Sold by: Forcepoint
Deployed on AWS
Forcepoint Next Generation Firewall (NGFW) gives you the scalability, protection, and visibility you need to more efficiently manage your network and quickly respond to threats, incidents, and opportunities from transformative technologies.
4.1
Overview
Forcepoint NGFW (Next-Generation Firewall) delivers unparalleled scalability, robust protection, and comprehensive visibility to efficiently manage and secure traffic flowing into and out of your AWS network, as well as within various components of your cloud environment. By integrating advanced application control, sophisticated evasion prevention, and a leading Intrusion Prevention System (IPS) into a unified solution, Forcepoint NGFW streamlines security management across your data center, office, and branch firewalls from a single console. Independent testing highlights Forcepoint NGFW's superior capability in stopping Advanced Evasion Techniques (AETs) compared to other security devices, its effectiveness in blocking vulnerability exploits, and its sandboxing technology for identifying zero-day attacks and advanced malware. Additionally, Forcepoint NGFW offers robust protection against the exfiltration of sensitive data, ensuring a comprehensive defense for your network.
Highlights
- Effortlessly extend your network to AWS cloud via secure virtual private network (VPN) gateway connecting remote sites, branch offices, and more.
- Safeguard your virtualized network against advanced attacks with dynamic security controls application layer exfiltration security and advanced evasion techniques (AETs) identification.
- Express your business processes as technical controls quickly and naturally with Forcepoint's unique Smart Policies that can be updated globally in seconds, not minutes or hours.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 7.4.1
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c6i.xlarge Recommended | $0.80 |
c5.18xlarge | $14.40 |
c5n.4xlarge | $3.20 |
c6in.8xlarge | $6.40 |
c7i.8xlarge | $6.40 |
c5n.2xlarge | $1.60 |
c6i.8xlarge | $6.40 |
c6i.16xlarge | $12.80 |
c4.xlarge | $0.80 |
c5.9xlarge | $7.20 |
Vendor refund policy
You may terminate the instance at any time to stop incurring charges. There is no refund for charges incurred prior to termination.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
To perform the initial configuration, use SSH and the username 'aws', then type 'sudo sg-reconfigure'. You can also give initial contact file engine.cfg via userdata encoded in base64. For additional information and configuration instructions see https://help.forcepoint.com/docs/ngfw/howto/ngfw_ht_deploy-ngfw-in-aws_en-us.pdf
Support
Vendor support
Your subscription includes Forcepoint Premium Support, with 24x7 support for critical issues, Severity 1 response targets of 45 mins or less, and an online technical support site offering extensive support resources and request tracking.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Forcepoint
By Palo Alto Networks
By Check Point Software Technologies
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Intrusion Prevention System
Leading Intrusion Prevention System (IPS) integrated into unified security solution for threat detection and prevention
Advanced Evasion Technique Detection
Capability to identify and stop Advanced Evasion Techniques (AETs) with superior performance compared to other security devices
Application Layer Security
Advanced application control with application layer exfiltration security and dynamic security controls
Sandboxing and Malware Analysis
Sandboxing technology for identifying zero-day attacks and advanced malware threats
Centralized Management Console
Unified management console for streamlined security administration across data center, office, and branch firewalls
AI and Machine Learning-Powered Threat Prevention
Artificial intelligence and machine learning-powered threat prevention leveraging intelligence from 70,000+ global customers to detect and mitigate zero-day exploits, DNS threats, and web-based threats 180x faster than traditional platforms.
Layer 7 Application Classification and Control
Patented Layer 7 classification enabling granular traffic control and visibility based on workloads, users, and applications with precise network traffic management.
Cloud-Delivered Security Services
Cloud-Delivered Security Services (CDSS) powered by Precision AI and Unit 42 Threat Research for advanced threat prevention and detection of zero-day attacks and unknown command-and-control traffic.
Infrastructure as Code and Automation
Support for automated deployment, policy enforcement, and account management workflows through APIs, CloudFormation, and Terraform integration.
AWS Native Service Integration
Seamless integration with AWS services including AWS Firewall Manager, CloudWatch, Kinesis Firehose, and Strata Cloud Manager for centralized management and real-time monitoring.
Advanced Threat Prevention Capabilities
Includes firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, and anti-bot features for multi-layered network security.
Traffic Inspection and Control
Inspects and controls encrypted data flows between on-premises networks and AWS VPCs, including North-South traffic entering and exiting private subnets and East-West traffic between VPCs.
