Forcepoint Next Generation Firewall Review

Excellent for clustering but not a user-friendly solution with very bad GUI


What is most valuable?

One of the most valuable features is having the ability to cluster multiple firewalls even if they are different versions.

What needs improvement?

It's a complicated firewall. Until you come to know the firewall inducers, most people don't like the firewall because the components for it are a little bit complex. User-friendliness is a little bit tough. It needs to be more user-friendly when creating policies, and pushing policies. Committing takes more time compared to Palo Alto.

The solution needs to invest in its GUI. The interface is very bad and not user-friendly.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

It's a stable firewall. There's no issue on the stability. When it comes to the detection rate of the IP, it is the most powerful solution for detection-ready tests, like evasion techniques etc. Forcepoint is a leader on the market.

What do I think about the scalability of the solution?

The solution is very simple to scale. You just need to keep on adding devices. The firewall can cluster with multiple different models. Scalability-wise, this firewall will be the best firewall for an organization who is operating with a low budget. We typically implement for medium-sized to enterprise-level organizations.

How are customer service and technical support?

Technical support is okay. It takes too long to get a response because the support comes directly from the Netherlands, and they may have very limited employees. The engineers are quite technical, but the response is very slow.

How was the initial setup?

The initial setup is complex.

What about the implementation team?

We are an integrator that helps with the installation.

The initial installation needs a high level of knowledge because it's not like other firewalls where you have one single appliance. You need to have a separate machine to manage the firewall. The firewall is just a dummy device and all the configurations are done on a Windows machine. Sometimes, in the case of the unavailability of a Windows machine, you cannot do much with the firewall.

What other advice do I have?

What others need to know is that they need to have a clear idea of why they're going for this particular firewall. They need to know if are they looking for clustering or if are they looking for link load balancing. If they're not going for clustering, I would suggest they go with the most moderate firewalls like Palo Alto or Fortinet.

A certain type of attack, such as evasion techniques, isn't something that other firewalls really protect against. According to NSS Labs, Forcepoint firewall has been on top for the last consecutive four or so years because of the detection rate of evasion techniques that other firewalls failed to detect.  

The clustering of our ISP links is a nice feature that other firewalls also should have. It is a helpful feature, but it is not a user-friendly solution as a whole.

I would rate the solution five out of ten. User-friendliness is the most important reason I've rated it so low. After Cisco firewalls, no next-gen firewalls have come to the market. So if they want to compete with these firewalls, they need to enhance the overall user-friendliness of the solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email