We just raised a $30M Series A: Read our story

Forcepoint Secure Web Gateway OverviewUNIXBusinessApplication

Forcepoint Secure Web Gateway is the #1 ranked solution in our list of top Web Content Filtering tools. It is most often compared to Cisco Umbrella: Forcepoint Secure Web Gateway vs Cisco Umbrella

What is Forcepoint Secure Web Gateway?
Websense Web Security blocks web threats to reduce malware infections, decrease help desk incidents and free up valuable IT resources. It has more than 100 security and filtering categories, hundreds of web application and protocol controls, and 60-plus reports with customization and role-based access.

Forcepoint Secure Web Gateway is also known as Forcepoint SWG, Websense Web Security, Forcepoint TRITON.

Forcepoint Secure Web Gateway Buyer's Guide

Download the Forcepoint Secure Web Gateway Buyer's Guide including reviews and more. Updated: October 2021

Forcepoint Secure Web Gateway Customers
Adventist Health, Alphawest, Amadori, Anoka County, Compartamos Banco, Davies Turner, EverBank, iGATE, Karlstad Municipality, Lake Michigan Credit Union, Scavolini, Smurfit Kappa, Toyota
Forcepoint Secure Web Gateway Video

Pricing Advice

What users are saying about Forcepoint Secure Web Gateway pricing:
  • "Licensing is flexible. License pricing information is based on the customer, their environment, and on the future approach."
  • "The licensing is not expensive."

Forcepoint Secure Web Gateway Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Baljeet Singh
Subject Matter Expert at Hitachi Systems, Ltd.
Real User
Top 10
Flexible endpoint security, provides URL filtering, and the reporting is good

Pros and Cons

  • "The feature that I find to be most valuable is the flexibility of the single endpoint."
  • "Stability needs some improvement, we have on occasion experienced some delay when it is synchronized."

What is our primary use case?

We are implementing Forcepoint Web Security Gateway on corporate, and on enterprise levels. We're not only maintaining Forcepoint, but we are also maintaining McAfee and Symantec as well. I implement and maintain Forcepoint.

The primary use case of Forcepoint Secure Web Gateway is focusing on the advanced malware detection for our customers. We deployed it in multiple locations, and we ensure that the customer's requirements are achieved.

The majority of customers are using the on-premises solution of Forcepoint, and hybrid solutions. But, during this COVID period, they are upgrading that Cloud Web Security console with the availability of the categorization, and there is a GRE tunnel. You can use the GRE tunnel between your organization and the Forcepoint cloud with the IT-based policy applicable to your prospective user.

How has it helped my organization?

Forcepoint provides you with the reporting that allows you to see the threat information and if there are any threats present.

You can see traffic going to a different country like China as an example. We can see the traffic and decide if they are going to block it and if we are able to block that IP from the firewall.

Also, it will check the functionality that is the most inexpensive and we can see the most important features. We can see whether some country is malicious. We can say this specific connection going to the specific malicious country, we can block that specific URL or specific country IP address from that security console. So, that is the most useful feature in the Web Security console.

What is most valuable?

The feature that I find to be most valuable is the flexibility of the single endpoint.

The Single endpoint for DLP and Cloud Web Security can be used for the DLP as well and Cloud Web Security as well. This is the most useful functionality from Forcepoint that is driven, and they are even providing the CASB, which is inbuilt on that endpoint as well.

They are providing CASB functionality on that same endpoint.

No other solution provides a single endpoint for the CASB, DLP, and that proxy solution.

Forcepoint has recently made changes on the cloud level. Previously, they did not have any flexibility on the cloud level. During this COVID period, Forcepoint has updated the cloud and now has more functionality on that level. For example, integration of CASB solution, cloud app, and DLP, which is also flexible. They're also adding on-premises data security solution integration with Cloud Web Security.

Also, URL filtering, which is filtering based on the categorized filtering, based on the content filtering, that is available on the Cloud Web Security Gateway, and even has an inbuilt DLP functionality, that limited functionality on the Cloud Web Security Gateway. This is free of cost. 

