Introducing FireMon Policy Planner

FireMon’s Policy Planner Workflow Module automates the firewall change process with an intelligent workflow solution solving unique challenges associated with firewall change management. Policy Planner [PDF] dramatically improves the efficiency of the change process, reducing time and costs associated with access change requests while at the same time improving security by integrating security and risk analysis directly into the process.

FireMon Firewall Policy Planner

Policy Planner supports complex, heterogeneous networks containing multiple firewall vendor technologies. The workflow is customizable to meet the needs of any organization. And with RESTful API’s exposed, integration into existing change management systems is natively supported.

Rule Recommendation

Automatically generate recommended rule changes to meet the access change request requirements. Rule Recommendation analyzes the current behavior of the entire network and can quickly identify all devices impacted and determine the specific changes necessary to accommodate the request. Common scenarios that Rule Recommendation can assist with are:

  • No Change Necessary: a large percentage of change requests are unnecessary. Quickly close these requests without impacting engineering resources or making unnecessary changes on a firewall.
  • Identify impacted devices: the first step to making a change is understanding which devices are in the line of the traffic. The topology aware analysis engine in Policy Planner handles this automatically.
  • Recommend rule changes: find existing rules that can be potentially modified to achieve the requested access. Or, if no similar rules exist, recommend where a new rule should be created to ensure the access is effectively configured.
Rule Recommendation

Change Process (Workflow)

Review effectiveness and correctness of enforced policies on firewalls to identify gaps in protection and inconsistencies in configurations as well as enforce internal access controls.

Policy Change Impact Analysis

Policy Change Impact Analysis

Assess the impact that proposed policy changes will have on network security enforcement, locally and cross-infrastructure, prior to implementation.
Continuous Policy Compliance Assessment

Continuous Policy Compliance Assessment

Audit device policies on an ongoing basis to ensure that all requirements are being met and maintain a record of frequent controls validation.
Automated Rules & Exception Documentation

Automated Rules & Exception Documentation

Keep a running log of all rules and configuration updates, audits and exceptions with the ability to search intuitively. All change details are captured and permanently stored with the change. All these details are then visible in the context of the policy or rule – not just a link to a change ticket, but with full detail information.
Customized Workflow

Customized Workflow

Easily change the built-in workflow to meet your custom needs. Because it is built on BPMN 2.0 task types, including forks, parallel paths, timers and notifications, you can build a workflow specific to your environment.

BPMN 2.0 Compliant Workflow

  • Customizable
  • Integration with existing processes
  • Full suite of tasks: forks, timers, decisions, user inputs
BPMN 2.0

CMS Integration

Integrate with existing change management systems seamlessly. Policy Planner supports many integration options and connection points throughout the change process. Supported change management systems include:

  • HP Service Manager
  • BMC Remedy
  • Service Now
  • Proprietary Systems


To learn more about Policy Planner, participate in an in-depth demonstration or sign up for a free 30-day trial to test its capabilities in your own unique environment, click here.