For threat prevention, I noticed on another customer that there were repeated scanning and exploit attempts against some public-facing service running on HTTPS. I configured Forcepoint Next Generation Firewall to handle IPS by enabling it with critical and high severity signatures only to reduce false positives. I turned on IP reputation filtering to filter out known malicious networks, applied rate limiting on specific services in the DMZ, and logged events centrally for correlation. As a result, exploit attempts were much less than before, being blocked before reaching the back-end servers from the firewall itself, with no performance degradation on the applications. The security team received clear and actionable logs that were centralized, so they knew what was happening all the time.

Strong network segmentation is my favorite feature that Forcepoint Next Generation Firewall offers. The policies are very deterministic and readable, and it has excellent east-west blocking and least privilege architecture. Application awareness identifies traffic beyond just the port itself; I can identify the application using a specific port and block risky applications even if they use allowed ports, which is great for environments with shadow IT. The integrated threat prevention is also very good, with IPS featuring well-tuned signatures and reputation-based filtering that blocks known bad actors before they can touch any applications. It supports both IPsec and SSL VPN tunnels, along with site-to-site, client-to-site, and hybrid cloud links, integrating well with Active Directory and LDAP. Additionally, centralized log management and reporting are very actionable and structured, with clarity in the policies for auditing. Overall, its stability and reliability are commendable.

A real example of how Forcepoint Next Generation Firewall's readable policies and application awareness features made my work easier was fixing a flat network problem without breaking actual applications. I inherited an environment where users, application servers, and databases were loosely segmented, with port-based and messy firewall rules. Security audits flagged lateral movement risks, and application owners were scared of outages if I tightened security too much. Forcepoint Next Generation Firewall made it easy by providing very easy-to-read and logical policies. I built policies that are clear, showing communications from the user zone to the application zone to specific applications, or from the app zone to the database zone, using only required database protocols. By default, I applied a deny rule between zones unless explicitly allowed by the readable rules I implemented. The policy view clarified who talks to whom, which rules exist, why they exist, and the business function they support, effectively stopping port abuse.

Security posture has definitely improved greatly since using Forcepoint Next Generation Firewall. From a flat or semi-flat network, I now have clear zone-based segmentation, with increased operational efficiency. The admins using the firewall have rules that are easy to read and intent-based, making changes easier to review and approve. There is less fear that one wrong rule could break production and fewer outages caused by security changes, without hidden matches or rule shadowing surprises. Clear hit count visibility helps me clean unused rules, leading to much fewer outages caused by changes on the firewalls. The centralized log management with supported log types provides better visibility for the SOC team and the SIEM team, as Forcepoint Next Generation Firewall sends very easy-to-parse and search clear logs to the SOC team.

I did see measurable, defensible results after using Forcepoint Next Generation Firewall, including fewer security incidents reaching the back-end servers. This reduction is due to strong segmentation, application awareness, and IPS features, leading to a 60 to 70 percent reduction in security alerts that actually reach the servers. DMZ exploit attempts dropped to near zero, and no lateral movement incidents were detected post network segmentation. Additionally, overall SOC efficiency improved due to well-structured and contextual logs reflecting clear policy intent, resulting in a 35 to 40 percent reduction in mean time to triage. SOC analysts stopped chasing noise and false positives, as they had much clearer logs to use confidently.

View full review »

Forcepoint Next Generation Firewall provides excellent SD-WAN solutions that make it very easy to connect Wi-Fi solutions and any other interface solutions. Both on-premise solutions and hybrid solutions are available, and it can be easily integrated with different solutions.

Forcepoint Next Generation Firewall has positively impacted the organization. Previously, it was very difficult to handle all traffic because multiple locations experienced downtime, firewalls went down, and internet connectivity issues occurred. There was a lease line option previously, which was very critical for connectivity. After Forcepoint SD-WAN solutions were deployed across different locations, all traffic goes through Wi-Fi solutions, which are directly connected to Forcepoint Next Generation Firewall. This is very easy, time-saving, and has improved security. Forcepoint Next Generation Firewall has many security solutions available. There is no doubt that it is a good firewall. All types of policies can be created, and all GFW features are available. All those security solutions can be utilized.

View full review »

I can share what we appreciate about Forcepoint Next Generation Firewall and what clients generally choose it for. We have had good experience with their responsiveness, which exceeds other products sometimes. Their customer service and price point are competitive for the US market primarily.

