Check Point CloudGuard Network Security Reviews

The use depends on the case. I have many customers. Right now, I have one customer, and it's a collection of these functions. The basic ones involve making numerous rules in normal network security. I can protect my emails and files. If someone from my company tries to upload something from the Internet, and I don't know if it’s sensitive, this can help protect my data.

It allows us to make a lot of rules around network security. It helps us protect emails and files. We have the power to protect our data.

There's a whole range of functions that make up prevention against malware and everything. It’s not just one aspect that garners my attention - the whole application is being used to defend. Even as the complexity increases, it is maintained at the same level. And with increasing complexity, I become more efficient, so I have to spend at least the same amount of time.

CloudGuard Network Security provides our customers with unified security management across hybrid clouds as well as on-premise.

In terms of security operations, it helps people spend less time. Integrations make work more efficient.

So far, it's helped our companies to reduce organizational risk by 99%.

We're very confident in the secure cloud deployments and migrations. We feel more safe. It's reliable and it helps avoid mistakes. 

Everything is in one place, and it seems it's easier to use than before. Making it even easier is a good way to improve it more. When it's easier to use, there are fewer mistakes.

I have used the Check Point product for around six years now. 

Stability is okay. I am not aware of any potential stability issues. Check Point is one of the best vendors in this regard.

Performance scalability is good. For my customers, they can add what they want. This is what customers want: the options to get the scalability they need. We simply need to manage the traffic accordingly.

Every experience is different. Every ticket is different, and sometimes it's a little bit painful to pinpoint problems. Sometimes I have a quick solution. Sometimes I am angry, and sometimes I am okay with it.

Neutral

I have worked with Fortinet, however, not with integration into the cloud; it was on-premises solutions. So, I am not sure if I can compare the two, since it's different when it's on the cloud. 

My understanding is the initial setup should be easy. 

The licensing is a bit expensive. 

I'd rate the solution eight out of ten.

On-premises

We are using Check Point CloudGuard as a firewall. Along with the firewall, we have incorporated multiple blades. Initially, the firewall used to be a single security device, and along with that, we required antibot, antivirus, IPS, and IDS devices. Check Point CloudGuard is a combination of all the devices and functionalities in a single device. It is a next-generation firewall. The main use case of this firewall is to protect our entire cloud and provide perimeter cloud security at L3 and L4 levels.

It is a next-generation firewall. Threat prevention and threat detection blades are available with the firewall. As soon as you enable the blades and you have the license for it, you are good in terms of threat prevention. You do not need to do any specific settings. You just need to enable the blade, and the firewall will take care of the rest of the things. That is how it works.

We are using the Check Point CloudGuard firewall with autoscaling in the AWS and Azure cloud. We have a minimum capacity of two firewalls and a maximum capacity of ten firewalls. If the CPU utilization increases or the memory utilization increases, the capacity will be increased to three from two. Till the service comes down to the threshold level, it will keep on adding more firewalls, so we have ease of operations. We do need not to worry about what we will do if a firewall fails.

When I joined my organization, we were using this CloudGuard firewall in the active/standby firewall cluster. In such a setup, the firewall that is active processes your traffic. The other firewall is in the standby mode. It is not processing the traffic, but it is still costing you. Even though it is not being used, it is still cost-consuming at the cloud level. We changed the setting to autoscaling. After adopting the autoscaling mode for this firewall, we need a lower number of CPU and memory. All the firewalls are active, so we need not worry about the standby firewalls and all those things. So, we have transitioned from these conventional active/standby firewalls to autoscaling firewalls. With this, we are able to save costs and improve performance. All the firewalls are active/active but with fewer CPU cores. When we have fewer CPU cores, we need less number of licenses, so we were able to save the cost. The performance has also been great.

The most important feature is that we are able to use Check Point CloudGuard Firewall for our cloud security. We can make the deployment automated. We do not require manual intervention. With the help of automation, we are able to deploy it within minutes, and we are able to discard it within minutes. We can do hardening and create policies. All those things are very advanced.

Secondly, Check Point is one of the big OEMs available in the world from the firewall perspective. It is better than Palo Alto and Juniper firewalls. It is one of the best firewalls available in the industry.

We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features. We are moving to infra as a code, so we are expecting more advancements in this product. Just installing the patches is not going to help us. They need to focus on this area.

