Check Point CloudGuard Network Security Reviews

We are a small consulting company. We have around 100 employees. We don't use advanced firewalls because we don't really have important data that can be hacked. Nobody is going to care about our data because it's only the HR department's timesheet data on our on-premise systems. The firewall is protecting remote access, allowing the employees to access our office environment. So sometimes employees connect to our systems which have some test systems on it. They run some tests about the consulting we've given to clients. That's all. We just have basic things on our firewall. Just two things are important for us - the site to site VPN, which we have with some customers, and the government site. That is important. That's why I want to change the firewall to a new and up-to-date one so maybe it will be an improvement to prevent some hackers.

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

I can't give it any review about Check Point technical support because I am only working here for about three years and by the time I started at the company it already did not have support.

I have no idea about the initial setup, but it seems like it's not so complex. The initial set up is probably not that hard, but not that easy, either. If I were to delegate the firewall system to a junior guy, I think that he's not going to manage Check Point, but he'll probably manage FortiGate.

In the past, my clients were all using Check Point Systems. When I reviewed it at that time, back 10 years ago, Check Point was number one, as far as I remember, meaning FortiGate wasn't a major solution in Turkey. Nobody was talking about FortiGate then. Now FortiGate, is a major player in the firewall industry in Turkey. Most of our clients are migrating to FortiGate because they say it's cheaper than Check Point. So when I see the Check Point's GUI, it's really complicated. My recommendation would be for Check Point customers to first learn about Check Point's GUI, which is pretty advanced, for me at least.

But when I talk to my friends who are managing IT, they are migrating to FortiGate. They say, FortiGate is very easy to manage and I should really think about it now. When I was first introduced to Check Point it was really advanced. I didn't understand when I first looked into it. I just wanted a solution. pfSense has the same problem. By the way, according to your report, some customers said that pfSense needs improvement on the management and the GUI and aspects like that, so maybe I'll need another review of OPNsense versus Check Point and FortiGate etc...

We didn't have any problems at all. Just in one case, actually. We have a rule that pops up from nowhere which we didn't create. When we restart our Virtual System firewall, it creates a rule which messes up all our internet connection. So if I were to give a number from one to 10, I would probably say Check Point is a nine out of 10. Other than that, we haven't had any problems. Check Point is pretty reliable. I think it's our company's problem that we couldn't patch it after it froze. Maybe an up to date, patched version doesn't have this problem. 

Overall, it's really working for us. I don't have any problems other than it's just outdated.

We use it to protect Internet access from our AWS environment.

Before we implemented CloudGuard, we had no filtering on what was accessed on the internet from our AWS environment. 

Now, we can filter which websites users can access and block categories that are a risk. For example, we can block social media and gambling sites. This has helped to decrease the risk of access to malicious content on the internet.

It allows us to filter what the servers on AWS can access on the Internet and allows us to filter in terms of IPS, antivirus, and so on, for the contents that are accessed on the Internet.

The complexity to deploy should be decreased. 

I have been using this solution for about five years. 

It is a stable solution. It has been pretty stable for us. We haven't faced any problems since it rolled out. 

I would rate the stability a nine out of ten.

I would rate the scalability a nine out of ten. We have around 200 end users using this solution in our company. 

The customer service and support from the vendor take a lot of time. 

The first line of support is not very good. They usually start with junior engineers when you open a case, which can be time-consuming.

Neutral

I would rate my experience with the initial setup an eight out of ten, where one is easy and ten is difficult to setup. 

For the deployment, we work with the vendor. So, the deployment took two weeks.

We need to provision the firewall, deploy the manager, and understand where the firewall needs to connect, which AWS area, and so on.

We just needed more than two people for the deployment. We worked with the security network security architect and called them engineers.

With ten being very expensive, I would rate the pricing an eight out of ten. 

It is expensive.

It's worth it in the sense that it can protect your network, and it's very scalable.

Overall, I would rate the solution an eight out of ten.