Infrastructure-as-Code Integration
Integrates with infrastructure-as-code tools including Terraform and Ansible for policy automation, with dynamic security policy adaptation based on real-time cloud metadata.
AWS Service Integration
Supports integration with Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Transit Gateway, AWS Outposts, and Amazon Macie.
Centralized Security Management
Provides unified, centralized management through Check Point Security Management Server with consistent policy, logging, and reporting across AWS, hybrid, and on-premises environments.
Standard contract
No
No
No
Customer reviews
Ajit Pratap Kundan
Unified security management has improved traffic control and simplified remote workforce access
Reviewed on Apr 14, 2026
Review from a verified AWS customer
What is our primary use case?
The major use cases for Forcepoint Next Generation Firewall are in government turnkey projects where we require a lot of traffic coming from the public domain. That is why we are putting these firewalls in HA mode to handle load balancing as well as filtering the traffic.
Some of my clients are using SD-WAN for remote workforces. We are using SD-WAN features for customers such as LIC and some banks in remote villages or places where we can connect or access applications with the SD-WAN solution.
Regarding the stability of Forcepoint Next Generation Firewall , the solution is usually very stable, and I hardly hear about any glitches or latency issues recently compared to other vendors such as F5 or Cisco.
What is most valuable?
Forcepoint Next Generation Firewall does help in vulnerability identification and response by providing a single unified console through which I am able to monitor and manage infrastructure.
The URL filtering capability of Forcepoint Next Generation Firewall helps in blocking malicious sites. We have to take care of both known threats and unknown threats. The firewall takes care of known threats, and we protect ourselves from unknown threats such as malicious code and malware that we cannot create firewall rules for. With these routing capabilities and policies, only whitelisted things get processed or passed.
The biggest advantages of Forcepoint Next Generation Firewall, especially as a partner, service provider, and integrator, are that it is very easy to integrate these APIs with our solution, and most of the features I am getting in the clientless mode. Even with the client mode, it is easy to integrate with our client, allowing the customer to get a single client to address all the features of the firewall as well as the GTNA perspective.
The flexibility of deployment, especially for the government and defense sectors, is that they want an on-premises solution, while the rest of the PSUs or enterprise segment are comfortable with the cloud offering, which is the SaaS offering and the way to go in the future.
What needs improvement?
The negative side of Forcepoint Next Generation Firewall is that the ZTNA part is missing. For that, we have to integrate a third-party component with Forcepoint Next Generation Firewall to complete the overall solution. Otherwise, Forcepoint Next Generation Firewall has all the capabilities. One more thing missing is MFA, specifically multi-factor authentication such as identity and access management, which I believe Forcepoint Next Generation Firewall should include in their overall product positioning.
For how long have I used the solution?
I have been using Forcepoint Next Generation Firewall for the last three to three and a half years.
What do I think about the scalability of the solution?
In terms of scalability, it is indeed easy to scale. In a country such as India with a large population, we often need to scale up or down depending on projects and requirements, and it is very much easy to do both ways.
How are customer service and support?
Technical support from Forcepoint Next Generation Firewall is great. We have a point of contact from the account manager to the presales representative, and they connect with the technical support team, providing support in Indian time, so we do not have to worry about US or European time zones.
If I were to rate my happiness with support from zero to ten points, I give it eight out of ten.
How was the initial setup?
The installation of Forcepoint Next Generation Firewall is usually straightforward. Most of the tasks are possible remotely, so we do not have to be on-premises or in person at the customer's site. Most tasks are done remotely by the Forcepoint Next Generation Firewall professional services team.
What was our ROI?
It is possible to observe a return on investment with Forcepoint Next Generation Firewall. For example, a customer is using many point products such as DLP and patch management. If you go with an advanced solution such as what Forcepoint Next Generation Firewall provides, such as a SASE solution, point products become obsolete, and you can achieve a better ROI because you avoid renewal prices for those products.
What's my experience with pricing, setup cost, and licensing?
In terms of price, I would say Forcepoint Next Generation Firewall is not expensive. It is very much comparable to other vendors, and pricing is not a problem, especially for the Asian market, with only the concern being the overall complete solution.
Which other solutions did I evaluate?
I would say Forcepoint Next Generation Firewall is leading in its customer segment, especially in the defense sector where they are very strong, but in environments such as finance, I think Palo Alto has an edge compared to Forcepoint Next Generation Firewall.
