Forcepoint Next Generation Firewall (NGFW)
Enterprise SD-WAN Meets the #1 Most Secure Next Gen Firewall
Forcepoint Next Generation Firewall (NGFW) combines fast, flexible networking (SD-WAN and LAN) with industry-leading security to connect and protect people and the data they use throughout diverse, evolving enterprise networks. Forcepoint NGFW provides consistent security, performance and operations across physical, virtual and cloud systems. It’s designed from the ground up for high availability and scalability, as well as centralized management with full 360° visibility.
- Replace MPLS and Go Direct to Cloud
Use SD-WAN to replace costly MPLS at retail stores and branch offices with broadband links to the cloud. Accelerate Office 365 performance and boost resilience without sacrificing security with Forcepoint NGFW.
- Stop Evasions That Bypass Your IPS
Defend your networks against emerging exploits and malware—even ones camouflaged by advanced evasion techniques that sneak through most next generation firewalls.
- Respond to Incidents in Minutes, Not Hours
Immediately see and understand what’s happening in your network with an interactive, visual interface. Update policies for hundreds of physical and virtual locations worldwide with a single click.
Always-On SD-WAN Connectivity for Enterprises
Today’s businesses demand fully resilient network security solutions. Forcepoint NGFW builds in high scalability and availability at all levels:
- Active-active, mixed clustering
Up to 16 nodes of different models running different versions can be clustered together. This provides superior networking performance and resilience, and enables security such as deep packet inspection and VPNs.
- Seamless policy updates and software upgrades
Forcepoint’s industry-leading availability enables policy updates (and even software upgrades) to be seamlessly pushed to a cluster without interrupting service.
- SD-WAN network clustering
Extends high-availability coverage to network and VPN connections. Combines nonstop security with the ability to take advantage of local broadband connections in order to complement or replace expensive leased lines like MPLS.
Keep Pace With Changing Security Needs
A unified software core enables Forcepoint NGFW to handle multiple security roles, from firewall/VPN to IPS to layer 2 firewall, in dynamic business environments. Forcepoint NGFWs can be deployed in a variety of ways (e.g., physical, virtual, cloud appliances), all managed from a single console.
Forcepoint uniquely tailors access control and deep inspection to each connection to provide high performance and security. It combines granular application control, intrusion prevention system (IPS) defenses, built-in virtual private network (VPN) control and mission-critical application proxies into an efficient, extensible and highly scalable design. Our powerful anti-evasion technologies decode and normalize network traffic before inspection and across all protocol layers to expose and block the most advanced attack methods.
Block Sophisticated Data Breach Attacks
Large data breaches continue to plague businesses and organizations of every industry. Now you can fight back with application-layer exfiltration protection. Forcepoint NGFWs selectively and automatically whitelist or blacklist network traffic originating from specific applications on PCs, laptops, servers, file shares and other endpoint devices based on highly granular endpoint contextual data. It goes beyond typical firewalls to prevent attempted exfiltration of sensitive data from endpoints via unauthorized programs, web applications, users and communications channels.
Attackers have become experts in penetrating enterprise networks, applications, data centers and endpoints. Once inside, they steal intellectual property, customer information and other sensitive data, causing irreparable damage to businesses and their respective reputations. New attack techniques can evade detection by traditional security network devices, including many name-brand firewalls, moving beyond the simple transmission of vulnerability exploits.
Evasions work at multiple levels to camouflage exploits and malware, making them invisible to traditional signature-based packet inspection. With evasions, even old attacks that have been blocked for years can be repackaged to compromise internal systems.
Forcepoint NGFW takes a different approach. Our industryleading security engine is designed for all three stages of network defense: to defeat evasions, detect exploits of vulnerabilities and stop malware. It can be deployed transparently behind existing firewalls to add protection without disruption, or as full-featured NGFW for all-inone security.
In addition, Forcepoint NGFW provides fast decryption of encrypted traffic, including HTTPS web connections, combined with granular privacy controls that keep your business and users safe in a rapidly changing world. It can even limit access from specific endpoint applications to lock down devices or prevent the use of vulnerable software.
- Faster rollout of branches, clouds or data centers
- Less downtime
- Greater security without disruption
- Fewer breaches
- Less exposure to new vulnerabilities while IT teams prepare to deploy new patches
- Lower TCO for network infrastructure and security
- SD-WAN connectivity at enterprise scale
- Built-in IPS with anti-evasion defenses
- High-availability clustering of devices and networks
- Automated, zero-downtime updates
- Policy-driven centralized management
- Actionable, interactive 360° visibility
- Sidewinder security proxies for mission-critical applications
- Human-centric user and endpoint context
- High-performance decryption with granular privacy controls
- Whitelisting/blacklisting by client application and version
- CASB and Web Security integration
- Anti-malware sandboxing
- Unified software for physical, AWS, Azure, VMware deployments
Decrypt Traffic While Safeguarding Privacy
Inspect attacks and stolen data hidden inside encrypted SSL/TLS traffic while still protecting users' privacy.
Extend Your Network Into the Cloud
Deploy applications safely in Amazon Web Services, Azure, and VMware. Segment different service layers and manage virtual NGFWs and IPSs the same way as physical appliances.
Control Access to Web Content
Limit users' access to entire categories of websites containing inappropriate or unsafe content with URL intelligence that’s depended upon around the globe.
