Check Point CloudGuard Network Security Reviews

Easy to setup and use as its based off Redhat Intuitive ACL menu for writing rules Pre-populated common ports Customizable ports Suite of tools to report and troubleshoot network conditions

At the beginning the design can be overwhelming, where to start Getting used to the CLI syntax but do-able

This enterprise class firewall appliance is great and very intuitive menu. Great for inline firewall access control to work with Cisco or any vendor switch. It has a suite of applications to help you setup virtual firewalls and provide redundancy or bandwidth to whatever application or service you are providing.

The tool's most valuable features are inspecting internet traffic and IPS. We can manage the firewall using shared policies from a single management server. 

The challenge mainly revolves around the slower functionality of virtual IP switching in Azure Virtual Network compared to on-premise solutions. On-premise, switching between clusters is faster, taking only a few seconds, while in Azure, it can extend up to five minutes. The downtime is a concern for us. 

CloudGuard Network Security's stability is good. 

Overall, my experience with Check Point support has been positive. There were instances where basic questions were asked, even though I had already provided the information in the ticket. One ticket took two years to resolve. 

Positive

The tool's deployment is more complicated than an on-prem setup. Setting up and managing CloudGuard Network Security in Azure presents some challenges. There are complexities in handling downtime in on-premise and cloud firewalls. Additionally, difficulties arise in deploying a new cluster for an upgrade, as the in-place upgrade might not function as expected.

The process of exchanging virtual machines in Check Point is currently complex. You cannot simply deploy a new machine and use it; instead, you need to navigate through several steps. This involves associating the new machine with a network group, entering various details, and sometimes providing the entire path to locate the object in the cloud.

The tool is working well so far for normal use cases. I rate it an eight out of ten. 

We have a constant need to evolve and are migrating towards the cloud due to greater availability and better benefits at the level of hardware and computing.

With the understanding that we must have a faster, more efficient team with greater benefits when creating equipment or application services, we were looking for a solution with high user acceptance. We also wanted to meet the external and internal needs of the company and maintain solid corporate governance that includes offering the highest level of security standards. This product allowed us to create that level of security and develop natively in the cloud.  

The product has allowed us to develop applications from the cloud - even with large environments and well-segmented security lines. We're managing to prevent threats from any front with automated security. We can easily design, install, and configure everything from the cloud in a coherent way. It's easy to establish security policies to manage local and cloud environments now.

I am turning to a multi-cloud solution. Being able to achieve analysis and prevention of advanced threats and security in the network regardless of the environment has been great. It doesn't matter whether they are hybrid clouds, local networks can be resolved entirely in the cloud, and everything is managed from a single panel. We've managed to achieve a centralized visualization of our infrastructure, giving us greater insights and an overview of everything that happens in the organization.

The CloudGuard Network Security solution has given us an overview yet has allowed us to segment the cloud in many ways. We can create networks where we can separate the data, information, and structure of history. We can segment databases into smaller groups by type or quality of the resource. 

We're able to validate in a logical and physical way across layers and can segment data to allow for greater reach in terms of management. In the future, we'd like characteristics to be further simplified. While today we can manage some scopes, there are still some segments in the OSI layer we cannot manage. We'd like visibility on security and perimeter management qualities in order to reach other layers of the OSI model. Right now, we don't have the scope to reach some physical layers. 

I've been using the solution for less than a year.

Hybrid Cloud

As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.

Clients have been using it and they haven't had any negative feedback. 

The initial setup is straightforward.

The product is scalable.

We find the stability to be quite good.

Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The scalability is there if a company needs to expand it. 

Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback. 

That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.

I also work with Sophos, Fortinet, and Palo Alto. 

The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security. 

The initial setup is not overly complex. It's quite simple and straightforward.

The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.

For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.

I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities. 

I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.

Public Cloud

We are a small consulting company. We have around 100 employees. We don't use advanced firewalls because we don't really have important data that can be hacked. Nobody is going to care about our data because it's only the HR department's timesheet data on our on-premise systems. The firewall is protecting remote access, allowing the employees to access our office environment. So sometimes employees connect to our systems which have some test systems on it. They run some tests about the consulting we've given to clients. That's all. We just have basic things on our firewall. Just two things are important for us - the site to site VPN, which we have with some customers, and the government site. That is important. That's why I want to change the firewall to a new and up-to-date one so maybe it will be an improvement to prevent some hackers.

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

I can't give it any review about Check Point technical support because I am only working here for about three years and by the time I started at the company it already did not have support.

I have no idea about the initial setup, but it seems like it's not so complex. The initial set up is probably not that hard, but not that easy, either. If I were to delegate the firewall system to a junior guy, I think that he's not going to manage Check Point, but he'll probably manage FortiGate.

In the past, my clients were all using Check Point Systems. When I reviewed it at that time, back 10 years ago, Check Point was number one, as far as I remember, meaning FortiGate wasn't a major solution in Turkey. Nobody was talking about FortiGate then. Now FortiGate, is a major player in the firewall industry in Turkey. Most of our clients are migrating to FortiGate because they say it's cheaper than Check Point. So when I see the Check Point's GUI, it's really complicated. My recommendation would be for Check Point customers to first learn about Check Point's GUI, which is pretty advanced, for me at least.

But when I talk to my friends who are managing IT, they are migrating to FortiGate. They say, FortiGate is very easy to manage and I should really think about it now. When I was first introduced to Check Point it was really advanced. I didn't understand when I first looked into it. I just wanted a solution. pfSense has the same problem. By the way, according to your report, some customers said that pfSense needs improvement on the management and the GUI and aspects like that, so maybe I'll need another review of OPNsense versus Check Point and FortiGate etc...

