Try our new research platform with insights from 80,000+ expert users
Jonathan Gamlin - PeerSpot reviewer
Network Architect at Thomson Reuters
Real User
Top 20
Unified security management, excellent support, and competitive pricing
Pros and Cons
  • "The query feature is going to be a game-changer for us as we move forward."
  • "We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1."

What is our primary use case?

We primarily use it for egress internet traffic for four clouds, as well as between clouds to on-prem. Those are the main use cases. We have another small use case for ingress traffic, but it is a very small use case right now.

By implementing CloudGuard Network Security, we wanted to get network visibility in our clouds. That was the main point. We also wanted to provide a segregation layer with stateful inspection with all the next-generation features, such as IPS.

How has it helped my organization?

CloudGuard Network Security certainly has made our organization more secure. Our business partners cannot inadvertently open up the access that they should not be just to get things done. They now have to go through our firewall. We have got the inspection layer. Our security organization can see threats if they come in and take action on them. We were able to realize its benefits almost instantly.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We heavily use global policy to join on-prem and the cloud, as well as multiple clouds. It is a huge benefit for us as we can set a global standard for policy and then push that across all the different security zones.

We are very confident in our cloud network's security. We have had many years of experience developing it, so we were very aware of the design and the solution within each cloud. We are confident with how we deploy it, and we have plans to make it more efficient as we go.

What is most valuable?

Most recently, it would be the dynamic objects or datacenter objects. The query feature is going to be a game-changer for us as we move forward. It simplifies our policy, and it gives us a way to dynamically learn and discover things in the cloud instead of having a static way.

What needs improvement?

Currently, we are struggling with licensing just because of the pace and growth of our cloud. Keeping up with licensing for new regions and new gateway usage is certainly something we are looking into. We are working with our accounting to figure out how we can improve. The licensing piece is big for us.

We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1.

Buyer's Guide
Check Point CloudGuard Network Security
March 2025
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

I have been using CloudGuard Network Security for probably five years.

What do I think about the stability of the solution?

From our experience in five years, it has been very stable.

What do I think about the scalability of the solution?

It seems to be very scalable. We have plans to increase the usage of CloudGuard Network Security.

We do scale sets across our clouds and across many regions globally. The number of applications behind it is in the hundreds if not thousands.

How are customer service and support?

It is an excellent service. I would rate their support a nine out of ten. Improving a little bit in the smaller clouds such as Oracle and Google would help a lot.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not specifically use any similar solution in the cloud. It was brand new.

How was the initial setup?

We have a public cloud and then a hybrid with on-prem. We have AWS, Azure, Google, and Oracle.

In terms of the version, on-prem, we use Maestro, and in the cloud, we use the latest CloudGuard. We use the software version R80.40 and are about to upgrade to R81.20.

Its deployment was a little complex for us because we have a very large cloud environment and we are multi-cloud. We had an existing estate, so it was hard to put a firewall in the path and not break things.

We are still implementing it because we are taking a cloud-by-cloud approach. We have done AWS and Azure. It took probably two years to do that, so I would assume that for Google and Oracle, it is going to take at least a year.

In terms of the implementation strategy, we first develop the IEC for the code to deploy it, and then we deploy it and test it in a sandbox environment. We then deploy it to non-prod and roll it out to those regions, and after that, we would do the same with prod.

What about the implementation team?

We implemented it ourselves.

What was our ROI?

We have seen an ROI, but I do not have any metrics.

What's my experience with pricing, setup cost, and licensing?

Pricing-wise, it is pretty competitive. However, I would like to see more flexible licensing. There should be more of a consume what you need and true-up type of model.

Which other solutions did I evaluate?

In the past, we have evaluated other solutions. When we tested them, they did not have the same feature set or functionality that CloudGuard had. When I initially tested years ago, the scaling probably was not as efficient. The support was also a big factor. The support that we got from those vendors was not as good as from our account team with Check Point. 

When we looked at the cloud provider firewalls, they did not match up to what Check Point could do with the various deep packet features and functions like IPS. The feature set was the main difference. At the time, the cloud providers could not provide IPS or deep packet features. That was a big driver for us with Check Point. The fact that we could not integrate policy with our on-prem firewalls, which were from Check Point, was another big driver because we wanted a unified policy. Our existing relationship with Check Point helped as well.

