Check Point CloudGuard Network Security Reviews

We mainly used CloudGuard for IPS and IDS in our AWS environment, and we also used it for additional logging to see what was going in and out of our network in AWS. We have very limited visibility, especially when it comes to logging, and AWS does not support IPS and IDS as of now.

The way they implemented their auto-provisioning, where you just change a port or a security setting on AWS and it applies it automatically to all your firewalls, is good. You don't have to go into both of your firewalls, if you have redundancy like we did. You just need to change it on one of them in AWS, and that change applies to both of the firewalls. That saved us a lot of time. Usually, on physical firewalls, if you have to do that, you're going to have to either do command line, or if you don't want to do command line you have to do console and do multiple changes everywhere, from firewall rules to access rules. With Check Point, all you have to do is one change in the AWS console, and it will apply it within your firewall. Without that we would have had to do that in AWS, then go into the SmartConsole for Check Point.

I'm the only one who does security for both our on-prem and our cloud environments. Having Check Point there, I didn't really have to do much. It gave me peace of mind that it would do its job. I did check on it on a daily basis, just to make sure everything was okay and that there was no unwanted traffic during the day or during the night before. I didn't see anything unusual and if I did see something, it was one of those one-offs because another team was doing testing or something like that.

The IPS, IDS and logging were some of the features that I found useful. Also, the automation using AWS CloudFormation, the way we deployed it to our system, was very simple.

The comprehensiveness of CloudGuard's threat prevention security, looking at the logs, was really good. It would tell me if there was any unwanted traffic on our system, it would keep track of that. We checked it to make sure that everything was okay. It gave me the information that I needed to keep our network safe.

It's also pretty user-friendly. I've used multiple firewalls, both physical and virtual, and to me, Check Point is on top when it comes to ease of use and understanding the firewall installation. It's very very simple. And the way they implemented CloudFormation and the auto provisioning, is hands-down one of the best.

We did not use the AWS Transit Gateway, and that's one of the things that we're currently using. I believe we will be working with Check Point again, in the near future, to implement it, once they start having proper support for a single customer with multiple accounts. When we were using them, we had to install Check Point on each and every single account.

I believe they're working on a solution for that. I know they're utilizing Transit Gateway for it, and that is exactly what we're using right now. I'm excited for them to have that ready, and for us to put it in our system.

In general, cloud infrastructure or a cloud-based environment, is very fast when it comes to technology. Things get developed right away. Check Point just needs to adapt to those changes quicker.

We used Check Point CloudGuard IaaS for over two years. We stopped using it about six to eight months ago. Our environment basically expanded to such a large scale that it wasn't feasible for us to use CloudGuard in our multiple-account production environment.

We are definitely planning on redeploying CloudGuard at some point because we always need IPS and IDS and better logging. AWS only has two or three companies that do IPS/IDS. We definitely need those kinds of protection and Check Point, in my opinion, is one of the best so I still want to put it in place. But their solution doesn't really match our requirements. That's the only reason we moved away from Check Point.

Its stability was really good.

They do implement Auto Scaling and that was one of the requirements that I asked them about. One of their southbound firewalls did not have Auto Scaling at that time, so that's why I requested it.

The scalability is very good; again, very user-friendly. I wouldn't even say "user-friendly" because, as long as you deploy it properly, you can kill an EC2 and it will spin up another one right away, within about a minute and a half. And it will be ready for production right away.

Our production environment never decreased, it only increased. Our presence in AWS quadrupled over the time that we used CloudGuard. I'm managing about 32 accounts that, obviously, need protection. Once they implement that particular solution, we'll be very happy to have them integrated within our environment.

The number of users of CloudGuard, because we had deployed it in our production environment, was as many customers as we had. All traffic went through CloudGuard.

I never dealt with tech support. I dealt more with our account manager. We never had issues with Check Point, so I never had a chance to talk to their support.

We were using native AWS protection.

The initial deployment wasn't too complicated because they had CloudFormation. The only thing that I had issues with was having to integrate that within our company's requirements. Our needs kept changing because we were new to AWS. But that was not an issue with Check Point. And once the requirements within the company had been solidified, we deployed the solution to four or five environments in our AWS and it was fine throughout. We even did their second version of CloudGuard, and again, it was easy.