What other advice do I have?
My experience these days includes extensive work with VMware and HP.
I am currently working with Alletra Storage, also known as GreenLake for block storage. GreenLake is a cloud offering.
The solutions from HP that I am using now include SimpliVity .
For OpenText , I have knowledge of many products which I worked with in the past. A couple of years ago, OpenText was known as Novell. Before Micro Focus it was Novell. All these products such as PlateSpin, Novell Access Manager, Identity Manager, and PAM solution were previously named Novell. Now it is Micro Focus and now OpenText.
I worked with Tanzu in the past, five years ago.
Right now, I am working with an eCops solution. Apart from eCops, I worked with Forcepoint Next Generation Firewall, WAF solution, Forcepoint WAF , and SASE solution, and I have also worked with Zscaler SASE solution.
Today, I work with HP, Forcepoint Next Generation Firewall, and Cisco.
Cisco is a partner I am working with on a couple of projects, having many offerings such as servers, switches, and routers. They are partners in different regions, but sometimes compete, such as with Cisco Duo where we compete in multi-factor authentication and IAM space. Similarly, Cisco AnyConnect serves as a VPN, and we find eCops competing with Cisco, having replaced them in several instances.
I work with Cisco Secure Access , which is our competitor.
I have indeed worked with Secure Access in the past.
I worked with Secure Access back in 2021.
I would rate this review nine out of ten.
reviewer2320872
Advanced traffic controls have supported complex security needs but have highlighted interface and reliability gaps
Reviewed on Feb 26, 2026
Review provided by PeerSpot
What is our primary use case?
I am dealing with Forcepoint Next Generation Firewall from the business perspective, specifically from the pre-sales perspective and solution architecture. My company is not using Forcepoint Next Generation Firewall , but my customers are.
What is most valuable?
Forcepoint Next Generation Firewall's IPS feature has four operational modes, including IPS, Layer 2 and Layer 3 Firewalls . The IPS mode offers many controls, profiles, and signatures for inspecting traffic. It allows for applying firewall rules followed by IPS engine inspection. With Forcepoint Next Generation Firewall, many decisions including blocking and controlling traffic actions are possible. They also offer a CASB cloud access security broker and a cloud-based firewall, promoting cloud-native capabilities.
What needs improvement?
I am not certain if they could simplify their interface, because Forcepoint Next Generation Firewall is already built software. It could be compared with some well-known vendors such as Palo Alto. Palo Alto does not have an easy interface to be managed, especially if you are applying many profiles and many controls.
Forcepoint Next Generation Firewall should make some improvements because there is some instability with their software. Sometimes it could lag or become over-utilized. You need to clear some caches and do some restarts. This instability is problematic. Sometimes some traffic is being blocked, and the reason is not entirely clear.
When you apply some traffic rules with Forcepoint Next Generation Firewall, sometimes you feel you have to do more improvements. For example, if I want to block the Facebook application, several things should be in place so that you can consider this part. This is not easy to be implemented as a rule.
For how long have I used the solution?
I have been using this solution for around nine years.
What do I think about the stability of the solution?
Forcepoint Next Generation Firewall should make some improvements because there is some instability with their software. Sometimes it could lag or become over-utilized. You need to clear some caches and do some restarts. This instability is problematic. Sometimes some traffic is being blocked, and the reason is not entirely clear. This is why we sometimes suffer with Forcepoint Next Generation Firewall.
What other advice do I have?
Forcepoint Next Generation Firewall is for people who have skills. The customer should have a good skilled team to operate this solution because it is not that easy. It could be compared with Palo Alto in terms of difficulty. The technical team should be skilled to manage it. The customer scale differs from industry to industry, but they are dealing with medium businesses and have a competitive cost, so it is an affordable technology.
For non-experienced people, skilled people are required to manage Forcepoint Next Generation Firewall because it has many dashboards, many customizations, fine-tuning, and principles, so it requires skilled management.
I have not used secure SD-WAN for remote workforces before, but this feature is already in place and is used extensively.
I would rate this product a 6 out of 10.
Petr Pouzar
Centralized control has simplified secure branch connectivity and improved remote access
Reviewed on Feb 20, 2026
Review provided by PeerSpot
What is our primary use case?
The main use case for Forcepoint Next Generation Firewall is not just the installation but to offer or suggest an architecture, showing how to use it basically on the edge of the customer's network.
