Check Point CloudGuard Network Security Reviews

Our use case for the product is to prevent or protect the file server in the Cloud. The plan is to gradually integrate more solutions behind it. We work with Azure and AWS. 

The tool's most valuable features are threat prevention and protection mechanisms. 

The connection to the on-premises management requires using the CLI. It's not just a click, and you cannot edit in the management to prepare everything. You need to do it online and in real time. After that, you must execute a script, and then you should be happy that it appears in the management.

I have been using the product for five years. 

CloudGuard Network Security is stable. I haven't encountered any issues with its stability. 

The tool is scalable. 

Choosing between Palo Alto and Check Point is more of a personal preference based on the management you prefer. However, in terms of protection, both provide a comparable level of security, making you feel equally safe. The choice between Palo Alto and Check Point often depends on the customer. If a customer is already using Palo Alto, it might be challenging to convince them to switch to Check Point. 

Deploying the product on different cloud platforms, like Azure or AWS, poses challenges due to variations in terminology and identification methods among platforms.

CloudGuard Network Security's pricing is fine. 

In most cases, we use the smart management on-premises. With the hybrid solution, we have one log visibility of every single management, which is an advantageous concept. I rate it an eight out of ten. 

I manage the delivery team of a tech services company. We implement and manage security systems for our clients. CloudGuard is a solution we deploy for larger enterprise clients.

CloudGuard's intelligent tools help us automate many manual security tasks, guaranteeing our customers' environments will be secure. It saves a lot of time because jobs that might require five or six people can be handled with one or two. 

Check Point solutions are not easy to use if you don't have experience. We have some Check Point specialists, so it's not difficult for us. The user experience might suffer if we don't have the time to follow up with our clients and ensure they are using the right options. Clients also want more local support in Portuguese and Spanish during their normal business hours. That's something I hear from my customers and my team, too. 

I have used CloudGuard for two years.

CloudGuard is stable. 

CloudGuard is scalable.

Check Point's support isn't the best, but it's good. 

We also use solutions by FireMon, AlgoSec, and Akamai. We're constantly comparing products and looking for ways to get more features with less money. Akamai has more solutions, whereas Check Point is more specialized. 

Our clients are large and complex, so it is complicated to deploy CloudGuard in their environments.

We had a reseller and use IBM as an integrator. Our experience was positive. 

CloudGuard is reasonable. 

I rate Check Point CloudGuard Network Security an eight out of ten. 

In our company, we have infrastructure in both Microsoft Azure and on-premise. We wanted to centralize an environment of governance, control, and best practices, at the level of Microsoft Azure. We were able to implement Defender for the cloud at some point. However, we already had security products from Check Point. The idea was to centralize all our tools in the same environment to make it easier to support administration.

With Check Point CloudGuard we have been able to successfully implement a layer of protection for our cloud and our on-premise environments.

With Check Point CloudGuard Network Security, we have been able to provide advanced security and security in the Azure network in addition to all the security additions associated with Check Point which are very important. Each one provides a role or complements the security of the company.

The panel or score can help evaluate the reality of our cloud and hybrid infrastructure. It has an excellent capability. The Check Point blueprint has taken us to the next level of protection.

It really is a pretty complete solution.

Check Point CloudGuard Network Security is complemented with all the features and becomes a security giant. The most important features, at least for us, are:

1 - It allows for the implementation of centralized security through Check Point Infinity in addition to being able to manage the security of hybrid and cloud environments.

2 - The trust and security provided by advanced threat protection is a point of distinction. We have not seen any false positives. Its anti-malware prevention is very good, and protection against ransomware is one of the features we require for our infrastructure.

3 - Additionally, it can be integrated with most public clouds, making it attractive.

There are a few features or improvements that can be mentioned. One of them may be that the Infinity Portal is sometimes slow. A performance improvement could improve the administrator's perspective.

At the cost level, the solution is somewhat expensive. They could have an improvement to be a more feasible solution for everyone.

The support must improve. It is the biggest issue that Check Point currently has. Sometimes it is better to investigate oneself than to wait for a solution from the support department.

We implemented this tool a few months ago to be able to validate the security associated with our cloud environment. In this case, we implemented against Microsoft Azure.

Previously, we used Microsoft Defender for a cloud solution. It's a very good tool, however, Microsoft is new in this field.

It is definitely important to test the tool before defining it in a production environment. It is also good to know the costs with a professional.

Previously we checked to see if we could stay with Microsoft Defender for Cloud. However, we opted for a centralized environment with more security muscle of its own.

It is one of the best solutions on the market. I challenge you to try it so you can say the same.

We primarily use the solution when clients are for searching in the servers. We compare the solutions or servers that are available and we seek out new features for the new solutions for our customers. We're solution providers. This is one of the products we offer.

The solution, overall, has worked very well for our organization.

The reliability of the product is excellent.

The configuration capabilities are very good.

The initial setup is pretty easy.

The capability and the response, in terms of the time of response of the transactions, is very important for my customers. It's something they need to continuously work on to make it better.

The memory and hard disk capability could be strengthened.