What other advice do I have?

To those evaluating CloudGuard Network Security, I would advise certainly engaging with the Check Point account team. Get their solutions team to help you walk through the solution and talk to others in the industry about their experiences.

The biggest lesson that I have learned from using this solution is to deploy it as soon as you can in your cloud journey.

I would rate CloudGuard Network Security a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Matej Kacic - PeerSpot reviewer
Executive Director at Security Avengers
Real User
Top 20
Offers flexible licensing options since every project requires different pricing
Pros and Cons
  • "Our clients choose CloudGuard as a natural progression of their solutions. They understand Microsoft and CloudGuard fits."
  • "Check Point could show us use cases that would help us in Czech and could help us with security threats in our specific country."

What is our primary use case?

Our primary use case is for segmentation and next-generation protection. 

What is most valuable?

Our clients choose CloudGuard as a natural progression of their solutions. They understand Microsoft and CloudGuard fits. They are vendor-oriented. They stick with Microsoft. They have a lot of experience with Check Point and this fits in. 

Check Point Management is the best and Azure management is also very good. It's simple and has high security. There are no additional costs which is one of the advantages. 

Compared to other solutions, CloudGuard is easier to use. 

What needs improvement?

I don't see much need for improvement. 

In Czech, we are a little behind the USA and Germany so we have matured in our mentality to move towards the cloud. 

Check Point could show us use cases that would help us in Czech and could help us with security threats in our specific country.

The level of confidence our clients have in their cloud network security using CloudGuard Network Security depends. Some are very confident but some are worried about information being exploited. When compared to other vendors, CloudGuard is the best when it comes to threat protection.

For how long have I used the solution?

I have been implementing CloudGuard for our clients for four years. 

What do I think about the stability of the solution?

It's stable.

What do I think about the scalability of the solution?

It scales well for our clients' needs. We have deployed over 2,000 servers.

How are customer service and support?

Support is good for CloudGuard. It could depend on the support person who is helping us. Different regions offer different levels of support. Israel and US offer the best support.

How would you rate customer service and support?

Positive

How was the initial setup?

It's easy for me to deploy. 

What's my experience with pricing, setup cost, and licensing?

Every project needs different pricing. I believe that when we talk with the particular guys, we will find a price for the customer. They are flexible in terms of that because we need to be flexible, and we have many companies who are aggressive with discounts. 

What other advice do I have?

I rate the overall product an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Check Point CloudGuard Network Security
March 2025
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Hans Moggert - PeerSpot reviewer
Head of Datacenter at a tech services company with 201-500 employees
Real User
Top 10
Comprehensive protection for cloud environments offering seamless scalability and consolidated logging for enhanced security
Pros and Cons
  • "Its centralized control, ease of use, and flexibility are the most valuable for our data center security."
  • "The licensing structure is unclear, so a transparent and flexible licensing structure would be preferable."

What is our primary use case?

We use it to protect cloud infrastructure, workloads, and applications from advanced threats and attacks.

How has it helped my organization?

For our operations team, CloudGuard proved to be the ideal solution. Troubleshooting became much simpler as all traffic—allowed or blocked—could be found in a single point, the SmartConsole. Integrating CloudGuard with VMware was straightforward; we established a connection between Check Point Management and VMware, allowing for the automated deployment of CloudGuard in NSX as a service. This automation made deployment and management a breeze, allowing us to easily specify the number of CloudGuard instances needed, which would then be deployed automatically.

CloudGuard's integration with the SmartConsole ensured continuity for our administrators, who could continue using familiar tools and methods. The ability to manage everything within the virtual environment provided speed and flexibility. With CloudGuard, we could define rules to control traffic with precision, redirecting or blocking as needed. 

Check Point's approach of preventing threats at the outset aligns with this perspective, eliminating the need to constantly battle against incoming threats. This proactive stance instills a strong sense of security, as it significantly reduces the likelihood of breaches. Given our positive experiences and lack of any negative encounters with the product, we feel extremely confident in its ability to safeguard our environment effectively.

One of the most crucial and beneficial aspects of Check Point is its ability to consolidate and present logs in a clear and easily accessible manner. This centralized approach offers immense value, as it allows users to access all network security information from a single point, eliminating the need to navigate through multiple tools and sources. With Check Point, users can conveniently find and manage all security-related data in one centralized location.

