Forcepoint Secure Web Gateway Reviews

I use the solution to secure the traffic by allowing some categories and sites.

The solution’s administration is easy.

The technical support team's response time could be improved.

I have been using Forcepoint Secure Web Gateway for two years.

I rate Forcepoint Secure Web Gateway a seven out of ten for stability.

Around 4,000 users are using the solution in our organization.

I rate the solution a nine out of ten for scalability.

I previously used different solutions like Proofpoint and Palo Alto.

The solution’s initial setup is straightforward.

When the hardware is available, the solution's deployment should not take more than two to three weeks.

I am using the latest version of Forcepoint Secure Web Gateway. The categorization for websites feature of Forcepoint has proven to be the most effective for our security needs. Updating the solution has helped us with threat detection. Three engineers are involved in the maintenance and daily troubleshooting of the product.

I would recommend Forcepoint Secure Web Gateway to other users.

Overall, I rate the solution an eight out of ten.

On-premises

Basically, we are the system integrators. We apply it to clients for use cases such as productivity increases. For example, if they want to block Facebook and those kinds of social networking sites, it will help stop users from off-work distractions. They also are now catering to the use case of remote working to control access off-site. That involves cloud solutions.

The reporting part of it is pretty awesome. With the reporting, you can drill down effectively. It gives us a lot of power to really look into what we are looking for. That is one very crucial feature. In the remote filtering part, the agent that they have on Forcepoint is pretty light. That also is a very, very good feature that we look into and sell.

The setup is simple.

It’s pretty stable after you get up and running.

The solution scales well.

Right now, Forcepoint is in very, very good shape. They are developing and evolving very fast. There is not any particular enhancement necessary.

We have had latency issues.

The cloud portal that they have should be more flexible, and we should have a practice portal. For example, if we want to implement something specific, we can’t practice making sure it will be right before going ahead and doing it live.

I’ve been using the solution for eleven years now. It’s been more than a decade. I’ve used it for a while.

Sometimes we do face issues with hiccups in latency. There could be hiccups in, for example, the user setup or the user education part, however, after that, it's okay. It’s not very often we have any issues.

The solution is 100% scalable. It’s not a problem at all. It scales well whether you are on the cloud or on-premises.

We’ve been in touch with technical support. That's nearly our daily task. The tech support is also very good. We are based out of India, so sometimes, being in the India region, we face an issue with timing as we have to deal with time zones. However, they are improving this.

Positive

I am also now starting to work on the McAfee Web Gateway and we are also working with Cisco. I am not particularly dealing with it. Forcepoint has still proven to be the best for me.

The initial setup is very straightforward and simple. It’s not overly complex or challenging.

In terms of maintenance, there is none at all, actually. If you implement it correctly in the initial phase, it requires very little interaction throughout.

I don’t deal with any aspects surrounding the costs or licensing. I don’t know what the exact price is.

On the DLP, we are on version 8.9.1, and on the Web Gateway, we are on version 8.5.4. We are using both on-premises and cloud deployments.

We are integrators. I am mainly dealing in Forcepoint, including Forcepoint Web Gateway, Forcepoint DLP, and a little bit of Forcepoint Email as well.

The presales part of the onboarding process has to be very, very proper. Whatever requirements the users are looking for, that should be put on paper, however. Otherwise, if they're expecting something else and the solution is providing something else, this sometimes creates an issue at a later date. Clients need to know what they are getting into.

I’d rate the solution eight out of ten.

Public Cloud

We primarily use the product for web filtering and enhancing our organization's web security posture.

The web filtering feature, despite its challenges, has been somewhat effective.

The product could improve its automation capabilities, improve integration with virtualization, and enhance its web filtering specifics. Additionally, it could benefit from adopting proprietary ASICs to improve performance and throughput.

Future releases should include features found in FortiGate and Palo Alto, such as improved SD-WAN management, better monitoring of rules and interfaces, live traffic monitoring, and more user-friendly troubleshooting methodologies.

I have been using Forcepoint Secure Web Gateway for three to four years.

The platform is fairly stable but has limitations in terms of performance and throughput.

The product is not as scalable as FortiGate and Palo Alto.

The initial setup was not complex; following the guide allowed a smooth configuration process.

Forcepoint's pricing is moderate. However, transitioning to solutions like Palo Alto or FortiGate, despite potentially higher initial costs, could offer better long-term value due to their advanced features and performance.

We evaluated other technologies including Palo Alto and FortiGate.

