We performed a comparison between FireMon Security Manager and Tufin Orchestration Suite based on real PeerSpot user reviews.
Find out in this report how the two Firewall Security Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It provides us with a single pane of glass for our on-prem environment, to see configuration. We have not implemented into the cloud yet. We can search for an object group and see where it lives on any firewall in the enterprise or find security rules, no matter what firewall they're on."
"What I like about FireMon is the ability to track changes made by network engineers on the network."
"FireMon decreases errors and misconfigurations by 10% that increase risk in our environment. That has to do a lot with the change reporting that is in place, but also with the built-in controls and custom controls that we have made. Those all decrease the errors that people naturally make on a day-to-day basis for firewall administration."
"The automation that the platform provides to create tickets reduces human error and more generally, reduces the operational overhead."
"Firewall auditing is very important. We also use the solution for rule traffic analysis, traffic flow discovery and hidden/shadow rules within over 100 firewalls spanning five different brands."
"Vendor agnostic when it comes to integrating with other product."
"Compared to other applications, it is user-friendly. The appearance of the menus and titles is clear and they are easy to follow. Of course, it requires some experience through using it, to go through everything, but it is not very difficult. It is an easy application to use."
"It gives us the ability to go to one place to look for potential firewall rules that are inappropriate, or which don't meet compliance. Instead of manually searching hundreds of firewalls for a policy, we can go to this one location and find the rules which are now out of compliance."
"The product streamlines our change management process."
"The most valuable feature of this solution is that it reduces both the time required and the number of errors when making changes."
"It has allowed us to be more efficient in our processing of firewall requests."
"SecureChange is the most interesting part. It all comes down to having the user request firewall access and SecureChange, based on workflows, takes care of it, sending two or three emails to the business approvers. With one click, you can automate a firewall rule."
"One of the things that came up this week was the ability to decommission a server, which we thought was interesting. We had a workshop recently that talked about all the things that need to be thought about when managing firewalls. People said, "A lot of times, things get forgotten when you are decommissioning a server." E.g., making sure rules are taken away and taking out the rule set. The fact that there is an automated workload for that can be helpful."
"The change workflow process is flexible and customizable. I was really impressed with it. It's pretty easy. You can add automatic validation steps. Depending on the security matrix, you can pre-allow whatever flow you want."
"Comparing the rules and policy browser is valuable to me. It gives me the ability to pull running configs and be able to analyze them without having to go directly into the firewall."
"The automation piece is the most valuable feature: having SecureChange make the change on the firewalls, instead of my having to go manually make the changes on the vendor product."
"We've had recurring issues managing FireMon's internal backups. Sometimes, the space allocated for the backup is full, and there is no process where it deletes files that are older than I certain date. It's just waiting for the storage to get full and then it's cleaned up. It isn't something that creates serious issues for us."
"Its reporting can be improved. I am the only one who works a lot with it, and I am having problems in terms of reporting. In the case of Palo Alto, I'm okay with it, but with some of the Cisco devices, such as routers, when I provide the reports to other teams for review, they always say that the hit count is incorrect. So, I was struggling for a long time to work with them. When working with other teams, they have a lot of questions about reporting, such as how it reports, and we are still struggling with that."
"The current health and monitoring of the devices is atrocious... Imagine you have a list of 200 devices, and you can grade each of those devices as either green, yellow, or red. However, there might be three different reasons for you to go to red, or eight different reasons to go to yellow, and all of those things could be combined... Out of all those categories, I only find one or two of them that are, perhaps, pertinent."
"Some of the core functionality in our environment doesn't seem to work. We will get buggy code releases. They need to work on their Q&A of every code release."
"The stability has been fairly decent, but there have been a few issues. My coworker has had some issues in the past where he has had to work with support."
"I don't like that it comes with bugs, constant issues, and limited functionality."
"One area for 7.x customers that needs improvement is the migration. It is an involved process so get ready to spend some time getting your environment back to the way it was."
"A phone app would be nice. This is the reason why it is not perfect yet."
"I would like to see visibility into the FW features like IPS/Content Filter policies, the same way it does for FW rules/policies."
"I would like to see more expansion into the cloud and documentation needs improvement. When I try to do something new in the product, the documentation is no help. Something's written there, but it's not enough to help you do what you want to do."
"They've got such a large number of APIs, and it is so easy to use their APIs. Effectively, they allow us to use it with anything. The only way to improve it more is by offering support for implementing their APIs into certain hardware or software that we might use. They can provide support for implementing APIs."
"I would rate their reports as a four out of ten. I don't like the way that they are shown. It is too hard to export and send them to our clients."
"The initial setup can be tough."
"The documentation site is horrible as well. It has a tree structure, and you really get lost quite easily."
"They are sort of at the pilot stage on some of their products. I saw the Orca and Iris products yesterday. My initial impression of these products were that they were good products, but I felt like some of their features overlapped with SecureTrack and SecureChange, which they are already doing. So, I just wondered what direction they're going in? I understand that they are cloud products, but are these security products going to overlap each other's features at some point? This is my initial concern."
"There were some hiccups here and there with the initial setup."
FireMon Security Manager is ranked 4th in Firewall Security Management with 53 reviews while Tufin Orchestration Suite is ranked 2nd in Firewall Security Management with 180 reviews. FireMon Security Manager is rated 8.2, while Tufin Orchestration Suite is rated 8.0. The top reviewer of FireMon Security Manager writes "Makes compliance much easier compared to doing it manually, and automates policy changes across environments". On the other hand, the top reviewer of Tufin Orchestration Suite writes "A flexible, very secure solution that works well in Layer 2 environments". FireMon Security Manager is most compared with AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama, ManageEngine Firewall Analyzer and RedSeal, whereas Tufin Orchestration Suite is most compared with AlgoSec, Skybox Security Suite, Palo Alto Networks Panorama, ManageEngine Firewall Analyzer and Cisco Defense Orchestrator. See our FireMon Security Manager vs. Tufin Orchestration Suite report.
See our list of best Firewall Security Management vendors.
We monitor all Firewall Security Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.