What is most valuable?

Its centralized control, ease of use, and flexibility are the most valuable for our data center security.

What needs improvement?

The licensing structure is unclear, so a transparent and flexible licensing structure would be preferable.

For how long have I used the solution?

We have been working with it for five years.

What do I think about the stability of the solution?

In terms of stability and reliability, the virtual machine running CloudGuard functions seamlessly and as anticipated, demonstrating no issues or disruptions.

What do I think about the scalability of the solution?

Regarding scalability, you have the flexibility to deploy as many instances as necessary. If additional instances are required, you can easily add them to production by obtaining the necessary licenses.

How are customer service and support?

While we haven't encountered significant issues necessitating support, we did face occasional challenges with perimeter gateways rather than CloudGuard itself.

Which solution did I use previously and why did I switch?

Before this project, we collaborated with a sister company that utilized Cisco ACI, but it didn't prove to be the right fit. Considering our longstanding partnership with Check Point as our security provider, particularly for network and cloud traffic, choosing CloudGuard for East-West traffic inspection seemed like a natural extension. Additionally, observing our sister company's positive experience with CloudGuard on Cisco ACI further reinforced our confidence in the product as the best solution for our needs.

What about the implementation team?

Initially, we sought the help of a partner for deployment, but for upgrades and migrations, we largely handled them ourselves. Fortunately, these processes weren't overly complex, and we found helpful documentation on the Check Point website to guide us through them.

What's my experience with pricing, setup cost, and licensing?

When we initially adopted CloudGuard, we operated under a different licensing model based on the number of hosts. The licensing model has since transitioned to a cluster-based variant.

Which other solutions did I evaluate?

Overall, I would rate it ten out of ten.

What other advice do I have?

For any private cloud data center leveraging software-defined networking through VMware or Cisco ACI, CloudGuard stands out as the optimal choice. It offers unparalleled flexibility and ease of management, making it the ideal solution for customers already utilizing Check Point in conjunction with virtual networks within their data centers.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2379471 - PeerSpot reviewer
Cyber Security Architect at a manufacturing company with 10,001+ employees
Real User
Top 20
Streamlines processes, integrates well, and has reasonable pricing
Pros and Cons
  • "The ease of administration with the cloud management extension and the cloud licensing model is valuable."
  • "The migration to TerraForm is a little more complicated, but we made it work."

What is our primary use case?

Primarily, we are using it for deploying cloud firewalls on Azure to protect our applications. We are using TerraForm.

How has it helped my organization?

CloudGuard Network Security helps to streamline bringing in the hardware and putting the effort upfront to do the automation. It takes all that effort away from a human. It streamlines the process and provides security on the cloud.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. It gives us one place to look. Security teams have common logging, and our SIEM integration is already built in. We have a gateway. It is logging for SIEM log servers, and they are being sent to our SIEM. No additional changes are required by anyone to know where to look. It is all integrated into our existing solution.

We are pretty confident in our cloud network security using CloudGuard Network Security. I would rate our confidence level a nine out of ten.

What is most valuable?

The ease of administration with the cloud management extension and the cloud licensing model is valuable.

What needs improvement?

I have not dealt with it enough to find any pitfalls.

For how long have I used the solution?

We have been using CloudGuard Network Security for about four months.

What do I think about the scalability of the solution?

So far, it is great. We use scale sets. We have deployed two gateways per region with the scale set settings of two to ten. We do not have much workload yet, so I cannot say how the scaling is working, but overall, I am sure we will be able to scale the gateways.

How are customer service and support?

I did not need support for much of what we have been working on.

How was the initial setup?

We mostly have a public cloud in Azure. Over the next few months, we are looking to port the same functionality we have in Azure to AWS. 

The deployment is simple as well as complex. The ARM template to deploy in Azure is very simple, but we have taken that and extracted it to do it via TerraForm. The migration to TerraForm is a little more complicated, but we made it work.

What was our ROI?

We have not gone far enough to know.

What's my experience with pricing, setup cost, and licensing?

We are using our BYOL. We are using our existing Check Point discounts to work with licensing. Overall, it is very competitive. Its pricing is reasonable to me.

Which other solutions did I evaluate?

I have not evaluated other solutions.

What other advice do I have?