Forcepoint also includes a cloud app called Shadow IT visibility, which is very useful for the customer to identify whatever application accessed by the user from his endpoint machine, which is installed with the Forcepoint Cloud Web Security Gateway endpoint.

They have improved the cloud app functionality and they're giving the visibility of the accessibility of all the cloud applications accessed by users.

Forcepoint provides some more functionalities on the DLP.

They're going to integrate on-premises DLP solution with the cloud solution, Cloud Web Security Gateway.

With IP-based protection, you can put your ISP IP address and you can define a single policy for your organization, and any traffic coming from your organization will be filtered out with the specific policy.

There are many options and a lot of customization available in the reporting. There is a report builder, report viewer, and a customized reporting template is there. So, you can just customize your reporting, which is the best feature added by Forcepoint.

The ability to display the reporting to higher management is good. They just added that feature to the Cloud Web Security console.

CASB integration has just been added. With the CASB solution, you can select your sanctioned applications or your unsanctioned applications, and define a policy based on them.

The self-user registration is not a part of the domain. Previously, they only had two or three predefined templates, now they're adding four or five templates with the limited DLP functionality.

Web isolation, which was not previously included with the Forcepoint, can now offer a web isolation license. If there is some malicious URL or there is some uncategorized URL and you want to permit, or you want to block that URL, but you can just define the web isolation. In this scenario, that URL will be opened in the remote server, which is an isolated environment. In this scenario, if there is any malicious activity happening on that specific URL then it might not reach on your system because that is open on the isolated environment. Even if you are going to download any files from that site, and if there is a malicious file, they're going to sanitize on that isolated environment, and if it has found any malicious activity, it is automatically blocked.

In regards to decryption, the deep level inspection for all the sites is now available. Earlier, there was limited functionality for this.

Shadow IT provides you with risk level information, for example, it can identify what applications are high-risk and all the applications that are low-risk.

Based on the risk level, you can just block the application.

What needs improvement?

Forcepoint giving only on-premises solutions and hybrid solutions.

They're also providing the Cloud Web Security, but there is limited functionality, limited categorization, and limited protection.

Stability needs some improvement, we have on occasion experienced some delay when it is synchronized.

What do I think about the stability of the solution?

With stability, the only thing is that that policy synchronization is sometimes delayed, but not much of a delay.

Generally with Forcepoint documentation, whenever we want to change anything on the policy level on the cloud console, it can take 10 to 15 minutes to update the endpoint machine, but generally, it will be updated in one or two minutes. 

That is not a challenge, but sometimes it's taking more than 15 minutes. 

Forcepoint is also performing some back-end activity to update the Cloud Security console, and they are experiencing some downtime. It will be a total of 12-hours to make some changes to the cloud environment that they also pushed the mail to his customer, whoever is using the Cloud Web Security component. So, they're going to upgrade the solution for the specific region. Region-wise, they mentioned for example the India region or any other region. With this specific region, the server going to update, which might be impacted. 

They will have a 12-hour downtime, and after that, the stability will be resolved.

What do I think about the scalability of the solution?

If I am talking from my perspective and my organization's perspective, we have more than 25 plus customers in my range that are using Cloud Web Security. They are going to move the Cloud Web Security console because earlier, they were using an on-premises solution. Now, you know that the future is on the cloud, so that's why most customers are going to the cloud solution.

With on-premises, you require a server, you require caching, you require an appliance, and you are required to update each and every server. That is why customers are moving to Cloud Web Security. They don't need to upgrade the server because that is back-end activity. The only thing that you can just protect your system in the office and in roaming mode as well.

How are customer service and technical support?

Technical support is great with the priority level. 

When you're going to raise a case that might be of severity, you can define the severity with the technical levels, business server, or any support level, which is taken by the customer or partner. 

According to this, we're getting the response, we're getting the proper article on that console, whenever we're going to raise the case with a specific problem. With the problem, when we are going to put that problem information, there is automatically an article that is attached.

The maximum problem will be resolved on that tech knowledge-based article. But if there is nothing returned, or there is no resolution with the knowledge-based article, at that time we definitely raise it with the support team and they respond immediately.

