FireMon Security Manager Reviews

We act as a business partner for our clients. We're implementors. Each client has a different use case. 

The solution is very stable. We haven't found there are any issues with its reliability.

The product scales well. You can really expand it if you need to.

This product is very simple to use. In that sense, it's one of the best on the market.

The technical support is very good. They've always been helpful.

I personally have started using it recently, therefore it's hard to pinpoint if anything is lacking. I need more time with the product.

The cost of the solution is pretty expensive. It would be ideal if they could work on their pricing.

My company has been using the solution for around five years or so. It's been a while at this point.

The solution is very stable. We've found it to be reliable. It doesn't crash or freeze. It's not buggy or glitchy.

If a company needs to expand the solution they can. The product is very scalable. We've been satisfied with it.

We've currently applied for 20 users.

We occasionally need the assistance of technical support. We've always found them to be helpful and responsive. We're satisfied with the level of support we get.

The installation is pretty straightforward. It didn't take much time to install. It will take around 10 days of time to install in an environment similar to ours.

We have 30 people that deploy the solution to different organizations.

We're the deployment team. We implement this solution for clients.

The solution is expensive. It's not the cheapest option.

We've pre-paid for the license. We don't have to pay for it on a monthly basis.

We're using the latest version of the solution currently. 

I'd rate the solution ten out of ten. I've been very happy with the product overall. 

I'd recommend the solution as it's so easy to use. Clients are very happy with it.

Although we have a very mature infrastructure, one of the thorns that come with that maturity is developing policies and processes to support that infrastructure.

This solution assists us in our ability to review and validate firewall rule changes and implementations across a wide audience of users.

Here are some of the ways change management has improved our organization:

• Ensures that proper change controls were enforced.
• Engineers can check if a change was implemented properly.
• Compliance can easily monitor the environment for potential PCI concerns.
• We can heavily leverage the solution for firewall remediation.
• We can pull policy reports from various technologies.
• We can standardize those reports for analysis.
• When we make changes in our environment, we can run usage reports to gauge impact before we make permanent changes to our rules.

With fifteen years as a security administrator, I have used few solutions that are as polished as Security Manager. That being said, every solution has room for improvement.

I would like to see the ability to export reports to .xls. This would help me for the following reasons:

• It would allow for greater data manipulation.
• When I run a report, I have the option of saving or exporting that report as .html or .pdf. As someone who catalogs much of their work in .xls, it would be convenient if I were able to export a policy report to .xls.
• This would allow me to manipulate the data better.
• I would no longer need to copy and paste from the .html to .xls and clean up the information.

I used version 7 for several years. We have upgraded to version 8, and we have been using that version for the last three months.

There have been no stability issues so far.

There were absolutely no scalability issues.

Technical support has been amazing. I would give them a rating of 10/10, an A+, and I would buy from them again.

In this environment, there were no previous solutions.

I have used other solutions at previous jobs. However, this is a solution I would like to bring with me if I ever ended up elsewhere in the future.

The initial setup using VMs was rather straightforward. The use of VM images sped up the process greatly. Professional services added a great deal of value in optimizing the environment.

Much of this information is not applicable to me based on my relationship with the product.

That being said, the ROI for securing dedicated professional services (vendor support) is amazing. It is relatively inexpensive, very customizable, and is a great help when approaching projects with the solution.

Consider investing in the policy planner. Further integration with a ticketing solution is on our roadmap. I certainly wish it was something we pulled the trigger on years ago.

We use the forwarding capabilities because we don't have another way to report on the firewall. We use it for cleanup and also for our biannual firewall review. Pretty much that's the big reason that we use FireMon.

The time that it takes for us to do the review: Previous to FireMon, we would have to go through the firewall pretty much manually, every line. This took an incredible amount of time. With the FireMon product, we did notice a significant decrease in the time that it takes for us to do any type of review. Also, just a general report, if you have an inquiry throughout the year, without actually doing a full review, you can just go to FireMon and click a few buttons and it tells you what you need to know. There's no need to dig around and spend additional time. So, it's mainly time.

We've had issues with backups. We almost lost our database at one point. It would be nice to be able to back up the backup configuration to a network share or some other function. The only way that we know how to do it right now is to do a manual backup. Or the server backs itself up to itself, which is not helpful. If you lose the server, the backup that's stored on the server is also lost. So, it's not that helpful.

