Improved network segmentation has reduced lateral movement while the interface still needs modernization
What is our primary use case?
My main use case for Forcepoint Next Generation Firewall has been network security and segmentation, relying on it most for remote access and threat prevention as a strong secondary role. The primary use case is perimeter and internal network security, and secondary use cases include site-to-site and branch connectivity using IPsec VPN tunnels, remote access using SSL remote access, and threat prevention by using it as an IPS, malware inspection, and reputation filtering.
I worked with a customer at a large enterprise where they had a core data center, a DMZ network, and internal business apps, with a sensitive finance system. With Forcepoint Next Generation Firewall, I designed a strict zone-based segmentation model, from internet to DMZ, then from DMZ to application tier, from application tier to database tier, and from user LAN into internal services. I used granular firewall policies so that only specific protocols, specific ports, and destinations were allowed, with explicit deny by default between the zones unless enabled by the granular firewall policies. I enabled application identification, blocking non-business traffic even if it was using allowed ports, and tagged each application on every policy. Lateral movement risk was massively reduced, and the organization passed internal security audits with zero critical findings, so the policies were very clean and readable. Forcepoint Next Generation Firewall's policy engine is very strong here and very user-friendly.
What is most valuable?
For threat prevention, I noticed on another customer that there were repeated scanning and exploit attempts against some public-facing service running on HTTPS. I configured Forcepoint Next Generation Firewall to handle IPS by enabling it with critical and high severity signatures only to reduce false positives. I turned on IP reputation filtering to filter out known malicious networks, applied rate limiting on specific services in the DMZ, and logged events centrally for correlation. As a result, exploit attempts were much less than before, being blocked before reaching the back-end servers from the firewall itself, with no performance degradation on the applications. The security team received clear and actionable logs that were centralized, so they knew what was happening all the time.
Strong network segmentation is my favorite feature that Forcepoint Next Generation Firewall offers. The policies are very deterministic and readable, and it has excellent east-west blocking and least privilege architecture. Application awareness identifies traffic beyond just the port itself; I can identify the application using a specific port and block risky applications even if they use allowed ports, which is great for environments with shadow IT. The integrated threat prevention is also very good, with IPS featuring well-tuned signatures and reputation-based filtering that blocks known bad actors before they can touch any applications. It supports both IPsec and SSL VPN tunnels, along with site-to-site, client-to-site, and hybrid cloud links, integrating well with Active Directory and LDAP. Additionally, centralized log management and reporting are very actionable and structured, with clarity in the policies for auditing. Overall, its stability and reliability are commendable.
A real example of how Forcepoint Next Generation Firewall's readable policies and application awareness features made my work easier was fixing a flat network problem without breaking actual applications. I inherited an environment where users, application servers, and databases were loosely segmented, with port-based and messy firewall rules. Security audits flagged lateral movement risks, and application owners were scared of outages if I tightened security too much. Forcepoint Next Generation Firewall made it easy by providing very easy-to-read and logical policies. I built policies that are clear, showing communications from the user zone to the application zone to specific applications, or from the app zone to the database zone, using only required database protocols. By default, I applied a deny rule between zones unless explicitly allowed by the readable rules I implemented. The policy view clarified who talks to whom, which rules exist, why they exist, and the business function they support, effectively stopping port abuse.
Security posture has definitely improved greatly since using Forcepoint Next Generation Firewall. From a flat or semi-flat network, I now have clear zone-based segmentation, with increased operational efficiency. The admins using the firewall have rules that are easy to read and intent-based, making changes easier to review and approve. There is less fear that one wrong rule could break production and fewer outages caused by security changes, without hidden matches or rule shadowing surprises. Clear hit count visibility helps me clean unused rules, leading to much fewer outages caused by changes on the firewalls. The centralized log management with supported log types provides better visibility for the SOC team and the SIEM team, as Forcepoint Next Generation Firewall sends very easy-to-parse and search clear logs to the SOC team.
I did see measurable, defensible results after using Forcepoint Next Generation Firewall, including fewer security incidents reaching the back-end servers. This reduction is due to strong segmentation, application awareness, and IPS features, leading to a 60 to 70 percent reduction in security alerts that actually reach the servers. DMZ exploit attempts dropped to near zero, and no lateral movement incidents were detected post network segmentation. Additionally, overall SOC efficiency improved due to well-structured and contextual logs reflecting clear policy intent, resulting in a 35 to 40 percent reduction in mean time to triage. SOC analysts stopped chasing noise and false positives, as they had much clearer logs to use confidently.
What needs improvement?
Forcepoint Next Generation Firewall can be improved, perhaps in the user interface and policy management. While the policies are easy to read, the UI feels a bit dated and sometimes clunky on certain pages. Editing rules can feel complex due to the need for multiple clicks and screens. To improve, I suggest modernizing the policy UI with drag-and-drop capabilities for rules, a policy diff impact preview before committing changes, and offering more intuitive rule tagging and labeling.