What is most valuable?
I appreciate Forcepoint Next Generation Firewall for its capability to use VPN tunnels between branches, especially if they are under the same management center of Forcepoint. It is really easy and nice to use. You can do a route-based VPN tunnel as well as policy-based VPN tunnels between branches and some central point.
I have some experience with the IPS feature of Forcepoint Next Generation Firewall. It is a feature you can use to observe the traffic and identify bad behavior on the network. This is a passive function that allows you to identify traffic, and in the next step, you can cancel or discard this traffic.
The centralized management console of Forcepoint Next Generation Firewall is really helpful. You can manage all the firewalls in just one control center, and you can use around twenty firewalls and have them under one. It is really nice to have this feature, far better than having to connect to all the firewalls separately.
I am using the Secure SD-WAN feature for remote workforces, and it is a really good feature. You can have more than one tunnel to other branches and use those tunnels. One of them could be standby while the other is active, and they can both be active as well to split the traffic and use more speed.
URL filtering is very helpful in blocking malicious sites in Forcepoint Next Generation Firewall, especially when you have end-users who browse dangerous or improper sites from work or office computers. You can monitor and block this traffic.
What needs improvement?
I found one problem with Forcepoint Next Generation Firewall. They still do not have any VPN clients for Windows computers with ARM processors. This has started to become a problem because we have some clients who have notebooks with ARM processors, and we do not have the VPN client for them. There is a VPN client, a Forcepoint VPN client for the Windows platform, but in these days, you can have a Windows notebook with an ARM processor.
For how long have I used the solution?
I have been using Forcepoint Next Generation Firewall for almost five or six years.
What do I think about the scalability of the solution?
Forcepoint Next Generation Firewall is really good and scalable because there is one really good aspect. Even if you have some firewalls in the cluster, it is not necessary to have them on the same version. This is really nice if you are doing upgrades because you can do it step by step. Every time if you need more capability for traffic, you can also put another firewall to the cluster. It is really scalable.
How are customer service and support?
Generally, for Forcepoint, the customer support and customer service might be better, but especially for the firewalls, it is quite good. It is better than other technologies of Forcepoint.
Which solution did I use previously and why did I switch?
I started with firewalls with Forcepoint Next Generation Firewall.
How was the initial setup?
Installation of Forcepoint Next Generation Firewall on-premise is quite straightforward.
Which other solutions did I evaluate?
Forcepoint Next Generation Firewall is quite affordable. I would say that it is cheaper than other brands like Palo Alto or Check Point. It has a lot of capabilities and is very stable. It is also very well-made. For its price, I suppose that it is still good, even though I know that their prices are rising a little bit, but still it is better than Palo Alto, for example.
For its price, Forcepoint Next Generation Firewall is a really good product when compared to other vendors.
What other advice do I have?
reviewer2774055
Improved network segmentation has reduced lateral movement while the interface still needs modernization
Reviewed on Jan 15, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Forcepoint Next Generation Firewall has been network security and segmentation, relying on it most for remote access and threat prevention as a strong secondary role. The primary use case is perimeter and internal network security, and secondary use cases include site-to-site and branch connectivity using IPsec VPN tunnels, remote access using SSL remote access, and threat prevention by using it as an IPS, malware inspection, and reputation filtering.
I worked with a customer at a large enterprise where they had a core data center, a DMZ network, and internal business apps, with a sensitive finance system. With Forcepoint Next Generation Firewall , I designed a strict zone-based segmentation model, from internet to DMZ, then from DMZ to application tier, from application tier to database tier, and from user LAN into internal services. I used granular firewall policies so that only specific protocols, specific ports, and destinations were allowed, with explicit deny by default between the zones unless enabled by the granular firewall policies. I enabled application identification, blocking non-business traffic even if it was using allowed ports, and tagged each application on every policy. Lateral movement risk was massively reduced, and the organization passed internal security audits with zero critical findings, so the policies were very clean and readable. Forcepoint Next Generation Firewall's policy engine is very strong here and very user-friendly.
What is most valuable?
For threat prevention, I noticed on another customer that there were repeated scanning and exploit attempts against some public-facing service running on HTTPS. I configured Forcepoint Next Generation Firewall to handle IPS by enabling it with critical and high severity signatures only to reduce false positives. I turned on IP reputation filtering to filter out known malicious networks, applied rate limiting on specific services in the DMZ, and logged events centrally for correlation. As a result, exploit attempts were much less than before, being blocked before reaching the back-end servers from the firewall itself, with no performance degradation on the applications. The security team received clear and actionable logs that were centralized, so they knew what was happening all the time.