It's pretty straightforward. It's literally just a matter of selecting the right version of Check Point, your VPC, your management, your password, and that's pretty much it. It's pretty simple.

With the way AWS does things, our deployment took about half a day. And that was mainly because there were dependencies on CloudFormation, where it would wait for a task to finish, and AWS depends on the region that you're in. If you pick a very busy region, then it takes longer than usual. So half a day is giving it padding, in terms of time.

Once it was up and running, it required just me for maintenance.

I was the only one from our organization involved with the deployment.

In the initial installation, the first time, I was working with a Check Point engineer, because we were new to AWS and the Check Point integration with AWS. We came from Azure. We needed somebody just to make sure that we were doing the right thing. But after that, we never needed Check Point support. They would check in on us, just to make sure everything was good.

The engineer was really good. He was there to walk us through and to make sure we understood every piece of the deployment. After that, I put together some documentation based on our needs. From then on, future deployment was fairly simple.

The ROI is in the number of people managing it. Technically, you don't need to manage it. If you have an on-prem, you constantly need to manage the firewall. You need to make sure everything is okay, when it comes to hardware, software, and managing the actual firewall. With CloudGuard on the cloud, we eliminated two of the three. We didn't need to care about the hardware or about the software upgrades. If we did need to upgrade, it was just with respect to CloudFormation. We didn't need to do any firmware. The only thing we needed to do was manage an interface, which is what you're going to do anyway. 

You only need just one person to do it. When it comes to return on investment, you don't need to hire a full team to manage your whole network. If you have a firewall team, with Check Point CloudGuard, you don't need it anymore. It's just a single person because, if a Check Point goes down, it gets spun up right away. You don't need to call anybody or order hardware or anything like that.

Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing.

Before picking Check Point, I checked Cisco, Fortinet, and Palo Alto. At that moment, when we were doing a PoC, Check Point was ahead of them when it comes to implementation, deployment, and ease of use.

Deployment was the big thing for us because we knew that we were going to be deploying this multiple times. We wanted redundancy, and ease of use and deployment. Check Point nailed those top-three requirements, so it was the clear choice for us. The others didn't have the robust capabilities of Check Point or CloudGuard, to do the things that we wanted. Those included ease of deployment using CloudFormation, scalability using Auto Scaling and the auto-provisioning within CloudGuard.

My advice: Get it. It's a great product. It's a great solution.

In terms of CloudGuard's block rate, malware prevention rate, and exploit resistance rate, we didn't really do much testing when it comes to those types of scenarios. But I've used Check Point as a physical firewall before, and it was great. It detected threats and gave me an alert as soon as it detected them. It was really good.

We use Check Point CloudGuard Network Security for internal and external traffic filtering.

The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn. 

Check Point CloudGuard Network Security could improve by making it easier to configure.

In a feature release, the application should be more drag and drop. If I could search it and drag and drop it to the specific rule it would be helpful.

I have been using Check Point CloudGuard Network Security for approximately 10 years.

The stability of Check Point CloudGuard Network Security is very good.

Check Point CloudGuard Network Security is scalable, it is good for enterprises. The scaling is simple to do.

We have over 500 people in my company using this solution.

I have interacted with the support from Check Point CloudGuard Network Security and they were very good but could improve their response time.

I rate the support from Check Point CloudGuard Network Security a nine out of ten.

Positive

The vendor did the implementation and the maintenance of Check Point CloudGuard Network Security.

My advice to others is the solution is very stable, and reliable, and they should ensure that they invest in Check Point.

I rate Check Point CloudGuard Network Security a nine out of ten.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.

The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.

This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.

The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

We have been using the Check Point Virtual Systems for about three years, starting in late 2017.

The solution is stable and we haven't had any support cases opened that are connected with it.

The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.

We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't have any logical separation of security solutions before implementing this product.

The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.

Our in-team has a Check Point Certified engineer as part of it.

Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.

