What needs improvement with Forcepoint Next Generation Firewall?

My experience with this Forcepoint Next Generation Firewall wasn't very pleasant due to its complexity. For example, the firewall loses some features when working in a cluster, which is a huge challenge. It caused me several weeks to solve an issue to make the VPN work, even after opening several cases with support. Also, the debug, which should provide essential knowledge about everything going on, the flow of traffic, and how the engine works, wasn't very informative in identifying the issue. The problem was eventually solved by chance, thanks to an idea from an expert in the market. We had to refer to a freelancer engineer with huge experience with the Forcepoint Next Generation Firewall, and he noticed something that solved the issue by luck. We had no evidence or logs that showed this was the issue. It's the most complicated firewall I've ever faced. You have to know what you're doing to achieve the plan and take action. It would be best to be an expert, take a course, or at least read the full documentation carefully. The interface isn't organized in the same way as other competitors. You have to be an expert in it. You need to watch training videos or read the full documentation to understand how it works, even to implement a minor firewall change. Working with this firewall requires a lot of knowledge.

A VPN client feature is missing in our region, which we hope Forcepoint will address in future updates.

The endpoint protection capabilities of the product are an area of concern where improvements are required.

While they offer a comprehensive bundled solution, some users may prefer on-premise deployments for certain features, such as URL filtering. Currently, Forcepoint offers WebSense for URL filtering in the cloud, but users who prefer on-premise solutions may find this lacking. They could improve these particular areas.

Forcepoint Next Generation Firewall could change its interface, allowing standard or direct connect modes to be configured. While group design and configuration generally function well, there are issues related to OSSL. These issues may necessitate troubleshooting that involves accessing hidden features by adjusting product routes. This level of troubleshooting is currently restricted to technical personnel, not partners or customers.

Forcepoint could make the interface more reasonable and easier to navigate. If you are not good at Forcepoint, you cannot easily manage it. Fortinet is easy to navigate and reach. Forcepoint should focus on upgrades. Sometimes, service is impacted or disrupted after an upgrade. You have to read the release notes carefully before doing anything.

They should provide more details on potential cyber-attacks over a dashboard or email for the solution. Also, they should include centralized dashboard configuration and management.

They need to improve their alerts. If I could integrate some of the alerts on WhatsApp, that would be nice. I should have the option to get my alerts, not just by email. I'd like to also see them, for example, on WhatsApp.

The capacity for reading the users in a domain and the capacity to integrate the solution with the active directory or any kind of directory services need improvement. You do need knowledge of the solution in order to set the product up properly.

Next Generation Firewall's configuration could be improved.

I think some of the customers who already use Forcepoint will benefit from using SD-WAN because it has features like auto-scaling, but I think the auto-scaling needs improvement since only Forcepoint NGFW comes with the SD-WAN solution. Plus, auto-scaling is an important tool and it still may not be good enough for some customers, so I think there is room for more improvement in the auto-scaling feature in SD-WAN. We have also gotten a slow response from technical support when we experienced hiccups, errors, and bugs. I think there is a lot of room for improvement in the support capabilities.

I would like to see more sizing in the next release, and the roadmap should be clear. More models are needed to compete in terms of firewall sizing.

Forcepoint Next Generation Firewall could improve with applying policies. Also, improvement with publishing websites and VPN agent. The solution needs to add an antivirus profile and anti-spyware profile, not just policies and VPN.

Configuration is not easy because it has an old-fashioned interface. The configuration interface is highly complex, and it's been the same for years. They have to change the interface. The structure of the configuration interface isn't like Palo Alto or FortiGate where you can do everything from a single screen. With Forcepoint, you have to import or assign rules because it's working with SMC, the central firewall management. Also, you cannot communicate directly with the product. You have to communicate with the product through the management interface. The dashboard also should be updated.

Management could be better. They can improve the management. I think all our customers can't accept firewalls that have standalone management. So, they prefer Fortinet or Palo Alto. But overall, inspection and other features are working fine.

A pain point worth mentioning is the need of the customer or client to properly know the environment as it relates to the presentation of Forcepoint and to have a better knowledge of the product's implementation.

The network interface could be better, and it could be cheaper. It's very difficult for us to compete with Fortinet. I would like to see an Application Control feature in the next release.

It lacks something called a change of authority. It also lacks more integration with other VPN clients. Also, the ability to dynamically change policies could be improved.

The company should work to improve its VPN capabilities. For the most part, there aren't really any features or services that are missing. The implementation may be a bit more complex for a person who doesn't have much experience with the process. The company should update the URL filtering database. They need to enhance the URL filtering and make it easier to customize.

The security features need to be improved.

