We performed a comparison between FireMon Security Manager and Tufin Orchestration Suite based on real PeerSpot user reviews.
Find out in this report how the two Firewall Security Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the Security Manager console where we can see any changes that have been made or pull the results of an assessment and control the policies that we implement."
"Policy test, access path analysis, and change reports."
"The Security Manager part of FireMon... gives me an eye on everything that's out there, everything that I cannot see. Because I'm not a network admin, I cannot go to a firewall itself, but at least I have FireMon so that I can go in and view everything that I want to view. And I can eliminate whatever I see that is wrong,"
"It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on."
"The SQL language is convenient to use. It allows us to process a bunch of criteria very quickly and narrows things down if there is an issue with the firewall. It's easy to do that with SQL queries."
"FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration."
"Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands."
"The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead."
"The most valuable features are the GUI interface and the API."
"It is extremely scalable. It really addresses the scale of a company's firewall footprint."
"This solution has helped us meet our compliance mandates. Everything is all auditable. Every change is tracked down to the person and time."
"The change workflow process is flexible and customizable. We have one guy who has never logged into Tufin ever in his life. He sits down and in 30 minutes had written an automation routine, then went back and changed it. He did that with no training. For me, that is a major benefit."
"The APIs are the most valuable feature of this solution, as they facilitate integration with ServiceNow and other solutions."
"The best feature for me is being able to look up objects within all of our policies, because we have a little over 12,000 rules and over 30,000 objects. When one person says, 'Hey, where's my server?' I can just go to Tufin and say, 'Hey, where is that server?' and very quickly it tells you where it is, what policy it's on. That is a life saver."
"It's user-friendly. It's easy to understand menus on the web GUI. That's a good feature for us. I can say that it's doing what it's supposed to do. It also integrates well with other products like Check Point."
"The features I have found most valuable are its capability to check on the firewall and the routers. Afterwards it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. At the end it recommendations what we should do."
"Policy Planner requirements section is good, but could use some improvement to allow flexibility to enter different types of requests (modifying an existing policy, object or service group, for example) in a structured task format that can be auto-verified."
"We're working on implementing FireMon with our ticketing system service now. Having that would be an improvement."
"Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that."
"While I like the reporting, I think that has the biggest room for improvement. Right now, as a user of FireMon, if I create a report, I am the only one who can see it inside FireMon. If someone on my team creates a report, they are the only person who can see that report on FireMon. It doesn't matter if you're admin in FireMon or not. The way we have to do it now is that we have created a service account user and that service account user runs all the reports. This way, all the reports, which are running, are just run under a single user so we can always access them. This definitely needs to change so users can see other users' reports or we can share reports within FireMon."
"Our firewalls have multiple paths through them and FireMon falls short a little bit because it's not Palo Alto-centric. I don't think FireMon has kept up with where Palo Alto is at. They started out being Check Point-centric for years and they've never really fully embraced the nuances others, like Palo Alto or Fortinet, have. They don't handle a lot of the capabilities and attributes that Palo Alto does yet. They're working on it. They're getting there."
"When it comes to real-time compliance management, something that is missing is alerting on certain, predefined controls. It would be good to have a predefined set of controls which, if not complied with in a newly set up rule, would create an alert for us. That is something that is missing, out-of-the-box."
"Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release."
"When it comes to identifying risk in our environment and prioritizing fixes, it is really about the different priorities within the organization. FireMon is not so smart that it can tell what's important to us. It's up to us to figure that out."
"At least in our environment, the dynamic learning of the topology needs improvement."
"It would be great to add a link to Visio to create shapes directly from Tufin, as it has the configuration."
"The pricing should be reviewed, as it is a little too high."
"The solution does not have automation with other Firewalls."
"I would like to see more expansion into the cloud and documentation needs improvement. When I try to do something new in the product, the documentation is no help. Something's written there, but it's not enough to help you do what you want to do."
"We need to implement micro-segmentation in our infrastructure, and we are using Cisco ACI. However, we are facing an issue with Tufin, as it does not currently support integration with ACI for micro-segmentation, even though it is advertised as such."
"We want to have the ability for a ticket requester to add somebody, or to give somebody view rights to their ticket."
"Integration for Layer 2 devices could be improved because it requires manual scripting."
FireMon Security Manager is ranked 4th in Firewall Security Management with 53 reviews while Tufin Orchestration Suite is ranked 2nd in Firewall Security Management with 180 reviews. FireMon Security Manager is rated 8.2, while Tufin Orchestration Suite is rated 8.0. The top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". On the other hand, the top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". FireMon Security Manager is most compared with AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama, ManageEngine Firewall Analyzer and RedSeal, whereas Tufin Orchestration Suite is most compared with AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama, ManageEngine Firewall Analyzer and Cisco Defense Orchestrator. See our FireMon Security Manager vs. Tufin Orchestration Suite report.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.