Protect High-Assurance Systems
Safeguard your most sensitive, mission-critical networks and applications with Forcepoint’s renowned Sidewinder proxy technology.
Regain Control of Shadow IT
Understand the risk associated with unsanctioned cloud apps so you can redirect users to more appropriate apps or block them altogether.
Offer SD-WAN and NGFW Security as an MSSP
Manage enterprise-grade connectivity and protection from your own multi-tenant systems, with a business model tailored to the needs of MSSPs.
Enterprise SD-WAN Connectivity and NGFW Security for Distributed Enterprises
Modular Appliances for Every Environment
Our broad range of appliances provide the right price-performance and form factor for each location; plugable interface cards let you change networks with ease.
Multi-link Connectivity for SD-WAN
Broadband, wireless, and dedicated lines at each location can be centrally deployed and managed, providing full control over what traffic goes over each link with automated failover.
Policy-Driven Centralized Management
Smart Policies describe your business processes in familiar terms and are automatically implemented throughout the network, managed in-house or via MSSP.
Built-in NGFW, VPN, Proxies, and More
Unparalleled security comes standard, from top-ranked Next Generation Firewall and IPS to rapid-setup VPNs and granular decryption, as well as our unique Sidewinder proxy technology.
Human-Centric Endpoint Context
Access policies can whitelist or blacklist specific endpoint apps, patch levels or AV status. Users' behaviors are consolidated into actionable dashboards.
CASB and Web Security
Our reknowned URL filtering and industry-leading cloud services work together to protect your data and people as they use apps and web content.
Rich application programming interfaces enable SD-WAN and NGFWs to be integrated with orchestration, management, and third-party analysis infrastructure.
High Availability, Mixed Clustering
Active-active clustering lets you mix up to 16 different models of appliances for unrivaled scalability, longer lifecycles, and seamless updates without dropping packets.
Automated, Zero-Downtime Updates
Policy changes and software updates can be deployed to hundreds of firewalls and IPS devices around the world in minutes, not hours, without the need for service windows.
Actionable, Interactive 360° Visibility
Graphical dashboards and visualizations of network activity go beyond simple reporting, enabling admins to drill into events and respond to incidents faster.
Top-Ranked Anti-Evasion Defense
Multi-layer stream inspection defeats advanced attacks that traditional packet inspection can't detect—see for yourself in our Evader video series.
Unified Virtual and Physical Security
Native support for AWS, Azure and VMware has the same capabilities, management, and high performance of our physical appliances.
Forcepoint Advanced Malware Detection blocks previously undetected ransomware, zero-days, and other attacks before they steal sensitive data or damage your systems.
Forcepoint Next Gen Firewalls are rigourously tested to comply with major industry and government certification requirements.
One Platform with Many Deployment Options – All Managed from a Single Console
|Physical Appliance||Multiple hardware appliance options, ranging from branch office to data center installations|
|Cloud Infrastructure||Amazon Web Services, Microsoft Azure|
|Virtual Appliance||x86 64-bit based systems; VMware ESXi, VMware NSX, Microsoft Hyper-V, and KVM|
|Endpoint||Endpoint Context Agent (ECA), VPN Client|
|Virtual Contexts||Up to 250|
|Centralized Management||Enterprise-level centralized management system with log analysis, monitoring and reporting capabilities|
|Deep Packet Inspection||Multi-Layer Traffic Normalization/Full-Steam Deep Inspection, Anti-Evasion Defense, Dynamic Context Detection, Protocol-Specific Traffic Handling/Inspection, Granular Decryption of SSL/TLS Traffic, Vulnerability Exploit Detection, Custom Fingerprinting, Reconnaissance, Anti-Botnet, Correlation, Traffic Recording, DoS/DDoS Protection, Blocking Methods, Automatic Updates|
|User Identification||Internal user database, Native LDAP, Microsoft Active Directory, RADIUS, TACACS+, Microsoft Exchange, Client Certificates|
|IP Address Assignment||
|IPv6t||Dual stack IPv4/IPv6, ICMPv6, DNSv6, NAT, Full NGFW features|
|Proxy Redirection||HTTP, HTTPS, FTP, SMTP protocols redirection to Forcepoint or third party Content Inspection Service (CIS) on premise and Cloud|
|Geo-Protection||Dynamically updated source/destination country or continent|
|IP Address List||Predefined IP categories or using custom or imported IP address lists|
|URL Filtering (Separate Subscription)||Custom or imported URL lists|
|Endpoint Applications||Application name and version|
|Network Applications||7400+ network and cloud applications|
|Sidewinder Security Proxies||TCP, UDP, HTTP, HTTPS, SSH, FTP, TFTP, SFTP, DNS|
|Protocols||IPsec and TLS|
|Advanced Malware Detection and File Control|
|Protocols||FTP, HTTP, HTTPS, POP3, IMAP, SMTP|
|File Filtering||Policy-based file filtering with efficient down selection process.
Over 200 supported file types in 19 file categories
|File Reputation||High speed cloud based Malware reputation checking and blocking|
|Anti-Virus||Local antivirus scan engine*|
|Zero-Day Sandboxing||Forcepoint Advanced Malware Detection available both as cloud and on-premise service|
*Local anti-malware scan is not available with 110/115 appliances.
Download the Forcepoint Next Generation Firewall (NGFW) Datasheet (.PDF)
- Pricing and product availability subject to change without notice.