I expect Check Point CloudGuard to come up with some AI/ML integration. A firewall is the first L3 security device available to you. It is the single point that manages or processes the traffic for an organization. There is a possibility that the device goes down or gets rebooted for any reason. The integration of artificial intelligence with the devices can help us to know in advance that there might be a surge in traffic. There might be a spike in the traffic, so we can have some additional firewalls integrated. This predictive analysis has to be there. This way, if required, a second, third, or fourth firewall can come into the picture. All the firewalls will process the traffic simultaneously. I am expecting such capability. This sort of feature is available with AWS. We are deploying all the firewalls on AWS, but it would be easy if, in the future, such a feature is available from the OEM or Check Point itself. It will be very helpful for the organization.

We have had a couple of outages because of some misconfiguration. They were human errors but there were no prior indications that if we were making these sorts of changes, this would happen. People making the changes on the firewall were not aware of this, and that is the reason why the outage happened. In a financial organization, an outage of even five minutes can cost a lot.

In our organization, we have been using it for more than four or five years, but I have hands-on experience with it for the last three years. 

I would rate it an eight out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a five out of ten because I never got good support. Whenever I have raised a TAC case, their support has not been great. It is not as good as others.

They need to improve from a knowledge perspective. I had a couple of issues, and they could not understand those issues easily. They should not just take the logs and analyze the logs. They should be providing a solution. Being a financial organization, we cannot afford a long downtime. We expect a faster resolution. If a support engineer is not capable of handling a case, he or she should escalate it to a higher level, but they are not doing that on a regular basis. They make you lose days by dragging the case.

Neutral

In my organization, we have two different Infra teams. We have the Network Security Infrastructure team that manages the on-premises setup, and then we have the Cloud Network Security team that manages the cloud. I am a part of the Cloud Network Security team, and we are using the Check Point firewall. The on-premises team was using Juniper and Palo Alto firewalls, and they are now using the Check Point firewall. It is one of the most effective products we have ever used, and that is the reason why that team has moved from other OEMs to Check Point CloudGuard.

We have deployed it on the cloud. We have AWS, Azure, and GCP clouds.

The deployment was done with the help of AWS CloudFormation templates which are very generalized. I just downloaded the templates and customized them as per our requirements. I faced a few challenges because I was not completely knowledgeable about CloudFormation, etc. It was not very challenging from the Check Point side. It was an easy deployment.

I faced a couple of challenges while integrating it with our existing ecosystem. Even though Check Point is the OEM, we have third-party vendor support here in India. The challenges that I was facing at the time were also new for them, so I sorted out those issues myself by referencing some online articles on Check Point. I was able to overcome those challenges at the time. It was not a big deal. There was no huge challenge.

Initially, we involved people from Check Point and the third-party vendor of Check Point, but at later stages, we were capable enough to develop things in-house, so we did it ourselves.

The Cloud Network Security team has ten people. I am handling the AWS cloud deployment along with a colleague. Other colleagues are involved in Azure and GCP deployment. Overall, there are ten people for deployment and management, but mainly, two or three people are involved in the deployment at a time.

We have deployed it in two regions. It is deployed in the Mumbai and Hyderabad regions of AWS in India.

We have seen 70% to 80% ROI. 

I do not know the exact price, but it is fairly priced. It is neither cheap nor costly.

As compared to other OEM vendors in the market, it is cost-effective for us. There are multiple things we need to consider while selecting a certain product. We have AWS, Azure, and GCP clouds, and we have multiple firewalls. All of our firewalls are Check Point CloudGuard firewalls. The cost can vary based on the licenses that you are using. For IPS, IDS, antivirus, antibot, and other capabilities, additional licensing costs might be there. When it comes to security, it gives us great security. Considering that factor, it is cost-effective for us.

I have not evaluated other solutions. Based on the input from my seniors, this is the best solution available in the market. I have heard that Palo Alto also has a cloud-based product called Prisma Cloud, which has some advanced features integrated by using AI/ML technologies. I would love to evaluate Prisma Cloud.

I feel confident using this product. In fact, I have completed a few certifications related to Check Point CloudGuard. I am a Check Point certified administrator, and I am also a Check Point Certified Cloud Specialist. I have also been working with automation-related things, and sometimes, we do some bash scripting and shell scripting to make things easier for us. Traditionally, you can only access the firewall via a CLI. That is the basic level, and at the next level, you should be able to do a few daily things in an automated way. I am very good at that.