We didn't have any problems at all. Just in one case, actually. We have a rule that pops up from nowhere which we didn't create. When we restart our Virtual System firewall, it creates a rule which messes up all our internet connection. So if I were to give a number from one to 10, I would probably say Check Point is a nine out of 10. Other than that, we haven't had any problems. Check Point is pretty reliable. I think it's our company's problem that we couldn't patch it after it froze. Maybe an up to date, patched version doesn't have this problem. 

Overall, it's really working for us. I don't have any problems other than it's just outdated.

On-premises

We use it to protect Internet access from our AWS environment.

Before we implemented CloudGuard, we had no filtering on what was accessed on the internet from our AWS environment. 

Now, we can filter which websites users can access and block categories that are a risk. For example, we can block social media and gambling sites. This has helped to decrease the risk of access to malicious content on the internet.

It allows us to filter what the servers on AWS can access on the Internet and allows us to filter in terms of IPS, antivirus, and so on, for the contents that are accessed on the Internet.

The complexity to deploy should be decreased. 

I have been using this solution for about five years. 

It is a stable solution. It has been pretty stable for us. We haven't faced any problems since it rolled out. 

I would rate the stability a nine out of ten.

I would rate the scalability a nine out of ten. We have around 200 end users using this solution in our company. 

The customer service and support from the vendor take a lot of time. 

The first line of support is not very good. They usually start with junior engineers when you open a case, which can be time-consuming.

Neutral

I would rate my experience with the initial setup an eight out of ten, where one is easy and ten is difficult to setup. 

For the deployment, we work with the vendor. So, the deployment took two weeks.

We need to provision the firewall, deploy the manager, and understand where the firewall needs to connect, which AWS area, and so on.

We just needed more than two people for the deployment. We worked with the security network security architect and called them engineers.

With ten being very expensive, I would rate the pricing an eight out of ten. 

It is expensive.

It's worth it in the sense that it can protect your network, and it's very scalable.

Overall, I would rate the solution an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

Monitoring using SmartConsole and all its features is extremely easy, and I find SmartEvent an excellent monitoring tool for spotting threats and user behaviour.

The multiple virtual firewalls on one box are extremely useful and the interconnection with virtual switches is simple and easy to understand.

We need a product that is logical and for which we can find people skilled who are interested in learning it. Check Point is always a winner, as its an industry standard.

We have Microsoft CASB cloud app security and it's one of the least compatible firewalls. They really need to look at this, as both Check Point and Microsoft are major players. Why aren't they compatible? If we had Palo Alto then we wouldn't have this problem.

Three to five years.

No stability issues, not even once. The firewall is set up and and the various parts are interconnected. It works just fine. R80.1 is also a major improvement.

No scalability issues but I don't think we are utilizing the device to its maximum capability.

Good. We go with a distributor but they work okay. It is a lot more reliable with the latest OS than it used to be.

No previous solution. It's always been Check Point, though before the virtual firewall we used to have a Juniper fw. Now we are just Check Point because for the threats we face now, I don't think we need different firewalls at different layers.

The issue normally is getting SIC working between the gws and the management server. Actually it's reasonably straightforward, though you have to get it right. It used to be you had to have a certain type of disk drive but this is a better solution.

Look into this carefully and be sure you use all you buy. We haven't bought SandBlast or the bot solution but they look effective.

We did not evaluate other solutions. It was decided we would stay with Check Point.

Make sure you can make use of the virtual firewalls and read up on the device or take a course before you implement. Or, if you get it installed, make sure you have the right devices in the right virtual firewalls.

CloudGuard is cloud-native security that secures your public, private, or hybrid environment under a unified platform, which can also be automated. It comes with multiple installation availabilities such as Software-as-a-Service(SaaS), Platform-as-a-Service(PaaS), Infrastructure-as-a-Service(IaaS), and more.

This solution can be installed on leading Cloud Service Providers such as Amazon Web Services, Google Platform, and Microsoft Azure, as well as on other not-so-known CSPs such as OCI.

This is helpful for clients who always thought upgrading hardware in the DC or testing new versions to be difficult. Normally, they have trouble due to some issue at hand or maybe due to sizing, but now they have an easy way to test the solutions and they can be accessed securely from all around the globe. It provides features such as Auto Scaling to deal with unforeseen situations with minimal costs.

It is quite easy to construct and destruct and doesn't need anyone to actually step into a DC, which is good because sometimes this needs endless approvals.

The solution comes with Active Load balancing and policies that can be installed before the traffic hits the firewall module.

Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW.

Cloud leaders such as Amazon, Google, and Microsoft also provide an uptime of 99.99%, which might not be possible in a privately owned DC. Multiple instances where a hardware issue was found and it took weeks to replace the hardware and bring services up can now be fixed within few minutes by utilizing the available resources over CSP.

You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money.

Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software.

While there is a lot of documentation available on Support Center to understand how the solution works, it can become quite confusing. Some free training videos by Check Point would really help the engineers who don't have full access due to restrictions/unseen reasons.

A step-by-step guide for leading CSPs would really help.

Auto Scaling should be given as an option during a first-time installation, as it would be really beneficial and some users might not be aware of it.

We have been using Check Point CloudGuard Network for more than three years, starting when it was still called vSEC.

I have worked with other products and find that this is the better solution when compared to other vendors in the market.

My advice is to use the trial and understand whether this is what you are really looking for.

Hybrid Cloud