Strong network segmentation is my favorite feature that Forcepoint Next Generation Firewall offers. The policies are very deterministic and readable, and it has excellent east-west blocking and least privilege architecture. Application awareness identifies traffic beyond just the port itself; I can identify the application using a specific port and block risky applications even if they use allowed ports, which is great for environments with shadow IT. The integrated threat prevention is also very good, with IPS featuring well-tuned signatures and reputation-based filtering that blocks known bad actors before they can touch any applications. It supports both IPsec and SSL VPN tunnels, along with site-to-site, client-to-site, and hybrid cloud links, integrating well with Active Directory and LDAP. Additionally, centralized log management and reporting are very actionable and structured, with clarity in the policies for auditing. Overall, its stability and reliability are commendable.
A real example of how Forcepoint Next Generation Firewall's readable policies and application awareness features made my work easier was fixing a flat network problem without breaking actual applications. I inherited an environment where users, application servers, and databases were loosely segmented, with port-based and messy firewall rules. Security audits flagged lateral movement risks, and application owners were scared of outages if I tightened security too much. Forcepoint Next Generation Firewall made it easy by providing very easy-to-read and logical policies. I built policies that are clear, showing communications from the user zone to the application zone to specific applications, or from the app zone to the database zone, using only required database protocols. By default, I applied a deny rule between zones unless explicitly allowed by the readable rules I implemented. The policy view clarified who talks to whom, which rules exist, why they exist, and the business function they support, effectively stopping port abuse.
Security posture has definitely improved greatly since using Forcepoint Next Generation Firewall. From a flat or semi-flat network, I now have clear zone-based segmentation, with increased operational efficiency. The admins using the firewall have rules that are easy to read and intent-based, making changes easier to review and approve. There is less fear that one wrong rule could break production and fewer outages caused by security changes, without hidden matches or rule shadowing surprises. Clear hit count visibility helps me clean unused rules, leading to much fewer outages caused by changes on the firewalls. The centralized log management with supported log types provides better visibility for the SOC team and the SIEM team, as Forcepoint Next Generation Firewall sends very easy-to-parse and search clear logs to the SOC team.
I did see measurable, defensible results after using Forcepoint Next Generation Firewall, including fewer security incidents reaching the back-end servers. This reduction is due to strong segmentation, application awareness, and IPS features, leading to a 60 to 70 percent reduction in security alerts that actually reach the servers. DMZ exploit attempts dropped to near zero, and no lateral movement incidents were detected post network segmentation. Additionally, overall SOC efficiency improved due to well-structured and contextual logs reflecting clear policy intent, resulting in a 35 to 40 percent reduction in mean time to triage. SOC analysts stopped chasing noise and false positives, as they had much clearer logs to use confidently.
What needs improvement?
Forcepoint Next Generation Firewall can be improved, perhaps in the user interface and policy management. While the policies are easy to read, the UI feels a bit dated and sometimes clunky on certain pages. Editing rules can feel complex due to the need for multiple clicks and screens. To improve, I suggest modernizing the policy UI with drag-and-drop capabilities for rules, a policy diff impact preview before committing changes, and offering more intuitive rule tagging and labeling.
For how long have I used the solution?
I have been using Forcepoint Next Generation Firewall for five years.
What do I think about the stability of the solution?
Forcepoint Next Generation Firewall is stable in my experience.
What do I think about the scalability of the solution?
Forcepoint Next Generation Firewall's scalability is very good; I can have one management node similar to Palo Alto Panorama, with multiple nodes covering different sites, data centers, or zones, enabling extensive deployment in different environments.
How are customer service and support?
Customer support for Forcepoint Next Generation Firewall is standard support: I open a ticket, wait a bit, and an agent connects with me. It is level one support, and if there is a complex incident or issue, I wait for escalation to level two and so on. I would give it a three out of five.
How would you rate customer service and support?
Neutral
How was the initial setup?