One thing that is missing is the ability to export the entire rule base of a firewall. Suppose we were going to be migrating to a different firewall. Not getting rid of FireMon, but moving to a different firewall; either a different vendor or a different model of a firewall. So instead of taking bad stuff, or maybe old stuff out of the current firewall and going to a new firewall and using the exact same configuration, we may want to export that information into an Excel spreadsheet or some other format, so that we could work with that data outside of FireMon. That would be really helpful. I've called FireMon, I've also played around trying to figure out if I could get it to work and I still didn't get it. Nobody knew how to get the info out of FireMon to work on it. Also, potentially the ability to import it back into the system and maybe get some sort of a diff report; a difference of the configuration from the system.

I have used FireMin for about four years.

We have an issue sometimes with the listener for logging. Sometimes the listeners, the ports, go down and the server has to be rebooted. It's very, very rare that that happens, but we have noticed that's really the only stability issue that we've had. The server application itself seems to be very, very stable. Even when the port goes down, the app stays up. It just has to be reset. That may be every three months or so we may notice that.

We have three major production firewalls pushing thousands of logs every hour to this one box. We have two boxes in both of our data centers but they push a lot of logs to these guys. We've never had any issues.

I would rate support a 4/5. I sort of get the feeling when I send an email that it's a little bit of a slow response time. There are things that we do need immediate attention on and sometimes when you call, they'll ask you to send an email in. That's sort of a backwards approach to technical support. If I've already got somebody on the phone, they should be able to take my information and proceed with handling the triage of the call. I shouldn't have to hang up the phone, write an email, and then wait for a telephone call back from them. I would rather see some sort of support model that has a better flow to it.

Previously, we did not have a different solution.

Setup was fairly straightforward. Our system is in a virtual environment. We pretty much turned logging on for the firewall, pointed it to the FireMon server, added the firewall to the FireMon server. Within seconds, there were tens of blocks being pushed over there. The reports pretty much created themselves. You just had to run them.

If someone asked me for advice, I would definitely say that it would help them, especially with being able to navigate through if you have a complex rule set. I would definitely suggest FireMon. It's been extremely helpful for us to have. Even though they're missing a few functions, it's still workable from our standpoint.

Being able to export to Excel isn't a huge turnoff. It's a nice feature to have but I would definitely suggest purchasing FireMon. Especially if you have a large environment where you're trying to trim down your rule base, you're trying to optimize your firewall, or you're just trying to find stuff that's sort of lost in your configuration.

Also change management: I believe it's a PCI requirement. We use FireMon as well for notifications and that's helped satisfy a PCI. I don't have anything in front of me that shows me all the requirements but I believe a review of rules that are changed is part of that requirement, so they help fulfill that, too.

The Security Manager is the most valuable feature.

It helps us eliminate rules that are not needed on the firewall and to consolidate them. It saves us a lot of time and makes my work easier.

Make writing the reports easier. There's a lot of canned reports and if you want to write a specific report that you're interested in looking at, it's rather hard because I'm not a programmer. I don't know all the programming languages needed to do that. I can look at what reports exist and try to take that and kind of change it to something that I want to see and it doesn't always work. It's not real easy to do.

I have been using FireMon for about six months.

It's been pretty stable.

I have not had any scalability problems at all.

We have called them and they've always been really helpful. They've resolved our issue in a timely manner. I would rate them a 4/5.

We didn't have any other solution. This is the first of its kind.

Setup was straightforward. The instructions were really simple. We put in the basic information and then they scheduled some time with us to go through the setup and walk us through each one of the screens, what they do, what to look for and things like that. They kind of gave a little bit of a training class or training session.

They set a round of what we wanted to see. They didn't just come in and say, "Here's how it works", because different companies are different. Different companies want to use it in different ways, so they found out what we wanted and helped us set the training up to look at things that we want to be able to use it for. That was nice.

We didn't evaluate any other products.

I think it's a good product. It's very stable. It's quick and it's easy to learn. It's easy to run reports. There are a lot of reports that you can run. That helps the management of your firewall.

The instant and complete network graphical view it provides is amazing. Alerts give you complete control of firewall changes, its amazing for compliance and security policy validation. Rule comparison and filters are an easy way to check if you policy is concise and clean, giving your firewall the best performance and readability.

We managed around 70 different firewalls in more than 25 countries all over the world. The firewalls were from different vendors such as Palo Alto, Checkpoint, Cisco, Juniper, etc. FireMon helped to decrease the workload on risk analysis and also firewall rulebase review time by 50%, at least due to its very elaborate and easy to use filters.