I would recommend this solution, but it also depends on the requirements. It is a cost-effective solution. If you are a small organization or a startup, you do not need to have this solution. If you are a big organization with 5,000 to 10,000 users, you can go ahead with it. The ROI for our organization was up to 80%, but it necessarily would not be the same for other organizations.

Overall, I would rate it a nine out of ten.

Basically, we are using Check Point CloudGuard firewalls everywhere. We are using them at the perimeter and internally.

By implementing this solution, we wanted to protect our perimeter. We are using Check Point along with other solutions to protect our perimeter. We also have many application-level use cases that can be solved with Check Point. 

Most of the things that we have are on the cloud. Its main benefit is reliability. We have tested so many firewalls on the cloud, but when it comes to reliability, other firewalls fail miserably. Check Point is very good. It is a very reliable solution. With other vendors, when you move something to the cloud, the features that they are offering might only work partially. We never faced any such issue with Check Point. They offer features that will work completely. Apart from that, they have solutions for almost every cloud use case. That is another thing we love.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. They have a centralized management server. There is a process called CME. If you have multiple clouds, such as AWS, GCP, and Oracle, and you are deploying CloudGuard across all the clouds, you have single management to take care of everything. This is why they provided a unified management solution. CME takes care of scaling and integration. It has a zero-touch approach. It takes care of everything. You just need to deploy it, and the connectivity should be there. It then takes care of everything. It drastically reduces the deployment time and administration overhead.

When any incident happened, it was able to tell us the particular packet associated with that. Based on its internal intelligence, it identifies everything. We were not even aware that there was an attack like that, but it gave us complete clarity about what happened and what was the attack journey. Visibility-wise, it has been very good.

It makes us confident in our security. We have proper visibility into the network. We can see exactly what is happening. We get this level of clarity. Especially when we offload the SSL capability on the firewall, we have unparalleled visibility on even the SSL traffic.

The number of options it gives for deployment or security is valuable. When it comes to security, it has a feature that is super awesome for zero-day-based attacks. Their IPS is also very capable. We tested other firewalls, and we understood that it is the best one in the market. 

When it comes to the firewall capabilities, the level of information that it offers for any security incident is very good. It gives a very good clarity about what happened and at what time. It is very good.

There is centralization. You can manage everything in a single pane, and you have support for all the software. If it is a Kubernetes, you have a solution for it. If it is IOT, you can cover that. You have gateways as well for network security.

The main issue that I have noticed is that for deployment, it still requires a dedicated management server, and the gateway is completely different. That sometimes can cause issues. If it loses communication with the management server and you want to push any sort of critical policy, that would be affected. Apart from that, I do not see any issues. Everything else is going well.

We have been working with Check Point firewalls for more than ten years. We are currently using Check Point CloudGuard firewalls.

Check Point also has NGFW firewalls. They are hardware-based firewalls. All the features are identical. The only difference is that one is on a virtual platform, and the other one is on a physical platform.

It is reliable.

We are only using auto-scaling firewalls. The good thing is that it scales well. Within seven to ten minutes, it gets integrated with the management server. If there is a failure, the firewall will be ready within ten minutes.

We have a team of around seven people who take care of the network security part. Our environment can go up to 3,000. If you combine the server users and the end users, there are more than 10,000 users.

We work closely with Check Point support when there is any issue or limitation. When we face any issues related to processing, scale-out, or delay, we definitely connect with the Check Point support. They usually provide the solution quickly.

I would rate their support an eight out of ten. The reason why I am not giving them a ten is that we are connected through a third party. We cannot directly engage with Check Point. We usually contact this third party, and they engage Check Point support. We have a technical person assigned directly, which is a good thing, but this is how we initiate the process.

Positive

We are mostly relying on TerraForm. For us, the deployment is very straightforward. When you deploy, it will automatically integrate with its management server, so you do not need to put in any effort. The only thing is that you should have the connectivity between the gateway and the management server. Once you deploy, it automatically gets added to the management. The policy push is automatic. That is very good. So, when it comes to deployment, after pushing the code, you do not need to do anything. Everything will come online. That is the best part.

We do have a couple of gateways in management, but I do not take care of that part. I am mostly on the cloud side.

It takes five to ten minutes for initialization and then there is the management part. At the maximum, it will go up to 30 minutes. I usually see everything happening within 15 to 20 minutes and not more than that, but if there is any connectivity issue or any other error, then the duration will get affected. If it is straightforward, it will take a maximum of 30 minutes and not more than that. Because the integration is automatic, I do not need to onboard the gateway to the management server. There is a functionality called CME that takes care of the entire thing.

