Cyber Security Head at Turnkey Integrated Technologies TK-IT
Reseller
Top 5
2024-08-01T13:41:43Z
Aug 1, 2024
My experience with this Forcepoint Next Generation Firewall wasn't very pleasant due to its complexity. For example, the firewall loses some features when working in a cluster, which is a huge challenge. It caused me several weeks to solve an issue to make the VPN work, even after opening several cases with support. Also, the debug, which should provide essential knowledge about everything going on, the flow of traffic, and how the engine works, wasn't very informative in identifying the issue. The problem was eventually solved by chance, thanks to an idea from an expert in the market. We had to refer to a freelancer engineer with huge experience with the Forcepoint Next Generation Firewall, and he noticed something that solved the issue by luck. We had no evidence or logs that showed this was the issue. It's the most complicated firewall I've ever faced. You have to know what you're doing to achieve the plan and take action. It would be best to be an expert, take a course, or at least read the full documentation carefully. The interface isn't organized in the same way as other competitors. You have to be an expert in it. You need to watch training videos or read the full documentation to understand how it works, even to implement a minor firewall change. Working with this firewall requires a lot of knowledge.
Division Manager, Information Technology at Lonestar
Real User
Top 5
2024-04-01T09:06:03Z
Apr 1, 2024
While they offer a comprehensive bundled solution, some users may prefer on-premise deployments for certain features, such as URL filtering. Currently, Forcepoint offers WebSense for URL filtering in the cloud, but users who prefer on-premise solutions may find this lacking. They could improve these particular areas.
Forcepoint Next Generation Firewall could change its interface, allowing standard or direct connect modes to be configured. While group design and configuration generally function well, there are issues related to OSSL. These issues may necessitate troubleshooting that involves accessing hidden features by adjusting product routes. This level of troubleshooting is currently restricted to technical personnel, not partners or customers.
System Engineer at Jeraisy computers and communications services
Real User
Top 20
2023-12-11T14:05:00Z
Dec 11, 2023
Forcepoint could make the interface more reasonable and easier to navigate. If you are not good at Forcepoint, you cannot easily manage it. Fortinet is easy to navigate and reach. Forcepoint should focus on upgrades. Sometimes, service is impacted or disrupted after an upgrade. You have to read the release notes carefully before doing anything.
Learn what your peers think about Forcepoint Next Generation Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
System Administrator at a insurance company with 1,001-5,000 employees
Real User
Top 10
2023-05-31T03:18:41Z
May 31, 2023
They should provide more details on potential cyber-attacks over a dashboard or email for the solution. Also, they should include centralized dashboard configuration and management.
Co-founder | Product Manager | CEO @ ReDi at TRIAD Technologies
Real User
Top 10
2023-01-06T10:22:35Z
Jan 6, 2023
They need to improve their alerts. If I could integrate some of the alerts on WhatsApp, that would be nice. I should have the option to get my alerts, not just by email. I'd like to also see them, for example, on WhatsApp.
The capacity for reading the users in a domain and the capacity to integrate the solution with the active directory or any kind of directory services need improvement. You do need knowledge of the solution in order to set the product up properly.
Senior Network Engineer at a tech services company with 11-50 employees
Real User
Top 5
2022-05-12T22:20:00Z
May 12, 2022
I think some of the customers who already use Forcepoint will benefit from using SD-WAN because it has features like auto-scaling, but I think the auto-scaling needs improvement since only Forcepoint NGFW comes with the SD-WAN solution. Plus, auto-scaling is an important tool and it still may not be good enough for some customers, so I think there is room for more improvement in the auto-scaling feature in SD-WAN. We have also gotten a slow response from technical support when we experienced hiccups, errors, and bugs. I think there is a lot of room for improvement in the support capabilities.
Assistant Manager, Information Security at a financial services firm with 5,001-10,000 employees
Real User
2022-02-16T17:57:00Z
Feb 16, 2022
Forcepoint Next Generation Firewall could improve with applying policies. Also, improvement with publishing websites and VPN agent. The solution needs to add an antivirus profile and anti-spyware profile, not just policies and VPN.
