FireMon Security Manager Reviews

The security policy manager: We run reports regularly for the customer to show unused tools and unused objects, and to clean up the firewall policy.

Our firewall policies - we work under the standard ITIL framework - and project managers are very good at adding rules to allow their projects to work. However, they're not so good at coming back when the project is finished or the solution has been terminated and cleaning up the rubbish. So, if we don't use this product, we end up with thousands and thousands and thousands of rules, most of which aren't used.

I basically came on board to do the upgrade, which I've done. So, in the old product, we were able to get things out of the CSV file format and that allows you to then manipulate it, but now it's PDF mainly. Beforehand, we were able to take it into CSV and manipulate it in Excel, but now we can't do that anymore. A revert back on this would be good.

Overall, the product seems pretty good, but the fact that we've taken the CSV out now, that seems to me to be like a step backwards. They should be adding functionality, not taking it away.

I only started using it literally about four months ago.

We haven't had any issues with stability yet. Well, we did during the upgrade, to be honest. So, when we did the upgrade, we had to get new versions written for us so that the upgrade worked. It didn't work just off the bat, but once we had that done, it worked fine.

We haven't had any issues with scalability as we're not using that many devices reporting to it, so we haven't had any problems with scalability at all.

I would rate technical support at around 7/10. I mean the reason for giving it a seven is the guy we spoke to over in Germany. He was quite good, but the problem was that it had to go back to the development team, which took a long time to get resolved.

So, basically what happened was, we raised a fault, we went through the upgrade with them and we were able to go to a particular version, as we were running a really old version; version six. We went to version seven but then stopped accessing the system. We then said to them, 'Well, how do we get to version eight?' The upgrade ping didn't seem to work. So they then had to go off and write us a new thing, but all that took months. Three months, four months and we were without access to that system for a long time.

I don't think we used anything beforehand.

I think there has been an evaluation, but I wasn't party to it.

I don't know what advice I would give to others. We are having a lot of problems with the licensing, to be honest. So, there's an issue with the UK and US date format.

When we renew our licenses, I don't know whether it's through our distributor or whatever, but they keep changing the format. In the American date format, you put the month first, then the date, then the year. In the UK we put the day first, then the month, then the year, and they keep flipping the dates over so we lose about three or four months on the licensing every time. We have to go back to our salesperson to get that fixed.

Also, when we did the upgrade, for some reason, we had enough licenses to start with but after the upgrade, we didn't. So, we didn't add any new devices, and we've got a thing in with the salesperson to find out why; what's changed there.

The Security Manager is the most valuable feature.

It helps us eliminate rules that are not needed on the firewall and to consolidate them. It saves us a lot of time and makes my work easier.

Make writing the reports easier. There's a lot of canned reports and if you want to write a specific report that you're interested in looking at, it's rather hard because I'm not a programmer. I don't know all the programming languages needed to do that. I can look at what reports exist and try to take that and kind of change it to something that I want to see and it doesn't always work. It's not real easy to do.

I have been using FireMon for about six months.

It's been pretty stable.

I have not had any scalability problems at all.

We have called them and they've always been really helpful. They've resolved our issue in a timely manner. I would rate them a 4/5.

We didn't have any other solution. This is the first of its kind.

Setup was straightforward. The instructions were really simple. We put in the basic information and then they scheduled some time with us to go through the setup and walk us through each one of the screens, what they do, what to look for and things like that. They kind of gave a little bit of a training class or training session.

They set a round of what we wanted to see. They didn't just come in and say, "Here's how it works", because different companies are different. Different companies want to use it in different ways, so they found out what we wanted and helped us set the training up to look at things that we want to be able to use it for. That was nice.

We didn't evaluate any other products.

I think it's a good product. It's very stable. It's quick and it's easy to learn. It's easy to run reports. There are a lot of reports that you can run. That helps the management of your firewall.

We use the forwarding capabilities because we don't have another way to report on the firewall. We use it for cleanup and also for our biannual firewall review. Pretty much that's the big reason that we use FireMon.

The time that it takes for us to do the review: Previous to FireMon, we would have to go through the firewall pretty much manually, every line. This took an incredible amount of time. With the FireMon product, we did notice a significant decrease in the time that it takes for us to do any type of review. Also, just a general report, if you have an inquiry throughout the year, without actually doing a full review, you can just go to FireMon and click a few buttons and it tells you what you need to know. There's no need to dig around and spend additional time. So, it's mainly time.

