Try our new research platform with insights from 80,000+ expert users
NtwrkSec67 - PeerSpot reviewer
Network and Security Manager at a financial services firm with 1,001-5,000 employees
Real User
Our network performance has increased since implementing this solution
Pros and Cons
  • "It's a high-performance device. The network performance is also really good. We check how much time it takes for the servers. Our network performance has increased since using this solution."
  • "The initial setup is difficult. It took me three tries to get it right. The setup took two or three hours."

What is our primary use case?

This solution is very important for our network. We use it for the data on our servers and for our internet connections. We also use it for all of our user devices to connect to outside corporations. The IPS on our devices prevents any issues from occurring. We use the on-prem version of this solution.

What is most valuable?

We currently upgraded our devices to a new version. We have noticed a performance increase. We tested filtering features and it's an interesting feature that helps us with our tasks. We don't need very complex features.

For how long have I used the solution?

We have been using Check Point for about two years.

What do I think about the stability of the solution?

It's a high-performance device. The network performance is also really good. We check how much time it takes for the servers. Our network performance has increased since using this solution. 

Buyer's Guide
Check Point CloudGuard Network Security
March 2025
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

How are customer service and support?

We have a local consultant for this solution. They can handle most of the operations with my team. We work together with the consultant sometimes for complicated scenarios like migration.

How was the initial setup?

The initial setup is difficult. It took me three tries to get it right. The setup took two or three hours. We migrated from an old to a new one. It's not so complex but Check Point is complex in comparison to other firewalls. For example, Palo Alto is easier to install than Check Point. 

What's my experience with pricing, setup cost, and licensing?

We negotiate every deal to get a discount for a higher number of devices. 

What other advice do I have?

I would rate it a nine out of ten and I would recommend this solution. Their support team should be faster because sometimes when we need support their responses are late. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1392531 - PeerSpot reviewer
Dy General Manager at a real estate/law firm with 501-1,000 employees
Real User
Stable with a straightforward setup but does not scale effectively
Pros and Cons
  • "The solution has been quite stable."
  • "The solution lacks the capability to scale effectively."

What is our primary use case?

We primarily use the solution as a firewall. It is for the perimeter protection of our products. We use it as a UTM kind of environment.

What is most valuable?

The solution has good features.

It has good antivirus protection.

The solution has been quite stable.

The installation was straightforward and pretty easy to execute.

What needs improvement?

The solution lacks the capability to scale effectively.

For how long have I used the solution?

We had been using the solution for five years. However, we are currently migrating off of it.

What do I think about the stability of the solution?

We found the solution to be stable when we were using it. It doesn't crash or freeze. It's not buggy and it doesn't have glitches.

What do I think about the scalability of the solution?

The solution isn't scalable. In fact, it cannot be upgraded at all. This is the main reason why we are switching over to a different firewall under a different brand.

We have many users at the perimeter currently. 

How are customer service and technical support?

The technical support on offer was very good. We were largely satisfied with the level of service provided. We found them to be helpful and responsive when we had issues.

Which solution did I use previously and why did I switch?

We are currently moving from Check Point to Fortinet. We haven't yet started to use Fortinet, however. It's a work in progress.

How was the initial setup?

The solution is pretty easy to set up. It's not complex. It's rather straightforward. It shouldn't give a company any trouble.

You need two to three people to manage the deployment process. You don't need a big team.

What about the implementation team?

We handled the implementation ourselves using in-house personnel. We didn't need the outside assistance of integrators or consultants.

What other advice do I have?

We're just a customer and an end-user. We aren't a vendor, consultant, or integrator.

I'm not sure if I would recommend the solution to other organizations. It would likely be 50/50. It really depends on the company's requirements. For us, for example, we needed to scale, and that ended up not being possible and so we have to move away from it.

Overall, I would rate the solution six out of ten. Although it has some good aspects, for us, the lack of scalability was impossible to overcome.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point CloudGuard Network Security
March 2025
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
it_user715161 - PeerSpot reviewer
Director at InfoGuardian
Real User
An expandable solution that can be upgraded on-demand and as required
Pros and Cons
  • "The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM."
  • "The management console can be simplified because at the moment, it is a bit of a challenge to use."

What is our primary use case?

We are a solution reseller, and we also assist our clients with support. This is one of the solutions that we provide to our customers.

This solution can be deployed in many ways. It is available in the cloud on AWS and Azure. You can install it in a virtual machine, you can have it as a hybrid, and you can have it on-premises.

