Oh, just do this, do that." It's a little more than that. It's a little more complex and a little more effort than just, plug it in and go.

I think that's the mistake of many of the sales teams; that they sell the ease of implementation. I think they should just be straight up and honest with the purchaser, saying, "Look, it's going to take some effort and you're going to have to understand your environment. You're going to have to understand the network flows. You're going to have to understand how your network is segmented, so you can properly implement the tool."

I think when they try to make it seem easier than it really is, then that's inviting problems.

FireMon is just better than average. It's better than average, but not quite stellar yet. They've got a little work to do to address some of the challenges that could be introduced perhaps by the customer and the way the customer has used the different platforms. They have to be able to account for that, and react to it in a timely manner; at least come up with some sort of usable solution in the meantime when they do encounter a problem.

The most valuable features are the FireMon reporting for change control as well as rule utilization.

It allows us to do utilization and cleaning of our policies. For your firewall, you have a series of rules and stuff that identify traffic, sort of whether or not the rules within your firewall policy are actually being used; what part of the rule is being used; whether or not it's identifying issues. You've got 1000 rules and only 900 are actually being used. About 100 of them are not.

We're now getting hit counts within Check Point that give us that information, but sometimes a rule says that it has been hit a lot even though it's not all the services within that rule. So it allows us to edit, modify and clean in order to remove anything that's not used.

I would say the most recent release caused us a lot of trouble as we couldn't get it working for a while, so we weren't getting the reports that we wanted, but it has improved. It's just very, very different. The most recent release level was dramatically different.

Maybe better videos or whatever could be included as to how to work with the updated product.

I believe it's going on about five years, maybe as much as six.

When we transferred from one release to the next, the most recent upgrade, the integration with Check Point gateways was very poor and so it was for almost a year that the product was unusable to us.

I think the scalability seems fine, although not all of our gateways are licensed so that in itself also caused some issues, because the product had to be more tuned to the fact that our environment doesn't utilize FireMon for all of its gateways.

I would say technical support is about 8/10. Some issues just weren't handled quickly enough, I guess.

We previously used an earlier release of FireMon and they had good success with that. In the newest release, we had a lot of problems. Prior to that, we really didn't have a tool to do that type of analysis for us. Although the most recent releases from Check Point have given us better analytics within our environment, FireMon has provided us with a better view into our environment. We didn't have anything prior to that.

I haven't really been involved much with the licensing. It seems fairly straightforward. Regarding the training after setup, I find the videos maybe could be a little bit better in respect to how to work with your FireMon product to get the best out of it; so maybe some better training videos on how to work with the product.

I believe the only other option I looked at was Check Point's reporting option and it was quite costly.

When using this product, you have to spend time understanding not only how it was installed but what information you can get from the product. The customization of reports, whether they can be automated or on demand. So just getting a better understanding of what you can get from the application is useful.