Please share with the community what you think needs improvement with Forcepoint Next Generation Firewall.
What are its weaknesses? What would you like to see changed in a future version?
The interface is not user-friendly. We were told that we would receive training but it came late and we had already started to deal with the product, which ultimately caused problems because we did it incorrectly. If the vendor focused more heavily on training as opposed to implementation then it would be a big improvement. The UTM features are missing. Application filtering is supported at a high level, but not at a low level. If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product. Essentially, I'm allowed to block but I'm not allowed to limit. With other vendors, I can impose limits. They need to add support for the Routing Information Protocol, RIP. There is no support for the Built.io NIC driver.
There is no support available in Fiji, and it would make it easier to have local support and somebody that we can speak with. The pricing for this solution should be more competitive. Forcepoint would be improved if there were more training available. The vendor should make loaner units available for test and evaluation in test environments.
Making this solution easier to use would be an improvement. The implementation could be made easier.
The first point to improve is just a matter of updates. We are moving to the cloud, so we want to use virtual licenses on the cloud. We need to move from on-premises to the cloud. We would love to take another solution from Forcepoint, but unfortunately, the price is too high. That's why we are not considering using Forcepoing for our proxy and DLB. They have a very good DLB, but the matter, in the end, is the cost.
The solution's support could use improvement. I'm in the MENA region so most of the time we were getting support from Europe. They should include a license watch solution on their back-end.
They are great in every single area except for the optimization feature. The optimization is not really ready. If you want very good optimization, you have to add it to the network. I think if they make some enhancements in that area, they will replace every other product in no time. We also need more IPS detection rules.
This solution would be improved with the inclusion of custom reporting. The pre-prepared reports are ok, but sometimes, perhaps once a month, I would like to create some custom reports. In the next release of this solution, I would like to have an application proxy. In our previous solution, Sidewinder, we had this capability. For example, if you want to allow SSH traffic then you can set or restrict some features of this protocol, and you can look into the traffic using SSH Insight. Some examples of applications that I would like to see are Oracle and RDP.
They should have a GUI on the product itself, not a separate management tool to be used on the management server or on a server to be used to manage the file. It should be all in one device. The device should be controlled through its own GUI. They also have to improve the learning center and the documents as the documents don't really help. In the next release, they should improve the documentation.
It's a complicated firewall. Until you come to know the firewall inducers, most people don't like the firewall because the components for it are a little bit complex. User-friendliness is a little bit tough. It needs to be more user-friendly when creating policies, and pushing policies. Committing takes more time compared to Palo Alto. The solution needs to invest in its GUI. The interface is very bad and not user-friendly.