Check Point CloudGuard Network Security Reviews

We are using it for network security.

The whole reason we got it was to expand and make an extension to the Azure Cloud so that we could establish services that would make a link between the on-prem and the cloud. That was the goal.

We have unified management. It is one of the advantages of this product.

In terms of protection, we have not yet done any kind of penetration tests. We will check them later. In the future, we would also want to use all kinds of features such as IPS, IPSec, etc.

Its advantage is its layout. You do not need to get any unique devices and install them. The installation is easy. The assimilation is less easy because you have to work with a manager in Azure and upload and define all kinds of addresses.

In essence, you do exactly what you do with on-prem. It is the same operation. You can manage it in the same way as on-prem, which is an advantage. You can manage the firewall in the cloud from on-prem, and you do not need any more interventions.

There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true. I am trying to figure it out. If I want to upgrade to a newer version, I have to make new machines. If this is true, it will negatively impact my thoughts regarding the solution.

It is always running. Its availability is high because it is located in two different data centers. This is the purpose of the cloud. It is located in two data centers in two different countries. We have placed one in Frankfurt, and the other one is in Amsterdam or London. That is the advantage. Because it is not the same country or city, the availability is great.

I mainly receive support from an integrator. Check Point did not accompany me as a vendor from the beginning. I am satisfied with the integrator at the moment. He gives me the answers. 

We had a few inquiries recently, and he gave me the answers. They were also very helpful during the installation. So, I have had less communication with the manufacturer. For more complex issues, I can communicate with Check Point's support.

I would rate the integrator's support a nine out of ten because sometimes, it takes a long time for the integrator to find the solution to the malfunctions. The glitch related to the deleted machines was very critical for our organization. Things were working normally on the network, but the entire project was simply blocked for a few days. I expected the integrator to open a ticket in a faster way, but he did not open any ticket at all. He resolved it all by himself, but he did not share with us what the solution was. Deleting things and opening them again is not good enough because there is no reassurance that the glitch will not happen again.

We did not use any other solution before this.

The installation is simple. We just had to put it in two centers and deploy it. It was easy. 

During the process, we had to wipe a machine. Microsoft gave us some addresses to work with. We used those addresses because we needed public addresses to work with. At first, we were not able to do something properly, so we deleted the machine. When we came back to set up the machine, we had to take new addresses from Microsoft all over again. I do not know whether it was because of Azure or whether it was Check Point´s fault. 

I do not know if I have seen a return on investment because we are at the beginning of establishing the cloud. It is not entirely working yet. At the moment, it is not in production, but I assume that there will be an ROI.

It is not expensive.

I wanted to try Palo Alto at first, but because my entire setup was already in Check Point, I did not go in that direction. I wanted unified management. I also consulted my team, and they said that they do not want to come and manage another firewall because of the management and knowledge it requires. The advantage of this solution was unified management.

My recommendation for those who are thinking of installing the product is to check its survivability at the level of downloading a machine and uploading it. Do not upload all the applications straight away to run tests. Research first.

Based on my experience, I would rate it a seven out of ten. There were some malfunctions. There were also issues at the beginning due to the lack of a dependency needed for it to function. The experience is not yet perfect, but like any product, it will improve over time. In the end, I need stability in the cloud, but right now, that feeling is not there. I do not have the feeling of stability where I can say that the production and the service will not drop again. That is the concern. I want to start uploading some kind of application to production soon.

Foreign Language:(Hebrew)

המוצר מספק ניהול מאוחד, אבל נראה שלשדרוג הגרסה יש מגבלה

מהו השימוש העיקרי שלנו במוצר?

אנחנו משתמשים בו לאבטחת רשת.

בחרנו אותו כדי להתרחב ולעשות הרחבה ל-Azure Cloud כדי שנוכל להקים שירותים שיעשו קישור בין On-Prem לענן. זו הייתה המטרה.

איך זה עזר לארגון שלי?