We've had issues with backups. We almost lost our database at one point. It would be nice to be able to back up the backup configuration to a network share or some other function. The only way that we know how to do it right now is to do a manual backup. Or the server backs itself up to itself, which is not helpful. If you lose the server, the backup that's stored on the server is also lost. So, it's not that helpful.

One thing that is missing is the ability to export the entire rule base of a firewall. Suppose we were going to be migrating to a different firewall. Not getting rid of FireMon, but moving to a different firewall; either a different vendor or a different model of a firewall. So instead of taking bad stuff, or maybe old stuff out of the current firewall and going to a new firewall and using the exact same configuration, we may want to export that information into an Excel spreadsheet or some other format, so that we could work with that data outside of FireMon. That would be really helpful. I've called FireMon, I've also played around trying to figure out if I could get it to work and I still didn't get it. Nobody knew how to get the info out of FireMon to work on it. Also, potentially the ability to import it back into the system and maybe get some sort of a diff report; a difference of the configuration from the system.

I have used FireMin for about four years.

We have an issue sometimes with the listener for logging. Sometimes the listeners, the ports, go down and the server has to be rebooted. It's very, very rare that that happens, but we have noticed that's really the only stability issue that we've had. The server application itself seems to be very, very stable. Even when the port goes down, the app stays up. It just has to be reset. That may be every three months or so we may notice that.

We have three major production firewalls pushing thousands of logs every hour to this one box. We have two boxes in both of our data centers but they push a lot of logs to these guys. We've never had any issues.

I would rate support a 4/5. I sort of get the feeling when I send an email that it's a little bit of a slow response time. There are things that we do need immediate attention on and sometimes when you call, they'll ask you to send an email in. That's sort of a backwards approach to technical support. If I've already got somebody on the phone, they should be able to take my information and proceed with handling the triage of the call. I shouldn't have to hang up the phone, write an email, and then wait for a telephone call back from them. I would rather see some sort of support model that has a better flow to it.

Previously, we did not have a different solution.

Setup was fairly straightforward. Our system is in a virtual environment. We pretty much turned logging on for the firewall, pointed it to the FireMon server, added the firewall to the FireMon server. Within seconds, there were tens of blocks being pushed over there. The reports pretty much created themselves. You just had to run them.

If someone asked me for advice, I would definitely say that it would help them, especially with being able to navigate through if you have a complex rule set. I would definitely suggest FireMon. It's been extremely helpful for us to have. Even though they're missing a few functions, it's still workable from our standpoint.

Being able to export to Excel isn't a huge turnoff. It's a nice feature to have but I would definitely suggest purchasing FireMon. Especially if you have a large environment where you're trying to trim down your rule base, you're trying to optimize your firewall, or you're just trying to find stuff that's sort of lost in your configuration.

Also change management: I believe it's a PCI requirement. We use FireMon as well for notifications and that's helped satisfy a PCI. I don't have anything in front of me that shows me all the requirements but I believe a review of rules that are changed is part of that requirement, so they help fulfill that, too.

Currently, the change management controls for monitoring the firewall configuration changes is the only feature that we really use, at this time.

With the change control functionality, if somebody was to go in and make a rule change on the firewall, it's configured to send a notification as soon as those changes have been made. If this happens outside of a change window, we can track those and go to that person/individual, and find out why they made the change without going through proper change control procedure.

We just updated to the latest version, so I haven't had a chance to play with the enhancements from what we were previously using. What I was looking for in the previous version was better capability of adding change control numbers manually for rule changes that don't allow me to put in a descriptor into the change on the actual device. That will automatically get pulled into FireMon for reporting purposes. Some features don't have a description field that I can populate, and so I need to go back into FireMon later and document those. Even though the field is available as an option in properties, there's no way for me to fill that because of the type of the category of the change. It may not be a security change. It could be just a documentation process that I'm not able to do. That was in a previous version. I haven't validated that in this latest version.

I've only been using it for about a year. My employeer has used it for two to three years.

The product itself has been solid, stable. I haven't had any issues with stability issues at all, now.

The scalability seems to only be limited based on licensing we have installed. It appears to be fairly robust. It does offer a very large variety of devices that it can monitor but it's only limited based on the licenses that we have installed. For example, when I started here over a year ago, the device was licensed just for Cisco ASA5520s, and now we're using it to also monitor 5545s, which is a different tier. Until we licensed it for that different tier, we weren't able to ingest the configurations or monitor those newer devices. It truly comes down just to licensing. So, making sure we have the proper licensing is key. From what I've seen, it can monitor many devices, from routers, switches, up to the firewalls, from across many vendors.

