Check Point CloudGuard Network Security Reviews

I use the product to secure the Azure environment. 

The tool's most valuable features are firewalls and IPS. 

There is room for improvement, especially concerning the integration with the management center. It would be beneficial if tasks that currently require scripts could be performed directly from the GUI. 

I have been using the product for a year. 

The product is stable. 

We faced issues with scalability. 

The solution's support is good but can be improved. 

Neutral

The product is too expensive. 

We have moved our security level from on-prem to the cloud. The security posture is consistent. We can use the same storage system, monitoring system, and objects both on-prem and in the cloud. 

I am quite confident with CloudGuard Network Security. The primary reason for choosing the product over other cloud firewall vendors was to maintain the same solution as on-premises. Additionally, it offered a good level of security functionalities. 

I rate the overall product an eight out of ten. You should define your requirements before choosing the product. 

We use the solution for safeguarding the network security infrastructure. This has been one of the greatest achievements since we come across CloudGuard Network Security. 

It has launched effective security measures that can monitor security and provide feedback. 

Workflows across the company ecosystem have can flow smoothly without experiencing any challenges. 

The multi-channel security system monitors our cloud and hybrid servers. Transfer of files from the company database to the cloud servers goes through secure channels mapped by this platform.

A well-established encryption system now secures communication and workflow management systems. Data compromisation situations reported before have been fully eliminated since we deployed this software. There is increased production with secure workflow channels. The IT team can access and control the network security of interlinked company applications. We have developed a modern digital infrastructure that can access and give reliable reports based on real-time results. We no longer experience continuous system failures with automated performance monitoring tools.

Network security threat tools can launch and give advanced reports to the IT team on the future performance of various systems. 

The data analysis dashboards provide comprehensive reports and graphic representations of network security. 

We have secured our digital systems with high-grade security tools that cannot be bypassed by ransomware attacks. The customer service technical team provided virtual training to our team and provided the best article guidelines. 

The automatic features seal all loopholes that could be exploited by cybercriminals.

The operations require skilled manpower with extended experience of working with networking systems for better results. 

The cost depends on company size, and licensing terms are not favorable to small-scale businesses. 

The good sides are many from my experience, and I could recommend it to any growing company that requires the best-performing network security. From the first deployment, we have experienced improved and secure network infrastructure. We have been working closely with the customer service team, and there is no situation that has led to negative objections. 

A combination of on-premises and cloud computing services under one interface could enhance simple and comprehensive monitoring. 

They can integrate tools with policy recommendations and notification alerts on when to remove specific objects of the user's choice.

I've used the solution for one to two years.

The product's stable performance has stimulated business growth.

The set network security planning has been achieved, and we are happy with it.

The customer support team never disappoints.

Positive

We started with this tool and have no intentions of leaving it soon.

The setup was complicated since we had to get proper guidelines from the customer support team.

We deployed through a vendor team, and their level of expertise is high.

The ROI has grown positively since we deployed it.

Companies can try it for themselves and explore its great benefits.

We landed straight to CloudGuard Network Security due to the positive comments made by our partners.

I am satisfied with the current performance.

We use a hybrid environment, so we have an on-premise data center and branch offices as well as resources in the cloud. On-premise is secured with different Check Point Gateways while for our security in the cloud we use Check Point Cloud Guard.

Depending on the traffic, we use different Cloud Guard firewalls. External traffic is handled by using a scale-set that can adapt on the fly to increase/decrease the number of firewall instances.

Internal traffic is handled by a normal Cloud Guard HA cluster with a certain amount of cores.

We used the Cloud Guard technology quite early on and used Check Point's Blueprint for our Cloud Datacenter design. By being able to use real firewalls instead of the cloud's own IP tables/inferior IPS we're able to maintain security across the whole environment (on-premise and cloud).

With the possibility to administer the cloud firewalls within the same management as on-premise firewalls, we can use the same objects/networks instead of having two sets of object databases or scripting something to have both of them synched.

Having the whole environment be under the same management is definitely is a plus.

Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.

It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.

In the first phase, Cloud Guard Firewalls didn't allow minor and major upgrades. Fortunately, now you can install normal hotfixes and minor upgrades (JHF) on the Cloud firewalls. For major upgrades, it's still necessary to destroy the VMs and re-create them again. Doing that would mean new public IPs as well. We created a script for that. I still hope that major upgrades will be possible in the near future too, otherwise, you still have to script a lot for basic maintenance, instead of using tools like CDT.

The product is very scalable due to using the scale-set.