The product should integrate next-generation firewall features such as anti-spam and anti-spoofing.

I've been using the solution for 20 years or so. It's been a long time.

While the stability is okay, the servers could use more RAM memory.

In general, the scalability is good. If a company needs to expand the solution, it should be able to do so.

We typically work with medium-sized organizations. In some of the companies, there are as many as 1,000 users.

Technical support has been good. We don't have any complaints so far. If a customer needs to reach out to them, they can do so.

The initial setup isn't too difficult. It's rather straightforward. A company should have too many issues getting it set up properly.

The deployment process is quick and easy. It takes maybe an hour or two. It's not a long time.

In my company, we have 20 people that manage the deployment and maintenance for our clients. You only really need two to manage everything.

Check Point has moderate pricing. It's not the most expensive, however, it's also not the cheapest. Typically, when clients are looking for a solution, it comes down to the price.

Typically, our clients will also look at Palo Alto as an option. However, typically, it is more expensive.

Clients may also look at Fortinet products, which are a bit less. Check Point tends to sit in between the two in terms of pricing.

We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.

We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.

I'd recommend the solution to other organizations. The likelihood of running into issues is low.

I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.

We mainly used CloudGuard for IPS and IDS in our AWS environment, and we also used it for additional logging to see what was going in and out of our network in AWS. We have very limited visibility, especially when it comes to logging, and AWS does not support IPS and IDS as of now.

The way they implemented their auto-provisioning, where you just change a port or a security setting on AWS and it applies it automatically to all your firewalls, is good. You don't have to go into both of your firewalls, if you have redundancy like we did. You just need to change it on one of them in AWS, and that change applies to both of the firewalls. That saved us a lot of time. Usually, on physical firewalls, if you have to do that, you're going to have to either do command line, or if you don't want to do command line you have to do console and do multiple changes everywhere, from firewall rules to access rules. With Check Point, all you have to do is one change in the AWS console, and it will apply it within your firewall. Without that we would have had to do that in AWS, then go into the SmartConsole for Check Point.

I'm the only one who does security for both our on-prem and our cloud environments. Having Check Point there, I didn't really have to do much. It gave me peace of mind that it would do its job. I did check on it on a daily basis, just to make sure everything was okay and that there was no unwanted traffic during the day or during the night before. I didn't see anything unusual and if I did see something, it was one of those one-offs because another team was doing testing or something like that.

The IPS, IDS and logging were some of the features that I found useful. Also, the automation using AWS CloudFormation, the way we deployed it to our system, was very simple.

The comprehensiveness of CloudGuard's threat prevention security, looking at the logs, was really good. It would tell me if there was any unwanted traffic on our system, it would keep track of that. We checked it to make sure that everything was okay. It gave me the information that I needed to keep our network safe.

It's also pretty user-friendly. I've used multiple firewalls, both physical and virtual, and to me, Check Point is on top when it comes to ease of use and understanding the firewall installation. It's very very simple. And the way they implemented CloudFormation and the auto provisioning, is hands-down one of the best.

We did not use the AWS Transit Gateway, and that's one of the things that we're currently using. I believe we will be working with Check Point again, in the near future, to implement it, once they start having proper support for a single customer with multiple accounts. When we were using them, we had to install Check Point on each and every single account.

I believe they're working on a solution for that. I know they're utilizing Transit Gateway for it, and that is exactly what we're using right now. I'm excited for them to have that ready, and for us to put it in our system.

In general, cloud infrastructure or a cloud-based environment, is very fast when it comes to technology. Things get developed right away. Check Point just needs to adapt to those changes quicker.

We used Check Point CloudGuard IaaS for over two years. We stopped using it about six to eight months ago. Our environment basically expanded to such a large scale that it wasn't feasible for us to use CloudGuard in our multiple-account production environment.

We are definitely planning on redeploying CloudGuard at some point because we always need IPS and IDS and better logging. AWS only has two or three companies that do IPS/IDS. We definitely need those kinds of protection and Check Point, in my opinion, is one of the best so I still want to put it in place. But their solution doesn't really match our requirements. That's the only reason we moved away from Check Point.

Its stability was really good.

They do implement Auto Scaling and that was one of the requirements that I asked them about. One of their southbound firewalls did not have Auto Scaling at that time, so that's why I requested it.

The scalability is very good; again, very user-friendly. I wouldn't even say "user-friendly" because, as long as you deploy it properly, you can kill an EC2 and it will spin up another one right away, within about a minute and a half. And it will be ready for production right away.

Our production environment never decreased, it only increased. Our presence in AWS quadrupled over the time that we used CloudGuard. I'm managing about 32 accounts that, obviously, need protection. Once they implement that particular solution, we'll be very happy to have them integrated within our environment.

The number of users of CloudGuard, because we had deployed it in our production environment, was as many customers as we had. All traffic went through CloudGuard.

I never dealt with tech support. I dealt more with our account manager. We never had issues with Check Point, so I never had a chance to talk to their support.

We were using native AWS protection.