For how long have I used the solution?
I have been using Forcepoint Next Generation Firewall for five years.
What do I think about the stability of the solution?
Forcepoint Next Generation Firewall is stable in my experience.
What do I think about the scalability of the solution?
Forcepoint Next Generation Firewall's scalability is very good; I can have one management node similar to Palo Alto Panorama, with multiple nodes covering different sites, data centers, or zones, enabling extensive deployment in different environments.
How are customer service and support?
Customer support for Forcepoint Next Generation Firewall is standard support: I open a ticket, wait a bit, and an agent connects with me. It is level one support, and if there is a complex incident or issue, I wait for escalation to level two and so on. I would give it a three out of five.
How would you rate customer service and support?
How was the initial setup?
I had multiple options concerning the licensing model for Forcepoint Next Generation Firewall. One option is perpetual plus support, which feels like a classic enterprise licensing model with predictable upfront costs. Another is the subscription model offering feature or security bundles, which feels flexible but requires discipline to manage costs. There is also the option in the AWS Marketplace to deploy as pay-as-you-go, leading to hourly billing with licenses included, or bring your own license to AWS and attach it. Pay-as-you-go is simple for temporary use or proof of concept, while bring your own license typically saves money long-term.
What was our ROI?
I did see a return on investment with Forcepoint Next Generation Firewall, as mentioned by the efficiency improvements and the metrics related to how much I cut investigation time, the number of incidents, and the ease of making changes or pushing new configurations. I overall save on costs by needing fewer people to manage it and fewer decision-makers involved.
Which other solutions did I evaluate?
I evaluated other options prior to choosing Forcepoint Next Generation Firewall, including Palo Alto, Fortinet, and Check Point Firewall.
What other advice do I have?
Forcepoint Next Generation Firewall is very solid and strong at the fundamentals that enterprises rely on, but it lags behind market leaders in a few modern areas. The policy clarity and segmentation are noteworthy strengths of Forcepoint Next Generation Firewall, along with stability, predictability, and effective threat prevention without noise, making it enterprise-friendly. However, the UI and UX feel a little dated, while cloud-native capabilities are somewhat limited. It works on AWS, for example, but is not cloud-first based, lacking deep integration with cloud constructs such as security group tags and automated automation tooling, which are stronger in other competitors. Additionally, while user identity and analytics depth is good, user-centric visibility is somewhat weak, and the ecosystem and innovation pace are smaller compared to competitors such as Fortinet or Palo Alto.
I advise those looking into using Forcepoint Next Generation Firewall to deploy it as a pay-as-you-go option for a few days, using it for proof of concept to explore the GUI, features, and capabilities to get accustomed to it. If they are comfortable with a classic GUI that is not as modern as other options such as Palo Alto, they should remember that the core features are very strong. It is a very stable product, so I suggest they seek out other customers with existing deployments of Forcepoint Next Generation Firewall and ask about their experiences before making the decision to use it themselves. Overall, it is an excellent product, highly reliable, and among the top contenders; Forcepoint Next Generation Firewall is well known. I gave Forcepoint Next Generation Firewall a 7.5 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Clients have benefited from responsive support and consistent performance
What is our primary use case?
I might not be the right person to discuss the main use cases for Forcepoint Next Generation Firewall for these clients. I can send an email and reply with what we can in broad strokes without identifying any specific customers. I would have to ask my teams that handle these solutions.
What is most valuable?
I can share what we appreciate about Forcepoint Next Generation Firewall and what clients generally choose it for. We have had good experience with their responsiveness, which exceeds other products sometimes. Their customer service and price point are competitive for the US market primarily.
The centralized management console of Forcepoint Next Generation Firewall is something we have been struggling with because everybody has their own approach, but most customers have mixed solutions. We end up having customers that are either running two consoles or requiring a third-party solution to monitor everything. From a configuration standpoint, it has been easy to manage.
Regarding security, these are security solutions, and when referring to performance, it works effectively. Features are very similar across products. Each vendor has their own distinctive elements, but in general, for the most concerning and most sought-after features, it is very complete.
What needs improvement?
At this moment, nothing specific comes to mind regarding improvements for Forcepoint Next Generation Firewall.
The main feedback we receive concerns pricing. If I only have a chance to give one suggestion, it would be to keep pricing competitive. AI improvements could be beneficial, as having AI capabilities has become an important checkmark feature.
What do I think about the stability of the solution?
How are customer service and support?
On a scale of 1 to 10 for customer service for Forcepoint Next Generation Firewall, I would rate it at least 9, 9.5.
How would you rate customer service and support?