The main usage of the Check Point CloudGuard IaaS within our company is for the protection of our cloud assets. It is deployed on Google Cloud Platform with the help of the Firewall, Application Control, and Intrusion Prevention System software blades. 

In addition, we rely heavily on the GeoIP module to restrict undesired countries from accessing our services, as for now, you can't achieve it with the GCP firewall.

There are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

While using the Check Point CloudGuard IaaS gateways in the cloud environment, we had almost the same experience as with other Check Point firewall solutions.

The components of the infrastructure are integrated with each other quite well. All the common Check Point Next Generation Firewall blades are supported including Firewall, IPS, Antivirus, VPN, etc. There is not a big difference with the usual on-premises gateway from this perspective. This provided us a smooth experience while moving our load from on-premises data centers to the Google Cloud environments, and increased the adoption and the speed of the migration process.

I find it really useful that CloudGuard supports all the main players on the Public Clouds market including AWS, GCP, and Azure, as well as some exotic ones like Alibaba Cloud, Oracle Cloud, and IBM Cloud. I would say there is about a 95% probability that the platform you are using is supported, and I don't know any other solution for now that can provide the same number. Moreover, it integrates with most of the public cloud management solutions, so you could automate modification of the security policies based on some triggers or changes in your cloud infrastructure.

I also like that different licensing models are supported. For testing/evaluation/PoC projects, you could go with the Pay-as-you-go (PAYG) license without wasting a lot of money in case the solution somehow doesn't suit you. On the other hand, for production, you could use the Bring-your-own-license (BYOL) way, applying the license bought earlier.

As with other solutions of this kind, you still have to manage basic cloud firewalls and routes for VPC outside of CloudGuard IaaS. There's no 100% integration.

I hope that Check Point continues to improve its technical documentation regarding the Check Point CloudGuard IaaS gateway and management system. For example, the questions on how to scale the instances in the relevant cloud should be covered, and all the High Availability options and switchover scenarios. Without that, users have to open numerous consulting cases to the support team to get it right.

We have been using Check Point CloudGuard IaaS for less than a year.

The Check Point CloudGuard IaaS is stable product, and in fact it runs the same code as the hardware Check Point NGFWs, so no issues were encountered there.

The Check Point CloudGuard IaaS scales well for the Google Cloud Platform with the help of the Instance Groups feature.

We have had several support cases opened. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't use such solutions before and had to rely on the built-in firewall rules of the Google Cloud Platform infrastructure.

The setup was straightforward, and the configuration was easy and understandable.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

There is flexibility in the different licensing models that are offered.

For testing/evaluation/PoC projects, you could go with the Pay-as-you-go (PAYG) license without wasting a lot of money in case the solution somehow doesn't suit you. On the other hand, for production, you could use the Bring-your-own-license (BYOL) way, applying the license bought earlier.

This is a flexible approach and we like that.

No, since we decided to have a unified firewalling solution across all the infrastructure, and we already had the Check Point firewalls in the on-premises data centers.

You should fully understand the way CloudGuard would be integrated into your cloud from a networking perspective, and it differs from platform to platform. For example, for Google Cloud, the instances of Cloud Guard must have interfaces in several VPCs as a requirement. Think about the subnetting and routing for your project, then implement a PoC with your networking staff.

We had a big problem with how to protect our host services, which are directly accessed via the cloud. We wanted to protect our organization tenant and workload from any next-generation attack. For this protection, we implemented the Check Point solution named CloudGuard Network.

This NGFW is provided by Check Point and has all of the capabilities that are required to protect against next-generation attacks at the perimeter level.

The modules or security features that we use are provided as part of the base license. These include VPN, IPS, Application Control, and Content Awareness. Together, these are strong and help to protect the organization.

This solution effectively protects us against any next-generation attack.

The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways.

Whether it is hosted on-premises or on the cloud with the NGTX license, it provides additional security capabilities such as SandBlast, which is able to extract and emulate file execution in a virtual sandbox. It will identify activity and actions, and the system can be configured accordingly.

It provides hyperscaling capabilities for both on-premises and cloud-based security gateways. An on-premises security gateway can be configured for hyperscaling using the Maestro 140 or Maestro 170. In the cloud, on AWS it can be hyper-scaled using the AWS gateway load balancer.

It's able to protect against advanced threats and prevent zero-day attacks using both SandBlast and IPS signatures.

Throughput is impacted drastically once the security modules are enabled on the firewall.

As it is a software-based firewall, there is no dedicated throughput available for each module.

In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes.

Throughput on the virtual firewall is an issue in case the organization wants to migrate a workload to the cloud, and it becomes a bottleneck.

