Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Secure Web Gateways (SWG)
September 2022
Get our free report covering Cisco, Zscaler, McAfee, and other competitors of Cisco Web Security Appliance. Updated: September 2022.
633,184 professionals have used our research since 2012.

Read reviews of Cisco Web Security Appliance alternatives and competitors

Baljeet Singh - PeerSpot reviewer
Subject Matter Expert at Hitachi Systems, Ltd.
Real User
Flexible endpoint security, provides URL filtering, and the reporting is good
Pros and Cons
  • "The feature that I find to be most valuable is the flexibility of the single endpoint."
  • "Stability needs some improvement, we have on occasion experienced some delay when it is synchronized."

What is our primary use case?

We are implementing Forcepoint Web Security Gateway on corporate, and on enterprise levels. We're not only maintaining Forcepoint, but we are also maintaining McAfee and Symantec as well. I implement and maintain Forcepoint.

The primary use case of Forcepoint Secure Web Gateway is focusing on the advanced malware detection for our customers. We deployed it in multiple locations, and we ensure that the customer's requirements are achieved.

The majority of customers are using the on-premises solution of Forcepoint, and hybrid solutions. But, during this COVID period, they are upgrading that Cloud Web Security console with the availability of the categorization, and there is a GRE tunnel. You can use the GRE tunnel between your organization and the Forcepoint cloud with the IT-based policy applicable to your prospective user.

How has it helped my organization?

Forcepoint provides you with the reporting that allows you to see the threat information and if there are any threats present.

You can see traffic going to a different country like China as an example. We can see the traffic and decide if they are going to block it and if we are able to block that IP from the firewall.

Also, it will check the functionality that is the most inexpensive and we can see the most important features. We can see whether some country is malicious. We can say this specific connection going to the specific malicious country, we can block that specific URL or specific country IP address from that security console. So, that is the most useful feature in the Web Security console.

What is most valuable?

The feature that I find to be most valuable is the flexibility of the single endpoint.

The Single endpoint for DLP and Cloud Web Security can be used for the DLP as well and Cloud Web Security as well. This is the most useful functionality from Forcepoint that is driven, and they are even providing the CASB, which is inbuilt on that endpoint as well.

They are providing CASB functionality on that same endpoint.

No other solution provides a single endpoint for the CASB, DLP, and that proxy solution.

Forcepoint has recently made changes on the cloud level. Previously, they did not have any flexibility on the cloud level. During this COVID period, Forcepoint has updated the cloud and now has more functionality on that level. For example, integration of CASB solution, cloud app, and DLP, which is also flexible. They're also adding on-premises data security solution integration with Cloud Web Security.

Also, URL filtering, which is filtering based on the categorized filtering, based on the content filtering, that is available on the Cloud Web Security Gateway, and even has an inbuilt DLP functionality, that limited functionality on the Cloud Web Security Gateway. This is free of cost. 

Forcepoint also includes a cloud app called Shadow IT visibility, which is very useful for the customer to identify whatever application accessed by the user from his endpoint machine, which is installed with the Forcepoint Cloud Web Security Gateway endpoint.

They have improved the cloud app functionality and they're giving the visibility of the accessibility of all the cloud applications accessed by users.

Forcepoint provides some more functionalities on the DLP.

They're going to integrate on-premises DLP solution with the cloud solution, Cloud Web Security Gateway.

With IP-based protection, you can put your ISP IP address and you can define a single policy for your organization, and any traffic coming from your organization will be filtered out with the specific policy.

There are many options and a lot of customization available in the reporting. There is a report builder, report viewer, and a customized reporting template is there. So, you can just customize your reporting, which is the best feature added by Forcepoint.

The ability to display the reporting to higher management is good. They just added that feature to the Cloud Web Security console.

CASB integration has just been added. With the CASB solution, you can select your sanctioned applications or your unsanctioned applications, and define a policy based on them.

The self-user registration is not a part of the domain. Previously, they only had two or three predefined templates, now they're adding four or five templates with the limited DLP functionality.

Web isolation, which was not previously included with the Forcepoint, can now offer a web isolation license. If there is some malicious URL or there is some uncategorized URL and you want to permit, or you want to block that URL, but you can just define the web isolation. In this scenario, that URL will be opened in the remote server, which is an isolated environment. In this scenario, if there is any malicious activity happening on that specific URL then it might not reach on your system because that is open on the isolated environment. Even if you are going to download any files from that site, and if there is a malicious file, they're going to sanitize on that isolated environment, and if it has found any malicious activity, it is automatically blocked.