What is most valuable?

The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM. You don't have to buy a UTM to start off with, but rather, you can buy a simple firewall and upgrade it. The simple firewall comes with many of the UTM features, in any case.

What needs improvement?

The management console can be simplified because at the moment, it is a bit of a challenge to use.

I would like to see support for software-defined wirings in the next release of this solution.

For how long have I used the solution?

I have been working with this solution for eighteen years.

What do I think about the stability of the solution?

I've got Check Point systems that have not been rebooted in two years, so it is quite stable.

What do I think about the scalability of the solution?

This solution is quite scalable, but it requires hardware upgrades from time to time. Or, if you go with a virtual environment then it is very scalable because you start with one CPU and can increase to twenty-four CPUs.

How are customer service and technical support?

Technical support for this solution is fairly good. We have got enough skill in our business to do most of it, but once you raise a call with support, they give you quite the fast and effective answer.

How was the initial setup?

The initial setup of this solution is in-between, but more on the complex side. It's not the most complex product that I've worked with, but definitely not the simplest product that I've worked with.

What's my experience with pricing, setup cost, and licensing?

The price of this solution varies from small to extremely expensive. On average, it is normally on the lower end, being less expensive than Palo Alto or Cisco.

What other advice do I have?

The biggest lesson that I have learned from this solution is to never assume that something is simple, because there's always a hidden snag that we run into.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user1146165 - PeerSpot reviewer
it_user1146165Cibersecurity Pre-Sales at a tech services company with 10,001+ employees
Real User

Auto-Scale Palo Alto Networks VM-Series Firewalls in a Public Cloud Environment
For environments that require an automatic deployment as scale out of the security services is required, you can
combine bootstrapping with additional automation that monitors the security services and, when performance limits
are reached, triggers (CloudWatch) the automatic deployment and bootstrap of a new firewall to the security layer.
Auto-scaling works differently in every environment because tools that are specific to each public cloud environment
monitor and trigger the firewall deployment. Auto-scaling in AWS uses AWS services such as Lambda, Amazon Cloud-
Watch, S3, and SNS, in addition to the APIs and bootstrapping on the firewalls. In Azure, you use AppInsights and
Virtual Machine Scale Sets to monitor the environment and trigger the automatic deployment of a new firewall. You
can use a number of metrics in order to trigger the auto-scale event. Examples include:
• Data Plane CPU Utilization %
• GP Gateway Utilization %
• Active Sessions
• Data Plane Packet Buffer Utilization %
• SSL Proxy Session Utilization %
• Session Utilization %
Just like in the previous example, you must create the bootstrap container before automatic scale-out. The automation
monitors the appropriate metric on the existing firewalls, and after the value is higher than allowed for the right amount
of time, the scale-out event triggers the same firewall deployment as in the previous example. After the firewall is deployed and has a configuration provided by Panorama, the auto-scale automation adds the new firewall to the backend pool of the load balancer, ensuring that traffic load is appropriately distributed to the new firewall.

Operational Response to a Changing Environment
In virtual private data center and public cloud environments where new compute instances are created as needed for
scale, the administrative overhead in managing security policy can be cumbersome. Using dynamic address groups in
security policy allows for agility and prevents disruption in services or gaps in protection.
The VM-Monitoring Agent on the firewall can pull IP address and tag information from the cloud environment. Predefined dynamic address groups use the tag information to automatically associate IP addresses to pre-defined rules in the security policy. When there are multiple firewalls in the environment, they all can monitor the same source for IP and tag information. This provides the firewalls a dynamic but consistent view of the resources within the environment.
Dynamic address groups allow the firewall security policy to respond to a changing environment, but the applications
running in the environment must be well known for the appropriate dynamic address groups and security policy rules
to be created. Configuration automation can be used to provide a security policy that automatically is configured when
new applications are deployed to the environment.

Security Response Based on Log Information
Although log information alone can be extremely valuable to a security administrator, manually sifting through the logs
and responding to security events takes too long and requires too many administrative resources. Automated security
actions in the firewall can respond when a previously identified scenario presents itself in the logs. For example, when
Panorama sees a correlation event, it can use the source IP address from the log and use auto-tagging to attach a predefined tag, such as “Compromised.”
You can configure a dynamic address group on the firewall that is associated to the IP addresses with the “Compromised” tag. You can then create a security policy that blocks the traffic or enforces multi-factor authentication (MFA) for these endpoints that uses the dynamic address group as the source. If the user on the endpoint is malicious, MFA blocks their attempt to move laterally within the network, protecting sensitive data.
If the user continues to attempt to move laterally, Panorama can automatically use additional tags to block the IP and
HTTP log forwarding to log an incident. Panorama can use the ServiceNow ticketing system HTTP API to create a ticket so that the operations team is aware of this action on the endpoint. They can then investigate the incident, remediate the endpoint if needed, and remove the associated tags the apply the enhanced security policy.