I would advise taking a look at the solution. It performs well and integrates with our existing solutions. It streamlines processes. It is definitely worth a look.

Overall, I would rate it a nine out of ten. The solution is very similar to what we are doing everywhere else. It integrates well with the Azure services, but nothing is perfect, so I cannot give it a ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Amber Mishra - PeerSpot reviewer
Pre-Sales Manager at DCIPHERS IT SOLUTIONS
Reseller
Top 5
The solution has good threat emulation, threat extraction, and reporting features
Pros and Cons
  • "Check Point CloudGuard Network Security has a beautiful threat emulation different from the market."
  • "The solution’s technical support, DNS security and training could be improved."

What is most valuable?

Check Point CloudGuard Network Security has a beautiful threat emulation different from the market. They have a threat extraction feature. The solution's zero phishing feature is pretty much commendable. The solution has one of the best reporting any vendor has in network security. The solution also has a CSPM or posture management tool inbuilt into CGNS or network security.

What needs improvement?

The solution’s technical support, DNS security and training could be improved. Check Point CloudGuard Network Security's training and reachability to the customer can be done a bit better. One recommendation from my side is that the handover of the tasks can be a bit better. If an engineer is on a ticket and their shift gets over, the smooth handshake between the two engineers can be a bit better.

For how long have I used the solution?

I have been using Check Point CloudGuard Network Security for more than one and a half years.

What do I think about the stability of the solution?

Check Point CloudGuard Network Security is a stable product.

What do I think about the scalability of the solution?

Check Point CloudGuard Network Security is a scalable product. I would recommend the solution to small, medium, and enterprise companies because it has a scalable model. The solution is over the cloud and can be integrated with any company.

Which solution did I use previously and why did I switch?

Previously, I worked with Palo Alto, a direct competitor of Check Point CloudGuard Network Security. CloudGuard Network Security's threat extraction features, reporting features, and threat emulation are better than Palo Alto's. Check Point CloudGuard Network Security is more user-friendly than Palo Alto. On the other hand, Palo Alto has a bit better DNS security than Check Point CloudGuard Network Security.

How was the initial setup?

Check Point CloudGuard Network Security is easy to deploy, and if you are unable to do it, you can get support from the OEM.

What about the implementation team?

The solution's implementation depends on the customer's network scenario and policies. The initial setup doesn't take more than 30 minutes, and the rest can be done later.

What's my experience with pricing, setup cost, and licensing?

Check Point CloudGuard Network Security's pricing is far better than Palo Alto's because Palo Alto is very expensive. Check Point CloudGuard Network Security comes at a price that even a small business can manage to buy, whereas Palo Alto would restrict you to enterprise customers. Check Point CloudGuard Network Security's licensing cost changes from country to country. The solution has different discount models across the globe in regions like Asia and Ireland.

What other advice do I have?

People who want to implement Check Point CloudGuard Network Security should focus during the planning phase. If planning is done correctly and the prerequisites are matched perfectly, they won't face any challenges during deployment. But it's very important to check the prerequisites' limitations.

Overall, I rate Check Point CloudGuard Network Security nine and a half out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Network and Security Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Provides unified management, but the version upgrade seems to have a limitation
Pros and Cons
  • "We have unified management. It is one of the advantages of this product."
  • "There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true."

What is our primary use case?

We are using it for network security.

The whole reason we got it was to expand and make an extension to the Azure Cloud so that we could establish services that would make a link between the on-prem and the cloud. That was the goal.

How has it helped my organization?

We have unified management. It is one of the advantages of this product.

In terms of protection, we have not yet done any kind of penetration tests. We will check them later. In the future, we would also want to use all kinds of features such as IPS, IPSec, etc.

What is most valuable?

Its advantage is its layout. You do not need to get any unique devices and install them. The installation is easy. The assimilation is less easy because you have to work with a manager in Azure and upload and define all kinds of addresses.

In essence, you do exactly what you do with on-prem. It is the same operation. You can manage it in the same way as on-prem, which is an advantage. You can manage the firewall in the cloud from on-prem, and you do not need any more interventions.

What needs improvement?

There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true. I am trying to figure it out. If I want to upgrade to a newer version, I have to make new machines. If this is true, it will negatively impact my thoughts regarding the solution.

What do I think about the stability of the solution?