In regards to decryption, the deep level inspection for all the sites is now available. Earlier, there was limited functionality for this.

Shadow IT provides you with risk level information, for example, it can identify what applications are high-risk and all the applications that are low-risk.

Based on the risk level, you can just block the application.

What needs improvement?

Forcepoint giving only on-premises solutions and hybrid solutions.

They're also providing the Cloud Web Security, but there is limited functionality, limited categorization, and limited protection.

Stability needs some improvement, we have on occasion experienced some delay when it is synchronized.

What do I think about the stability of the solution?

With stability, the only thing is that that policy synchronization is sometimes delayed, but not much of a delay.

Generally with Forcepoint documentation, whenever we want to change anything on the policy level on the cloud console, it can take 10 to 15 minutes to update the endpoint machine, but generally, it will be updated in one or two minutes. 

That is not a challenge, but sometimes it's taking more than 15 minutes. 

Forcepoint is also performing some back-end activity to update the Cloud Security console, and they are experiencing some downtime. It will be a total of 12-hours to make some changes to the cloud environment that they also pushed the mail to his customer, whoever is using the Cloud Web Security component. So, they're going to upgrade the solution for the specific region. Region-wise, they mentioned for example the India region or any other region. With this specific region, the server going to update, which might be impacted. 

They will have a 12-hour downtime, and after that, the stability will be resolved.

What do I think about the scalability of the solution?

If I am talking from my perspective and my organization's perspective, we have more than 25 plus customers in my range that are using Cloud Web Security. They are going to move the Cloud Web Security console because earlier, they were using an on-premises solution. Now, you know that the future is on the cloud, so that's why most customers are going to the cloud solution.

With on-premises, you require a server, you require caching, you require an appliance, and you are required to update each and every server. That is why customers are moving to Cloud Web Security. They don't need to upgrade the server because that is back-end activity. The only thing that you can just protect your system in the office and in roaming mode as well.

How are customer service and technical support?

Technical support is great with the priority level. 

When you're going to raise a case that might be of severity, you can define the severity with the technical levels, business server, or any support level, which is taken by the customer or partner. 

According to this, we're getting the response, we're getting the proper article on that console, whenever we're going to raise the case with a specific problem. With the problem, when we are going to put that problem information, there is automatically an article that is attached.

The maximum problem will be resolved on that tech knowledge-based article. But if there is nothing returned, or there is no resolution with the knowledge-based article, at that time we definitely raise it with the support team and they respond immediately.

How was the initial setup?

The initial setup is straightforward. 

You just need to put a server to sync your user information with the cloud for the authentication perspective. If you're not using the AD environment, you can just send an invitation link for your user, so they can register themselves with that Cloud Web Security console and use the functionality and the admin can apply the policy for specific or the email ID based users. 

Definitely, if we are talking about the Cloud Web Security solution, not only Web Security solution, any cloud solution, so generally, they're asking for the email addresses when they are going to integrate the AD environment on the cloud. So, that is recommended for all of the web solutions.

This is a flexible environment; you can just put that agent on machines through AD or any third-party deployment tools. There is the flexibility of the port connectivity, where you can just keep open the ATA 443 port that is generally used in the organization environment, and you can suggest the customer open the specific port for the specific cloud ranges. 

You cannot open that traffic for all of the internet.

What's my experience with pricing, setup cost, and licensing?

Licensing cost is also dependent on the number of licenses. 

When users increase from 100 to 500 or from 1,000 or even 20,000, that licensing cost automatically decreases. And if there is a limited license, you can say there is a fixed price, for use of the licensing.

Licensing is flexible. License pricing information is based on the customer, their environment, and on the future approach. For example, are they're going to move forward with this environment? Will they be increasing their system to more users?

There are additional costs for URL filtering, Web isolation, and CASB integration. 

For the normal scenarios, if I am talking about URL filtering, there is no additional component for that. There's a single license, the standard license for the URL filtering and if you want to add web isolation, that is definitely something you need to pay more for. Even if you want to increase your storage limit for the log, you definitely need to pay for the storage as well. To start with, the retention period is 90 days.

Which other solutions did I evaluate?