The centralized management console of Forcepoint Next Generation Firewall is something we have been struggling with because everybody has their own approach, but most customers have mixed solutions. We end up having customers that are either running two consoles or requiring a third-party solution to monitor everything. From a configuration standpoint, it has been easy to manage.

Regarding security, these are security solutions, and when referring to performance, it works effectively. Features are very similar across products. Each vendor has their own distinctive elements, but in general, for the most concerning and most sought-after features, it is very complete.

View full review »

The most valuable features of Forcepoint Next Generation Firewall are the advanced threat protection, including features like IPS and DDoS prevention, which help avoid internal DDoS attacks. The centralized management and smart policies are effective, providing enhanced network efficiency, connectivity, and improved security, resulting in fewer cyberattacks and data breaches. View full review »

Forcepoint Next Generation Firewall offers an amazing graphical interface that is very easy to use, although sometimes slowness appears and it does not respond in real time. Overall, the graphical interface is amazing.

The interface helps me in my daily tasks because it is easy to understand, although its response is slow. Sometimes Forcepoint Next Generation Firewall cannot process the traffic, and the graphical interface and CPU often show very high usage.

I appreciate the user access details and graphics that the interface can report for me, and the feature that allows us to create rules through dragging and dropping.

Forcepoint Next Generation Firewall has impacted my organization positively by making it very easy to work and offering a more competitive price compared to other vendors. The only issue I perceive is that sometimes it gets a very slow response for no reason, which we have been facing frequently when using Forcepoint Next Generation Firewall.

It is saving money, it is easy to use, and it has a very nice graphical interface.

View full review »

Today, the Next Generation Firewall from all companies are pretty similar, but the difference lies in the accuracy of setting up the risks. Another valuable aspect is the features and how friendly they are for cross setup. Cross setup refers to using multiple features from the same firewall simultaneously within the same environment. With Forcepoint, this process is simplified compared to others like Fortinet.

View full review »

Forcepoint Next Generation Firewall's IPS feature has four operational modes, including IPS, Layer 2 and Layer 3 Firewalls. The IPS mode offers many controls, profiles, and signatures for inspecting traffic. It allows for applying firewall rules followed by IPS engine inspection. With Forcepoint Next Generation Firewall, many decisions including blocking and controlling traffic actions are possible. They also offer a CASB cloud access security broker and a cloud-based firewall, promoting cloud-native capabilities.

View full review »

I appreciate Forcepoint Next Generation Firewall for its capability to use VPN tunnels between branches, especially if they are under the same management center of Forcepoint. It is really easy and nice to use. You can do a route-based VPN tunnel as well as policy-based VPN tunnels between branches and some central point.

I have some experience with the IPS feature of Forcepoint Next Generation Firewall. It is a feature you can use to observe the traffic and identify bad behavior on the network. This is a passive function that allows you to identify traffic, and in the next step, you can cancel or discard this traffic.

The centralized management console of Forcepoint Next Generation Firewall is really helpful. You can manage all the firewalls in just one control center, and you can use around twenty firewalls and have them under one. It is really nice to have this feature, far better than having to connect to all the firewalls separately.

I am using the Secure SD-WAN feature for remote workforces, and it is a really good feature. You can have more than one tunnel to other branches and use those tunnels. One of them could be standby while the other is active, and they can both be active as well to split the traffic and use more speed.

URL filtering is very helpful in blocking malicious sites in Forcepoint Next Generation Firewall, especially when you have end-users who browse dangerous or improper sites from work or office computers. You can monitor and block this traffic.

View full review »

Forcepoint Next Generation Firewall offers excellent features including a centralized management console and log feature.

I appreciate the centralized management console and the log feature because the logs are clear and easy to use, which helps my daily work.

I would also add that the load balancing feature and the active-active functionality are notable aspects of Forcepoint Next Generation Firewall.

Forcepoint Next Generation Firewall has positively impacted my organization by providing always-on perimeter security.

Always-on functionality for my organization means it has reduced the downtime.

View full review »

It provides decent protection for the LAN, especially in run mode. However, from an administrator or engineer's perspective, Forcepoint isn't very clear to use. There are too many menus, and management can be problematic—it's not user-friendly. Also, it's not a cost-effective solution.

View full review »

The platform's most valuable features are perimeter network security and URL filtering. These functionalities are crucial for us, particularly because we operate in a highly restrictive environment regarding internet access.