Security Response to Improper Cloud Environment Configuration
RedLock cloud security provides organizations configuration security alerting for AWS, Azure, and GCP environments
and provides integrations that allow remediation to be automated. Using auto-remediation, organizations can make
sure alerts are automatically remediated before they, or malicious actors, even know there’s an issue. For example,
reconfiguring a security group rule that allows ingress traffic from the public Internet and opening a ticket with Service-
Now for tracking minutes after it’s been created.
RedLock uses the following automation process to remediate issues:
1. Using the cloud environment’s API, continuously perform checks against the configured signatures and policies.
2. If the resulting analysis determines a signature did not pass, send the failed alert to an integration such as
ServiceNow or AWS Simple Notification Service (SNS).
3. The AWS SNS service triggers the workflow automation and launches the AWS Lambda auto-remediation
function.
4. Using the AWS API, auto-remediate and fix the offending issue.
5. Send the resulting logs to AWS CloudWatch.

Aditya Sharma - PeerSpot reviewer
Technical Team Lead at Softcell Technologies Limited
Real User
Stable and scalable threat prevention and network security platform
Pros and Cons
  • "This solution has good scalability and stability."
  • "Its architecture and user interface need improvement. The user experience for this solution also needs to be improved, particularly in implementation, management, and operations."

What needs improvement?

What could be improved in this product is its architecture. Its user interface also needs improvement.

The user experience, particularly in the implementation, management, and operations of this product, also needs to be improved.

Operations management is difficult in Check Point CloudGuard Cloud Network Security.

For how long have I used the solution?

I've been using Check Point CloudGuard Cloud Network Security for seven years.

What do I think about the stability of the solution?

I find this product stable. It's a good product.

What do I think about the scalability of the solution?

Check Point CloudGuard Cloud Network Security has good scalability.

How are customer service and support?

I'm giving technical support for this product a five out of ten.

What other advice do I have?

My advice to people looking into implementing Check Point CloudGuard Cloud Network Security is that they should have technical expertise before deploying it.

I'm giving Check Point CloudGuard Cloud Network Security an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
The product is stable but we had issues when we had really old hardware that had a less than stable OS.

What is most valuable?

The ability to host multiple virtual systems, categorize them based on their function and importance and the ease of use with which these can be deployed.

How has it helped my organization?

We do not need to keep provisioning hardware each time there is a requirement for a new firewall. Having a physical server capable of hosting many virtuals and also provide performance and redundancy is a big benefit and hence our preference for VSX.

What needs improvement?

Each new version does offer a new set of features plus also incorporates bug fixes identified during the life cycle of the previous product. Hence, this product keeps on maturing as newer versions are released.

For how long have I used the solution?

More than 15 years.

What was my experience with deployment of the solution?

Not from a product point of view. The critical aspect here is proper planning, performing several dry runs and identifying potential issues to the best possible extent. It's really about planning and testing prior to implementing.

What do I think about the stability of the solution?

No, because we keep on top of our installations. We maintain them by performing routine maintenance, and hot-fix applications. Stability wise the product is stable but we had issues when we had really old hardware that had a less than stable OS.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Excellent – the vendor always supports us and is very proactive. We have excellent relations with the vendor.

Technical Support:

Definitely excellent. It’s a pleasure to talk with the tech support people and know they fully understand the issues – this gives us a sense of comfort.

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

It was simple. That is because the solution is architectured and designed from the ground up and the relevant teams were involved from the beginning.

What about the implementation team?

We did an in-house implementation.

What was our ROI?

Cannot give exact figures but we have made a lot of saving by implementing this product in our organization.

Which other solutions did I evaluate?

We were clear on our options – no we did not choose any other options save for the most important ones.

What other advice do I have?