We utilize CloudGuard Network Security for internet surfing and handle inter-sector traffic between VPCs. Specifically, we have over 200 accounts in AWS, each with its own VPC. The solution interconnects all the regions. 

The tool's most valuable feature is its scalability. You will only have to pay less for scaling up. Its notable benefit is deployment complexity. Regional deployment is simpler compared to on-premise setup. 

When upgrading the firewall, the old VPC containing the firewalls needs to be destroyed. After that, a new firewall is redeployed in the setup. Additionally, there's a need to separate the routing, and the routing from the old VPC has to be recreated in the new one.

I have been using the product for two years. 

We had issues with stability. We have an open ticket at the support regarding this. 

CloudGuard Network Security is scalable. 

The tool's support is good. 

Positive

CloudGuard Network Security is not too cheap. 

I don't see any difference in user experience between on-prem and the cloud setup. We have an MDS environment where we can manage the whole country. The tool enables us to manage policies on the same platform for branches and regions in the country. I rate the product an eight out of ten. 

Our need was to be able to provide centralized security governance and control of our "Microsoft Azure" public cloud environment as well as wanting all of the new security checkpoint capabilities that are included in this solution.

With checkpoint Cloud Guard Network security we have been able to provide our infrastructure with many improvements and good practices in network architecture, automatic deployments and alerts to ensure that our infrastructure is without vulnerabilities and with all the best practices.

Checkpoint CloudGuard Network security is a network enhancement capability of our public cloud, which has given us recommendations, implementations in new subscriptions to avoid many of the most modern vulnerabilities in an infrastructure.

In addition to the fact that this solution brings us closer to having a better security score, which helps us a lot in complying with information regulations based on security.

It also provides a fairly complete and easy to use dashboard environment that has helped us a lot with the administration of the security department.

We really liked almost everything about checkpoint CloudGuard network security, for example the ease of managing this service through the checkpoint infinity portal is a great relief, it is accessible from anywhere, MFA can be enabled to provide security in the administrative identity to avoid problems of loss of credentials.

In addition, this tool is complemented by the other checkpoint cloud security features, making it a very robust tool.

Also its reports, its recommendations and its automatic applications for architectures with the best practices provide the help that is required to improve an existing subscription or to start one with all the best practices.

Points of improvement for checkpoint cloudguard network security would be partly the cost, which is currently quite expensive.

The documentation to be able to implement the multicloud or link it with Azure is difficult to do or it is not always as indicated, for this you must ask support or the partner for help.

The support for all the checkpoint functions is not the best, since it provides too slow a response to inconveniences, or the support service hours are not the same as in Latin America, which generates latency in the contact between the client and support.

This is an excellent Check Point cloud tool, we have been using it since the beginning of 2022. It is a really good tool for cloud environments.

We evaluated using the Microsoft Defender for Cloud tool for a while, however we needed to centralize our security environment and not have portals for different sites.

My recommendation is to try to always look for the best practices of implementation and administration of the product.

In addition to correctly validating the costs before purchasing.

Of course, we always make evaluations of existing tools, we verify Microsoft Defender for Cloud, we also carry out research with Fortinet solutions, however we wanted Checkpoint for all the improvements, virtues and prestige.

This is an expensive but recommended tool, it is very good for cloud environments.

I use Check Point CloudGuard Network Security to ensure we have the same management system for managing firewall policies both on-premises and in the cloud.

Check Point CloudGuard Network Security enabled us to move to cloud workloads safely while having the same level of security as we have on-prem. 

The unified management, unified log management, and unified policies are all invaluable. We like that everything is unified. 

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-premise. Security operations are simplified by unified management, easing troubleshooting, and maintenance. Using the same objects in both the on-prem and cloud policies reduces the need to switch between different interfaces and log stores, enhancing our security operations significantly.

It's helped us reduce organizational risk. I cannot say by how much. Just having the same policies everywhere without having to move around different management interfaces and log stores just helps with security operations. We can see everything in one pane of glass. 

We have confidence in our secure deployments and migrations. In fact, it has enabled us to move to the cloud securely. The confidence is there based on our confidence in Check Point products on-prem. 