It is always running. Its availability is high because it is located in two different data centers. This is the purpose of the cloud. It is located in two data centers in two different countries. We have placed one in Frankfurt, and the other one is in Amsterdam or London. That is the advantage. Because it is not the same country or city, the availability is great.

How are customer service and support?

I mainly receive support from an integrator. Check Point did not accompany me as a vendor from the beginning. I am satisfied with the integrator at the moment. He gives me the answers. 

We had a few inquiries recently, and he gave me the answers. They were also very helpful during the installation. So, I have had less communication with the manufacturer. For more complex issues, I can communicate with Check Point's support.

I would rate the integrator's support a nine out of ten because sometimes, it takes a long time for the integrator to find the solution to the malfunctions. The glitch related to the deleted machines was very critical for our organization. Things were working normally on the network, but the entire project was simply blocked for a few days. I expected the integrator to open a ticket in a faster way, but he did not open any ticket at all. He resolved it all by himself, but he did not share with us what the solution was. Deleting things and opening them again is not good enough because there is no reassurance that the glitch will not happen again.

Which solution did I use previously and why did I switch?

We did not use any other solution before this.

How was the initial setup?

The installation is simple. We just had to put it in two centers and deploy it. It was easy. 

During the process, we had to wipe a machine. Microsoft gave us some addresses to work with. We used those addresses because we needed public addresses to work with. At first, we were not able to do something properly, so we deleted the machine. When we came back to set up the machine, we had to take new addresses from Microsoft all over again. I do not know whether it was because of Azure or whether it was Check Point´s fault. 

What was our ROI?

I do not know if I have seen a return on investment because we are at the beginning of establishing the cloud. It is not entirely working yet. At the moment, it is not in production, but I assume that there will be an ROI.

What's my experience with pricing, setup cost, and licensing?

It is not expensive.

Which other solutions did I evaluate?

I wanted to try Palo Alto at first, but because my entire setup was already in Check Point, I did not go in that direction. I wanted unified management. I also consulted my team, and they said that they do not want to come and manage another firewall because of the management and knowledge it requires. The advantage of this solution was unified management.

What other advice do I have?

My recommendation for those who are thinking of installing the product is to check its survivability at the level of downloading a machine and uploading it. Do not upload all the applications straight away to run tests. Research first.

Based on my experience, I would rate it a seven out of ten. There were some malfunctions. There were also issues at the beginning due to the lack of a dependency needed for it to function. The experience is not yet perfect, but like any product, it will improve over time. In the end, I need stability in the cloud, but right now, that feeling is not there. I do not have the feeling of stability where I can say that the production and the service will not drop again. That is the concern. I want to start uploading some kind of application to production soon.

Foreign Language:(Hebrew)

המוצר מספק ניהול מאוחד, אבל נראה שלשדרוג הגרסה יש מגבלה

מהו השימוש העיקרי שלנו במוצר?

אנחנו משתמשים בו לאבטחת רשת.

בחרנו אותו כדי להתרחב ולעשות הרחבה ל-Azure Cloud כדי שנוכל להקים שירותים שיעשו קישור בין On-Prem לענן. זו הייתה המטרה.

איך זה עזר לארגון שלי?

יש לנו ניהול מאוחד. זה אחד היתרונות של המוצר הזה.

מבחינת הגנה, עדיין לא עשינו שום סוג של בדיקות חדירה. נבדוק זאת בהמשך. בעתיד, נרצה גם להשתמש בכל מיני תכונות כמו IPS, IPSec וכו'.

מה התכונה הכי משמעותית של המוצר?

היתרון שלו הוא הפריסה שלו. אתה לא צריך להשיג מכשירים ייחודיים ולהתקין אותם. ההתקנה קלה. ההטמעה פחות קלה כי צריך לעבוד עם מנהל ב-Azure ולהעלות ולהגדיר כל מיני כתובות.

בעצם, אתה עושה בדיוק את מה שאתה עושה מ- On Prem. זו אותה פעולה. אתה יכול לנהל אותו באותו אופן כמו ב-On-Prem, וזה יתרון. אתה יכול לנהל את הפיירוול בענן מ-on-prem, ולא צריך יותר התערבויות.

מה טעון שיפור?