I had multiple options concerning the licensing model for Forcepoint Next Generation Firewall. One option is perpetual plus support, which feels like a classic enterprise licensing model with predictable upfront costs. Another is the subscription model offering feature or security bundles, which feels flexible but requires discipline to manage costs. There is also the option in the AWS Marketplace to deploy as pay-as-you-go, leading to hourly billing with licenses included, or bring your own license to AWS and attach it. Pay-as-you-go is simple for temporary use or proof of concept, while bring your own license typically saves money long-term.
What was our ROI?
I did see a return on investment with Forcepoint Next Generation Firewall, as mentioned by the efficiency improvements and the metrics related to how much I cut investigation time, the number of incidents, and the ease of making changes or pushing new configurations. I overall save on costs by needing fewer people to manage it and fewer decision-makers involved.
Which other solutions did I evaluate?
I evaluated other options prior to choosing Forcepoint Next Generation Firewall, including Palo Alto, Fortinet, and Check Point Firewall.
What other advice do I have?
Forcepoint Next Generation Firewall is very solid and strong at the fundamentals that enterprises rely on, but it lags behind market leaders in a few modern areas. The policy clarity and segmentation are noteworthy strengths of Forcepoint Next Generation Firewall, along with stability, predictability, and effective threat prevention without noise, making it enterprise-friendly. However, the UI and UX feel a little dated, while cloud-native capabilities are somewhat limited. It works on AWS , for example, but is not cloud-first based, lacking deep integration with cloud constructs such as security group tags and automated automation tooling, which are stronger in other competitors. Additionally, while user identity and analytics depth is good, user-centric visibility is somewhat weak, and the ecosystem and innovation pace are smaller compared to competitors such as Fortinet or Palo Alto.
I advise those looking into using Forcepoint Next Generation Firewall to deploy it as a pay-as-you-go option for a few days, using it for proof of concept to explore the GUI, features, and capabilities to get accustomed to it. If they are comfortable with a classic GUI that is not as modern as other options such as Palo Alto, they should remember that the core features are very strong. It is a very stable product, so I suggest they seek out other customers with existing deployments of Forcepoint Next Generation Firewall and ask about their experiences before making the decision to use it themselves. Overall, it is an excellent product, highly reliable, and among the top contenders; Forcepoint Next Generation Firewall is well known. I gave Forcepoint Next Generation Firewall a 7.5 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2783121
Centralized management has strengthened our perimeter security and consistently reduced downtime
Reviewed on Nov 28, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for Forcepoint Next Generation Firewall is to manage the security perimeter.
A quick, specific example of how I use Forcepoint Next Generation Firewall to manage my security perimeter involves making inspection, NAT, and ACL .
In addition to managing the security perimeter with Forcepoint Next Generation Firewall, we also need to manage the SD-WAN functionality and VPN intra-site.
What is most valuable?
Forcepoint Next Generation Firewall offers excellent features including a centralized management console and log feature.
I appreciate the centralized management console and the log feature because the logs are clear and easy to use, which helps my daily work.
I would also add that the load balancing feature and the active-active functionality are notable aspects of Forcepoint Next Generation Firewall.
Forcepoint Next Generation Firewall has positively impacted my organization by providing always-on perimeter security.
Always-on functionality for my organization means it has reduced the downtime.
What needs improvement?
Forcepoint Next Generation Firewall can be improved with better response from support.
I do not have anything more to add about the needed improvements, especially regarding the interface or other technical aspects.
For how long have I used the solution?
Forcepoint Next Generation Firewall is deployed in my organization on-premises.
What do I think about the stability of the solution?
Forcepoint Next Generation Firewall is stable.
What do I think about the scalability of the solution?
Forcepoint Next Generation Firewall has good scalability.
How are customer service and support?
Regarding customer support, last year it was not as good or quick, but the last call and ticket raised seemed to be better.
I would rate the customer support a seven.
Which solution did I use previously and why did I switch?
Previously, I used a Cisco Firewall, and I switched to Forcepoint Next Generation Firewall because of the central management and the deep log information.
How was the initial setup?
My experience with pricing, setup cost, and licensing has been in line with the market.
What was our ROI?
I have seen a return on investment with time saved and also fewer employees needed.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been in line with the market.
Which other solutions did I evaluate?
Before choosing Forcepoint Next Generation Firewall, I also evaluated the Check Point solution.
What other advice do I have?
I would rate Forcepoint Next Generation Firewall a nine on a scale of one to ten.
I give it a nine because support is not always very speedy, which stops me from giving it a ten.
My overall review rating for Forcepoint Next Generation Firewall is nine.