יש לנו ניהול מאוחד. זה אחד היתרונות של המוצר הזה.

מבחינת הגנה, עדיין לא עשינו שום סוג של בדיקות חדירה. נבדוק זאת בהמשך. בעתיד, נרצה גם להשתמש בכל מיני תכונות כמו IPS, IPSec וכו'.

מה התכונה הכי משמעותית של המוצר?

היתרון שלו הוא הפריסה שלו. אתה לא צריך להשיג מכשירים ייחודיים ולהתקין אותם. ההתקנה קלה. ההטמעה פחות קלה כי צריך לעבוד עם מנהל ב-Azure ולהעלות ולהגדיר כל מיני כתובות.

בעצם, אתה עושה בדיוק את מה שאתה עושה מ- On Prem. זו אותה פעולה. אתה יכול לנהל אותו באותו אופן כמו ב-On-Prem, וזה יתרון. אתה יכול לנהל את הפיירוול בענן מ-on-prem, ולא צריך יותר התערבויות.

מה טעון שיפור?

ישנה מגבלה בשדרוג הגרסה. אנחנו משתמשים בגרסה 81.10 ולפי מה שהבנתי זה בעייתי לשדרג את הגרסה הזו. אני לא יודע אם זה נכון. אני מנסה להבין את זה. אם אני רוצה לשדרג לגרסה חדשה יותר, אני צריך ליצור מכונות חדשות. אם זה נכון, זה ישפיע לרעה על המחשבות שלי לגבי המוצר.

מה אני חושב על יציבות המוצר?

המוצר פועל תמיד. הזמינות שלו גבוהה מכיוון שהוא ממוקם בשני מרכזי נתונים שונים. זו מטרת הענן. הוא ממוקם בשני מרכזי נתונים בשתי מדינות שונות. הקמנו אחד בפרנקפורט והשני באמסטרדם או בלונדון. זה היתרון. מכיוון שלא מדובר באותה מדינה או עיר, הזמינות גדולה.

איך שירות הלקוחות והתמיכה?

אני מקבל בעיקר תמיכה מאינטגרטור. צ'ק פוינט לא ליוותה אותי כספק מההתחלה. אני מרוצה מהאינטגרטור כרגע. הוא נותן לי את התשובות.

היו לנו כמה תקלות לאחרונה והוא סיפק לי את כל התשובות. הוא גם עזר מאוד במהלך ההתקנה. עם היצרן הייתה לי פחות תקשורת. לבעיות מורכבות יותר, אני יכול לתקשר עם התמיכה של צ'ק פוינט.

הייתי מדרג את תמיכת האינטגרטור תשע מתוך עשר, כי לפעמים לוקח הרבה זמן עד שהאינטגרטור מוצא את הפתרון לתקלות. התקלה הקשורה למכונות שנמחקו הייתה קריטית מאוד עבור הארגון שלנו. דברים עבדו כרגיל ברשת ופתאום כל הפרויקט פשוט נחסם לכמה ימים. ציפיתי שהאינטגרטור יפתח טיקט בצורה מהירה יותר, אבל הוא לא פתח טיקט בכלל. הוא פתר את הכל לבד, הוא גם לא שיתף אותנו לגבי מה היה הפתרון לתקלה. למחוק דברים ולפתוח אותם שוב זה לא מספיק טוב כי זה לא מבטיח לנו שהתקלה לא תחזור על עצמה.

באיזה מוצר השתמשתי בעבר ומדוע החלפתי אותו?

לא השתמשנו בשום מוצר אחר לפניו.

איך הייתה ההתקנה הראשונית?

ההתקנה הייתה פשוטה. היינו צריכים לשים אותו בשני מרכזים ולפרוס אותו. זה היה קל.