Configuration is not easy because it has an old-fashioned interface. The configuration interface is highly complex, and it's been the same for years. They have to change the interface. The structure of the configuration interface isn't like Palo Alto or FortiGate where you can do everything from a single screen. With Forcepoint, you have to import or assign rules because it's working with SMC, the central firewall management. Also, you cannot communicate directly with the product. You have to communicate with the product through the management interface. The dashboard also should be updated.
Management could be better. They can improve the management. I think all our customers can't accept firewalls that have standalone management. So, they prefer Fortinet or Palo Alto. But overall, inspection and other features are working fine.
A pain point worth mentioning is the need of the customer or client to properly know the environment as it relates to the presentation of Forcepoint and to have a better knowledge of the product's implementation.
Product Manager at a computer software company with 1-10 employees
Reseller
2021-04-15T05:09:23Z
Apr 15, 2021
The network interface could be better, and it could be cheaper. It's very difficult for us to compete with Fortinet. I would like to see an Application Control feature in the next release.
It lacks something called a change of authority. It also lacks more integration with other VPN clients. Also, the ability to dynamically change policies could be improved.
The company should work to improve its VPN capabilities. For the most part, there aren't really any features or services that are missing. The implementation may be a bit more complex for a person who doesn't have much experience with the process. The company should update the URL filtering database. They need to enhance the URL filtering and make it easier to customize.
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
2021-01-13T14:35:28Z
Jan 13, 2021
Forcepoint is a little difficult to configure compared to its competitors. The product could be more user friendly. Firewalls are getting better in graphical user interfaces. If there is an issue with the appliances then the engineering team can work on the command line controls. A cheaper way is a graphical user interface for any users to be able to quickly configuration and implement.
Its management center should be easier to use. The management interface of Forcepoint is unique and a little bit different from some of the firewall solutions on which people might have worked before. Sometimes, the customers say that it is not very friendly, and we help them with how to use this management interface. It just takes a little bit of time, and after some time, it gets easy to manage or use. It is quite similar to Palo Alto, Fortinet, and legacy Juniper solutions. Their support should be faster. We have received complaints that they are not responding fast, which is not good for the vendor and us.
IT Director at a comms service provider with 201-500 employees
Real User
2020-12-29T12:36:30Z
Dec 29, 2020
It's a good firewall but we are looking for features that are available in Palo Alto. My team is looking for more throughput and better integration with our security framework. Better integration with other platforms would be an improvement.
They need to increase the local support here. There are also some bugs or fixes on which they need to work. They very well know about these bugs. In terms of licensing, I would like them to either increase the number of features in a single license or make licensing more flexible.
Head of Infrastructure & Cloud Section at a computer software company with 1,001-5,000 employees
Real User
2020-09-06T08:04:33Z
Sep 6, 2020
Its interface is complex when compared with a firewall like FortiGate. Forcepoint Next Generation Firewall needs a management console, whereas FortiGate doesn't need any console. When you have a few devices, a console is not really necessary. It's good to have a private console only when you have a lot of devices.
Technical Support Specialist Networks at a tech services company with 10,001+ employees
Real User
2020-08-11T06:17:00Z
Aug 11, 2020
From a managerial point of view, as long as you have proper training, it's very easy to manage this firewall. Something that I've noticed that Forcepoint lacks, is the training that they offer to their customers. It's quite expensive, I believe it costs roughly $11,000. Because of this, we haven't been fully trained in this solution; to get the most out of this product, you need proper training. That is the only negative comment I have surrounding Forcepoint. Aside from the expensive training, I honestly can't think of another issue. It's a fully-featured firewall that comes with everything required. The version that we are using has a single power supply, whereas we would prefer having dual power supplies on or firewalls.
Managing Director at a tech vendor with 11-50 employees
Real User
2020-07-05T15:50:28Z
Jul 5, 2020
Decryption needs improvement. It could be better in terms of the bandwidth and in terms of the speed of the tasks. The solution needs to build upon its network functionality. It needs to be a bit smarter. Communication with the cloud will be integral to the future of this solution. It needs to be easily deployed with the cloud going forward. The solution would also benefit from working within a multi-cloud environment. It should work with everything from Google to Azure to Salesforce. They need to have a more complex API to be able to successfully connect with other clouds and stations.