I am evaluating several solutions to compare with Forcepoint Web Security Gateway such as McAfee, Symantec, DLP, Web Security, CASB, and Email Security as well.

Generally, the McAfee team is a different one in my organization. But if I am talking about McAfee with the Gartner Report, the categorization is limited for McAfee

If we are talking of Forcepoint, there are more than 101 categorizations included. Based on the categorization, you can just identify which URLs come over the specific categories, and you can identify them immediately.

If you are talking about the URL categorization based on that behavior, that is also positive, proper categorization performed by Forcepoint so that you can get the response from the internet as well.

With Cloud Web Security, of course, Forcepoint is providing the hybrid. The scalability on the hybrid and cloud web security, that is visible.

With McAfee, from my organization, there are limited customers for this because they are facing many issues, which is why they maybe moved on to Forcepoint.

What other advice do I have?

We deployed this solution during COVID, for two or three customers, and the customers are very happy with this product.

I can recommend Forcepoint.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
David Carlson - PeerSpot reviewer
CIO at Camco Mfg.
Real User
Non-IT people could plug it in, connect it to the fiber, and get it running without IT help.
Pros and Cons
  • "FortiGate is easy to configure. We configured one of the units and sent it to Indiana to be installed. We asked them to give us a call when they got it, so we could help them through the process, but they called us back to tell us it works great."
  • "Fortinet needs to continue to improve network traceability. Other than that, we haven't run into anything that would give me any concern."

What is our primary use case?

We're a manufacturing shop. So we have 500-700 users on FortiGate SWG and various devices on the manufacturing floor and inside the warehouse using it. Our ERP is on-premises in the United States, so traffic from Asia to the US passes through it.

Eventually, it's going to be used throughout the enterprise. So we're using the gateways today. We have purchased two access points for wifi. Fortinet's devices all talk to each other and use the same management platform. We're planning to transition to 100 percent Fortinet gradually.

How has it helped my organization?

We adopted Fortigate to go to SD-WAN. When I looked at the market, I found Fortigate offered some of the best SD-WAN capabilities, and they're reasonably priced compared to some of their competitors.

We went to SD-WAN because we're moving to Microsoft Dynamics for finance and operations and putting our telephone system into the cloud. As we shift more and more capabilities into the cloud, we need the ability to manage and monitor everything. If we're putting our ERP into the cloud and have performance issues, I need to understand if it's a problem with the internal network, the cloud connection, or Microsoft. Fortinet can pinpoint the source of the problem, so we can work with the right people to get it resolved.

What is most valuable?

FortiGate is easy to configure. We configured one of the units and sent it to Indiana to be installed. We asked them to give us a call when they got it, so we could help them through the process, but they called us back to tell us it works great. 

Non-IT people could plug it in, connect it to the fiber, and get it running without  IT help. That was fantastic. Fortinet also offers a single pane of glass that we can use to manage our routers with gateways, so that's convenient. We're running a VPN to our remote location, and the performance is good. We're changing all our VPN connectors on our laptops from Cisco's Anywhere to Fortinet's VPN because the performance is just so much better.

What needs improvement?

Fortinet needs to continue to improve network traceability. Other than that, we haven't run into anything that would give me any concern. Their support team has been fantastic. One went down, and they immediately sent me a replacement. Everything that they've done has been great.

For how long have I used the solution?

I've been using FortiGate SWG for about  six months now.

What do I think about the stability of the solution?

FortiGate is highly stable.

What do I think about the scalability of the solution?

I was pleased with the scalability.  We have a mid-range appliance in our headquarters and entry-level devices in our remote sites. They all perform extremely well. We did never needed to purchase their largest devices to get the performance we need.

How are customer service and support?

I rate Fortinet support eight out of 10.

How would you rate customer service and support?


Which solution did I use previously and why did I switch?

We switched from Cisco to Fortinet for a host of reasons, including price. It's also easier to set up and manage.  Cisco requires you to understand how to configure the bare metal, which requires configuration inside the switch, but Fortinet lets you set up profiles and download them. 

How was the initial setup?

I was hoping FortiGate would be more straightforward to set up than it was, but my team has been working with it for around six months. They're getting up to speed and learning to manage it on their own. I have two people on my infrastructure team working on it part-time as one of their many responsibilities.