ישנה מגבלה בשדרוג הגרסה. אנחנו משתמשים בגרסה 81.10 ולפי מה שהבנתי זה בעייתי לשדרג את הגרסה הזו. אני לא יודע אם זה נכון. אני מנסה להבין את זה. אם אני רוצה לשדרג לגרסה חדשה יותר, אני צריך ליצור מכונות חדשות. אם זה נכון, זה ישפיע לרעה על המחשבות שלי לגבי המוצר.

מה אני חושב על יציבות המוצר?

המוצר פועל תמיד. הזמינות שלו גבוהה מכיוון שהוא ממוקם בשני מרכזי נתונים שונים. זו מטרת הענן. הוא ממוקם בשני מרכזי נתונים בשתי מדינות שונות. הקמנו אחד בפרנקפורט והשני באמסטרדם או בלונדון. זה היתרון. מכיוון שלא מדובר באותה מדינה או עיר, הזמינות גדולה.

איך שירות הלקוחות והתמיכה?

אני מקבל בעיקר תמיכה מאינטגרטור. צ'ק פוינט לא ליוותה אותי כספק מההתחלה. אני מרוצה מהאינטגרטור כרגע. הוא נותן לי את התשובות.

היו לנו כמה תקלות לאחרונה והוא סיפק לי את כל התשובות. הוא גם עזר מאוד במהלך ההתקנה. עם היצרן הייתה לי פחות תקשורת. לבעיות מורכבות יותר, אני יכול לתקשר עם התמיכה של צ'ק פוינט.

הייתי מדרג את תמיכת האינטגרטור תשע מתוך עשר, כי לפעמים לוקח הרבה זמן עד שהאינטגרטור מוצא את הפתרון לתקלות. התקלה הקשורה למכונות שנמחקו הייתה קריטית מאוד עבור הארגון שלנו. דברים עבדו כרגיל ברשת ופתאום כל הפרויקט פשוט נחסם לכמה ימים. ציפיתי שהאינטגרטור יפתח טיקט בצורה מהירה יותר, אבל הוא לא פתח טיקט בכלל. הוא פתר את הכל לבד, הוא גם לא שיתף אותנו לגבי מה היה הפתרון לתקלה. למחוק דברים ולפתוח אותם שוב זה לא מספיק טוב כי זה לא מבטיח לנו שהתקלה לא תחזור על עצמה.

באיזה מוצר השתמשתי בעבר ומדוע החלפתי אותו?

לא השתמשנו בשום מוצר אחר לפניו.

איך הייתה ההתקנה הראשונית?

ההתקנה הייתה פשוטה. היינו צריכים לשים אותו בשני מרכזים ולפרוס אותו. זה היה קל.

במהלך התהליך, היינו צריכים למחוק מכונה. מיקרוסופט נתנה לנו כמה כתובות לעבוד איתן. השתמשנו בכתובות האלה כי היינו צריכים כתובות ציבוריות לעבוד איתן. בהתחלה לא הצלחנו לעשות משהו כמו שצריך, אז מחקנו את המכונה. כשחזרנו להגדיר את המכונה, היינו צריכים לקחת מחדש כתובות חדשות ממיקרוסופט. אני לא יודע אם זה היה בגלל Azure או אם זו הייתה אשמתו של צ'ק פוינט.

מה היה החזר ההשקעה שלנו?

אני לא יודע אם ראיתי את ההחזר על ההשקעה, כי אנחנו בתחילת הקמת הענן וזה עדיין לא לגמרי עובד. כרגע הוא לא בייצור, אבל אני מניח שיהיה החזר של ההשקעה.

מה דעתי על התמחור, עלות התקנה ורישוי?

זה לא יקר.

אילו מוצרים נוספים שקלתי?

רציתי לנסות את פאלו אלטו בהתחלה, אבל בגלל שכל ההתקנה שלי כבר הייתה בצ'ק פוינט, לא הלכתי לכיוון הזה. רציתי ניהול מאוחד. התייעצתי גם עם הצוות שלי והם אמרו שהם לא רוצים לנהל פיירוול נוסף בגלל הניהול והידע שזה דורש. היתרון של המוצר הזה הוא הניהול המאוחד.

איזה עוד עצה יש לי?

ההמלצה שלי למי שחושב להתקין את המוצר היא לבדוק את השרידות שלו ברמת הורדת מכונה והעלאתה. לא להעלות את כל האפליקציות מיד, כדאי להריץ בדיקות ולחקור קודם.