How was the initial setup?

The initial setup is straightforward. 

You just need to put a server to sync your user information with the cloud for the authentication perspective. If you're not using the AD environment, you can just send an invitation link for your user, so they can register themselves with that Cloud Web Security console and use the functionality and the admin can apply the policy for specific or the email ID based users. 

Definitely, if we are talking about the Cloud Web Security solution, not only Web Security solution, any cloud solution, so generally, they're asking for the email addresses when they are going to integrate the AD environment on the cloud. So, that is recommended for all of the web solutions.

This is a flexible environment; you can just put that agent on machines through AD or any third-party deployment tools. There is the flexibility of the port connectivity, where you can just keep open the ATA 443 port that is generally used in the organization environment, and you can suggest the customer open the specific port for the specific cloud ranges. 

You cannot open that traffic for all of the internet.

What's my experience with pricing, setup cost, and licensing?

Licensing cost is also dependent on the number of licenses. 

When users increase from 100 to 500 or from 1,000 or even 20,000, that licensing cost automatically decreases. And if there is a limited license, you can say there is a fixed price, for use of the licensing.

Licensing is flexible. License pricing information is based on the customer, their environment, and on the future approach. For example, are they're going to move forward with this environment? Will they be increasing their system to more users?

There are additional costs for URL filtering, Web isolation, and CASB integration. 

For the normal scenarios, if I am talking about URL filtering, there is no additional component for that. There's a single license, the standard license for the URL filtering and if you want to add web isolation, that is definitely something you need to pay more for. Even if you want to increase your storage limit for the log, you definitely need to pay for the storage as well. To start with, the retention period is 90 days.

Which other solutions did I evaluate?

I am evaluating several solutions to compare with Forcepoint Web Security Gateway such as McAfee, Symantec, DLP, Web Security, CASB, and Email Security as well.

Generally, the McAfee team is a different one in my organization. But if I am talking about McAfee with the Gartner Report, the categorization is limited for McAfee

If we are talking of Forcepoint, there are more than 101 categorizations included. Based on the categorization, you can just identify which URLs come over the specific categories, and you can identify them immediately.

If you are talking about the URL categorization based on that behavior, that is also positive, proper categorization performed by Forcepoint so that you can get the response from the internet as well.

With Cloud Web Security, of course, Forcepoint is providing the hybrid. The scalability on the hybrid and cloud web security, that is visible.

With McAfee, from my organization, there are limited customers for this because they are facing many issues, which is why they maybe moved on to Forcepoint.

What other advice do I have?

We deployed this solution during COVID, for two or three customers, and the customers are very happy with this product.

I can recommend Forcepoint.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
JT
Managing Consultant - Sr. DLP Security Engineer at a comms service provider with 1,001-5,000 employees
Real User
Top 20
Great analytics, but hindered by weak support

Pros and Cons

  • "The GUI is quite nice."
  • "It's the support that's the problem because that's a different question from the product itself — it's the Achilles heel."

What needs improvement?

The biggest issues within the product were that it had become stagnant. For about four or five years, there was very little real innovation going on.

It felt as if they were just sitting back. They were lacking in regards to keeping up with the developments within the cloud. 

Overall, I think they had a good, solid product. I think they failed to add features. It was not as feature-rich as other products. I would say the biggest problem was the lack of features, they just hadn't kept up. Under Raytheon, they were starting to correct this, but it was a work in progress. Overall, the biggest problem with the product itself was the lack of features.

I knew that they needed to handle web sockets in some way, all we could do was effectively bypass it. There were too many times when the connections just didn't work right through the proxy. Our customers would have to bypass and basically go around the product. There were various levels to this and it was a real pain for our customers to diagnose those problems. There needed to be an end-product protocol analyzer output (for lack of a better way to put it), that would help administrators understand why the connection wasn't working.

There was so much legwork involved: someone would have to take a laptop and set up in front of the proxy; then they would have to load Wireshark (as I used to call it) and pull their captures; then they would have to give that to Forcepoint, or they would have to try to reason it out themselves. That caused a lot of problems because most administrations weren't confident or competent enough to do it.