We have been using the Check Point CloudGuard Network for between two and five years.

The combination of NGFW + URL Filtering + Antivirus + Anti Bot, with 8 vCore D4 v2, is able to provide a throughput of 4Gbps.

On Azure, the combination of NGFW + URL Filtering + Anit Virus + Anit Bot, with 8vCore c5n 2xlarge, is able to provide a throughput of 4.7Gbps. It is similar to AWS.

We utilize CloudGuard Network Security for internet surfing and handle inter-sector traffic between VPCs. Specifically, we have over 200 accounts in AWS, each with its own VPC. The solution interconnects all the regions. 

The tool's most valuable feature is its scalability. You will only have to pay less for scaling up. Its notable benefit is deployment complexity. Regional deployment is simpler compared to on-premise setup. 

When upgrading the firewall, the old VPC containing the firewalls needs to be destroyed. After that, a new firewall is redeployed in the setup. Additionally, there's a need to separate the routing, and the routing from the old VPC has to be recreated in the new one.

I have been using the product for two years. 

We had issues with stability. We have an open ticket at the support regarding this. 

CloudGuard Network Security is scalable. 

The tool's support is good. 

Positive

CloudGuard Network Security is not too cheap. 

I don't see any difference in user experience between on-prem and the cloud setup. We have an MDS environment where we can manage the whole country. The tool enables us to manage policies on the same platform for branches and regions in the country. I rate the product an eight out of ten. 

In our company, we have infrastructure in both Microsoft Azure and on-premise. We wanted to centralize an environment of governance, control, and best practices, at the level of Microsoft Azure. We were able to implement Defender for the cloud at some point. However, we already had security products from Check Point. The idea was to centralize all our tools in the same environment to make it easier to support administration.

With Check Point CloudGuard we have been able to successfully implement a layer of protection for our cloud and our on-premise environments.

With Check Point CloudGuard Network Security, we have been able to provide advanced security and security in the Azure network in addition to all the security additions associated with Check Point which are very important. Each one provides a role or complements the security of the company.

The panel or score can help evaluate the reality of our cloud and hybrid infrastructure. It has an excellent capability. The Check Point blueprint has taken us to the next level of protection.

It really is a pretty complete solution.

Check Point CloudGuard Network Security is complemented with all the features and becomes a security giant. The most important features, at least for us, are:

1 - It allows for the implementation of centralized security through Check Point Infinity in addition to being able to manage the security of hybrid and cloud environments.

2 - The trust and security provided by advanced threat protection is a point of distinction. We have not seen any false positives. Its anti-malware prevention is very good, and protection against ransomware is one of the features we require for our infrastructure.

3 - Additionally, it can be integrated with most public clouds, making it attractive.

There are a few features or improvements that can be mentioned. One of them may be that the Infinity Portal is sometimes slow. A performance improvement could improve the administrator's perspective.

At the cost level, the solution is somewhat expensive. They could have an improvement to be a more feasible solution for everyone.

The support must improve. It is the biggest issue that Check Point currently has. Sometimes it is better to investigate oneself than to wait for a solution from the support department.

We implemented this tool a few months ago to be able to validate the security associated with our cloud environment. In this case, we implemented against Microsoft Azure.

Previously, we used Microsoft Defender for a cloud solution. It's a very good tool, however, Microsoft is new in this field.

It is definitely important to test the tool before defining it in a production environment. It is also good to know the costs with a professional.

Previously we checked to see if we could stay with Microsoft Defender for Cloud. However, we opted for a centralized environment with more security muscle of its own.

It is one of the best solutions on the market. I challenge you to try it so you can say the same.

We use Check Point CloudGuard Network Security for internal and external traffic filtering.

The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn. 

Check Point CloudGuard Network Security could improve by making it easier to configure.

In a feature release, the application should be more drag and drop. If I could search it and drag and drop it to the specific rule it would be helpful.

I have been using Check Point CloudGuard Network Security for approximately 10 years.

The stability of Check Point CloudGuard Network Security is very good.

Check Point CloudGuard Network Security is scalable, it is good for enterprises. The scaling is simple to do.

We have over 500 people in my company using this solution.

I have interacted with the support from Check Point CloudGuard Network Security and they were very good but could improve their response time.

I rate the support from Check Point CloudGuard Network Security a nine out of ten.

Positive

The vendor did the implementation and the maintenance of Check Point CloudGuard Network Security.

My advice to others is the solution is very stable, and reliable, and they should ensure that they invest in Check Point.

I rate Check Point CloudGuard Network Security a nine out of ten.