במהלך התהליך, היינו צריכים למחוק מכונה. מיקרוסופט נתנה לנו כמה כתובות לעבוד איתן. השתמשנו בכתובות האלה כי היינו צריכים כתובות ציבוריות לעבוד איתן. בהתחלה לא הצלחנו לעשות משהו כמו שצריך, אז מחקנו את המכונה. כשחזרנו להגדיר את המכונה, היינו צריכים לקחת מחדש כתובות חדשות ממיקרוסופט. אני לא יודע אם זה היה בגלל Azure או אם זו הייתה אשמתו של צ'ק פוינט.

מה היה החזר ההשקעה שלנו?

אני לא יודע אם ראיתי את ההחזר על ההשקעה, כי אנחנו בתחילת הקמת הענן וזה עדיין לא לגמרי עובד. כרגע הוא לא בייצור, אבל אני מניח שיהיה החזר של ההשקעה.

מה דעתי על התמחור, עלות התקנה ורישוי?

זה לא יקר.

אילו מוצרים נוספים שקלתי?

רציתי לנסות את פאלו אלטו בהתחלה, אבל בגלל שכל ההתקנה שלי כבר הייתה בצ'ק פוינט, לא הלכתי לכיוון הזה. רציתי ניהול מאוחד. התייעצתי גם עם הצוות שלי והם אמרו שהם לא רוצים לנהל פיירוול נוסף בגלל הניהול והידע שזה דורש. היתרון של המוצר הזה הוא הניהול המאוחד.

איזה עוד עצה יש לי?

ההמלצה שלי למי שחושב להתקין את המוצר היא לבדוק את השרידות שלו ברמת הורדת מכונה והעלאתה. לא להעלות את כל האפליקציות מיד, כדאי להריץ בדיקות ולחקור קודם.

בהתבסס על הניסיון שלי, הייתי מדרג את המוצר שבע מתוך עשר. היו כמה תקלות. היו בעיות גם בהתחלה בגלל חוסר העצמאות הדרושה לתפקוד. החוויה עדיין לא מושלמת, אבל כמו כל מוצר, היא תשתפר עם הזמן. בסופו של דבר, אני צריך יציבות בענן, אבל כרגע, התחושה הזו לא שם. אין לי תחושת יציבות שבה אני יכול להגיד שהייצור והשירות לא יירדו שוב. זו הדאגה. אני רוצה להתחיל להעלות איזושהי אפליקציה לייצור בקרוב.

When we began our digital transformation, we had already invested in on-premises Check Point firewalls. We desired the same level of security in the cloud along with the elasticity that the cloud demands.

We have a standard security policy across the organization. Our layered security, including North-South and East-West firewalls, is fantastic.

Compared to the other solutions for identity-based threat detection, the malware and threat prevention capabilities are key features that we have enabled – we actually use all the available features. 

On several occasions, we've benefited from zero-day protection. It acts immediately when something is discovered, while other solutions might take much longer to react.

I'm confident that as long as we keep up with the advancements that Check Point continues to make, our security posture is in good hands.

The virtual machine scale sets were crucial, offering the ability to scale up and down. 

It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity.

CloudGuard Network Security provides unified security management across our cloud and on-premises environments.

We integrate our management servers with the Check Point Multi-Domain Security Management server. This allows it to interact with Check Point CASB and our SIEM. As alerts arise, we're able to triage them effectively.

In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets.

I've been using CloudGuard Network Security since approximately 2019.

The overall stability is there. Our firewalls monitor our most crucial systems. If those firewalls went down, it would take out almost our entire cloud network.

The scalability is great. 

We have Check Point's Diamond support, and they have been fantastic. It's a true partnership, and we always work together to find solutions for anything that's needed.

We have weekly meetings with our sales team, our architecture team, and their team. They are truly integrated as part of our organization.

Positive

We had our native cloud firewall. Our native cloud firewalls lacked intrusion prevention and advanced malware protection. 

They offered basic stateful firewalling, and we wanted a more robust solution for our security needs.

When we designed our cloud architecture, Check Point was the primary solution we chose.

It's simple to set up and easy to tear down or upgrade. This provides us with a lot of flexibility in testing.

