Policy Planner by FireMon

Firewall Policy Change Automation without Risk

Automate firewall change management to eliminate errors and increase business agility.

Change Firewall Policies, Not Your Security Posture

The overwhelming majority of firewall and cloud security breaches stem from misconfigurations, not the controls themselves. Beyond introducing opportunities for error and expanding the threat surface, manual change management processes for complex on-premises and cloud environments are resource-intensive and hinder business agility.

FireMon Policy Planner

The Policy Planner module for Policy Manager is a network security automation and orchestration tool that controls the entire change management process while providing analysis, recommendations, and compliance checks prior to implementation. Proposed changes are automatically analyzed and checked against pertinent compliance and best practice guidelines. Rule recommendations compare existing rulesets against proposed changes to eliminate redundancy or duplicate access. With Policy Planner, reviewers can see access paths, vulnerabilities, and even audit results prior to pushing a rule live.

Policy Planner delivers:

Automated change management across the entire rule lifecycle, improving administration efficiency
Real time risk assessment gives instant visibility into potential issues
Rule set behavior analysis reduces complexity and increases efficiency
Pre-flight compliance and best practice checks ensure rules comply prior to implementation
Comprehensive policy automation allows organizations to automate at their own pace and confidence level
Business process integration allows Policy Planner to integrate with your existing process management solutions including ServiceNow and Remedy

Best-in-Class Firewall Rule Review Capabilities

Policy Creation Workflow Automation

Minimize the opportunity for error and drastically increase speed with security policy orchestration across the entire rule creation and change management process.

Firewall rule automation for change commands, and changes to network, service, and group objects
Stage planned rules on a device from within the Policy Planner security automation module
Track comments, attachments, task history, and complete detail of all actions that occurred on a ticket
When paired with Policy Optimizer, rule decommissioning can be completely automated

Integrates with ITSM tools like ServiceNow for seamless workflows

Real-Time Risk Assessment and Compliance Checks

Comprehensive analysis of proposed changes detects when new access will uncover vulnerable systems or increase the risk profile.

Real-time detection of vulnerable systems being uncovered by proposed changes
Pre-change analysis evaluated proposed changes for impacts to security, device complexity, and rule risk for the device in question
Proactively analyze proposed changes for compliance with regulatory and business requirements

Dashboard displaying enterprise risk scores, device compliance trends, and control failures to maintain continuous compliance.

Proactive Rule Analysis and Recommendations

Determine if proposed changes are unnecessary or redundant in real time through automated analysis of existing rulesets.

Automated analysis of existing ruleset behavior with real-time recommendation to changes
Review which devices and policy rules may need to be modified to implement a requested change
Recommendations provided on potential actions to take on both the rule and the object
Device groups can be configured using different sets of rule checks

FireMon supports over 120 platforms, offering unified management for complex hybrid and multi-cloud environments.

Comprehensive Business Process Integration

Integrate seamlessly with existing process management solutions to ensure the right teams are involved.

Policy Planner adheres to Business Process Model and Notation (BPMN) best practices
Integrate with a range of ITSM such as ServiceNow and Remedy to automate review by all applicable teams
Full-text search capabilities and ad-hoc queries based on any ticketing requirements-related fields
Full customization for change request forms and controls to meet organizational needs

Learn More About Policy Planner

Compliance Simulations for Change
Policy Standardization and Optimization
Policy Deployment and Migrations

VIEW DATASHEET

Frequently asked questions

What is FireMon Policy Planner?

FireMon Policy Planner is a change automation and orchestration module for Policy Manager that streamlines and secures the entire firewall and cloud policy change process. It provides automated analysis, compliance checks, and rule recommendations before deployment to reduce risk and accelerate change approvals.

How does Policy Planner reduce policy change risk?

Policy Planner reduces change risk by performing real-time risk assessments and compliance checks before changes are made. It automatically detects if a proposed rule exposes vulnerable systems or violates policy, enabling teams to fix issues before implementation

Can Policy Planner automate policy workflows?

Yes, Policy Planner automates the entire rule lifecycle, including rule creation, analysis, and deployment. It stages changes, tracks approvals, and integrates with ITSM tools to ensure efficient and auditable workflows.

Does Policy Planner support compliance checks before deployment?

Yes, Policy Planner performs pre-deployment compliance checks to ensure all proposed rules meet internal and regulatory requirements such as PCI-DSS, NERC-CIP, and more. This prevents non-compliant rules from entering production environments.

How does Policy Planner help identify redundant or unnecessary rules?

Policy Planner analyzes existing rulesets to detect redundancies or overlaps in proposed changes. It delivers real-time recommendations to optimize policies and reduce unnecessary complexity during the change process.

How does Policy Planner help identify redundant or unnecessary rules?

What ITSM platforms does Policy Planner integrate with?

Policy Planner integrates with leading ITSM platforms such as ServiceNow and Remedy. It enables ticket tracking, comment logging, attachment uploads, and automated reviews across change management workflows.

Can Policy Planner be customized for my organization’s processes?

Yes, Policy Planner is fully customizable to align with your business process management model. It supports custom forms, workflows, and rule validation criteria tailored to your internal controls and audit needs.

Is Policy Planner only for firewalls?

No, while Policy Planner supports firewall rule changes, it also handles modifications to network, service, and object groups across hybrid and multi-cloud environments. It scales with your infrastructure.