Managing firewall rule sets and policies has become a complicated task. It is manually intensive and requires a high level of expertise to do it right.  A single mistake can cut off applications and remote offices, block transactions from being processed, and turn management consoles from green to red.

The problems associated with managing a firewall become worse over time.  An average firewall can hold thousands of rules while more complex networks can hold ten times that many.  Enterprises struggle to keep up with increasingly complex firewall management as employees shift positions and job roles or leave the company.  As they leave, so does their understanding of the complex matrix of firewall rules.  The older the network, the more challenging this becomes as years of firewall rules layer on top of one another.  Further complications arise as organizations expand into new geographic regions and separate business units of an enterprise manage their networks in their own way.  Many organizations expend too much labor and make too many mistakes manually managing their firewall policies, jeopardizing network availability, security and compliance.

With FireMon you can simplify and improve your change management process, increase operational efficiencies, improve performance, enhance security and prove compliance.

Monitor and Control Change

• Automatic notifications and powerful graphical displays help you understand your changing network as the changes occur.
• FireMon also provides reports made up of device management summaries, including best practices analysis to provide an enterprise-wide view of network device behavior so that you can make changes and policies to keep your network secure.

FireMon’s distributed data retrieval process automatically collects information from all of the network devices you have selected to monitor. This information is stored in a centralized database for use by the FireMon application server. A single FireMon installation can scale to monitor thousands of devices with one or multiple data collectors in different physical locations – across town or on the other side of the world.

See all of your network devices on one screen

With FireMon’s user-friendly dashboard, you can see all monitored devices across your entire network. The FireMon dashboard gives you the who, what, when, where and how of each configuration change. And with one click you can view all configurations for a single device or for all devices monitored by FireMon.

If there is ever any question about a change to a configuration, FireMon's comparison feature enables you to display the differences between configurations within minutes. You can save or email a list of the configuration changes by simply running a Change Report that can be automatically delivered in either HTML or PDF format.

Making sure your network security devices are in compliance is critical for organizations of any size. An alert can be automatically sent to Syslog or via email to notify the right parties so they can take appropriate action. With FireMon you can be alerted immediately when changes are made and can even choose not to receive the alerts unless the new configuration fails compliance.

With FireMon, you can easily provide high level summary reports for management or detailed reports that provide critical information to analyze your systems when there are performance problems. The more detailed reports can be used by your engineers to make sound conclusions about your network's behavior without having to manually compile the data yourself.

If the security policies, rules, objects and configurations of your firewalls, routers, and switches are not managed at all times, they will become too complex, create security gaps, and degrade performance. Architected to meet the requirements of any organization, FireMon's granular rule and object analysis ensures that the right access over the right protocol is in place to support business functionality. FireMon's Usage Analysis feature automatically identifies how rules and objects are being used so you can easily determine what changes need to be made to reduce policy complexity.

FireMon provides policy optimization features that identify where policies can be deleted, simplified and reorganized. After updating the rule base, keeping the policy optimized is simpler since you are regularly informed with scheduled automatic usage reports. With fewer, simpler firewall policies, you will improve firewall performance, enhance security, significantly ease your administrative burden, and save money. FireMon works with industry-leading network security devices including Check Point firewalls, Juniper NetScreen, and Cisco PIX/ASA and FWSM.

Easily Identify and Remove Unused Objects and Rules

On average, more than 30% of the rules in your firewall policy are unused. FireMon's Analysis function identifies which rules and objects are used, unused or unlogged, as well as the number of rule and object “hits”. You can view simple rule and object hit counts in the visual context of the policy. Or you can view object and rule usage by category (most-used rules, unused NAT rules, unused Services, etc.), and then share your findings by emailing reports in either PDF or HTML format.

Reorder Rules for Optimal Performance

FireMon enables your team to quickly identify how frequently rules are used and provides the dates and times each rule and object was hit. With this information, you can easily reorder rules in the rule base for optimal device performance.

Target Broad, Permissive Rules

FireMon provides hit counts on the “Any” object or large networks, identifying the specific IP addresses of the source and destination objects, and the service name, protocols and ports. FireMon also analyzes patterns of traffic through a rule. With this detailed analysis, so you can split up large or complicated rules into smaller, better-performing rules.