We did evaluate other solutions. We evaluated other web application firewalls (WAFs). 

The ease of use is great. Creating firewalls within templates is straightforward. 

The overall depth of features within the solution is one of the key reasons why we chose Check Point as a long-term partner.

Overall, I would rate the solution a ten out of ten. 

We are using it for perimeter inbound and outbound detection.

It is running in an EC2 instance in AWS.

For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing. 

It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.

It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

I have been using CloudGuard Network Security for two years.

It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS. 

So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution. 

There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.

That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.

We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.

The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.

Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.

Positive

The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.

It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.

We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.

In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.

We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.

There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.

We use Check Point CloudGuard Network Security to replace an Azure Firewall, securing the network flow in our organization.

The URL filtering provides a lot of added value compared to the Azure Firewall. It is easier to use and offers much more visibility on the network activities. It helps us manage our security operations by reusing on-prem solutions with the cloud, therefore improving ease of use.

The reporting needs enhancement. Currently, we are not always aware of the gateways' status, like CPU and RAM usage. It would be beneficial to have a report that manages everything and gives an overall view of what is going on.

I have been using it for six to ten months.

I have experienced a few issues where connectivity is lost temporarily, however, it does not affect traffic processing. It is more about not having management information for a few seconds.

The scalability is really good and relies totally on CloudGuard, whether it is on Azure or AWS. At least on Azure, it works fine.

The customer service is good. They helped me with the few issues I had, meeting my expectations. Their support for traditional security projects is good, and I found the same support quality for cloud projects.

Neutral

I have used solutions for on-prem security management, yet not for the cloud.

The initial deployment was easy, taking about a week.

I rate the overall solution an eight out of ten. It would be ideal to have improved reporting features for a comprehensive overview.

My company uses the solution as an Edge firewall and East-West firewall. 

The tool's most valuable feature is its management console. 

Check Point CloudGuard Network Security needs to improve the management of the actual firewalls. Improvement is also needed for the consolidated UI of different security aspects. 

I have been using the product for a year and a half. My company has been using it for eight years. 

We recently had some issues with stability, so it's hit or miss. It seems to have more minor bugs than other platforms, but overall stability is the same.

The speed of the support's response varies. Sometimes, you can get a good engineer who can give you the right answers. 

Neutral

I have used Cisco, Fortinet, Palo Alto, and SonicWall. The worst ones on the list are Cisco, Fortinet, and SonicWall. Palo Alto is better in some areas. Check PointCloudGuard Network Security is top in terms of actual security. But in terms of managing the whole platform, I would put it below Palo Alto.

Check Point CloudGuard Network Security's deployment is easy and takes two hours to complete. 

I did the solution's deployment myself. However, I connected with the consultants whenever needed. 

We've been secure and haven't had any security breaches.

The tool's pricing is been higher than other solutions, but it seems like it's turning downwards.

I rate the overall product a seven out of ten. 

We primarily use CloudGuard Network Security to deploy cloud firewalls in Azure, safeguarding our applications, and managing them using Terraform.

CloudGuard Network Security streamlines processes by automating tasks, reducing human effort, and enhancing security for cloud deployments.

The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model.

I have been using CloudGuard Network Security for about four months.

We haven't had any stability issues so far.

Scalability has been great. We utilize scale sets, deploying two gateways per region with settings ranging from two to ten.

The initial deployment using the ARM template in Azure was straightforward, but migrating to Terraform added complexity, although we managed to make it work.

Our existing Check Point discounts make the licensing competitive and budget-friendly.

CloudGuard provides unified security management across hybrid clouds and on-premises environments.

Unified security management simplifies our operations by centralizing logging and integrating seamlessly with our existing solutions, ensuring security teams have a single point of reference without needing additional configurations.

My advice would be to consider the solution as it performs well and seamlessly integrates with existing systems, streamlining processes and proving to be highly beneficial.

Overall, I would rate CloudGuard Network Securit as an eight out of ten.