They didn't have the skill-set needed to make proper use of those tools in the first place for analysis. There were a lot of customers who could've gotten value from the product but who were put in a position where they had to basically bypass the product because of certain connections. Some form of connection-troubleshooting should be included within the product, more than just looking at a log that nobody knows how to read except for support. 
There was no way to troubleshoot connections in an effective manner that didn't require a lot of legwork by the user. Whenever you ask a user to do that, nine out of 10 times, they're not going to do it. They're just going to take the easy way out, bypass it, and then they'll bitch about the product, but they won't actually fix it. They won't want to make the extra effort. The problem just remains unsolved. They needed something like a connection analyzer tool to explain why, or at least give a better indication of why this was failing.

Again, it was the lack of development. The GUI is quite nice. I think it's very natural for people once they get used to it. Ironically, the company I'm working for now is actually POCing the DOV product and one of the things they like is the interface. They had a lot of good synergy with their other products. They failed to capitalize on it, ultimately. They're getting there. They got better, but it might be too little too late. That's the problem.

For how long have I used the solution?

I have been using this solution for nine and a half years.

What do I think about the stability of the solution?

Forcepoint Secure Web Gateway was pretty stable.

What do I think about the scalability of the solution?

Scalability-wise, It was pretty good. We had deployments that were easily over 10,000 — it could handle it if you scaled it properly with the right hardware. There were deployments that were 34,000 at that point. Now, with very large enterprises (with over 60,000 employees), that's where it starts to get a little tricky. They managed to get the product to that point but it was not cheap either, but it was achieved on the scale pretty well.

How are customer service and technical support?

The biggest issue that hampered Forcepoint was the lack of development and good consistent support. Because of this, they went from 50,000 to 60,000 customers, down to 16,000 in the space of about three years.

That's a huge drop. A lot of that came down to Palo Alto and a couple of others jumping in the game with filtering but at the same time, Forcepoint had people who were loyal, but they were giving up because of the support situation. 

I constantly dealt with customer support. There wasn't a week that went by where I didn't have to talk to somebody.

They knew me by name and I knew them by name and we were all one big happy family, but when they moved from San Diego to Austin, they lost people.

They gave good, consistent support for about a year, but then they began losing staff because they weren't paying enough. They hired a bunch of people and claimed that they adjusted their wages, but then the same cycle occurred another year later.

That's been the biggest problem. It wasn't the product that caused them to lose people (even though they had some innovation issues), it was the support. At the end of the day, the innovation was causing them to look weak in customers' eyes; when you couple that with the support problems, that's when they started really losing customers.

How was the initial setup?

The initial setup was pretty straightforward.

In fact, you could literally load it, install it, and have it up and working in no time. All you had to do was point a browser to it and you could prove it worked. Now, if we wanted to take it and fully integrate it onto the network, then nine times out of ten, we used one particular method called WCCP.

What other advice do I have?

Overall, on a scale from one to ten, I would give this solution a rating of seven. 

The product was sitting at about a seven. Support was dragging it down to a six. So, if I had to be honest, they had some very good analytics — just counting the product itself, I would say it's a seven.

It wasn't perfectly stable, but it was pretty good. I would say it would need to be more feature-rich. It would need to be more helpful for troubleshooting problems with connections and it would need more stability — then I would give it a higher rating. Under all of those things, it's the support that's the problem because that's a different question from the product itself — it's the Achilles heel.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Forcepoint Secure Web Gateway. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,267 professionals have used our research since 2012.
Edwin EzeOsiago
Head of security solutions at Infodata Professional Services
Reseller
Top 5Leaderboard
Good security categorization and resolution options, with helpful and responsive technical support

Pros and Cons

  • "The most valuable feature is the categorization, where you can allow general access to an application but limit specific features."
  • "The deployment is a bit complex and it requires expertise to deploy, which is something that should be improved and made easier to do."

What is our primary use case?

We are a professional services company and I use this solution in my office, but I also implement it for some of my customers. This product is used as a security gateway, and more generally, as part of an internet security solution.