In terms of maintenance, it does not require any maintenance. The only catch here is that because it is a cloud version, when it comes to upgrades, you cannot upgrade the existing versions to newer versions. We simply deploy the new one. It is not a complicated task. This is the only thing when it comes to maintenance.

I was the main person who took care of the deployment engineering part. 

I do not have visibility on the ROI, but we are completely satisfied with the performance. We will continue with Check Point in the future. We have been renewing their licenses without thinking about any other firewalls. I consider it as a good investment, but this aspect is managed by a different team.

We have an enterprise licensing team that works closely with Check Point. I know that we have an enterprise agreement with Check Point. That gives us some benefits, but I do not have more information about that.

We tried the Azure Firewall. It was good, but zero-day, URL filtering, and NAC capabilities were not there. It was a native firewall, but it was not able to fulfill our use cases. The main competition was against Palo Alto. When we did the comparison, we found Check Point to be more reliable. With the Palo Alto firewall, we had issues with autoscaling. It was not working as expected. These were the two that we tested. Being a bank, we cannot test everything. There was a discussion with Cisco as well, but we did not go with Cisco.

The advantage that Palo Alto has over Check Point is the GUI. They do not require a dedicated management appliance to be deployed to access the firewall capability. They do have that platform, but the individual gateway can be also accessed via a dedicated GUI. With Check Point, you have to have the software called SmartConsole. It is very good, but a company like ours has too many gateways. When you have so many gateways onboarded to the management, it will be slightly slow, but it is not a show-stopper. The GUI is good, but you require the client applications to be installed on your laptop. From the GUI itself, you would not be able to access them. That is one advantage of Palo Alto. You can straightaway access them through the GUI. The software that you need to install for Check Point is a huge one, so the performance depends on the machine. If you have many gateways associated, it can be a bit slow at times.

Check Point is a number one vendor based on the NSS labs and other regulators. In terms of performance and security, Check Point is always number one. Irrespective of how many firewall vendors are there, Check Point will always be number one. Check Point's capability to identify an incident is also very good. Its performance is also good. We were worried that if we moved to the cloud, unlike on-prem, we would not have any dedicated hardware to accelerate something. However, when we migrated to CloudGuard, we did not face any issues. 

When it comes to the cloud, I would definitely recommend the solution. One main thing is reliability. I appreciate Check Point for that. For an organization like ours, security is the main thing. Check Point has been able to protect us from various attacks. Autoscaling and other things are also working perfectly. We were able to achieve all of our use cases with the Check Point CloudGuard firewall. I do recommend this solution.

For zero-day attacks, I know there is technically no single solution, but our observation is that for most of the sophisticated attacks, if it is not already there, Check Point will have a solution within a day. When it comes to DDoS and bot-level attacks, Check Point has a sophisticated approach to prevent them in most cases.

Overall, I would rate this solution a nine out of ten. 

My primary use case is for the protection of environments that are in the cloud and multiple branches and areas that are in the layout of all the systems.

This solution helped us migrate to cloud environments from environments that were on premises. It helped us implement protection for our systems. The fact that it is part of Check Point's overall protection system within some kind of central management system allows us to easily manage and gain visibility on everything that happens in the organization.

The protection is at a very good level. There's a very high catch rate. It has good flexibility in operating and implementing the system.

Protection is valuable to me because security is the most important aspect. At the end of the day we are looking for what will give us the answer at the best level.

It is easy to implement, and it has a lot of flexibility compared to other systems you have in the organization. In the end, this is a parameter that, in my eyes, is very central.

In the end, it saves time. It's all in one place and you can quickly see how you're doing with the cloud environment. It just makes things easier and helps on a daily basis because it optimizes the understanding of what we have. 

Instead of logging into the system by yourself and starting to check, there's another management system that sees logs. It examines the data daily, and it creates flexibility regarding what we want to investigate. It is much easier for everything to be in the same management and not scattered in all sorts of different places.

Check Point helped me a lot to know that I have a solution that is stable and answers my needs. It really gave me the confidence to move forward with the whole migration to the cloud. It was very helpful.

When I moved to the cloud, I looked at Check Point's solution and as soon as it suited me, I bought it. We chose CheckPoint right away, it was our go-to choice.