We're still deploying it and waiting on equipment in Asia. We just got the United States up and running. It took a couple of months because we have six sites. However, we weren't actively doing things for most of that time. We did the headquarters and two other locations in the same city. Next, we set up our remote sites. 

What about the implementation team?

We did have an integrator come in and help us in the original setup, but now my team is managing it. You could do it in-house, but there's a learning curve. If you're a Cisco shop moving to Fortinet, your team needs to learn Fortinet byou can to do it in-house. 

Fortinet has a good training program, and you can become certified just like Cisco. You mainly need to use an outside provider so you don't have to undergo that learning curve before you can be productive. They're also going to know the tricks of the trade to do it best.

What was our ROI?

When we were using Cisco, we had a hot fiber connection and a backup in case of issues. One reason we wanted to go to SD-WAN is to be live-live. We wanted to ensure sure that we could use all our internet connections at the same time and not have anything sitting in a backup situation. It's moving traffic much better.

What's my experience with pricing, setup cost, and licensing?

FortiGate is priced reasonably. We bought a spare to have in case of issues.  It was only $500 for the raw hardware and around $2,000 more annually year for the support and subscription.

Which other solutions did I evaluate?

We looked at four or five different vendors with SD-WAN capabilities, including Fortinet, VMware, and Cisco.  We went with FortiGate because of ease of use and price.

What other advice do I have?

I rate FortiGate SWG eight out of 10. It's a solid product that's easy to install. At the end of the day, there's no reason to use a firewall without SD-WAN capabilities. It brings so many more features to the table.

Which deployment model are you using for this solution?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Team Lead Network Infrastructure at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
Secure and flexible with no latency issues, and it is easy to set up
Pros and Cons
  • "I haven't found any issues related to latency or any other issue."
  • "Cisco Umbrella should introduce an on-premises device."

What is our primary use case?

We are service providers for all Cisco products.

We have contracted a couple of schools for a proof of concept for the customers who purchase Cisco Umbrella. We have also deployed it to virtual machines in the customer's environment.

We have also deployed Active Directory connectors, and we have directed the customer's traffic towards Cisco Umbrella and their DNS Service.

We have also monitored and provided a course for the customers.

This product can be used for DNS security. DNS security basically provides protection because Cisco thinks that 90% of the attacks come from DNS. So, they warn us that if customers protect the DNS, then they are 90% secure. 

Instead of resolving their domains through normal global DNS servers, this solution provides security.

Cisco Umbrella grades all of the domains that are present in its own grading and specifies which are malicious, which are whitelisted, which are not safe, which domains have recently been, and which show some spike in the graph that sometimes they come up and suddenly they go offline.

What is most valuable?

Cisco Umbrella is very flexible, and it does not show any kind of delay that someone is responding to their DNS server, outside of their network and outside of their environment.

I haven't found any issues related to latency or any other issue.

They have Umbrella Investigate, which uses machine learning and artificial intelligence algorithms to find malicious attacks in the domains.

What needs improvement?

There should be some sort of appliance for those customers who do not trust the cloud. Cisco Umbrella should introduce an on-premises device. 

Customers should have the ability to manage on-premises.

While support is provided, the response time could be faster.

For how long have I used the solution?

I have been acquainted with Cisco Umbrella for two years.

We are providing the latest version.

What do I think about the scalability of the solution?

Cisco Umbrella is scalable. We provide services to customers. We have some customers who have been using this solution for one and a half years.

How are customer service and technical support?

I have contacted technical support. My experience is that it is a bit slow. The response is a bit slow, but they provide support.

People have many queries online. In terms of the support, they may be a bit delayed but ultimately the problem will be resolved.

Which solution did I use previously and why did I switch?

Before Cisco Umbrella, there wasn't any security product.

There is a product called Infoblox, but I haven't used it.

How was the initial setup?

The installation is pretty straightforward and it only took 10 minutes to deploy.

We require only one person for the deployment and the maintenance of this solution, who understands it technically.

What about the implementation team?

We are system integrators and we do the implementation ourselves for our customers.

What other advice do I have?

We will continue to sell this product.

I would recommend this solution to others who are interested in using it.

I would rate Cisco Umbrella a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Buyer's Guide
Secure Web Gateways (SWG)
September 2022
Get our free report covering Cisco, Zscaler, McAfee, and other competitors of Cisco Web Security Appliance. Updated: September 2022.
633,184 professionals have used our research since 2012.