FireMon 2024 Feature Release Highlights: Unlocking New Levels of Security and Efficiency
At FireMon, we’re dedicated to helping you simplify and strengthen your security operations. In 2024, we’ve rolled out significant enhancements across the Policy Manager platform. These updates empower teams to manage firewalls and cloud environments more efficiently while providing deeper insights for policy planning. Here’s a few key highlights from our latest features.
Firewall Enhancements
- Fortinet Granular Change Tracking: Gain detailed visibility into specific user changes within FortiManager to help pinpoint who made what change, and when.
- Palo Alto Policy-Based Routing Analysis: Visibility into policy-based routing (PBR) configurations for rule recommendations to optimize security and performance.
- Cisco IOS/Nexus IPv6 Link-Local Routing Support: Enhanced visibility into IPv6 Link-Local Routing to simplify management of IPv6 environments, especially for large-scale internal and meshed networks.
Cloud Security Enhancements
- AWS Account Status Check: Ensures only active AWS accounts are brought into your dashboard so you’re only managing relevant cloud assets.
- Hit Counts for AWS and Google Cloud: Identify which rules are being utilized for more precise rule cleanup and optimization across AWS and Google Cloud.
- Azure NAT Gateways: Visualize NAT Gateways as part of network policies, making it easier to manage and understand your Azure cloud infrastructure.
- Google Cloud Rule Logging and Target Identification: Improved rule logging status and priority visualization along with source destination network target identification for enhanced cloud security.
Policy Planner Updates
- Palo Alto Tags Integration: Organize and document security policies with more precision for clearer documentation and easier management.
- Juniper SRX Address Books: Employ address books to simplify network object group policy creation for added efficiency and flexibility.
- Design Step Performance Boost: By popular request, rule recommendations now run in the background while you work on other tickets for improved efficiency.
- Advanced Rule Recommendation Analysis: Consolidated device change analysis reviews impacted devices in a single step to save time and improve accuracy.
These updates reflect FireMon’s commitment to continuous innovation and providing tools that enhance both visibility and efficiency in managing security infrastructures. Stay tuned for more exciting updates as we work to simplify your security operations further!
Avoiding Common Firewall Misconfigurations and Maximizing Security through Automation
Firewalls are the backbone of network security, but even the most sophisticated systems can be vulnerable to human error. In a recent webinar, we discussed the most common misconfigurations that arise and how businesses can address them effectively. From human mistakes to policy bloat, the complexities of managing firewall policies can expose organizations to unnecessary risk. Here’s what you need to know.
1. Human Error and Misconfigurations – Gartner predicts that by 2025, 99% of firewall breaches will result from misconfigurations, not the devices themselves. One key reason is human error. As firewall policies grow and accumulate unnecessary rules, complexity makes it easier for mistakes to slip through the cracks. Overly permissive rules can offer attackers easy entry points. During our webinar, we polled attendees, and 61% reported making changes to their firewalls weekly, with 21% doing so monthly. Regardless of the frequency, misconfigurations often stem from “mystery changes” that are undocumented or poorly tracked.
2. Automation to the Rescue – Managing firewalls isn’t just about setting up initial configurations; it’s about constant monitoring and refinement. With legacy policies comprising 35-40% of unused rules in many organizations, a systematic approach to cleanup is vital. However, manually managing tens of thousands of rules in today’s environments is impossible. This is where automation plays a pivotal role. Tools like FireMon’s Firewall Security Policy Management provide visibility across environments, streamlining policy management and reducing risk.
3. Simplifying Complexity – In our webinar, we also discussed how policy bloat—where outdated or unnecessary rules pile up—can make firewall management overwhelming. Automation can help by bundling and categorizing information, ensuring that low-risk rules are addressed quickly while focusing on higher-priority policies that may expose the organization to vulnerability.
4. Scalability and Visibility – Automation not only simplifies firewall policy management but also enhances visibility, which is crucial for security teams who need a real-time view of all policies. This visibility allows teams to swiftly identify threats, manage compliance across hybrid environments, and maintain scalability as policies grow in complexity.
By focusing on streamlining firewall policies and leveraging automation, your organization can significantly reduce the risk of misconfigurations and be better equipped to defend against emerging cyber threats.
Ready to learn more? Watch the full webinar and gain deeper insights into how you can avoid common firewall mistakes and maximize your security with the power of automation.
Ask the Expert: FireMon Advanced Troubleshooting
FireMon’s ability to retrieve and normalize device configurations is central to its function in managing network security and compliance. However, like any complex system, occasional issues can arise during these processes. In this guide, we’ll break down the key troubleshooting steps shared by FireMon experts Brian Connell and Bhupender Yadav, offering practical solutions to help you maintain smooth operations.
1. Identify Device Retrieval Challenges
Device retrieval issues are common and often arise from outdated ciphers, device pack discrepancies, or incorrect credentials. To troubleshoot:
- Step 1: Check device communication. Ensure there is no breakdown between FireMon’s data collector and the target device. If communication errors are flagged, verify network connectivity and access.
- Step 2: Ensure device packs are updated. Retrieval failures can occur if your device packs are outdated. Ensure you have the latest versions to support device-specific commands.
- Step 3: Use the CLI for diagnostics. Running the fms log view command on the command line interface (CLI) allows you to view logs that detail device retrieval errors. Specifically, check the “tab path” logs to identify ciphers or credential issues.
If the device’s ciphers are outdated and causing retrieval errors, FireMon provides a workaround to temporarily enable them, ensuring successful retrieval while working on a permanent fix.
2. Troubleshoot Device Normalization Errors
Once device data is retrieved, FireMon normalizes it into a unified format, allowing for easy management across different vendors. When normalization errors occur, it’s typically due to permission issues or updates in the device’s operating system. Here’s how to resolve these issues:
- Step 1: Check for OS changes. If a device, like a Cisco firewall, has undergone an OS upgrade, FireMon’s current device pack may not fully interpret the changes. Review any recent updates that might affect normalization.
- Step 2: Review normalization logs. Navigate to the index logs to see where normalization is failing. These logs will help you pinpoint the exact issue, whether it’s related to permissions, device packs, or OS updates.
- Step 3: Export the support file. If the issue persists after reviewing the logs, export the device’s support file and submit it to FireMon’s support team for further analysis.
3. Assign Data Collectors Correctly
One key aspect of avoiding retrieval and normalization issues is ensuring that the appropriate data collectors are assigned to the right devices. Misassigned collectors can cause failed retrievals and prevent normalization from occurring.
- Step 1: Open FireMon’s interface and verify that the data collector for each device is properly assigned.
- Step 2: Reassign or adjust as needed, ensuring each device has the appropriate data collector connected to it for seamless operations.
4. Use FireMon’s Automatic Retrieval Process
Once issues are identified and corrected, FireMon’s automatic retrieval process ensures that device configurations are updated and normalized without further manual intervention. This automation saves time and reduces the chance of further errors.
- Step 1: Correct any issues discovered during troubleshooting.
- Step 2: Let FireMon’s automatic system handle retrieval and normalization, ensuring your device configurations are continuously updated.
5. When to Contact FireMon Support
If, after following these steps, you still encounter retrieval or normalization errors, it may be time to reach out to FireMon support. Be sure to provide your logs and export the support file to expedite troubleshooting.
Stream the Webinar for a Full Troubleshooting Demo
For a deeper dive into these troubleshooting techniques, watch the FireMon Advanced Troubleshooting Webinar. Our experts provide a step-by-step live demonstration of how to identify and resolve common device retrieval and normalization issues.