I have some customers who have deployed this solution on-premises, while others have a hybrid cloud deployment using Azure or AWS.

How has it helped my organization?

I can now go to sleep not being bothered of users accessing sites that are wasteful or can compromise security.

What is most valuable?

The most valuable feature is the categorization, where you can allow general access to an application but limit specific features. For example, you can allow a user to access Facebook, yet restrict their ability to stream Facebook videos or download pictures. The same thing can be done on services like YouTube. A similar example is that of online storage solutions, where you can approve storage collaboration with Office 365 SharePoint, but limit them from using OneDrive or Box.

I really like the fact that you aren't required to get a Forcepoint appliance. It can be deployed on a VM and I am happy to have my own servers.

Forcepoint integrates well with other appliances.

What needs improvement?

The deployment is a bit complex and it requires expertise to deploy, which is something that should be improved and made easier to do.

For how long have I used the solution?

I have been working with Forcepoint Web Security for approximately three years. 

What do I think about the stability of the solution?

We have not had any problems with the stability of Forcepoint.

How are customer service and technical support?

I have been in contact with technical support and they are great. Every time I call for assistance, they always help. Whether it is weekdays or weekends, if I need a technical session or I request materials or ask them to guide me through something, they've always been very helpful. If you have a pending case then they call you to give you updates and see what else can be done to resolve the problem. They don't allow you to just hunt down issues on your own. Rather, they will help and you are assured that they will work with you.

This is the kind of assurance that we give to our customers or anybody else who is looking into implementing Forcepoint. Especially in my region, I am very confident with the helpfulness and capability of the support, no matter who the customer is.

Which solution did I use previously and why did I switch?

I am a reseller for many different types of security solutions, and I have a preference in favor of Forcepoint. There are downsides to other solutions that I have not encountered with Forcepoint, and moreover, the support in my region is massive.

How was the initial setup?

The deployment is a bit complex. If you have all of the prerequisites and know all of the sites then the deployment can be done in a few days or a week. It's very rare not to encounter issues because customers will make requests, and you get stuck because of the different environments. You have to contact the customer to figure out how to resolve problems, and it can be time-consuming. The important thing is to have the planning done before starting the implementation.

The simple part of the deployment is the installation on the VM. You just have to get the license, visit the support portal, download the image, and install it on the virtual machine. When deploying on the cloud, you just have to make sure that you have space in Azure.

What about the implementation team?

We have an in-house team to handle deployment.

What's my experience with pricing, setup cost, and licensing?

The Prices are fair and you are assured of getting the value for your money.

What other advice do I have?

Forcepoint looks ahead at what is needed and they seem to be on track. Two years ago, they knew what they would be doing in 2020, and they are on the right path.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SC
Infrastructure Support Officer at a government with 1,001-5,000 employees
Real User
Top 10
Good URL categorization database, intuitive, and easy to use

Pros and Cons

  • "It has got a really good URL categorization database. It is simple to set up. It is also easy to use and quite intuitive. It has got a nice utility for troubleshooting."
  • "We are using a V10000 G3 appliance. It is just a proxy. It is just HTTP, FTP, and HTTPS. Now, as our website has developed and we are using rich time-connectivity protocols, the proxy doesn't have the ability to work with these protocols. It would be nice if the UDP feature was there for it to filter UDP traffic. It needs firewall capabilities for UDP filtering. Its upgrades can be quite complex, and they don't always go as per the plan. Its reporting could be a bit more granular."

What is our primary use case?

We use it for internal monitoring of internet access as well as for controlling internet access.

What is most valuable?

It has got a really good URL categorization database. It is simple to set up. It is also easy to use and quite intuitive. It has got a nice utility for troubleshooting.

What needs improvement?

We are using a V10000 G3 appliance. It is just a proxy. It is just HTTP, FTP, and HTTPS. Now, as our website has developed and we are using rich time-connectivity protocols, the proxy doesn't have the ability to work with these protocols. It would be nice if the UDP feature was there for it to filter UDP traffic. It needs firewall capabilities for UDP filtering.

Its upgrades can be quite complex, and they don't always go as per the plan. Its reporting could be a bit more granular. 