It’s been a constant need not only to analyze firewall rules and configurations but also implement them, for which FireMon has no support. Also some of the firewall analysis involve weak password policy, FireMon could implement a way to send firewall hashes, when they exist, to third party cracking softwares.

I used this solution for about three years in my previous job. I primarily used the Policy Planner and Policy Optimizer modules.

The deployment was already easy for v7.0, the upgrade to v8.0 is even easier.

We had no issues with the performance.

It's been able to scale for our needs.

I would rate it 8/10. The only reason I don’t rate it 10/10 is because of the response time which, for us, sometimes took a little bit longer then expected. Customer service and technical support is very good.

The initial setup was very easy and straightforward and we had no problems implementing it.

It was initially implemented by a vendor team, but the implementation could easily be done in house.

FireMon is not a cheap solution but its price is well balance for what it has to offer.

We have evaluated FireMon’s competitors like AlgoSec and others, but found FireMon to be the best solution for our needs due to having a complete set of tools.

Be sure you read all the specs, and test the application as deeply as you can to ensure it meets all your requirements.

The most valuable feature is more or less the ability to look for the shadowed-based rules or rules that are being used, and also for change management, i.e., getting alerts from the system. This helps us to determine who is making the changes and have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."

The ability for spotting the shadowed-based rules helps us to eliminate overlapping rules that may not be otherwise needed or maybe under-used. It helps us to identify that stuff and gives us the ability to go back and audit the firewalls.

On the whole, it gives us the ability to determine what our security architecture looks like, so as to help secure our company better.

It's kind of a two-fold type thing for us. We were in the middle of a project, where we were migrating from one set of firewalls that were old to a newer set. So, this tool has allowed us to go through and identify rules that we could get rid off and allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls, so as to understand what's being used and what's not.

It helps us to just do a research into what rules are already in place, so that way we don't have to add anything and it is a quick lookup for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked at." This is a feature that we like to use and it helps us save time.

So far, we're not too much into the product yet. However, we're not really liking the web interface. We enjoy the so-called fat client a lot better because it just gives a bit more of the opportunities to work with the software faster, whereas there's been a huge learning curve for us to use the web interface. Then, we also have to learn their query language or define the details that we need.

Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

It's going on for at least three years now, if not more.

There were a few issues with stability initially, but luckily FireMon is very supportive in terms of their support staff. They have been able to identify the issues that we've been having, and in turn implement some kind of compensating mechanism or come up with a solution in order to fix it, so as to help us resolve our issues. Overall, we've been pretty happy with the support team.

We have not had any scalability issues and I've been very impressed in that aspect. At one point, we had a single server and we overloaded it pretty quickly, with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as syslog goes. So, I had to out-size our environment to compensate for the additional logs and had to deploy to a couple of other different sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

Overall, I would give the technical support team a 10/10. There have been maybe a few issues, here and there. Unfortunately, it has taken some time for them to resolve and it goes back to them, i.e., asking for updates, and working with myself and the team to understand what issues we're having. They try to help us resolve issues either through training or going back to the development team and asking for a feature.

We didn't previously use any other solution. This was definitely one of the best of its breed that we researched. Eventually, this tool is what we selected to go with.

The setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things, so that it could go out and fetch the configurations/settings. Thus, it was relatively easy.

I believe the other option that we looked at was Infoblox and maybe one other tool. However, Infoblox was just too cumbersome and didn't offer a lot of features. In comparison, we felt that FireMon had those out-of-the-box features built-in.

Definitely, you should look into how many syslogs you're getting because there is a limitation on how many syslog messages it can handle per second. We felt in a more distributed environment, it allowed us to support our network more adequately. So even with our main data centers, we had to usually have three or more collectors in order to deal with the amount of syslogs we're sending. We also had to include a few different offices needing their own implementation of data collectors.

This company does a pretty solid job and they're always constantly wanting to improve their products.

• The possibility to highlight differences between policy revisions
• FireMon Insight with FMSQL
• Hidden reports
• Rule usage/unused rules report
• Object usage report

FMSQL allows us to quickly query our ruleset to check which trafic is allowed. That greatly helps us to fill in the compliance report.

• Support of checkpoint clusters: Rule usage is logged for each cluster member but not for the whole cluster. It may lead to wrong conclusions when you clean rules.
• Comments with special characters (French accent) are not supported. So we can't use the report for uncommented rules.