The interface is not user-friendly. We were told that we would receive training but it came late and we had already started to deal with the product, which ultimately caused problems because we did it incorrectly. If the vendor focused more heavily on training as opposed to implementation then it would be a big improvement. The UTM features are missing. Application filtering is supported at a high level, but not at a low level. If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product. Essentially, I'm allowed to block but I'm not allowed to limit. With other vendors, I can impose limits. They need to add support for the Routing Information Protocol, RIP. There is no support for the Built.io NIC driver.
Senior Network Engineer at a tech services company with 51-200 employees
Real User
2020-02-03T09:10:15Z
Feb 3, 2020
There is no support available in Fiji, and it would make it easier to have local support and somebody that we can speak with. The pricing for this solution should be more competitive. Forcepoint would be improved if there were more training available. The vendor should make loaner units available for test and evaluation in test environments.
Senior IT Operations Manager at a retailer with 1,001-5,000 employees
Real User
2019-12-04T05:40:00Z
Dec 4, 2019
The first point to improve is just a matter of updates. We are moving to the cloud, so we want to use virtual licenses on the cloud. We need to move from on-premises to the cloud. We would love to take another solution from Forcepoint, but unfortunately, the price is too high. That's why we are not considering using Forcepoing for our proxy and DLB. They have a very good DLB, but the matter, in the end, is the cost.
Sr. Network Engineer at a university with 201-500 employees
Real User
2019-10-31T06:27:00Z
Oct 31, 2019
The solution's support could use improvement. I'm in the MENA region so most of the time we were getting support from Europe. They should include a license watch solution on their back-end.
Security Pre-Sales Manager at a tech services company with 51-200 employees
Real User
2019-10-27T06:19:00Z
Oct 27, 2019
They are great in every single area except for the optimization feature. The optimization is not really ready. If you want very good optimization, you have to add it to the network. I think if they make some enhancements in that area, they will replace every other product in no time. We also need more IPS detection rules.
Security Specialist at a energy/utilities company with 51-200 employees
Real User
2019-10-06T16:38:00Z
Oct 6, 2019
This solution would be improved with the inclusion of custom reporting. The pre-prepared reports are ok, but sometimes, perhaps once a month, I would like to create some custom reports. In the next release of this solution, I would like to have an application proxy. In our previous solution, Sidewinder, we had this capability. For example, if you want to allow SSH traffic then you can set or restrict some features of this protocol, and you can look into the traffic using SSH Insight. Some examples of applications that I would like to see are Oracle and RDP.
They should have a GUI on the product itself, not a separate management tool to be used on the management server or on a server to be used to manage the file. It should be all in one device. The device should be controlled through its own GUI. They also have to improve the learning center and the documents as the documents don't really help. In the next release, they should improve the documentation.
Information Security Consultant at a tech services company with 51-200 employees
Real User
2019-08-30T04:51:00Z
Aug 30, 2019
It's a complicated firewall. Until you come to know the firewall inducers, most people don't like the firewall because the components for it are a little bit complex. User-friendliness is a little bit tough. It needs to be more user-friendly when creating policies, and pushing policies. Committing takes more time compared to Palo Alto. The solution needs to invest in its GUI. The interface is very bad and not user-friendly.
Forcepoint Next Generation Firewall is a versatile and comprehensive solution for perimeter security, offering features such as SD-WAN, IPS, VPN, and cloud or on-premises subscription keys. It is preferred by many clients over Cisco and is used for obligation redundancy, VPN access, and as the main point of security in infrastructure.
The product is praised for its simplicity, flexibility, complete feature set, scalability, and central management capabilities. Other valuable features...
My experience with this Forcepoint Next Generation Firewall wasn't very pleasant due to its complexity. For example, the firewall loses some features when working in a cluster, which is a huge challenge. It caused me several weeks to solve an issue to make the VPN work, even after opening several cases with support. Also, the debug, which should provide essential knowledge about everything going on, the flow of traffic, and how the engine works, wasn't very informative in identifying the issue. The problem was eventually solved by chance, thanks to an idea from an expert in the market. We had to refer to a freelancer engineer with huge experience with the Forcepoint Next Generation Firewall, and he noticed something that solved the issue by luck. We had no evidence or logs that showed this was the issue. It's the most complicated firewall I've ever faced. You have to know what you're doing to achieve the plan and take action. It would be best to be an expert, take a course, or at least read the full documentation carefully. The interface isn't organized in the same way as other competitors. You have to be an expert in it. You need to watch training videos or read the full documentation to understand how it works, even to implement a minor firewall change. Working with this firewall requires a lot of knowledge.
