Forcepoint Next Generation Firewall Review

Centralized security management eases configuration to help prevent attacks


What is our primary use case?

Our primary use case for this solution is as a perimeter between our internal and external networks. It is a critical security firewall.

We have an on-premises deployment.

What is most valuable?

The Security management console is fantastic.

The central security management center and the content management center are very good.

What needs improvement?

This solution would be improved with the inclusion of custom reporting. The pre-prepared reports are ok, but sometimes, perhaps once a month, I would like to create some custom reports.

In the next release of this solution, I would like to have an application proxy. In our previous solution, Sidewinder, we had this capability. For example, if you want to allow SSH traffic then you can set or restrict some features of this protocol, and you can look into the traffic using SSH Insight. Some examples of applications that I would like to see are Oracle and RDP.

For how long have I used the solution?

We have been using this solution since 2015.

What do I think about the stability of the solution?

The stability of this solution is absolutely fantastic. There have been no problems since we implemented this solution in 2015. It acts as the edge between our internal and external networks, and we see many attacks from the outside. They have all been blocked. There is no problem with this solution.

What do I think about the scalability of the solution?

Scalability is fantastic. We are using an active-active cluster and there is no problem with adding another node. Currently, we have a two-node cluster, but there is no problem in adding a third node.

This solution protects approximately three hundred users.

How are customer service and technical support?

The technical support for this solution is great. We have a support contract and we can create a ticket when required. They have solved our problems.

If you previously used a different solution, which one did you use and why did you switch?

Prior to this solution, we used Sidewinder. That solution was discontinued and we were at the end of support for our hardware.

How was the initial setup?

The initial setup of this solution is not easy. It is an enterprise solution that is very complex and not easy to set up.

When we replaced our previous solution, the process took approximately two days. However, there was a period of analysis after this that took about one month. The analysis involved our current system, our network infrastructure, and our data center.

We have three administrators who maintain this solution. One of them is on-premises and two of them administer remotely. It is not possible to manage the security system using only one person because it is too complicated. It requires a team to discuss problems when they arise, including how they should be solved, or how attacks should be blocked. Cooperation on these matters is necessary.

What about the implementation team?

We involved our security partner for the implementation of this solution because it is very complex. Three people were required for the deployment, including a network specialist, our partner, and myself.

What's my experience with pricing, setup cost, and licensing?

This is not a very expensive solution. The big advantage of this solution is that we can select the right model for our requirements, which is not too expensive. There are many hardware models and different appliances.

We have a license for an unlimited number of users because it is necessary for our solution. If it were not unlimited then we would have a problem. This is probably dependent on the appliance model.

Which other solutions did I evaluate?

Before choosing this solution we evaluated Check Point.

What other advice do I have?

Forcepoint is my favorite enterprise firewall.

The security management center is the best part of this solution. It is always very simple to see the state of the firewall and to configure it to look for faults. The quality of this component is very high. Previous solutions were not very good with respect to the management center, but now, in this solution, it is very good. This is the main reason that I recommend this solution to others. This feature is absolutely necessary if you want to configure devices to prevent attacks.

I would rate this solution a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email