20 Replies Latest reply on Feb 11, 2016 4:54 PM by rschroeder

    is FSM dead?


      It's been 10 months since the last major release. Other products are seeing 6 month update cycles.  There isn't even a beta to indicate the product is even being worked on.  We've been waiting patiently for an update to support a newer version of an existing supported product to no avail. And this is for a product that is security focused, so you'd think it would see updates quicker than, rather than less than other Solarwinds products.


      Can we get a refund since we just picked this up a few months ago?

        • Re: is FSM dead?
          nicole pauls

          Hey John,


          We are currently working on an FSM release that includes some of the items listed in our What are we working on for FSM, after v6.6? (Updated October 26, 2014) page. We're focusing mostly on device support for Check Point and then support for PCI v3.0 rule checks, after that we may get a chance to look into ASA v9 and potentially a few other things. We can't promise dates and the release isn't imminent, but there is active development underway.


          Yeah, it's been a while. Sometimes the general "6 month" guide will fluctuate depending on product lifecycles, we're definitely in a longer one right now for FSM.

          • Re: is FSM dead?



            I vote this product is dead. We own NPM, NCM, IPAM and NTA, they all get updated regularly. FSM does not produce regular updates and does not show any promise. Even statements by the Product manager are not enthusiastic. """ after that we may get a chance to look into ASA v9 and potentially a few other things""""...  (meaning this potential is years away)   ASA Version 9 has been out forever and a day. and you MAY get a chance to look at it? Seriously ?



            And to answer you second question, sorry most likely you cant have a refund.




            • Re: is FSM dead?

              I am disappointed that FSM is not being worked on more aggressively. I really want FSM in my platform, but our Security team kicked it out of consideration with out Palo Alto monitoring.

              • Re: is FSM dead?
                Capt. Obvious

                We are currently looking for beta testers for the upcoming version of FSM.

                • Re: is FSM dead?

                  I've got a number of ASA 5555's, 5545's and 5525's (all 'X" models) going online next month.  All will be Version 9.  I've been anticipating using FSM, and I'm disappointed to hear others aren't happy with its progress, and to read ASA 9 is not yet covered.  Contact me for beta testing if I can help.

                  • Re: is FSM dead?

                    rschroeder I am sorry you have those ASA's coming online next month.  Although it may be a fine device and the education behind it is extensive, we have had issues over the years with the java applet asdm runs on.  We moved to Palo Alto's and Fortinets.  I understand that this does not help with the continuing development of the FSM product, but be assured that development is continuing and will catch up some time in the future.  I am hoping they will be able to support other firewall vendors with the next release, if not I am sure it is in the works. 

                      • Re: is FSM dead?

                        It's true, ASA's weren't my choice.  I've had great satisfaction and security from the DARPA offspring formerly known as Sidewinders.  I've been running single or peer-to-peer HA Sidewinders for sixteen years with very few complaints.


                        But our shop has recently gone nearly 100% Cisco, and ACS and ISE and UCI considerations forced the latest generations of Sidewinders, now called McAfee Firewall Enterprise appliances, to the side.  I like the Sidewinder's history of never having been broken through, and their backup & restore options, and the huge suite of applications and services they support.  I'll miss that.


                        The Cobra GUI for Sidewinders was powerful and intuitive, and pretty much eliminated any need for CLI controls, although CLI via KVM and SSH are still supported 100% on them, and I use CLI for tasks I've just become accustomed to over time.  This is another thing I'll miss.


                        I don't like the Sidewinder's failover capabilities as much as I do the ASA's.  And the Sidewinders can't interface with NCM.


                        But owning them kept their price point extremely low and attractive, beating out ASA's by a long shot once you added in the modules to the ASA's to give them the functionality that's already in the box with the 'Winders.  The ASA's will have a long learning curve, and my Sidewinder skill sets aren't specifically transferable to Cisco IOS.


                        ASA's use a completely different philosophy and command syntax. I'll be relying heavily on the expertise of others to get them going.


                        That which does not grow and change stagnates and dies.  My going to ASA's is the result of McAfee's support solution degrading as Secure Computing was taken over by McAfee, and by McAfee not growing and changing the Sidewinders to be more compatible with the Cisco world.  Best Of Breed solutions are nice, and Sidewinders have always fit my security needs AND budget better than any other product in the Gartner Reports Magic Quadrants--and I've researched the top six vendors as ranked by Gartner every year to ensure my organization has the right product in place.


                        Ah, well, change is the rule of the day.  I wouldn't be in this industry if I didn't enjoy new technologies and challenges.

                        Although sometimes I'd be willing to call it good at just getting new fishing technologies and techniques and locations down pat.


                        Swift packets, all!

                          • Re: is FSM dead?