Monitoring using SmartConsole and all its features is extremely easy, and I find SmartEvent an excellent monitoring tool for spotting threats and user behaviour.

The multiple virtual firewalls on one box are extremely useful and the interconnection with virtual switches is simple and easy to understand.

We need a product that is logical and for which we can find people skilled who are interested in learning it. Check Point is always a winner, as its an industry standard.

We have Microsoft CASB cloud app security and it's one of the least compatible firewalls. They really need to look at this, as both Check Point and Microsoft are major players. Why aren't they compatible? If we had Palo Alto then we wouldn't have this problem.

Three to five years.

No stability issues, not even once. The firewall is set up and and the various parts are interconnected. It works just fine. R80.1 is also a major improvement.

No scalability issues but I don't think we are utilizing the device to its maximum capability.

Good. We go with a distributor but they work okay. It is a lot more reliable with the latest OS than it used to be.

No previous solution. It's always been Check Point, though before the virtual firewall we used to have a Juniper fw. Now we are just Check Point because for the threats we face now, I don't think we need different firewalls at different layers.

The issue normally is getting SIC working between the gws and the management server. Actually it's reasonably straightforward, though you have to get it right. It used to be you had to have a certain type of disk drive but this is a better solution.

Look into this carefully and be sure you use all you buy. We haven't bought SandBlast or the bot solution but they look effective.

We did not evaluate other solutions. It was decided we would stay with Check Point.

Make sure you can make use of the virtual firewalls and read up on the device or take a course before you implement. Or, if you get it installed, make sure you have the right devices in the right virtual firewalls.

CloudGuard is cloud-native security that secures your public, private, or hybrid environment under a unified platform, which can also be automated. It comes with multiple installation availabilities such as Software-as-a-Service(SaaS), Platform-as-a-Service(PaaS), Infrastructure-as-a-Service(IaaS), and more.

This solution can be installed on leading Cloud Service Providers such as Amazon Web Services, Google Platform, and Microsoft Azure, as well as on other not-so-known CSPs such as OCI.

This is helpful for clients who always thought upgrading hardware in the DC or testing new versions to be difficult. Normally, they have trouble due to some issue at hand or maybe due to sizing, but now they have an easy way to test the solutions and they can be accessed securely from all around the globe. It provides features such as Auto Scaling to deal with unforeseen situations with minimal costs.

It is quite easy to construct and destruct and doesn't need anyone to actually step into a DC, which is good because sometimes this needs endless approvals.

The solution comes with Active Load balancing and policies that can be installed before the traffic hits the firewall module.

Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW.

Cloud leaders such as Amazon, Google, and Microsoft also provide an uptime of 99.99%, which might not be possible in a privately owned DC. Multiple instances where a hardware issue was found and it took weeks to replace the hardware and bring services up can now be fixed within few minutes by utilizing the available resources over CSP.

You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money.

Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software.

While there is a lot of documentation available on Support Center to understand how the solution works, it can become quite confusing. Some free training videos by Check Point would really help the engineers who don't have full access due to restrictions/unseen reasons.

A step-by-step guide for leading CSPs would really help.

Auto Scaling should be given as an option during a first-time installation, as it would be really beneficial and some users might not be aware of it.

We have been using Check Point CloudGuard Network for more than three years, starting when it was still called vSEC.

I have worked with other products and find that this is the better solution when compared to other vendors in the market.

My advice is to use the trial and understand whether this is what you are really looking for.

This solution is very important for our network. We use it for the data on our servers and for our internet connections. We also use it for all of our user devices to connect to outside corporations. The IPS on our devices prevents any issues from occurring. We use the on-prem version of this solution.

We currently upgraded our devices to a new version. We have noticed a performance increase. We tested filtering features and it's an interesting feature that helps us with our tasks. We don't need very complex features.

It's a high-performance device. The network performance is also really good. We check how much time it takes for the servers. Our network performance has increased since using this solution. 

We have a local consultant for this solution. They can handle most of the operations with my team. We work together with the consultant sometimes for complicated scenarios like migration.