From my point of view and my needs, I don't see room for improvement. In my opinion, the more it has support for more environments and the more integration there is with wider areas, not only in Check Point's systems, but also with other systems, then I think it will allow access to more customers which is not specifically my case, but in principle the wider the system, the more it will be able to appeal to a larger audience; integration with other manufacturers in other words.

I have been using CloudGuard Network Security for two years.

The platform is very good in terms of stability. We never encountered any issue with it.

Scalability is very good.

Support is very good. The response time is good and fast, and they are also very professional.

Positive

I had help from a Check Point CS and it all went smoothly. There was only one person from Check Point who was in constant communication with us and provided us service in installing the solution, my experience with him was very good.

After running a test against what alternatives exist in the market and seeing what they offer, this is the solution that fits perfectly into our budget. This is a very important parameter for us, and Check Point CloudGuard Network Security did so.

The price was really good, that's the main reason we chose it. In addition, the licensing model was very simple.

I appreciate the cloud network security. I find it to be very effective, and I am pleased with securing cloud deployments.

I would rate CloudGuard Network Security an eight out of ten. There's always room for improvement. It could become a 10 if they had more accessibility to other platforms. Overall, it is a good product.

On-premises

Our end customer is using Azure to host a few applications in the cloud, and we utilize CloudGuard Network Security to secure those assets.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. Our customer is also using Check Point on-premises, so we have one place to create all of our policies. It is a lot easier than doing it at different places. We have the same policy in different clouds and on-premises. That is a great thing. There is a seamless experience and the same management. That is a great advantage over using Azure's native firewall.

CloudGuard Network Security has helped reduce our organizational risk by about 15%. That is because of the ease of working with one big policy that spans the entire organization.

With CloudGuard Network Security, we get a unified solution. It does not matter if we are on AWS, Azure, or Google Cloud. The migration with Scale Set is nice to work with. It is very easy to upgrade and so on.

Scale Set is highly beneficial. It is easy to upgrade and maintain. 

It is pretty great in all aspects, but the integration could be easier, especially with Scale Set and related features. It was somewhat challenging a few years ago to set it up, but once completed, it worked well. Easier integration with on-premises solutions could be beneficial.

I have used the solution for about three years.

The track record is excellent, with nothing to complain about.

The scalability is great.

Their support is great. We get quick responses. The customer support consists of very talented people. They are nice to work with.

Positive

I have used Azure Firewall. I have not extensively worked on AWS. In Sweden, our focus is primarily on Azure.

We went with CloudGuard because we have been working with Check Point products for quite some time. It is an easy choice. We are already familiar with on-premises network security, so choosing the same in the cloud is a big benefit.

Maintaining the policy is not difficult at all with CloudGuard. In fact, it is easier compared to Azure Firewall, which seems a few years behind Check Point. The solution is effective for utilizing all security features Check Point provides. Although I have not used all CloudGuard features yet, its network security is akin to an on-premises firewall.

We have a CloudGuard in the cloud, and we use normal quantum gateways.

It was not as simple as on-premises, but there were good guides on how to do it, so we managed in the end.

We are the integrator in this case. We managed the implementation for one of the end customers. However, we had support from local Check Point representatives.

The main return on investment has been in the time spent working with the solution. Since everything is unified in both cloud and on-premises environments, troubleshooting is faster.

It has saved about 50% of the time. If we had two solutions, we would have to troubleshoot two solutions.

Handling costs is not my department. Licensing has been quite acceptable. It is a bit easier now, but when I began working with CloudGuard, it was a bit too technical.

My overall product rating is a nine out of ten. A slightly easier setup process would be great. Check Point is performing well. The cloud is evolving rapidly, and Check Point is keeping up efficiently. 

Public Cloud

Microsoft Azure

I am tasked with deploying firewalls in Azure Cloud, AWS, and VMware. This involves setting up virtual machines in VMware and is essentially focused on these tasks.

It does a great job protecting the clouds.

The important point is that the solution is integrated into our management system (if they already have Check Point). It's just one more gateway to add. We have it on Azure and others. The advantage lies in the integration within our existing ecosystem, which is amazing.

It's good at identifying threats and on par with the market - at least, in comparison to the others we work with. 

We have confidence in secure cloud deployments and integrations. It's important to have confidence. Even if nothing happens, you are protected, You never know when bad luck will happen. There are some public cases that were missing network security on the cloud, and they were affected. It's a must-have, like an insurance policy. 

The license model could be simpler. We have some issues with the license since it tries to be simple, and yet in some cases, it tends to be complex. Apart from that, I do not recall any other issues.