                            I inquired to our SolarWinds sales person about Firewall Security Manager and was told:


                            "Unfortunately we have end of life that product and don’t have any solutions that provide that type of functionality." 


                            Since I can't buy FSM what other products would you recommend?  We have Cisco 5508-X with Firepower. One stand alone, two in an HD config.


                            We have a requirement to do quarterly firewall configuration audits but only one Network Engineer so I am looking for a tool that would help someone else evaluate the firewall configurations.


                            We use the SolarWinds Network Configuration Manager so something that worked with that would be good but not a requirement.




                            • Re: is FSM dead?

                              sidewinders were awesome! secure computing was one of my favorite vendors.

                          • Re: is FSM dead?

                            Maybe with the changes at SW HQ, they will relook the product for viable options and offerings.  It may just go on the bench for a year or so.   We can only hope....  If that is not the case then may they will put some focus on NTA or LEM. 


                            We shall see what the day will bring........

                            • Re: is FSM dead?

                              I guess all the more reason to migrate from Cisco ASA to some real firewalls like Palo Alto, Fortinet, Juniper, or Checkpoint.  Shoot, I would even resurrect a Sidewinder circa 2002 before working on ASA's. 

                              • Re: is FSM dead?

                                Here our firewalls have given up on FSM and moved to another application. Needed immediate updates and got none.

                                • Re: is FSM dead?

                                  If I may offer a reply to dclick in his query to CourtesyIT about a prevalence of anti-Cisco feelings, Cisco may have built some negative customer appeal through a variety of reasons:

                                  • Their Java-based GUI was pretty, but very slow and limited--therefore some people may have determined it was a bad product for their environment.  I'll go so far as to say their GUI was very frustrating to me, and a huge security risk.  Particularly when compared side-by-side with better-executed network GUI's like Nortel's Java Device Manager.  And it added ton of bloat to the memory requirements of their equipment, which was accompanied by much longer download times for the IOS code, due to the size of the GUI files.  Which was another potential negative to deal with.
                                  • Rather than developing something for the greater good, from scratch, Cisco may be perceived by some to do what's best for Cisco--possibly at the expense of a smaller competitor or niche market venture.  For example, they might buy any smaller company with a useful product, and then re-brand it as Cisco.  Well, this is the normal way of business, and it's not that Cisco's bad.  It's that they have the money, and the ability to do this.  But folks who root for the little guy and the underdog may view it as a giant beating up on a tiny defenseless company.   Then maybe that company's employees are let go.  And you know who comes out looking like the bad guy . . .
                                  • Their products, like pretty much all vendors' products, do not necessarily arrive without bugs.  Some of those bugs can be pretty painful to we who support the networks that rely network hardware on which we've just installed the buggy code.  That problem is exaggerated and exacerbated by the extent to which Cisco's products are deployed.  Their market share is major.  A bug or hardware miss on their part may constitute a very large inconvenience to a huge percentage of all IT workers.  And we're the ones left performing 3 a.m. upgrades and patches and reboots on weekends, so the fewest number of our users are affected.  It doesn't mean Cisco's bad--only that they've sold a LOT of product.  I'm personally a victim of that, both with hardware flaws and with IOS bugs.  All the lost sleep doesn't make me a fan of theirs, but I must remember how reliable and fast my Cisco network is when I'm sleep deprived due to their inadvertent errors.
                                  • You'll likely spend some time at their web site searching for configuration answers and processes.  And if you're like me, you may have found that it's challenging to find the information you need quickly and successfully, due to the immense amount of products they have, and due to the prodigious quantity of documents they've stored for us to research.  The time spent with frustrating research could tend to color your opinion of their resources.  But what company doesn't have this problem?  The issue is that its your time that's being wasted.  Which might make you somewhat resentful.
                                  • Cost.  Their hardware might not always provide the best bang for your dollar.  Maybe you've got experience with another vendor's product and you like it--but it doesn't play nicely with your customers' networks or with your ISP's equipment, and you have to buy Cisco to get a particular job done.  You might resent that expenditure of dollars and hours.
                                  • Marketing.  The interactivity between the many Cisco products is a great way for them to get a foot in your door, and if you've ever been promised the moon and then received a little paper cut-out of the moon you'll have an idea of a potentially bad solution that could cause hard feelings.
                                  • Support.  From outsourcing jobs from the U.S. to third-world nations, to the fees they charge for Smart-Net contracts, to their potential inability to deliver on what they've promised (or on what you assumed), these might be places where people could become disaffected.


                                  I suspect these, and similar ideas, may be why there's a big chip on some folks' shoulders towards Cisco.  I'm probably wrong, though.  Here's hoping I just didn't end my career by trying to help you understand other folks' opinions.


                                  "Dear Cisco:  Please don't ruin my life, or that of my family, or my company, or my co-workers, or Thwack, or Solarwinds . . ."