We have asked for help a couple times, mainly about minor questions. There were questions about how to use documentation better, and they helped with that, but most of the questions that we've had have been around upgrading the product. We needed to know what is in the next version.

Based on what I know, there were no previous products. My understanding was they brought this in because they did not have that capability, and so this was an enhancement to the organization overall. Previously, there wasn't any monitoring being done.

Initial setup was done prior to me being here.

From what I've seen of the product, it's fairly robust. Making sure to know everything that you want monitored, to get the proper licensing upfront, is probably the biggest thing. If you're only strictly wanting to do firewalls, make sure you get the right licensing that will match your firewall capabilities. If you want to match a more cross-spectrum of your devices, get licensing to support that. The biggest key is making sure to get all the licensing you need for the devices you want upfront.

Although we have a very mature infrastructure, one of the thorns that come with that maturity is developing policies and processes to support that infrastructure.

This solution assists us in our ability to review and validate firewall rule changes and implementations across a wide audience of users.

Here are some of the ways change management has improved our organization:

• Ensures that proper change controls were enforced.
• Engineers can check if a change was implemented properly.
• Compliance can easily monitor the environment for potential PCI concerns.
• We can heavily leverage the solution for firewall remediation.
• We can pull policy reports from various technologies.
• We can standardize those reports for analysis.
• When we make changes in our environment, we can run usage reports to gauge impact before we make permanent changes to our rules.

With fifteen years as a security administrator, I have used few solutions that are as polished as Security Manager. That being said, every solution has room for improvement.

I would like to see the ability to export reports to .xls. This would help me for the following reasons:

• It would allow for greater data manipulation.
• When I run a report, I have the option of saving or exporting that report as .html or .pdf. As someone who catalogs much of their work in .xls, it would be convenient if I were able to export a policy report to .xls.
• This would allow me to manipulate the data better.
• I would no longer need to copy and paste from the .html to .xls and clean up the information.

I used version 7 for several years. We have upgraded to version 8, and we have been using that version for the last three months.

There have been no stability issues so far.

There were absolutely no scalability issues.

Technical support has been amazing. I would give them a rating of 10/10, an A+, and I would buy from them again.

In this environment, there were no previous solutions.

I have used other solutions at previous jobs. However, this is a solution I would like to bring with me if I ever ended up elsewhere in the future.

The initial setup using VMs was rather straightforward. The use of VM images sped up the process greatly. Professional services added a great deal of value in optimizing the environment.

Much of this information is not applicable to me based on my relationship with the product.

That being said, the ROI for securing dedicated professional services (vendor support) is amazing. It is relatively inexpensive, very customizable, and is a great help when approaching projects with the solution.

Consider investing in the policy planner. Further integration with a ticketing solution is on our roadmap. I certainly wish it was something we pulled the trigger on years ago.

• Firewall cleanup - the best and most efficient way to clean the firewall from unused, redundant, shadowed rules that create unnecessary risks and impacts the firewalls performance overtime. Also, it helps with the PCI compliance.
• Rule use analysis.

• Improved change workflow
• Optimized my firewalls
• Meet PCI compliance
• Enhanced security

Needs more functional basic workflow for the Policy Planner for those who do not need a fully customized workflow.

One year.

No issues encountered.

No issues encountered.

I've found technical support to be a 9/10.

Straightforward.

Add infrastructure devices to the firewalls and negotiate an overall discount that way. Needed to get insight into configurations.

Tufin and AlgoSec were evaluated as well.

The customized workflow is worth it. If you are considering to migrate to new firewalls, implement FireMon because it will make your migration much easier. Also, cleaning up some slow firewalls will help you extend its life.

The most valuable feature is security management because it allows us to look inside the firewall and see things that the firewall doesn't report. For some of the things the firewall applications lack, we're able to gain insight with the FireMon appliance, as well as having one platform that looks into different vendors of firewalls. That's really important for us.

For me, specifically, I use it for a lot of firewall migrations. We can see rule usage. On a project that I was on, we saw the rules on the migration. We pulled the rules out that weren't being used, and then we could take rules that were overlapping, join those together and make it more efficient.

One area with room for improvement for me is doing the updates. We have to download it from User Center and then put it unto the machine through FTP, or something like that. I would rather just go to the GUI and hit the Update button, and it goes out and gets the update itself. Because these files are large and sometimes the transfers don't go through, the only way that we're able to do it right now is through FTP. That means we have to have CLI access, which sometimes we don't really want to do. I'd rather just go to the update screen, hit Download the Update, and then be able to reboot it and have it go to all of the data collectors, and transfer that file over there automatically. Right now, it's a process and it takes a lot of time.