I have been using the solution for roughly four years.

The stability is generally good. Sometimes there are issues we do not understand, especially with older features. Outside of that, the stability is good. It could be better. For instance, when we are working on a release and do an upgrade, we start experiencing unexpected issues. New features might have problems, however, for existing ones, we expect the same level of functionality as before.

We do not use scalability. I do not have much experience with auto scaling, however, it could be beneficial. Usually, our customers use a model that involves bringing their own licenses with static gateways, not scaling out.

Check Point support has its ups and downs. Sometimes, the support is good, and other times, we are a bit desperate. Overall, I would say the customer service is good, not marvellous. There are some challenges.

Positive

As integrators, we also work with other solutions. The main difference is we can take advantage of integrative management. If you already have an environment with Check Point, it's easy and an advantage. 

We typically deploy to the cloud. We create an implementation strategy with our clients. 

Usually, the customer is very savvy and knows what they want. We provide some advice, however, usually, they have their own ideas on what to do and when to do it.

It is important to have this solution because even if nothing happens, you are not protected without it. You never know when bad luck might knock at your door. 

I rate it eight out of ten. 

You need to have some kind of protection in the cloud. Maybe the native protection is enough, maybe it is not. Having protection gives more confidence in the solution. 

Hybrid Cloud

Other

I have implemented the solution for customers at about three or four different companies now. I primarily use it for general Cloud Security to protect Azure. In most cases, it has always been about securing Azure.

For me, Checkpoint in general is characterized by the ease of day-to-day use, management, log review, and all that. This is a big plus because I can execute these tasks effectively through the Cloud, which is the biggest point for me. It is a significant improvement over Azure's security features, providing enhanced security when Checkpoint is implemented. This is especially beneficial nowadays, as businesses are working with fewer people who need to accomplish more tasks.

In my experience, the failover times are a bit poor during an HA failover in the Cloud. However, this also depends on API calls in Azure, so there is not much I can do there. If there is something I could improve, it would be this aspect.

I would say that I have used Network Security for about two years.

The first few setups are always a bit uncertain, like wondering what is going to happen. The documentation is great, but the problem with Cloud technologies is that it changes all the time, leading to outdated documentation. It can be a bit challenging in the beginning, but once I get used to it, the process is acceptable.

The stability is good, apart from the failover I mentioned before, which takes a bit of time. Again, it is not really Checkpoint's fault; it is just due to Cloud architecture. Overall, stability is good, and upgrades are proceeding well.

Scalability offers two solutions: the gateway and the load balancer setup. The load balancer setup is fantastic. If I need anything, it spins up or spins down and works smoothly. When I adopted it around three years ago, I deployed clusters in the Cloud with two firewalls in HA, but the failover was not ideal. Depending on the scenario, I need to choose the right solution.

Technical support has greatly improved over the last couple of years. It used to be less effective, but now it is in a good state. Also, interactions with salespeople from Checkpoint are going well. I have talked with Palo Alto support as well, and Checkpoint is way better.

Neutral

I just started at the company I am working for now, but my previous customer used Palo Alto. They have the same products, of course, but the usability is not the same. It is stable and good, but the usability is not equivalent.

I use multiple approaches. First, I create an architectural design and check with their Cloud team to see their implementation of their environment. Depending on that, I proceed accordingly. It is really customer-based.

For us, it is not really applicable since we sell it and that is the end of it. However, the feedback from customers has been positive. It performs well, effectively doing its job without slowing down and stopping threats. I think the customer is also receiving a significant return on investment from the solution.

The most significant advantage for a day-to-day user like me is the logs. In Palo Alto, I need to manage brackets and everything, and issues arise if something is spaced incorrectly. In Checkpoint, I can input whatever I need and get the required results. This is a major win in troubleshooting. Logging is okay on both platforms, but if I know exactly what to type in Palo Alto, it is manageable. However, they are quite similar without too big a difference. For email security, Checkpoint offers a big advantage, but that is unrelated to Network Security.

I would give it a solid eight. This is quite a good score in my opinion. Absolutely. I rate the overall solution an 8 on a scale of 1 to 10.

I am using a Public Cloud deployment model.

I use Microsoft Azure as the cloud provider.

We had the firewalls set up in the cloud systems. We were using them for VPN as well as the encryption of traffic coming in and leaving the cloud.