A VPN client feature is missing in our region, which we hope Forcepoint will address in future updates.
The endpoint protection capabilities of the product are an area of concern where improvements are required.
While they offer a comprehensive bundled solution, some users may prefer on-premise deployments for certain features, such as URL filtering. Currently, Forcepoint offers WebSense for URL filtering in the cloud, but users who prefer on-premise solutions may find this lacking. They could improve these particular areas.
Forcepoint Next Generation Firewall could change its interface, allowing standard or direct connect modes to be configured. While group design and configuration generally function well, there are issues related to OSSL. These issues may necessitate troubleshooting that involves accessing hidden features by adjusting product routes. This level of troubleshooting is currently restricted to technical personnel, not partners or customers.
Forcepoint could make the interface more reasonable and easier to navigate. If you are not good at Forcepoint, you cannot easily manage it. Fortinet is easy to navigate and reach. Forcepoint should focus on upgrades. Sometimes, service is impacted or disrupted after an upgrade. You have to read the release notes carefully before doing anything.
They should provide more details on potential cyber-attacks over a dashboard or email for the solution. Also, they should include centralized dashboard configuration and management.
They need to improve their alerts. If I could integrate some of the alerts on WhatsApp, that would be nice. I should have the option to get my alerts, not just by email. I'd like to also see them, for example, on WhatsApp.
The capacity for reading the users in a domain and the capacity to integrate the solution with the active directory or any kind of directory services need improvement. You do need knowledge of the solution in order to set the product up properly.
Next Generation Firewall's configuration could be improved.
I think some of the customers who already use Forcepoint will benefit from using SD-WAN because it has features like auto-scaling, but I think the auto-scaling needs improvement since only Forcepoint NGFW comes with the SD-WAN solution. Plus, auto-scaling is an important tool and it still may not be good enough for some customers, so I think there is room for more improvement in the auto-scaling feature in SD-WAN. We have also gotten a slow response from technical support when we experienced hiccups, errors, and bugs. I think there is a lot of room for improvement in the support capabilities.
I would like to see more sizing in the next release, and the roadmap should be clear. More models are needed to compete in terms of firewall sizing.
Forcepoint Next Generation Firewall could improve with applying policies. Also, improvement with publishing websites and VPN agent. The solution needs to add an antivirus profile and anti-spyware profile, not just policies and VPN.
Configuration is not easy because it has an old-fashioned interface. The configuration interface is highly complex, and it's been the same for years. They have to change the interface. The structure of the configuration interface isn't like Palo Alto or FortiGate where you can do everything from a single screen. With Forcepoint, you have to import or assign rules because it's working with SMC, the central firewall management. Also, you cannot communicate directly with the product. You have to communicate with the product through the management interface. The dashboard also should be updated.
Management could be better. They can improve the management. I think all our customers can't accept firewalls that have standalone management. So, they prefer Fortinet or Palo Alto. But overall, inspection and other features are working fine.
A pain point worth mentioning is the need of the customer or client to properly know the environment as it relates to the presentation of Forcepoint and to have a better knowledge of the product's implementation.
The network interface could be better, and it could be cheaper. It's very difficult for us to compete with Fortinet. I would like to see an Application Control feature in the next release.
It lacks something called a change of authority. It also lacks more integration with other VPN clients. Also, the ability to dynamically change policies could be improved.
The company should work to improve its VPN capabilities. For the most part, there aren't really any features or services that are missing. The implementation may be a bit more complex for a person who doesn't have much experience with the process. The company should update the URL filtering database. They need to enhance the URL filtering and make it easier to customize.
The security features need to be improved.
Forcepoint is a little difficult to configure compared to its competitors. The product could be more user friendly. Firewalls are getting better in graphical user interfaces. If there is an issue with the appliances then the engineering team can work on the command line controls. A cheaper way is a graphical user interface for any users to be able to quickly configuration and implement.
No firewall is perfect but they could improve on the detections of threats.