The solution helps to protect our customers at the perimeter. We have integrated the solution into our NSX environment. 

The tool's most valuable features for us are threat prevention, HTTPS inspection, and the Anti-Bot blade. Threat prevention helps to protect our assets from threats. HTTPS inspection ensures secure communication, and the Anti-Bot blade is particularly helpful in detecting C2 servers, enhancing our ability to identify malicious activities and protect our network.

We can confidently assert that we are among the top cloud providers, protecting our customers from external threats. With Check Point's CloudGuard Network Security, we offer attack services protection. 

CloudGuard Network Security needs to include new features. One specific feature I would like to see is the ability to protect external resources using single sign-on integration with various identity providers, including custom identity providers. Its pricing could also be cheaper. 

I have been using the product for six years. 

CloudGuard Network Security is stable. 

CloudGuard Network Security is highly scalable in our virtual environment. We can easily add more ports, and it functions perfectly. We use it in cluster mode, deploying multiple Check Point clusters horizontally and vertically, making scalability easy and excellent.

I find Check Point's technical support to be excellent. We have premium support, and whenever we open a case, especially for high-severity issues, we receive a phone call from their support team.

Positive

CloudGuard Network Security's deployment is straightforward. 

The product is expensive but also valuable. 

CloudGuard Network Security provides unified security management across hybrid clouds as well as on-premises environments. It helps to manage everything from a single point. 

I have been exploring Harmony SASE for remote security and zero-trust access in some proof-of-concept activities. Also, I'm checking out the CloudGuard Web Application Firewall for safeguarding our applications on the internet.

I rate the product a ten out of ten. We have had a great experience with Check Point, and we haven't faced any major incidents or attacks compromising our organization. It has helped us detect activities on our endpoints. 

I would genuinely recommend it. Check Point is easy to manage, implement, and configure. The support is excellent, and the constant threat intelligence updates ensure protection against various threats. It's truly an amazing product for securing your environment.

We use Check Point firewalls and SMS servers in on-prem DC and in multi-cloud environments extensively. These are used to protect the perimeter, DMZ, and internal network to protect and inspect network traffic.

The firewalls are best of breed and provide extensive rich features and a diverse range of protection against DDoS, malware, ransomware, and zero-day attacks. Also, it is used for terminating client and mobile VPN tunnels, URL filtering, IDP, DLP, etc. 

The environment is Internal and a multi-tenant hosted for external clients which is a complex setup.

The new Check Point firewalls are best-of-breed and provide next-gen firewall features with AI and ML capabilities. This helps to reduce the operational support overhead and protects against new emerging threats.

Previously we used Juniper, Cisco, and other firewall platforms which have very limited capabilities and offer no inspection or threat-prevention features at all. 

Check Point has changed this dynamic completely and offers a complete security solution to protect all digital assets which is immensely helpful.

Identity awareness, URL filtering, IDS, DLP, Content Filtering, VPN, and Application Control are all excellent. They provide features to inspect internet traffic, data protection compliance, and DDoS attack detection and protection.

The Check Point firewall product that we picked up has an excellent feature set and all the required licenses, it's a nicely engineered firewall technology and has a great support team to escalate.

Features like threat prevention and protection are good to have to protect against zero-day attacks, malware, and ransomware.

Software bugs and OS releases can be very fast to keep up with. Check Point has a history of moving fast with software release and upgrade cycles which are difficult to keep up with at times.

New features should have a single-pane-of-glass view for on-prem DC and cloud environments. 

Licensing costs are very high compared to other vendors. Check Point needs to be competitive to keep the cost down for the customers and partners. 

The previous Check Point OS model had to support multiple OSs which was difficult and cumbersome (i.e. SPLAT, IPSO, GAIA).

I've used the solution for ten years.

We did use a different solution and wanted to have better security capability and visibility.

The solution is expensive but feature-rich.

We looked at other options and checked if the firewalls had all the security and compliance features required by the organization.