I have used it for >5 years.

We first had FireMon 5 on Windows Platform. It was a pain in the ...

Now, with the FireMon appliances, you just have to connect your Check Point SmartCenters and ... enjoy!

I have not encountered any stability issues because we purchased Linux appliances.

We have quite a large Check Point environment (>60) with a lot of rules. Reports may be a bit slow but they are so valuable that they are worth the wait. Newer, beefier appliances may also be available from FireMon.

I don't have to deal with customer support, so I won't rate them.

With Windows, it was difficult to get support.

I only had to open once a ticket with the FireMon appliances; fast handling of the case.

I did not previously use a different solution.

Initial setup was quite simple.

I was not in charge of the implementation project. I think we installed the FireMon appliances on our own.

I'm not an accountant !!

• The ability to look for shadow-based rules
• The ability to look for rules that are being used
• Change management
• Gets alerts from the system

• The ability for spotting the shadow-based rules helps us to eliminate overlapping rules. These may not otherwise be needed or may be under-used.
• Helps us to identify those items and gives us the ability to go back and audit the firewalls.
• It gives us the ability to determine what our security architecture looks like: This helps us secure our company better. This helps us to determine who is making the changes and we then have that historical information to give back to our auditors and say, "Okay, these are the changes that we've made and these are the corresponding service tickets that apply to them."
• We were in the middle of a project where we were migrating from one set of firewalls, that were old, to a newer set. This tool allowed us to go through and identify rules that we could get rid of. It allowed our rule sets to be a lot smaller than we originally had intended them to be. This helps us with our ongoing maintenance of our firewalls. It helps us to understand what's being used and what's not.
• It helps us to research what rules are already in place, so that way we don't have to add anything. It is a quick look up for us. Instead of having to go through maybe 10 different firewalls, we can easily trace through our network and say, "Okay, it has to touch each one of these firewalls and these are the rules and this is maybe where it's blocked." This is a feature that we like to use and it helps us save time.

So far, we're not too much into the product.

• We don't quite like the web interface.
• We enjoy the so-called Fact Client a lot better because it just gives a bit more of the opportunities to work with the software faster. There's been a huge learning curve for us to use the web interface.
• We have to learn their query language or define the details that we need.
• Unfortunately, we are such a fast-paced environment that we don't have a lot of time to spend with the software to really learn it the way that it probably should be learned. We have to kind of go back and reinvent it every single time we have to go look for something in particular. That's the only downside I can mention that we're having with the GUI.

It's going on for at least three years now, if not more.

There were a few, initial issues with stability. Luckily, FireMon has a supportive staff.

They have been able to identify the issues that we've been having. In turn, they implement some kind of compensating mechanism or come up with a solution in order to fix it. This helps us resolve our issues. Overall, we've been pretty happy with the support team.

We have not had any scalability issues. I've been very impressed with that aspect. At one point, we had a single server and we overloaded it pretty quickly with the amount of logs that we sent to it. The firewalls generate a ton of traffic as far as Syslog goes.

I had to out-size our environment in order to compensate for the additional logs. I had to deploy to a couple of different other sites, that initially we didn't imagine having a need for. However, it scaled up great and we've had no issues with it since then.

Overall, I would give the technical support team a rating of 10/10. There have been maybe a few issues here and there. Unfortunately, it has taken some time for them to resolve them.

If the issues are not resolved, it goes back to them. They keep the case by asking for updates and working with me and the team to understand what issues we're having. They try to help us resolve those issues, either through training or going back to the development team and asking for a feature.

We didn't use any other solution. This was definitely one of the best of its breed that we researched. Eventually, we selected this tool.

The initial setup was pretty straightforward. It was just a matter of pointing the logs to the device and setting up a few basic things. It could then go out and fetch the configurations/settings. It was relatively easy.

I believe the other option that we looked at was Infoblox. However, Infoblox was just too cumbersome and didn't offer a lot of features. We felt that FireMon had built-in features that were out-of-the-box.

You should definitely look into how many Syslogs you're getting. There is a limitation on how many Syslog messages it can handle per second.

We felt in a more distributed environment, it allowed us to support our network more adequately. Even in the main data centers, we usually had three or more collectors in order to deal with the amount of Syslogs we're sending.

We also had to include a few different offices that required their own implementation of data collectors.

This company does a pretty solid job and they're constantly striving to improve their products.