Improvement is needed in the deployment models. Currently, I have deployed VMs and installed CloudGuard as if they were gateways. Having some as-a-service models would be great. 

Scalability could be improved as well; needing to purchase a new license each time I want to add a new interface is not ideal.

I have used the solution for three years now.

The solution works adequately, meeting my expectations for a firewall.

Scalability could be improved. When we need to buy a new license, to add a new interface is not ideal.

Support is okay. Sometimes, it is necessary to reiterate the importance of a case; however, generally, the cases are handled to our satisfaction.

Positive

We did not use a different solution previously. 

We have an on-prem and cloud environment. The setup was relatively easy, even the first time. I just select it from the marketplace, and it appears. After that, it's the same as installing on-premise gateways, including a first-time installation wizard.

I received assistance from an external third-party company. The experience was great and has continued to be good over the seven years I've employed them.

The cost is adequate. I am not responsible for pricing and licensing aspects, I would say pricing is adequate. It is not cheap, however, I am not seeking cheap solutions; I want the best solutions.

We have not evaluated other solutions. 

I would give it a solid eight out of ten. I am not yet fully utilizing all its functionalities and I cannot assess all features. There is always room for improvement. 

My clients were different small businesses, and they were migrating to the cloud. We've been using it as a general cloud security tool. 

The interface in terms of being able to have access for myself and the client so that we can easily observe and watch what is going on, has really improved the organization. 

We have seen time to value with this solution. We will continue to use more Check Point solutions in the future.

The versatility is the solution's most valuable feature. 

There are some usability issues we'd like to see improved. 

We're going to be switching to XDR and would like integration with XDR. 

I've used the solution for only about a year. 

The solution is good. I'd rate the stability a nine out of ten. 

I'd rate the scalability a nine out of ten. 

The support is good. 

Positive

We did not previously use a different solution. 

I'm involved with the integration and was involved in the setup of specific areas.

The initial setup was alright. I wasn't the architect of the whole thing. In my area, the implementation seemed to be pretty straightforward.

We did not use an integrator, reseller, or consultant for the deployment. 

We do not yet have enough of a baseline to calculate ROI. 

The pricing is fair. It's the client who is paying for it, not me directly. However, they seem satisfied. 

We previously evaluated a few other options. 

The usability is moderate. 

The product has helped us free up some time. It's a complicated situation, however. 

I'd rate the solution an eight out of ten. 

We integrate this solution, and we also provide the maintenance of the device. We are using this solution for those sites that are kind of medium in size and require a more complex solution but don't have too much space for big equipment.

It is useful for us for checking services, instead of protocols, because we have some services that are very smart and can change ports. It is also useful for verifying the logs. SmartLog is very practical, and it is easy to identify stuff and make corrections.

The Capsule solution and application filters are the most valuable. 

It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good.

This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks.

It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.

I have been using this solution for more or less ten years.

It is pretty stable.

With the virtual assistant, its scalability is very good.

Their technical support is really good.

The initial setup is pretty easy. Where it is not that simple is the integration of different blades and the customization of rules, which are really dependent on the policies of a company. When we are dealing with a small company, it is easy, but when we are dealing with global corporations that have previously-defined policies and the integration with the profiles, it is a little bit more tricky and complex.

The deployment takes a couple of days, but when the deployment is more complex and requires assessments, it could take one or two weeks.

We are an integrator. The number of people that are required for the deployment and maintenance of this product depends on the organization. The deployment could be done by one or two people, but for the maintenance of the device, big companies require more people because they are establishing new connections with third parties and so on, which means that it requires many changes.

It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features.

Our clients also evaluate Palo Alto and Cisco. Palo Alto, Check Point, and Cisco are the top solutions at the moment. In terms of performance, all three are pretty much the same, but it is much easier to check logs on the firewall in Check Point than Cisco or Palo Alto. Check Point is also quicker and more intuitive. Its view is also better than others.

I would recommend this solution. It is pretty straightforward to implement. It is easy, and it doesn't require too much time to make a clean implementation. I am not really sure about using it in a really small company. It depends on the budget.

I would rate Check Point Virtual Systems a nine out of ten.