View full review »

We're trying to use all the firewall's features. Most of the features were effective, but the usability is a huge concern. 

View full review »

The product's most valuable features are its extensive policy features, especially the S7 Pro features, and its DNS security feature, which provides an additional layer of protection not found in other firewalls.

View full review »

The most valuable feature is the fact that I can connect both offices together under the solution. I have two offices, and I can route the internet of both offices using the same product. The connectivity is great.

The integration capabilities are good. 

View full review »

Next Generation Firewall's best feature is that it can be managed on one platform.

View full review »

The URL filtering is the most valuable aspect of the product. I've used the VPN for that. It's of great value to the customer.

The solution is stable.

The product can scale well.

Technical support has been quite helpful in the past.

View full review »

We like the scalability of Forcepoint because, with the Forcepoint NGFW solution, we can scale anything. The solution has central management, so we can manage all the branches and devices centrally in one controller. This also allows the customer to manage the solution centrally.

Forcepoint comes with the SD-WAN feature, which connects all the branches and devices to the data center with a central connection. We bypass using a VPN or IPsec or anything like that because Forcepoint can do it automatically. Also, one of the controller benefits is that it can monitor the tech, meaning all the devices that are managed by Forcepoint.

View full review »

Forcepoint is a good solution because it has a central server that serves as a management console. You can manage 100s of firewalls from this single console. Additionally, a key advantage is that Forcepoint provides VPN services as part of its basic subscriptions. It is not necessary to pay extra to use VPN services.

View full review »

The solution's most valuable features are reporting, support, and classification of cyber attacks.

View full review »

The application control is great.

The solution offers very good filtering. 

There's a sandbox that we can leverage. 

We have resources of XD1 to properly manage the solution. The security management center is one of the best parts of the product.

I found the initial setup process to be very simple and straightforward.

Technical support is quite good.

View full review »

It is very simple, easy to use, and flexible. It is a top solution with a complete feature set. Its most valuable feature involves its environment. 

View full review »

The most valuable feature is the console management. It is very good and the security was great.

View full review »

I have found that Forcepoint Next Generation Firewall is easy to use, highly secure, and the main VPN tunnel is created automatically which is a benefit. 

View full review »

It's all about the firewalls, how to deploy them, what the main features of the firewall are, what it is best suited for, the advantages, the pros, and the cons.

View full review »

I like the IPS. IPS is the master feature. I depend on the firewall and sandbox.

View full review »

I like the Firewall and the IPS.

View full review »

The VPN is great.

View full review »

The centralized management is very good.

Performance is a good point.

View full review »

It does well in security, for data security, and it ranks on the top of NSS Lab.

View full review »

It is a stable solution, and there are no issues so far.

View full review »

When comparing this solution to others this one has better reporting, user management, and is easy to use.

View full review »

This solution is quite good.

View full review »

It is stable and scalable. In addition, their support is great. When you ask them for something, they provide support, and if required, they also involve the R&D team to help you to resolve the issues in your configuration.

View full review »

The feature that we like the most about Forcepoint is that we know the technology and have confidence in it. 

We can have several functionalities to simplify operations and management. We can combine functionalities like log ownership to review the number of devices in the infrastructure. 

View full review »

The most valuable features are mainly the Management and the Active capabilities.

View full review »

The blocking, based on the signal provided, is the solution's most valuable aspect.

From my perspective, the user interface is decent.

View full review »

Forcepoint is a complete package because it has network and systems applications. Other firewalls are only for the network. 

View full review »

The most valuable feature is SD-WAN.

View full review »

The most valuable feature of this solution is the support.

View full review »

The support is great. They also have very good categorization. It's very good. It captures a lot of threats.

View full review »

The simplicity of the solution is its most valuable asset. It's very user-friendly.

View full review »

The Security management console is fantastic.

The central security management center and the content management center are very good.

View full review »

The most valuable feature is controlling the traffic and the logging. They have real-time logins for traffic logs. Troubleshooting was very easy for me.

View full review »

One of the most valuable features is having the ability to cluster multiple firewalls even if they are different versions.

View full review »

Integrated multi-layer filtering

View full review »

The most valuable feature of the solution I like stems from the fact that the installation and configuration can be done locally. It is also easy to set up security capabilities. Forcepoint acts as a multi-service provider.

View full review »

The solution offers sandboxing, which can be integrated at any time.

View full review »