The product is relatively easy to configure if you follow the guide, but it lacks throughput and performance compared to competitors. In our experience, the technical support has been underutilized.

The solution needs better SD-WAN management, improved monitoring, and more effective troubleshooting tools like Palo Alto and FortiGate.

I rate it an eight out of ten.

It is used for security purposes, CASB, and application controls.

I like the product's scalability and stability.

I want improvements in the application control. Also, the solution should have a secure channel because of malware.

I want technical support to be improved so that they can be faster and more knowledgeable.

I have been using Forcepoint Secure Web Gateway since 2016. Though I want to move to the cloud, I currently use an on-prem version.

It is a stable product.

It is a scalable solution. Around 1,50,000 users are using the solution in my company. We do have plans to increase the number of users in our company.

I have used Forcepoint's technical support, and I feel that it is average.

The initial setup was complex. The time taken for deployment was a year.

The deployment process involved the making of software-based applications. Then, we install it.

For the deployment and maintenance, we need five to seven people, including engineers and managers.

The implementation was done in-house.

I recommend the solution for small-scale businesses using a cloud-based version. For large-scale businesses, it is not fine.

Overall, I rate the solution a six out of ten.

On-premises

I've done a few deployments with roaming user filtering and with central management consoles on the content creation and on different critical locations.

The DLP database from Forcepoint is also very good.

It's got a very reliable orientation.

It is a scalable solution. We can use it for global-level customers and for separate locations.

This is a highly detailed product with very good key features. When it comes to optimization, it's similar to Blue Coat. It has a very stable architecture.

It's very feature-rich when it comes to visibility and reporting. The reporting module is very handy. We can schedule reports and generate investigations. 

The initial setup is easy.

I'd like to see the solution improve the banded optimization to offer more bandwidth control, similar to what is on offer with Blue Coat. For example, it would be useful if we could arrange the restriction of certain uploads for particular applications.

It would be great if they had classic customization features. I have quite good experience in Check Point solutions, so I experienced how application protocol features help when we want to deploy bandwidth content filtering. I expect to have the same or close to the same level of customization in Forcepoint.

My bread and butter is Forcepoint DLP. I've worked for about seven years with Forcepoint solutions. However, I've worked with the Secure Web Gateway for five years and have deployed it for customers as well.

The solution is stable and reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

It has good architecture. It has an architecture where I have the policy brokers, policy severs, and content creation, as well as an integrated reporting module with a reporting database. I have a team building products with me, including OEM software. When it comes to Forcepoint, it's a very reliable solution.

Many of our customers have between 400 and 800 users. 

I've contacted support many times. 

I cannot say they are excellent support. That said, quite often, I get some good support. Still, I cannot recommend them highly. Luckily, I can manage myself just fine. Now that we are in an apex region, I hope that we will get a good level of support for the application.

Neutral

I am also familiar with Blue Coat

The initial setup is not overly difficult. 

The time it takes to deploy the product depends. If I have all the items I need in my hand, it doesn't take that much time. However, compared to other products, it takes a little while time since you need to get it on the client's field servers for reporting, and you need to have some access with admin privileges. 

I'm able to deploy the solution for my clients. 

I don't deal with licensing and have no visibility on the exact pricing. 

I'm a partner. My company is a system integrator, and I am a consultant. We deploy this solution for clients and have handled five or six high-end deployments so far. 

I'd recommend the solution to others if the requirements make sense and it works in the company environment. 

I would rate the solution seven out of ten. It's very reliable. It just needs more features.

On-premises

We use the solution as an overall proxy. We are using Forcepoint Web Gateway to allow only trusted, valid URLs - whatever is accepted or offered by the cache rate.

It's a landing zone for all kinds of end-user traffic for the internal users, as well as to protect against any attacks from my external users. Also, it controls the internal IT assets and can protect us from hard, new, cyber attacks, ransomware, and other things. That's how it has been used right now specifically.

The agent is acting as a HIPS, host intrusion prevention system, apart from providing trusted access to any external websites. It is doing some real-time monitoring, as well as reporting security events. It can able to give an alert for any security event, which is any unauthorized event. It sends a notification to the reporting manager, who can be immediately alerted. It can happen in nearly real-time. The reporting is very helpful.

There is some sandboxing available, which is quite useful. 

The solution is scalable.

It's fairly easy to set up if you have some prior knowledge. 

The stability is good. 

It offers reasonable pricing. 