For how long have I used the solution?

I have used it for quite some time.

What do I think about the stability of the solution?

I am satisfied with its stability. We have got a good network infrastructure.

What do I think about the scalability of the solution?

It is easy to scale. You can just add another box to scale it up. 

We are using it for about 3000 users, but it can take a lot more. You have to look at the box you choose and use it as you require.

How are customer service and technical support?

I have interacted with them. Nine out of ten times, their support is really good. There are different packages you can buy for support. The one we have is really good. We usually get a response within four hours, and they are available seven days a week. They have been helpful, and they do point you in the right direction. If they don't have a solution, they will go back and solve it through another team member.

Which solution did I use previously and why did I switch?

I can't remember, but I think we used Blue Coat. We switched because at the time, most of the technology modules were embedded into one appliance in Forcepoint Secure Web Gateway, which is how you can reduce the number of boxes you would have in your server, which is really good. In terms of cost also, it was working out better for us.

How was the initial setup?

The initial setup was straightforward. The upgrades, however, are not straightforward, and they don't always go as per the plan. It also depends on your environment and the configuration. The advantage of going for a cloud solution is that you don't have the overhead of managing upgrades and downtime. The advantage of an on-premises solution is that you have more control, which is really nice. You have ownership, and you have the chance to develop your own solution, which is fantastic.

What about the implementation team?

We got help from a third-party vendor.

What other advice do I have?

I would not recommend the version that we have, that is, V10000 G3. I would recommend the later versions. 

Its implementation depends on your working environment. You might want to go for a hybrid version where it is partly on the cloud and partly on-premises. You also have to look at deploying agents on your systems. So, it just depends on how you are planning on working. Are you working from an office or are you going to be working remotely? That would dictate how you implement the solution. It is a fine product for what it does. Going forward, it would need firewall capabilities for UDP filtering.

I would rate Forcepoint Secure Web Gateway an eight out of ten. It needs UDP support and a bit more granular filtering of reports, but all in all, it ticks most of the boxes.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AmgadYousry
Security Team Leader at Infort
Real User
Top 10
An excellent web proxy with good functionality and very deep technical features

Pros and Cons

  • "In terms of functionality, Forcepoint is the best web proxy available."
  • "The solution should be better able to support itself and operate faster. Sometimes the technical support team takes too long to respond."

What is most valuable?

All the proxies have the same features, but the idea here is about URL categorization and the support you have. I found this very interesting in Forcepoint.

In terms of functionality, Forcepoint is the best web proxy available.

I'm an engineer, and as an engineer, I often try to use the best solutions and ones I'm most comfortable with. I like Forcepoint. It's very good for implementation, but it's functionality is great. It has very, very deep technical features, and in-depth introduction features. I really encourage anyone to have it in their environment.

What needs improvement?

If the solution had a lower cost, it would be easier to implement.

In the 8.5 version of the solution, I took some issue with the interface. 

I'd recommend that the company supports more process to matrix files. We've had issues with that.

The solution should be better able to support itself and operate faster. Sometimes the technical support team takes too long to respond.

For how long have I used the solution?

I was first introduced to Forcepoint in 2013. At that point, it was Websense and has since been acquired. I've been using the solution in total for about two years. I've spent the same amount of time with the email and web security parts of Forcepoint as well.

What do I think about the stability of the solution?

The solution is very stable. I didn't see any issue regarding stability. The hub itself is very powerful. It's very good that I can look at the hardware good or node maintenance and see where there are vulnerabilities. 

What do I think about the scalability of the solution?

I implemented it in an environment with multiple users and other environments which included about 20 other items and I've found scalability to be great. You can have a lot of appliances that act as a cluster and you could have high availability on a sort of virtual ID server. You can do additional ID configurations from the other appliances so that typically it extends well. You don't have to have something like download X5. If you have two appliances, you just need to distribute both. For example, you can do it from the configuration. I couldn't find any situation in my work with Forcepoint that was not able to satisfactorily scale. So you can really make it as you wish.

How are customer service and technical support?

