Our primary use case for this solution is for basic cloud network security, posture management and threat hunting. The solution is deployed on cloud.
Director at LiveFromSpace Limited
Helps us with basic cloud network security, posture management and threat hunting
Pros and Cons
- "The solution is reliable."
- "The solution assures protection on cloud and ensures the workload is protected in the same manner when deployed on-premises."
- "The user interface can be improved."
- "Our experience with technical support can be improved in terms of response time."
What is our primary use case?
How has it helped my organization?
The solution assures protection on cloud and ensures the workload is protected in the same manner when deployed on-premises.
What is most valuable?
The threat prevention capabilities are very valuable.
What needs improvement?
The product's support team, the UI, and the user interface can be improved.
Buyer's Guide
Check Point Cloud Firewall (formerly CloudGuard Network Security)
July 2026
Learn what your peers think about Check Point Cloud Firewall (formerly CloudGuard Network Security). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
For how long have I used the solution?
We have been using this solution for four years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable. However, we have not needed to scale yet.
How are customer service and support?
Our experience with technical support can be improved in terms of response time.
How was the initial setup?
The initial setup was straightforward. Some processes were easy click-through processes which needed some configurations and technical expertise to set up. Hence, some technical expertise is required.
What's my experience with pricing, setup cost, and licensing?
The solution is reasonably priced in comparison with other products.
What other advice do I have?
I rate the solution seven out of ten. The solution is reliable and would fulfil what it is marketed to achieve. It provides very good security protection, but the customer support response times could be improved.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Has a user-friendly interface
Pros and Cons
- "Check Point CloudGuard is quick to deploy and easy for the customer to use."
- "Check Point CloudGuard is proving to be a good solution for both the profit of the company and for deployment for the customer."
- "The solution is not that flexible when deploying on-prem."
What is our primary use case?
We use Check Point CloudGuard Network Security for the firewall. The firewall protects our various customers in the optic cloud.
What is most valuable?
Check Point CloudGuard is quick to deploy and easy for the customer to use. The user interface is user-friendly and easy to use.
What needs improvement?
The solution is not that flexible when deploying on-prem.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for six months.
What do I think about the stability of the solution?
We have had many performance issues with Check Point CloudGuard on the cloud. The issue is with the OS version at this point.
What do I think about the scalability of the solution?
Because we are in the demo phase of using Check Point CloudGuard, we only have a small amount of users, all in our IT department.
How are customer service and support?
Personally, I have not had to reach out to customer service and support, however, I understand that our clients have many clinical issues.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment is easy. The length of time to deploy depends on the number of customers, or the number of websites the customer has. It can take anywhere from one day to a few days to deploy Check Point CloudGuard.
What about the implementation team?
We use an in-house technical team to deploy the solution.
What was our ROI?
Check Point CloudGuard is proving to be a good solution for both the profit of the company and for deployment for the customer.
What other advice do I have?
Check Point CloudGuard is a suitable solution for many customers that are using the cloud.
Overall, I would rate the solution a nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer. distributor
Buyer's Guide
Check Point Cloud Firewall (formerly CloudGuard Network Security)
July 2026
Learn what your peers think about Check Point Cloud Firewall (formerly CloudGuard Network Security). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
Network Administrator at Ministry of Finanace and the Public Service
Easy to use, highly scalable, and helpful support
Pros and Cons
- "The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn."
- "My advice to others is the solution is very stable, and reliable, and they should ensure that they invest in Check Point."
- "Check Point CloudGuard Network Security could improve by making it easier to configure."
What is our primary use case?
We use Check Point CloudGuard Network Security for internal and external traffic filtering.
What is most valuable?
The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn.
What needs improvement?
Check Point CloudGuard Network Security could improve by making it easier to configure.
In a feature release, the application should be more drag and drop. If I could search it and drag and drop it to the specific rule it would be helpful.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for approximately 10 years.
What do I think about the stability of the solution?
The stability of Check Point CloudGuard Network Security is very good.
What do I think about the scalability of the solution?
Check Point CloudGuard Network Security is scalable, it is good for enterprises. The scaling is simple to do.
We have over 500 people in my company using this solution.
How are customer service and support?
I have interacted with the support from Check Point CloudGuard Network Security and they were very good but could improve their response time.
I rate the support from Check Point CloudGuard Network Security a nine out of ten.
How would you rate customer service and support?
Positive
What about the implementation team?
The vendor did the implementation and the maintenance of Check Point CloudGuard Network Security.
What other advice do I have?
My advice to others is the solution is very stable, and reliable, and they should ensure that they invest in Check Point.
I rate Check Point CloudGuard Network Security a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cloud Engineer at ITQS
Improves productivity and high value manual operations and offers great simplicity
Pros and Cons
- "It improves the availability of engineers to carry out projects."
- "These powerful capabilities position it and allow us to increase cloud security elastically while keeping up with the dynamic requirements of our business."