The initial deployment wasn't too complicated because they had CloudFormation. The only thing that I had issues with was having to integrate that within our company's requirements. Our needs kept changing because we were new to AWS. But that was not an issue with Check Point. And once the requirements within the company had been solidified, we deployed the solution to four or five environments in our AWS and it was fine throughout. We even did their second version of CloudGuard, and again, it was easy.

It's pretty straightforward. It's literally just a matter of selecting the right version of Check Point, your VPC, your management, your password, and that's pretty much it. It's pretty simple.

With the way AWS does things, our deployment took about half a day. And that was mainly because there were dependencies on CloudFormation, where it would wait for a task to finish, and AWS depends on the region that you're in. If you pick a very busy region, then it takes longer than usual. So half a day is giving it padding, in terms of time.

Once it was up and running, it required just me for maintenance.

I was the only one from our organization involved with the deployment.

In the initial installation, the first time, I was working with a Check Point engineer, because we were new to AWS and the Check Point integration with AWS. We came from Azure. We needed somebody just to make sure that we were doing the right thing. But after that, we never needed Check Point support. They would check in on us, just to make sure everything was good.

The engineer was really good. He was there to walk us through and to make sure we understood every piece of the deployment. After that, I put together some documentation based on our needs. From then on, future deployment was fairly simple.

The ROI is in the number of people managing it. Technically, you don't need to manage it. If you have an on-prem, you constantly need to manage the firewall. You need to make sure everything is okay, when it comes to hardware, software, and managing the actual firewall. With CloudGuard on the cloud, we eliminated two of the three. We didn't need to care about the hardware or about the software upgrades. If we did need to upgrade, it was just with respect to CloudFormation. We didn't need to do any firmware. The only thing we needed to do was manage an interface, which is what you're going to do anyway. 

You only need just one person to do it. When it comes to return on investment, you don't need to hire a full team to manage your whole network. If you have a firewall team, with Check Point CloudGuard, you don't need it anymore. It's just a single person because, if a Check Point goes down, it gets spun up right away. You don't need to call anybody or order hardware or anything like that.

Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing.

Before picking Check Point, I checked Cisco, Fortinet, and Palo Alto. At that moment, when we were doing a PoC, Check Point was ahead of them when it comes to implementation, deployment, and ease of use.

Deployment was the big thing for us because we knew that we were going to be deploying this multiple times. We wanted redundancy, and ease of use and deployment. Check Point nailed those top-three requirements, so it was the clear choice for us. The others didn't have the robust capabilities of Check Point or CloudGuard, to do the things that we wanted. Those included ease of deployment using CloudFormation, scalability using Auto Scaling and the auto-provisioning within CloudGuard.

My advice: Get it. It's a great product. It's a great solution.

In terms of CloudGuard's block rate, malware prevention rate, and exploit resistance rate, we didn't really do much testing when it comes to those types of scenarios. But I've used Check Point as a physical firewall before, and it was great. It detected threats and gave me an alert as soon as it detected them. It was really good.

We use Check Point CloudGuard Network Security for internal and external traffic filtering.

The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn. 

Check Point CloudGuard Network Security could improve by making it easier to configure.

In a feature release, the application should be more drag and drop. If I could search it and drag and drop it to the specific rule it would be helpful.

I have been using Check Point CloudGuard Network Security for approximately 10 years.

The stability of Check Point CloudGuard Network Security is very good.

Check Point CloudGuard Network Security is scalable, it is good for enterprises. The scaling is simple to do.

We have over 500 people in my company using this solution.

I have interacted with the support from Check Point CloudGuard Network Security and they were very good but could improve their response time.

I rate the support from Check Point CloudGuard Network Security a nine out of ten.

Positive

The vendor did the implementation and the maintenance of Check Point CloudGuard Network Security.

My advice to others is the solution is very stable, and reliable, and they should ensure that they invest in Check Point.

I rate Check Point CloudGuard Network Security a nine out of ten.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.

The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.

This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.

The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

We have been using the Check Point Virtual Systems for about three years, starting in late 2017.

The solution is stable and we haven't had any support cases opened that are connected with it.

The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.

We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't have any logical separation of security solutions before implementing this product.

The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.

Our in-team has a Check Point Certified engineer as part of it.

Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.

We utilize CloudGuard Network Security for internet surfing and handle inter-sector traffic between VPCs. Specifically, we have over 200 accounts in AWS, each with its own VPC. The solution interconnects all the regions. 

The tool's most valuable feature is its scalability. You will only have to pay less for scaling up. Its notable benefit is deployment complexity. Regional deployment is simpler compared to on-premise setup. 

When upgrading the firewall, the old VPC containing the firewalls needs to be destroyed. After that, a new firewall is redeployed in the setup. Additionally, there's a need to separate the routing, and the routing from the old VPC has to be recreated in the new one.

I have been using the product for two years. 

We had issues with stability. We have an open ticket at the support regarding this. 

CloudGuard Network Security is scalable. 

The tool's support is good. 

Positive

CloudGuard Network Security is not too cheap. 

I don't see any difference in user experience between on-prem and the cloud setup. We have an MDS environment where we can manage the whole country. The tool enables us to manage policies on the same platform for branches and regions in the country. I rate the product an eight out of ten.