Technical support sometimes takes too long to respond to queries.

How was the initial setup?

In terms of implementation, if you are going to implement Forcepoint, you have to think about how you will deploy it in your proxy environment. You have the ability code, as well as other items. 

If you are implementing Forcepoint in web proxy, it has to be P1 or P2. It has to be on the user onsite as V2 on V5. You could, for some environments, have two interfaces that communicate with each other. You cannot get both to interface, however. If you use the P1 for a user's internet, you then have to make P1 access the internet.

What other advice do I have?

We're a Forcepoint business partner in Egypt.

There are a lot of features already in the application and a lot of features that are added every day, so you have to learn how to implement them. If you decide to use the solution, you have to plan it out and prepare for it. You also have to update your knowledge and make sure your system is updated with regard to the solution. The most difficult part about Forcepoint is that if you take some time away from not working with it you forget features and processes. You need to work on it often and continue learning about it all the time.  

I'd rate the solution nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
GG
AGM - IT Infrastructure at a manufacturing company with 10,001+ employees
Real User
Top 10
Stable, with excellent technical support but does not scale well

Pros and Cons

  • "For the most part, the solution, when set up correctly, works fine."
  • "Overall the software is occupying too much memory space. If they could remedy that, it would be a better experience, because today Windows is occupying too much memory space as well (in terms of the RAM), and this software has also started occupying all the memory. Due to this, I have less space for my other office products and data. I can't, for example, operate a huge Excel sheet or other datasets."

What is most valuable?

For the most part, the solution, when set up correctly, works fine.

What needs improvement?

Sometimes we find the solution behaves erratically. It may be related to our configuration, which may be incorrect. We are using desktops, laptops, and workstations and the laptops are set to mobile status. We do make connections outside the office premises as well, and desktops or workstations are predominantly located in the same place. 

Overall the software is occupying too much memory space. If they could remedy that, it would be a better experience, because today Windows is occupying too much memory space as well (in terms of the RAM), and this software has also started occupying all the memory. Due to this, I have less space for my other office products and data. I can't, for example, operate a huge Excel sheet or other datasets. 

Product grouping should be made more flexible. We should be in a position to define the product groupings. Also, sometimes the standard product grouping that they are using is not applicable in this part of the world. If they could move it, if they could make it more flexible, it would make our life easier. Otherwise, we are forced to use our own definitions a lot. This sometimes causes problems with performance. The product grouping really should concentrate more on this particular geographic region.

For how long have I used the solution?

I've been using the solution for about five years.

What do I think about the stability of the solution?

In my opinion, it's a very stable product.

What do I think about the scalability of the solution?

Companies really have to know how their organization will scale before purchasing the solution. Otherwise, they will be limited. In our case, we've grown far beyond our expectations, and are now facing issues. These products are not that scalable even though the company claims that they are.

The solution is used quite regularly. On average, we use it up to eight hours a day.

How are customer service and technical support?

We've used technical support in the past. We are one of the major clients for most of these products in India, so we get proper attention from the company. We've been satisfied with the level of support we've received.

How was the initial setup?

We didn't face any major issues at the time of implementation. We were using the facility management of both HP and IBM. They each have their own in-house capability to manage the software. Also, the OEM would have supported them well. As such, we didn't see major issues on any of the software implementation. There were just a few initial hiccups that can happen on any major project.

What other advice do I have?

The version I'm currently using is about four years old.

My recommendation to other companies would be that they should spend more time analyzing their workload including access approvals and whitelisting/blacklisting. They should have a very clear way of defining the blacklist or whitelist.

Companies should also spend more time on sizing the product and considering how they will grow in the future when sizing it. That clarity is a must to decide the proper product size that will last over years as a company potentially grows. 

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
DAMIR REZNICEK
CTO at Lactalis
Real User
Top 5Leaderboard
Very stable and simple protection against security threats

Pros and Cons

  • "The antiviral sandboxing."
  • "Sometimes attacks or a new ransomware gets through."

What is our primary use case?

My position means that I'm focused on functionalities and the happiness of the users of this solution. I am the CTO of sales and we are a customer of Forcepoint. 

