The FireMon architecture includes an application server, data collector and a graphical user interface (GUI). The application server tracked the data collected, performed real-time analysis on transactions and device configuration and generated scheduled reports. The data collector is a Firemon application running on an appliance or PC to monitor and collect data from firewalls, switches and routers and any other security devices on the network.
After installing the FireMon management client on Windows Vista, which was a quick process, we could log into the FireMon server with a user name, password, IP address and port number to bring up the management console.
FireMon offers a wizard for importing Check Point, Cisco, F5, Juniper, Nokia and McAfee/Secure Computing devices. Once the entries are made to the wizard, all the associated firewalls, management servers and log servers are auto-discovered and added automatically in sequence.
FireMon provides several tools for analysing firewall, router and switch rules and policies. We used the Firewall Traffic Flow Analysis tool to produce a report that zeros in on "Any" rules configured on firewalls in a large network. We could fine tune the firewall rules by reducing or eliminating overly permissive "Any" rules and large complicated ones.
We looked at some of the reports for rule policy management. We generated FireMon's Rule Recommendation Report that offers analysing issues, such as a request for https traffic from source and destination addresses. The report showed us if a policy already existed for the requested access. At the bottom, the report listed a table of each policy tested and the source and destination routes involved. You can get the report in http, pdf and xml format.
We examined the Rule Comparison feature that analyses the changes to a device's policy rule changes made over time. We saw colour-coded icons for change, inserted, deleted and the same. You can revert back to a known good state using this report, which helps with institutional knowledge transfer.
Secure Passage has an interface that is well organised with features that are easy to navigate. We saw that some of the analysis and report wizards, such as the Rule Recommendation Report, displayed helpful examples showing how to set parameters. The FireMon traffic flow analysis feature is a handy tool for determining how to eliminate audit-triggering firewall ANY rules. We could print a logically organised report detailing the traffic flow from source to destination that revealed the ports and services actually used. A firewall administrator can create a more secure rule to eliminate the ANY rule using this report.
Although the FireMon Rule Comparison Analysis Report was confusing at first with its colour-coded parameters that indicated changes, we feel that FireMon has excellent analysis features for optimising rules and creating audit trails. This product should be considered a good firewall management solution for the enterprise environment.