בהתבסס על הניסיון שלי, הייתי מדרג את המוצר שבע מתוך עשר. היו כמה תקלות. היו בעיות גם בהתחלה בגלל חוסר העצמאות הדרושה לתפקוד. החוויה עדיין לא מושלמת, אבל כמו כל מוצר, היא תשתפר עם הזמן. בסופו של דבר, אני צריך יציבות בענן, אבל כרגע, התחושה הזו לא שם. אין לי תחושת יציבות שבה אני יכול להגיד שהייצור והשירות לא יירדו שוב. זו הדאגה. אני רוצה להתחיל להעלות איזושהי אפליקציה לייצור בקרוב.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1832184 - PeerSpot reviewer
Senior Enterpirse Security Architect at a healthcare company with 11-50 employees
Real User
Top 20
Provides virtual machine scale sets and multi-domain security management server
Pros and Cons
  • "It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity."
  • "In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets."

What is our primary use case?

When we began our digital transformation, we had already invested in on-premises Check Point firewalls. We desired the same level of security in the cloud along with the elasticity that the cloud demands.

How has it helped my organization?

We have a standard security policy across the organization. Our layered security, including North-South and East-West firewalls, is fantastic.

Compared to the other solutions for identity-based threat detection, the malware and threat prevention capabilities are key features that we have enabled – we actually use all the available features. 

On several occasions, we've benefited from zero-day protection. It acts immediately when something is discovered, while other solutions might take much longer to react.

I'm confident that as long as we keep up with the advancements that Check Point continues to make, our security posture is in good hands.

What is most valuable?

The virtual machine scale sets were crucial, offering the ability to scale up and down. 

It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity.

CloudGuard Network Security provides unified security management across our cloud and on-premises environments.

We integrate our management servers with the Check Point Multi-Domain Security Management server. This allows it to interact with Check Point CASB and our SIEM. As alerts arise, we're able to triage them effectively.

What needs improvement?

In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets.

For how long have I used the solution?

I've been using CloudGuard Network Security since approximately 2019.

What do I think about the stability of the solution?

The overall stability is there. Our firewalls monitor our most crucial systems. If those firewalls went down, it would take out almost our entire cloud network.

What do I think about the scalability of the solution?

The scalability is great. 

How are customer service and support?

We have Check Point's Diamond support, and they have been fantastic. It's a true partnership, and we always work together to find solutions for anything that's needed.

We have weekly meetings with our sales team, our architecture team, and their team. They are truly integrated as part of our organization.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We had our native cloud firewall. Our native cloud firewalls lacked intrusion prevention and advanced malware protection. 

They offered basic stateful firewalling, and we wanted a more robust solution for our security needs.

When we designed our cloud architecture, Check Point was the primary solution we chose.

How was the initial setup?

It's simple to set up and easy to tear down or upgrade. This provides us with a lot of flexibility in testing.

What about the implementation team?


Which other solutions did I evaluate?

We did evaluate other solutions. We evaluated other web application firewalls (WAFs). 

The ease of use is great. Creating firewalls within templates is straightforward. 

The overall depth of features within the solution is one of the key reasons why we chose Check Point as a long-term partner.

What other advice do I have?

Overall, I would rate the solution a ten out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2350659 - PeerSpot reviewer
Network and Security Engineer at a retailer with 10,001+ employees
Real User
Top 20
Does what it is designed for and matches what we have on-prem
Pros and Cons
  • "It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch."
  • "The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there."

What is our primary use case?

We are using it for perimeter inbound and outbound detection.

It is running in an EC2 instance in AWS.

How has it helped my organization?

For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing. 

It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.

What is most valuable?

It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.

What needs improvement?

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

For how long have I used the solution?

I have been using CloudGuard Network Security for two years.

What do I think about the stability of the solution?

It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS. 

So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution. 

There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.

What do I think about the scalability of the solution?

That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.

We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.

The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.

How are customer service and support?

Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.

How would you rate customer service and support?

Positive

What was our ROI?

The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.

What's my experience with pricing, setup cost, and licensing?

It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.

Which other solutions did I evaluate?

We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.

In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.

We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.

What other advice do I have?

There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.