What is most valuable?

I think the antiviral sandboxing is a valuable feature. 

What needs improvement?

The issues we have are more around organizational issues between us and Forcepoint. We don't have problems with the solution although sometimes attacks or new ransomware gets through. Sometimes we need to work together with Forcepoint in order to change the setup and to block it. It would be great if Forcepoint was able to do this without our knowledge and, even better before those mails ever reach us.

The improvement needs to come on both sides – not only from ForcePoint, but the idea is to work on few points:

  • The idea is to set up on the ForcePoint side TAM that could help us in the tuning the configuration.
  • At the same time we need to work on improving the expertise and increase the number of FTE that will work on the platform (internal or external) in order to be able to really have the benefit of TAM.
  • 3rd point is that some of the attacks come through and after we report it to ForcePoint they manage to improve the environment, while my experience with some other solutons is that the provider is more proactive and does the change/improvement even before we notice it.

For how long have I used the solution?

I've been using this solution for three years.

What do I think about the stability of the solution?

The stability of the solution is fine. 

What do I think about the scalability of the solution?

The scalability of the solution is fine. 

How are customer service and technical support?

We are not so satisfied with the technical support but not because of Forcepoint, rather because of the organization on both sides. We need to work on that.

How was the initial setup?

The initial setup is relatively straightforward. You need to spend some time defining the template of the environment that you would like. After that, the deployment in different domains is pretty easy.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is okay. We pay licensing fees but the cost depends on the package that we take. There are no other hidden costs. 

What other advice do I have?

We are happy with the solution for now. One of the reasons we took it is that it gives us the flexibility to change if we do not like it or we are not happy. To be honest, once we made the decision, I didn't look at the marketplace anymore. It's possible that there are better products out there today.

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
TA
Systems Engineer at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
Offers strong security and is easy to manage but the deployment and configuration is complicated

Pros and Cons

  • "Once deployed, the management console is simple and easy to use."
  • "In the on-premises version, I don't like the deployment and structuring of the device."

What is our primary use case?

We are a solution provider for a variety of products including web security, next-generation firewalls, and DLP. Forcepoint Web Security is one of the products that we implement for our clients.

What is most valuable?

The most valuable feature is security, which is very strong.

Once deployed, the management console is simple and easy to use.

What needs improvement?

In the on-premises version, I don't like the deployment and structuring of the device. It is time-consuming and not as easy to implement as Blue Coat Web Security.

For how long have I used the solution?

I have been using Forcepoint for about one year.

What do I think about the stability of the solution?

Forcepoint is stable but not 100%. This solution is Websense-based and because of structure, there is some instability. In general, if it is implemented properly then it will be stable.

What do I think about the scalability of the solution?

While the product is scalable, from a hardware perspective, it may need to be upgraded. It is not a modular appliance, but rather, a server.

Our customers are enterprise-level businesses, in general.

How are customer service and technical support?

The technical support is very good. Here, in Saudi Arabia, service engineers are very cooperative and the Forcepoint team has a good number of people. Of course, nobody is perfect.

Which solution did I use previously and why did I switch?

We used to use Blue Coat solutions but in the past couple of years, our business has turned to Forcepoint. Blue Coat Web Security is very easy to implement and configure, more so than Forcepoint.

I have also tried the cloud-based deployment of Forcepoint and it works well. It is very functional and very fine. However, we haven't sold any cloud-based subscriptions because our customers have all wanted on-premises solutions.

How was the initial setup?

The initial setup is somewhat complicated. Implementing this solution and deploying the servers is the challenge. It has to be planned properly but once it is complete, the security features work properly.

The length of time for deployment depends on whether the customer is ready and has all of the prerequisites in place. If everything is ready then the deployment will take a maximum of one week. One problem we sometimes face is that the customer says they are ready and has verified that the prerequisites are in place, but in fact, once we visit the customer we find out that they are not. In cases like this, or when the information we need is not clear, it can take longer to implement.

What other advice do I have?

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free Forcepoint Secure Web Gateway Report and get advice and tips from experienced pros sharing their opinions.