When COVID-19 hit and everybody started to work from home, we did not have a scalable VPN technology. Also, with more people working from home, security was a bigger concern. CloudGuard Network Security addressed both needs in one single product.

After implementing CloudGuard Network Security, overnight, 500 people could work from home on a secure and encrypted tunnel. What more could we ask for? When COVID-19 hit and everything closed down, we were able to spin this up within 2 weeks.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. There is a single admin client that you can use. You can have a firewall deployed on-prem. You can have a firewall deployed in GCP. You can have a firewall deployed in AWS or Microsoft Azure, but you can manage it all with a single pane of glass. You can have a single management station managing all of these.

We are very confident about it and our security. It is a very robust solution.

The endpoint VPN is super stable. The routing is also very good. We tried a competing product first, but we could not make it work. We came across CloudGuard. The network routing across different virtual networks in Azure and AWS was way ahead of any of the other technologies. That helped us be able to cover the whole network using one single cluster.

They have come such a long way. There may be other areas that other people use, but as far as I am concerned, I have been very happy with it. There are always newer features getting added and new encryption protocols coming. I can see where they are going and how far they have come. I have been using the Check Point firewall since 2010. It has been 14 years, and I have seen how they have improved.

They are coming out with more SD-WAN express route support from a firewall perspective. That would be great. They keep on launching new features. That is how they work.

I was one of the first sites to use it as a PoC before they even introduced it to the world. It has been 4 or 5 years.

I would rate it a ten out of ten for stability. It has been running since we put it up.

I would rate it a ten out of ten for scalability. It depends on your design. You can either have a static deployment where there is only one firewall, two firewalls, and four firewalls, or you can put it in the elastic mode where it will spin up as the load goes up. It will auto-scale up and auto-scale down. It is fantastic.

They are fantastic. Their technical support is absolutely great. There is ownership right from the top down. They know their product. They stand by their product. If there is a feature that is not working, I have seen them write patches for me in 48 hours. They offered to provide the patch by Sunday evening in Tel Aviv, and by Sunday afternoon, I had an email saying that the patch was available for our download. We could download it and reinstall it. That patch was only written because of something in my deployment. It was not like they had 200 customers who complained about it. I was the only one complaining about it.

Positive

We did a PoC for one week. We had some major issues because of sizing. We sized CloudGuard too small, so we made it bigger. The next week, we did another PoC, and it worked well. By the third week, we were done. We went live, and everybody was working from home. 

I would rate it an eight out of ten in terms of ease of installation.

Their support was good. We set it up when nobody else in the world had seen it. We were probably the third company in the whole world to roll it out. We were that new to it. Nowadays, I would rate their support an eight out of ten, but in those days, it was one out of ten because we were all learning together.

I was the only one involved in its deployment. To deploy this, you need to have a background in IT security and networking put together.

We have seen an ROI. 500 people were able to work from home. That itself is a huge ROI.

It is one of the top solutions in the world. We know that it is protecting our entire cloud infrastructure, so it makes a lot of sense.

I quite like the way they priced it. It is very reasonable.

We did evaluate other solutions. We looked at Fortinet, and they could not do cross-VNet traffic at that time. We spent almost five or six days. We worked 10 to 12 hours a day. Even after 60 to 70 hours, they could not make it work, but it worked out-of-the-box with CloudGuard Network Security. In terms of ease of use, CloudGuard Network Security is any day easier.

We did not just go with our cloud vendor's cloud firewall because the cloud vendor did not have a firewall at that time. Secondly, even if they did, it is always good to have a third-party product protecting the cloud. If we are using AWS, I would not put an AWS firewall there because if there is a compromise somewhere else, it is most likely going to carry over to their firewall too because everything runs on the same fabric, whereas this is separate. It gives a completely independent security front end.

I would definitely recommend it. I have used it. I know how it works.

Check Point has been one of the pioneers of firewall technology. This is the only product that they really do. They are into cybersecurity firewall technology. They are not like other competitors, such as Cisco or Fortinet, who also have network switches, hubs, routers, etc. Check Point is a dedicated company that does cybersecurity. All in all, this is what they do. You can see the investment coming from the top down. They have ownership of the product. I have raised complaints that have gone up to Gil Shwed. He is the CEO and the founder of Check Point. I have got an email from Gil saying that he knows we are frustrated, but they are working on it, and he will make sure that this gets fixed. That is the kind of ownership they have.

Overall, I would rate CloudGuard Network Security a nine out of ten.