The initial setup is difficult. It took me three tries to get it right. The setup took two or three hours. We migrated from an old to a new one. It's not so complex but Check Point is complex in comparison to other firewalls. For example, Palo Alto is easier to install than Check Point. 

We negotiate every deal to get a discount for a higher number of devices. 

I would rate it a nine out of ten and I would recommend this solution. Their support team should be faster because sometimes when we need support their responses are late. 

We primarily use the solution as a firewall. It is for the perimeter protection of our products. We use it as a UTM kind of environment.

The solution has good features.

It has good antivirus protection.

The solution has been quite stable.

The installation was straightforward and pretty easy to execute.

The solution lacks the capability to scale effectively.

We had been using the solution for five years. However, we are currently migrating off of it.

We found the solution to be stable when we were using it. It doesn't crash or freeze. It's not buggy and it doesn't have glitches.

The solution isn't scalable. In fact, it cannot be upgraded at all. This is the main reason why we are switching over to a different firewall under a different brand.

We have many users at the perimeter currently. 

The technical support on offer was very good. We were largely satisfied with the level of service provided. We found them to be helpful and responsive when we had issues.

We are currently moving from Check Point to Fortinet. We haven't yet started to use Fortinet, however. It's a work in progress.

The solution is pretty easy to set up. It's not complex. It's rather straightforward. It shouldn't give a company any trouble.

You need two to three people to manage the deployment process. You don't need a big team.

We handled the implementation ourselves using in-house personnel. We didn't need the outside assistance of integrators or consultants.

We're just a customer and an end-user. We aren't a vendor, consultant, or integrator.

I'm not sure if I would recommend the solution to other organizations. It would likely be 50/50. It really depends on the company's requirements. For us, for example, we needed to scale, and that ended up not being possible and so we have to move away from it.

Overall, I would rate the solution six out of ten. Although it has some good aspects, for us, the lack of scalability was impossible to overcome.

We are a solution reseller, and we also assist our clients with support. This is one of the solutions that we provide to our customers.

This solution can be deployed in many ways. It is available in the cloud on AWS and Azure. You can install it in a virtual machine, you can have it as a hybrid, and you can have it on-premises.

The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM. You don't have to buy a UTM to start off with, but rather, you can buy a simple firewall and upgrade it. The simple firewall comes with many of the UTM features, in any case.

The management console can be simplified because at the moment, it is a bit of a challenge to use.

I would like to see support for software-defined wirings in the next release of this solution.

I've got Check Point systems that have not been rebooted in two years, so it is quite stable.

This solution is quite scalable, but it requires hardware upgrades from time to time. Or, if you go with a virtual environment then it is very scalable because you start with one CPU and can increase to twenty-four CPUs.

Technical support for this solution is fairly good. We have got enough skill in our business to do most of it, but once you raise a call with support, they give you quite the fast and effective answer.

The initial setup of this solution is in-between, but more on the complex side. It's not the most complex product that I've worked with, but definitely not the simplest product that I've worked with.

The price of this solution varies from small to extremely expensive. On average, it is normally on the lower end, being less expensive than Palo Alto or Cisco.

The biggest lesson that I have learned from this solution is to never assume that something is simple, because there's always a hidden snag that we run into.

I would rate this solution a nine out of ten.

What could be improved in this product is its architecture. Its user interface also needs improvement.

The user experience, particularly in the implementation, management, and operations of this product, also needs to be improved.

Operations management is difficult in Check Point CloudGuard Cloud Network Security.

I've been using Check Point CloudGuard Cloud Network Security for seven years.

I find this product stable. It's a good product.

Check Point CloudGuard Cloud Network Security has good scalability.

I'm giving technical support for this product a five out of ten.

My advice to people looking into implementing Check Point CloudGuard Cloud Network Security is that they should have technical expertise before deploying it.

I'm giving Check Point CloudGuard Cloud Network Security an eight out of ten.