Think of VSX as similar to VMware ESX solution. It will, in the long run, save a lot of money with the return it gives to the company. It is easy to maintain by a capable support team and can easily fit within the network where there is a requirement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user249372 - PeerSpot reviewer
it_user249372Senior Security Consultant with 501-1,000 employees
Real User

We have found VSX solutions to have lot of issues in our customers networks... Also hard troubleshooting and some anomalies are common. More than one customer feel safer with phisical Check Point appliances rather than VSX and decided to roll-back after some time of use (12 months of production). I can't raccomend this product, if you're looking to firewall instance virtualization, look further and you can find more mature solutions.

SeniorNe6125 - PeerSpot reviewer
Senior Network Engineer at a marketing services firm with 1,001-5,000 employees
Real User
This solution has provided the security that we were lacking on the cloud
Pros and Cons
  • "It is scalable. It's a cloud solution, so it's easy to implement and manage."
  • "I like how straightforward it is and simple it is to implement in the cloud."
  • "The product can still grow."

What is our primary use case?

Our primary use case of this solution is cloud protection for MC65 Operating System, AWS, and Microsoft.

How has it helped my organization?

Right now, we have a hybrid infrastructure. We needed security on the cloud, and this solution has provided the security that we were lacking.

What is most valuable?

  • Traps prevention
  • Security on the cloud

What needs improvement?

The product can still grow.

What do I think about the stability of the solution?

It is fast. It provides what we need at the moment, and it's still growing.

What do I think about the scalability of the solution?

It is scalable. It's a cloud solution, so it's easy to implement and manage.

How are customer service and technical support?

Technical support is fair. I have had some good support technicians when I call in. 

Which solution did I use previously and why did I switch?

We were not on the cloud before. We're a big Check Point customer. Our secure perimeter is checkpoint, so we needed security for the cloud. So, it was a pretty easy decision right there. We evaluated other vendors, but it was easy decision.

How was the initial setup?

The initial setup was straightforward, not complex.

What about the implementation team?

We did our own deployment. We used a reseller for buying the product, but not for the implementation.

Which other solutions did I evaluate?

We also looked at Cisco's cloud products since we have a lot of Cisco products.

What other advice do I have?

Look into it. I like how straightforward it is and simple it is to implement in the cloud. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
PeerSpot user
Network Engineer at Acliv Technologies Pvt Ltd
Real User
Enables us to monitor what comes over to our network and we can then check the dashboard and work accordingly
Pros and Cons
  • "The most valuable feature is the monitoring. We can easily monitor what kind of stuff comes over to our network and we can then check the dashboard and work accordingly."
  • "The initial setup was a bit complex."

What is our primary use case?

We use this solution to secure networks. We block unwanted malware. 

How has it helped my organization?

We have a development team who asked us to open reports. We asked that they initiate traffic to see what is blocking them. We then give them reports and after that, they ask to open the report for the traffic application and we work accordingly.

What is most valuable?

The most valuable feature is the monitoring. We can easily monitor what kind of stuff comes over to our network and we can then check the dashboard and work accordingly.

What needs improvement?

I would like for them to develop guides. If you compare it with Cisco, you can just type out any problem you're having regarding Cisco and you will easily get a solution. With Check Point, it's not easy to get a solution.

For how long have I used the solution?

Three to five years.

What do I think about the scalability of the solution?

We maxed out scalability. 

How was the initial setup?

The initial setup was a bit complex. Is take two or three months to implement and we have to continuously work on it. We needed two to three engineers for deployment. 

Which other solutions did I evaluate?

We researched the top firewall solutions and settled on Check Point and Palo Alto. Comparatively, both are good. 

What other advice do I have?

Ultimately Palo Alto is a very advanced firewall. This firewall can easily identify what application is running behind the network.

I would rate this solution an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
PeerSpot user
IT Security Consultant at Cilnet
Consultant
We consolidated from multiple consoles and clusters into an all-in-one cluster solution
Pros and Cons
  • "We consolidated from three management consoles and three clusters to only one, which is a big improvement."
  • "Its blades and VSLS (Virtual System Load Sharing) work fine."
  • "Having a web UI in the VSX (or something similar) would be nice."

How has it helped my organization?

We consolidated from three management consoles and three clusters to only one, which is a big improvement. 

What is most valuable?

In general, Check Point VSX is a good solution. Its blades and VSLS (Virtual System Load Sharing) work fine.

What needs improvement?

Having a web UI in the VSX (or something similar) would be nice. However, you can do everything in the CLI.

For how long have I used the solution?

Less than one year.

Which solution did I use previously and why did I switch?

We are replacing three old cluster ASA firewalls and concentrating it into an all-in-one VSX cluster. This allows our central management have more time for other tasks.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.