The Sandbox solution should be integrated with the NIST to handle whatever new vulnerabilities or new sites are identified as potential threats. That could be dynamically integrated and implemented in a production enrollment, just like intelligence threat production. That would help in an intruder use case.

We've been using the solution for three or more years. 

The stability is okay. The performance is also very good. The threat handling is almost near real-time, and even notifications and reporting happen fast so that we can take corrective actions. Overall, the experience was good. There are no bugs or glitches. It doesn't crash or freeze. 

In our organization, we have 35,000 people.

It is very scalable. We haven't had any issues with the process. 

I don't deal with technical support directly. However, we haven't had any major issues and likely have not needed much support in general. 

We are using multiple products. For an antivirus, we are using Symantec solution as well as Trend Micro. For our deep security, we are using IBM Deep Security. For our SIM product, we are using IBM Suite, as well as, for all other things, Cell Core for data DLP and DLK solutions. Predominantly, that's it. We are also using Forcepoint and a few other cloud-based web solutions.

However, we used something called CrowdStrike only as a validation solution for a very short period. Then immediately, we started migrating to Forcepoint.

CrowdStrike predominantly behaves like a sensor; it's not giving all the features of a proper web application firewall. We have to configure a bunch of things as a part of the CrowdStrike.

If a person understands all the important tools and how they can be integrated with all other security products, it's easier to set up. It's a little bit of a challenge for any new person. There should be a blueprint or a condensing intro matrix. The Secure Web Gateway must be integrated with multiple other security products within the enterprise. There needs to be a compatibility matrix, like how this virtual VDA enrollment and other solutions. Nowadays, VDA enrollment is also coming as a hosted solution in the cloud and virtual software enrollments. It can be either on Azure, AWS, or some other third-party tools, probably that's like VMware Horizon, or it may be coming from Nutanix Frame. There are so many integration complexities in a large enterprise. If there's a blueprint, automation, or workflow, it improves the early adoption of these tools and provides a better onboarding experience.

Most of the deployments we manage through the deployment tools collected, either via IBM patch management solutions, or some automation tools, like Python. Using these agents helps with the rollout.

Initially, we took a week to ten days to deploy the product. However, rolling out the agents now, the agents are adding automated tools. For the initial implementation in our organization, we had more than 2,000 finder servers, plus other NTPs, which is why it took almost ten days.

I'd rate the overall process a four out of five in terms of ease of deployment. 

Following deployment, the maintenance is minimal. It's on the cloud and we have a subscription, so there isn't much to manage. 

While I'm not directly handling the licensing and payments, my understanding is the solution is competitively priced. 

We're internally using the product. I'm not sure which version of the solution we're using. IT and security mostly deal with the product and any updates. 

Potential new users will find it easy to adopt this solution. Most policies can be leveraged from other deployments, and you can confidently run them. 

I'd recommend the solution to other users and companies. 

I would rate the product nine out of ten. 

Public Cloud

Amazon Web Services (AWS)

I have found the simplicity of the solution valuable. The dashboard and reports are good as well.

Our experience thus far with Forcepoint Secure Web Gateway has not been good. The availability of clusters is limited, and the product is very unstable. The development team is slow as well.

There have been a lot of changes in the network at Forcepoint, and we've had downtimes of almost three hours. This happened six times from August to December.

When Forcepoint moves user traffic to another cluster during maintenance, the transaction is not smooth for end users. They lose access to the internet.

In the Middle East, the ISPs block the IPs of Forcepoint, and the Forcepoint compliance team has been unable to resolve these issues.

Forcepoint should focus on understanding how Zscaler works.

In the next release, they should provide an inbuilt, full-fledged DLP CASB feature.

Forcepoint should also work on improving their communication regarding maintenance.

I've been working with this solution for the past seven months.

We have experienced several problems with stability, so I would rate the solution at four out of ten for stability.

I would rate Forcepoint's scalability at seven out of ten. 

We have 75,000 end users and around 300 IT specialists who use this solution.

Technical support staff take a long time to understand and resolve issues. You will need to implement a workaround yourself as technical support may take six months to resolve an issue. This can be the case even when the ticket is escalated. Therefore, I would rate technical support at four on a scale from one to ten.

Neutral

The initial setup can be complex depending on the location. For instance, in the Middle East, we have to use our direct endpoint client. In Europe, we use the proxy endpoint client.

The cost for Forcepoint Secure Web Gateway is lower than that for Zscaler and Netskope. It could be around $4 per user annually.