Forcepoint is a little difficult to configure compared to its competitors. The product could be more user friendly. Firewalls are getting better in graphical user interfaces. If there is an issue with the appliances then the engineering team can work on the command line controls. A cheaper way is a graphical user interface for any users to be able to quickly configuration and implement.

No firewall is perfect but they could improve on the detections of threats.

Its management center should be easier to use. The management interface of Forcepoint is unique and a little bit different from some of the firewall solutions on which people might have worked before. Sometimes, the customers say that it is not very friendly, and we help them with how to use this management interface. It just takes a little bit of time, and after some time, it gets easy to manage or use. It is quite similar to Palo Alto, Fortinet, and legacy Juniper solutions. Their support should be faster. We have received complaints that they are not responding fast, which is not good for the vendor and us.

It's a good firewall but we are looking for features that are available in Palo Alto. My team is looking for more throughput and better integration with our security framework. Better integration with other platforms would be an improvement.

They need to increase the local support here. There are also some bugs or fixes on which they need to work. They very well know about these bugs. In terms of licensing, I would like them to either increase the number of features in a single license or make licensing more flexible.

Its interface is complex when compared with a firewall like FortiGate. Forcepoint Next Generation Firewall needs a management console, whereas FortiGate doesn't need any console. When you have a few devices, a console is not really necessary. It's good to have a private console only when you have a lot of devices.

From a managerial point of view, as long as you have proper training, it's very easy to manage this firewall. Something that I've noticed that Forcepoint lacks, is the training that they offer to their customers. It's quite expensive, I believe it costs roughly $11,000. Because of this, we haven't been fully trained in this solution; to get the most out of this product, you need proper training. That is the only negative comment I have surrounding Forcepoint. Aside from the expensive training, I honestly can't think of another issue. It's a fully-featured firewall that comes with everything required. The version that we are using has a single power supply, whereas we would prefer having dual power supplies on or firewalls.

Decryption needs improvement. It could be better in terms of the bandwidth and in terms of the speed of the tasks. The solution needs to build upon its network functionality. It needs to be a bit smarter. Communication with the cloud will be integral to the future of this solution. It needs to be easily deployed with the cloud going forward. The solution would also benefit from working within a multi-cloud environment. It should work with everything from Google to Azure to Salesforce. They need to have a more complex API to be able to successfully connect with other clouds and stations.

The interface is not user-friendly. We were told that we would receive training but it came late and we had already started to deal with the product, which ultimately caused problems because we did it incorrectly. If the vendor focused more heavily on training as opposed to implementation then it would be a big improvement. The UTM features are missing. Application filtering is supported at a high level, but not at a low level. If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product. Essentially, I'm allowed to block but I'm not allowed to limit. With other vendors, I can impose limits. They need to add support for the Routing Information Protocol, RIP. There is no support for the Built.io NIC driver.

There is no support available in Fiji, and it would make it easier to have local support and somebody that we can speak with. The pricing for this solution should be more competitive. Forcepoint would be improved if there were more training available. The vendor should make loaner units available for test and evaluation in test environments.

Making this solution easier to use would be an improvement. The implementation could be made easier.

The first point to improve is just a matter of updates. We are moving to the cloud, so we want to use virtual licenses on the cloud. We need to move from on-premises to the cloud. We would love to take another solution from Forcepoint, but unfortunately, the price is too high. That's why we are not considering using Forcepoing for our proxy and DLB. They have a very good DLB, but the matter, in the end, is the cost.

The solution's support could use improvement. I'm in the MENA region so most of the time we were getting support from Europe. They should include a license watch solution on their back-end.

They are great in every single area except for the optimization feature. The optimization is not really ready. If you want very good optimization, you have to add it to the network. I think if they make some enhancements in that area, they will replace every other product in no time. We also need more IPS detection rules.

This solution would be improved with the inclusion of custom reporting. The pre-prepared reports are ok, but sometimes, perhaps once a month, I would like to create some custom reports. In the next release of this solution, I would like to have an application proxy. In our previous solution, Sidewinder, we had this capability. For example, if you want to allow SSH traffic then you can set or restrict some features of this protocol, and you can look into the traffic using SSH Insight. Some examples of applications that I would like to see are Oracle and RDP.

They should have a GUI on the product itself, not a separate management tool to be used on the management server or on a server to be used to manage the file. It should be all in one device. The device should be controlled through its own GUI. They also have to improve the learning center and the documents as the documents don't really help. In the next release, they should improve the documentation.

It's a complicated firewall. Until you come to know the firewall inducers, most people don't like the firewall because the components for it are a little bit complex. User-friendliness is a little bit tough. It needs to be more user-friendly when creating policies, and pushing policies. Committing takes more time compared to Palo Alto. The solution needs to invest in its GUI. The interface is very bad and not user-friendly.