It's more complex as opposed to being user friendly. It also depends on your level of knowledge on what to do. Some people may not know to do it, and there are some commands in there. If you don't have support, if you haven't read the entire admin guide, you wouldn't know.

I have used it for eight years.

It crashed one time but that's because of a design issue on our part. It's not something that, I think, was on FireMon's part. We need to offload the storage, and our hard drives are filling up, so that causes problems with our servers, but as far as FireMon, I haven't really had a problem with FireMon crashing on its own.

The only scalability problem is having an offloaded log collector, because we do send a lot of logs. We have our own servers that do the log collection and we need to make backups of that. As far as that’s concerned, no, we haven't had any issues with scalability. We can expand much further than what we have.

We've had the FireMon product for eight years. I've only been directly involved with it for the past year. I generally don't call tech support, I usually contact my SE because we're still in the process of these huge migrations, so I talk to my SE a lot. I have contacted support once and they were very helpful, so I would probably rate it 9-10/10 because they know exactly what they're doing.

We did not previously use a different solution, that I know of. I’ve been with my current organization for almost three years and it's always been FireMon, so I don't know. I wasn't a part of that decision-making process.

At the end of last year, we reevaluated which products we wanted to continue going with based on budgets. We reviewed Skybox, Tufin, AlgoSec, and FireMon.

Don't be scared to contact the SE. My SE and I have a very good relationship and we bounce ideas off each other. Leverage your resources. It's not really a complex product to deploy.

Use the User Center. There's a lot of great info there and a lot of your questions can be answered in the User Center.

General recommendations: Make sure that the firewalls you have are supported. Make sure you know how many firewalls you have.

Go with the mindset of what you want to do; general project management-type stuff.

Everything's working fine. The only thing is the automated updates. I’m not giving it a perfect rating because of the usability of the updates. That's my biggest thing that they need to work on.

It's been working very well for us. We’ve got everything we need. We have several groups using it that like it.

Holistically, the product is well thought out. The normalization of the rule sets across different firewall platforms is all valuable to us. You can't really separate it out; for me, you can’t.

I can mention high-level stuff. Basically, it gives us visibility that we were lacking; having everything being able to be viewed in one pane of glass. Instead of having to go jumping all over the place into the different platforms, you can use the tool to get a single pane of glass view.

It's not a jack-of-all-trades product; it's very focused. It does what it does and it does it well. We use it that way. Basically, that's the reason we obtained it. That's what we use it for: to normalize the platforms all into one single view. A place for us to do our analysis, review of rules and things of that sort.

I can mention a ton of areas with room for improvement, but from a high-level standpoint, I just don't think version 8 was ready for prime time, yet. They're still working on it. There are still major swaths of the tool that need attention. To get into the details, I would have to engage my engineers.

We've had it in our portfolio since July of 2013.

We have not encountered any stability issues with the product itself. It's been easy to maintain, to upgrade and to do all of the support work for it. There hasn't been an issue with that at all.

We have not encountered any scalability issues. We haven't run into a limitation yet.

Any time we've engaged technical support for assistance, we've come away with a resolution, so the only thing that we've had difficulty with is programming or making fixes that require coding. That sometimes can take a little while.

Technical support is at least 8/10.

We did not previously use a different solution. This was the first firewall management platform that we've used, except for the built-in, out-of-the-box tool that came with the platform.

Initial setup was all pretty straightforward. You stand up your platform, get your database ready to go, and that all happens out of the box. Then, you start to populate it with your devices. It's all pretty straightforward.

Before choosing this product, we also evaluated Tufin and AlgoSec.

Just like any other IT product on the market today, everything is green grass and high tides. Everything is beautiful. During the sales process, it's all, "Oh, just do this, do that." It's a little more than that. It's a little more complex and a little more effort than just, plug it in and go.

I think that's the mistake of many of the sales teams; that they sell the ease of implementation. I think they should just be straight up and honest with the purchaser, saying, "Look, it's going to take some effort and you're going to have to understand your environment. You're going to have to understand the network flows. You're going to have to understand how your network is segmented, so you can properly implement the tool."

I think when they try to make it seem easier than it really is, then that's inviting problems.

FireMon is just better than average. It's better than average, but not quite stellar yet. They've got a little work to do to address some of the challenges that could be introduced perhaps by the customer and the way the customer has used the different platforms. They have to be able to account for that, and react to it in a timely manner; at least come up with some sort of usable solution in the meantime when they do encounter a problem.