I would not recommend Forcepoint Secure Web Gateway because of all the issues and give it an overall rating of five out of ten.

Public Cloud

Amazon Web Services (AWS)

The biggest issues within the product were that it had become stagnant. For about four or five years, there was very little real innovation going on.

It felt as if they were just sitting back. They were lacking in regards to keeping up with the developments within the cloud. 

Overall, I think they had a good, solid product. I think they failed to add features. It was not as feature-rich as other products. I would say the biggest problem was the lack of features, they just hadn't kept up. Under Raytheon, they were starting to correct this, but it was a work in progress. Overall, the biggest problem with the product itself was the lack of features.

I knew that they needed to handle web sockets in some way, all we could do was effectively bypass it. There were too many times when the connections just didn't work right through the proxy. Our customers would have to bypass and basically go around the product. There were various levels to this and it was a real pain for our customers to diagnose those problems. There needed to be an end-product protocol analyzer output (for lack of a better way to put it), that would help administrators understand why the connection wasn't working.

There was so much legwork involved: someone would have to take a laptop and set up in front of the proxy; then they would have to load Wireshark (as I used to call it) and pull their captures; then they would have to give that to Forcepoint, or they would have to try to reason it out themselves. That caused a lot of problems because most administrations weren't confident or competent enough to do it.

They didn't have the skill-set needed to make proper use of those tools in the first place for analysis. There were a lot of customers who could've gotten value from the product but who were put in a position where they had to basically bypass the product because of certain connections. Some form of connection-troubleshooting should be included within the product, more than just looking at a log that nobody knows how to read except for support. 
There was no way to troubleshoot connections in an effective manner that didn't require a lot of legwork by the user. Whenever you ask a user to do that, nine out of 10 times, they're not going to do it. They're just going to take the easy way out, bypass it, and then they'll bitch about the product, but they won't actually fix it. They won't want to make the extra effort. The problem just remains unsolved. They needed something like a connection analyzer tool to explain why, or at least give a better indication of why this was failing.

Again, it was the lack of development. The GUI is quite nice. I think it's very natural for people once they get used to it. Ironically, the company I'm working for now is actually POCing the DOV product and one of the things they like is the interface. They had a lot of good synergy with their other products. They failed to capitalize on it, ultimately. They're getting there. They got better, but it might be too little too late. That's the problem.

I have been using this solution for nine and a half years.

Forcepoint Secure Web Gateway was pretty stable.

Scalability-wise, It was pretty good. We had deployments that were easily over 10,000 — it could handle it if you scaled it properly with the right hardware. There were deployments that were 34,000 at that point. Now, with very large enterprises (with over 60,000 employees), that's where it starts to get a little tricky. They managed to get the product to that point but it was not cheap either, but it was achieved on the scale pretty well.

The biggest issue that hampered Forcepoint was the lack of development and good consistent support. Because of this, they went from 50,000 to 60,000 customers, down to 16,000 in the space of about three years.

That's a huge drop. A lot of that came down to Palo Alto and a couple of others jumping in the game with filtering but at the same time, Forcepoint had people who were loyal, but they were giving up because of the support situation. 

I constantly dealt with customer support. There wasn't a week that went by where I didn't have to talk to somebody.

They knew me by name and I knew them by name and we were all one big happy family, but when they moved from San Diego to Austin, they lost people.

They gave good, consistent support for about a year, but then they began losing staff because they weren't paying enough. They hired a bunch of people and claimed that they adjusted their wages, but then the same cycle occurred another year later.

That's been the biggest problem. It wasn't the product that caused them to lose people (even though they had some innovation issues), it was the support. At the end of the day, the innovation was causing them to look weak in customers' eyes; when you couple that with the support problems, that's when they started really losing customers.

The initial setup was pretty straightforward.

In fact, you could literally load it, install it, and have it up and working in no time. All you had to do was point a browser to it and you could prove it worked. Now, if we wanted to take it and fully integrate it onto the network, then nine times out of ten, we used one particular method called WCCP.

Overall, on a scale from one to ten, I would give this solution a rating of seven. 

The product was sitting at about a seven. Support was dragging it down to a six. So, if I had to be honest, they had some very good analytics — just counting the product itself, I would say it's a seven.

It wasn't perfectly stable, but it was pretty good. I would say it would need to be more feature-rich. It would need to be more helpful for troubleshooting problems with connections and it would need more stability — then I would give it a higher rating. Under all of those things, it's the support that's the problem because that's a different question from the product itself — it's the Achilles heel.

On-premises