Its management center should be easier to use. The management interface of Forcepoint is unique and a little bit different from some of the firewall solutions on which people might have worked before. Sometimes, the customers say that it is not very friendly, and we help them with how to use this management interface. It just takes a little bit of time, and after some time, it gets easy to manage or use. It is quite similar to Palo Alto, Fortinet, and legacy Juniper solutions. Their support should be faster. We have received complaints that they are not responding fast, which is not good for the vendor and us.
It's a good firewall but we are looking for features that are available in Palo Alto. My team is looking for more throughput and better integration with our security framework. Better integration with other platforms would be an improvement.
They need to increase the local support here. There are also some bugs or fixes on which they need to work. They very well know about these bugs. In terms of licensing, I would like them to either increase the number of features in a single license or make licensing more flexible.
Its interface is complex when compared with a firewall like FortiGate. Forcepoint Next Generation Firewall needs a management console, whereas FortiGate doesn't need any console. When you have a few devices, a console is not really necessary. It's good to have a private console only when you have a lot of devices.
From a managerial point of view, as long as you have proper training, it's very easy to manage this firewall. Something that I've noticed that Forcepoint lacks, is the training that they offer to their customers. It's quite expensive, I believe it costs roughly $11,000. Because of this, we haven't been fully trained in this solution; to get the most out of this product, you need proper training. That is the only negative comment I have surrounding Forcepoint. Aside from the expensive training, I honestly can't think of another issue. It's a fully-featured firewall that comes with everything required. The version that we are using has a single power supply, whereas we would prefer having dual power supplies on or firewalls.
Decryption needs improvement. It could be better in terms of the bandwidth and in terms of the speed of the tasks. The solution needs to build upon its network functionality. It needs to be a bit smarter. Communication with the cloud will be integral to the future of this solution. It needs to be easily deployed with the cloud going forward. The solution would also benefit from working within a multi-cloud environment. It should work with everything from Google to Azure to Salesforce. They need to have a more complex API to be able to successfully connect with other clouds and stations.
The interface is not user-friendly. We were told that we would receive training but it came late and we had already started to deal with the product, which ultimately caused problems because we did it incorrectly. If the vendor focused more heavily on training as opposed to implementation then it would be a big improvement. The UTM features are missing. Application filtering is supported at a high level, but not at a low level. If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product. Essentially, I'm allowed to block but I'm not allowed to limit. With other vendors, I can impose limits. They need to add support for the Routing Information Protocol, RIP. There is no support for the Built.io NIC driver.
There is no support available in Fiji, and it would make it easier to have local support and somebody that we can speak with. The pricing for this solution should be more competitive. Forcepoint would be improved if there were more training available. The vendor should make loaner units available for test and evaluation in test environments.
Making this solution easier to use would be an improvement. The implementation could be made easier.
The first point to improve is just a matter of updates. We are moving to the cloud, so we want to use virtual licenses on the cloud. We need to move from on-premises to the cloud. We would love to take another solution from Forcepoint, but unfortunately, the price is too high. That's why we are not considering using Forcepoing for our proxy and DLB. They have a very good DLB, but the matter, in the end, is the cost.
The solution's support could use improvement. I'm in the MENA region so most of the time we were getting support from Europe. They should include a license watch solution on their back-end.
They are great in every single area except for the optimization feature. The optimization is not really ready. If you want very good optimization, you have to add it to the network. I think if they make some enhancements in that area, they will replace every other product in no time. We also need more IPS detection rules.
This solution would be improved with the inclusion of custom reporting. The pre-prepared reports are ok, but sometimes, perhaps once a month, I would like to create some custom reports. In the next release of this solution, I would like to have an application proxy. In our previous solution, Sidewinder, we had this capability. For example, if you want to allow SSH traffic then you can set or restrict some features of this protocol, and you can look into the traffic using SSH Insight. Some examples of applications that I would like to see are Oracle and RDP.
They should have a GUI on the product itself, not a separate management tool to be used on the management server or on a server to be used to manage the file. It should be all in one device. The device should be controlled through its own GUI. They also have to improve the learning center and the documents as the documents don't really help. In the next release, they should improve the documentation.
It's a complicated firewall. Until you come to know the firewall inducers, most people don't like the firewall because the components for it are a little bit complex. User-friendliness is a little bit tough. It needs to be more user-friendly when creating policies, and pushing policies. Committing takes more time compared to Palo Alto. The solution needs to invest in its GUI. The interface is very bad and not user-friendly.