How was the initial setup?
The initial setup of Forcepoint Next Generation Firewall is usually straightforward from a professional use and expert perspective - it is normal and not difficult. However, these are products that require expert knowledge to some degree in my experience.
What about the implementation team?
For deploying Forcepoint Next Generation Firewall into client environments, the approach depends on the implementation. For deployment of individual components, we would typically deploy an engineer or technician for individual boxes. If it is going into an existing system, an engineer must be involved. For a full deployment, we need a solutions architect to examine it, and we involve different vendors for their guidance as they are the true experts in each of their components.
Which other solutions did I evaluate?
In terms of comparing Forcepoint Next Generation Firewall on a general level, they are very similar regarding features and quality of performance compared to Palo Alto or Cisco or some of the other major players for next generation.
What other advice do I have?
Our team has experience with multiple solutions including Palo Alto and Forcepoint Next Generation Firewall.
We have a mix of clients, primarily focusing on finance and telecom. As the CEO of the company, I lead the teams, negotiate the brands, and secure them. I am sometimes involved in purchasing products or quoting for bigger projects.
Regarding integration with third parties, we work as an MSSP and support MSPs with their solutions. The integration has been very successful for monitoring and ongoing use of the solutions, particularly from an operational perspective for monitoring faults and issues.
Comparing pricing to other solutions on a scale of 1 to 10, with 10 being the highest price, Forcepoint Next Generation Firewall ranks around seven within the US market. There are other products that are less expensive, but they are frequently ranked among the industry leaders.
We generally work with SMBs and medium to smaller companies given our addressable market, and the experience has been good.
I rate Forcepoint Next Generation Firewall 9 out of 10.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Advanced features secure our network and improvements in licensing could enhance cost-efficiency
What is our primary use case?
We use
Forcepoint Next Generation Firewall for security purposes in our financial institution.
What is most valuable?
The most valuable features of
Forcepoint Next Generation Firewall are the advanced threat protection, including features like IPS and DDoS prevention, which help avoid internal DDoS attacks. The centralized management and smart policies are effective, providing enhanced network efficiency, connectivity, and improved security, resulting in fewer cyberattacks and data breaches.
What needs improvement?
The licensing model should be more flexible. I recommend that additional features be included in a single license to avoid the need for extra licensing costs. Additionally, there are performance limitations when storing logs, as a large number may overwhelm the log server.
For how long have I used the solution?
I have been working with Forcepoint Next Generation Firewall for more than five to six years.
What was my experience with deployment of the solution?
Initially, deployment involved a few hurdles, requiring a couple of days. We had to customize it according to our organizational policies, which required involving a partner in the process for proper setup.
What do I think about the stability of the solution?
From a stability perspective, I would rate the solution between seven and eight out of ten.
What do I think about the scalability of the solution?
Scalability is somewhat limited. While I rate it at five to six, I note that there are restrictions in the firewall manager and limitations when deploying for cloud environments. Since we are using it on-premises, it is difficult to utilize for cloud solutions as well.
How are customer service and support?
Technical support is sometimes slow to respond, and it takes longer to resolve issues. This has been true across all Forcepoint products. I rate customer service four to five out of ten.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We maintain a multi-environment with solutions like Palo Alto and Cisco.
How was the initial setup?
The initial setup was a bit complex, requiring us to customize Forcepoint Next Generation Firewall according to our organization’s standards, necessitating partner involvement.
What about the implementation team?
From our side, at least ten people were involved, and a partner was engaged for the deployment.
What was our ROI?
The centralized management and automated updates have lowered operational costs.
What's my experience with pricing, setup cost, and licensing?
The licensing model is dependent on negotiation skills, but there is room for improvement. The costs can be high since additional features require separate licenses.
Which other solutions did I evaluate?
We maintain solutions like Palo Alto and Cisco.
What other advice do I have?
My overall rating for Forcepoint Next Generation Firewall is seven out of ten. Recommendations depend on infrastructure and return on investment analysis, as there are other alternatives, such as Palo Alto and Cisco.
Firewall for advanced threat protection with deep packet scanning capabilities
What do you like best about the product?
Forecepoint provides Advanced threat protection, intrusion preventation and secure web application scanning. Forecpoint Policies are flexible and rules can be created and modified as per business requirements. It has low latency and does not impact the network performance
What do you dislike about the product?
Limited customization
Advance configuration options are complex and requires subject matter expert to customize the rules.
What problems is the product solving and how is that benefiting you?
Forecepoint protects advanced level cyberattacks from external attackers and cyberthreats like ransomware , zero-day exploits and data exfiltration etc and helping business to secure our digital assets.It provides real-time network visibility and attack surface to improve company security posture , ensure compliance and reduce risk of unahuthroized access and data breaches