- "What I would like for future updates would be faster updates to apply, and perhaps a greater presence in the local language for the regions of Latin America."
What is our primary use case?
Currently, we were counting on a hybrid cloud and we needed to integrate the latest generation of security. We came to lean towards one of the security leaders in the market. These powerful capabilities position it and allow us to increase cloud security elastically while keeping up with the dynamic requirements of our business.
We use the cloud to integrate it into our hybrid cloud. It dynamically provides us with advanced security and consistent policy enforcement that automatically grows and scales with our cloud environment. With CloudGuard IaaS, we can easily protect workloads and applications.
How has it helped my organization?
Being able to move computing resources and data to public clouds means that security responsibilities are now shared between us and our cloud provider. While the cloud provider provides infrastructure protection, we as customers want to be able to control our own data and protect cloud assets while complying with internal regulations. On the other hand, we required complete traffic visibility and reporting, as well as proactive protection from even the most advanced threats within virtual network environments. CHKP offered us advanced threat protection to prevent the lateral spread of threats within defined data centers.
What is most valuable?
There are many important characteristics that for me are the best of the solution and come to support an emerging market:
- It improves the productivity of the company.
- It performs very complex or high value manual operations intellectual in a controlled and neglected way.
- There's a simplicity when performing tasks.
- It improves the availability of engineers to carry out projects.
- To all this we can add the ability to connect via API, and integrate solutions from developers trained for management from any location.
What needs improvement?
The solution from my experience is very good. What I would like for future updates would be faster updates to apply, and perhaps a greater presence in the local language for the regions of Latin America. These are markets that have been growing, however, the teams need a lot of time and training and in that period a specialized technician in the local language is required to support the constant requests. After that, I accept that Check Point surprises me as it has always done with its excellent work in innovation.
For how long have I used the solution?
I've used the solution for around two years.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Network/Security Engineer at Skywind Group
Easy to manage and greatly improves security
Pros and Cons
- "The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing."
- "The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution."
- "As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult."
What is our primary use case?
Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).
The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.
The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.
How has it helped my organization?
The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.
The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.
This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.
What is most valuable?
The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded.
As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.
What needs improvement?
As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.
In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.
For how long have I used the solution?
We have been using the Check Point Virtual Systems for about three years, starting in late 2017.
What do I think about the stability of the solution?
The solution is stable and we haven't had any support cases opened that are connected with it.
What do I think about the scalability of the solution?
The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.
How are customer service and support?
We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.
The longest issue took about one month to be resolved, which we consider too long.
Which solution did I use previously and why did I switch?
We didn't have any logical separation of security solutions before implementing this product.
How was the initial setup?
The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.
What about the implementation team?
Our in-team has a Check Point Certified engineer as part of it.
Which other solutions did I evaluate?
Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Technical Engineer at Harnssen Group Limited
Great for cloud security with good stability and helpful local technical support
Pros and Cons
- "Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions."
- "The clients who are using it have nothing bad to say about its capabilities."
- "Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point."
- "To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great."
What is our primary use case?
As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.
What is most valuable?
Clients have been using it and they haven't had any negative feedback.
The initial setup is straightforward.
The product is scalable.
We find the stability to be quite good.
Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.
What needs improvement?
To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors.
There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.
Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.
Generally, visibility is the issue. Clients really just need more visibility to know they are protected.
What do I think about the stability of the solution?
We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
The scalability is there if a company needs to expand it.
How are customer service and support?
Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback.
That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.
Which solution did I use previously and why did I switch?
I also work with Sophos, Fortinet, and Palo Alto.
The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security.
How was the initial setup?
The initial setup is not overly complex. It's quite simple and straightforward.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.
What other advice do I have?
For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.
I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities.
I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. reseller
Firewall Engineer at a logistics company with 1,001-5,000 employees
Simple management, easy to scale, and allows for rule automation
Pros and Cons
- "It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM."
- "By being able to use real firewalls instead of the cloud's own IP tables/inferior IPS we're able to maintain security across the whole environment (on-premise and cloud)."
- "For major upgrades, it's still necessary to destroy the VMs and re-create them again. Doing that would mean new public IPs as well."
What is our primary use case?
We use a hybrid environment, so we have an on-premise data center and branch offices as well as resources in the cloud. On-premise is secured with different Check Point Gateways while for our security in the cloud we use Check Point Cloud Guard.
Depending on the traffic, we use different Cloud Guard firewalls. External traffic is handled by using a scale-set that can adapt on the fly to increase/decrease the number of firewall instances.
Internal traffic is handled by a normal Cloud Guard HA cluster with a certain amount of cores.
How has it helped my organization?
We used the Cloud Guard technology quite early on and used Check Point's Blueprint for our Cloud Datacenter design. By being able to use real firewalls instead of the cloud's own IP tables/inferior IPS we're able to maintain security across the whole environment (on-premise and cloud).
With the possibility to administer the cloud firewalls within the same management as on-premise firewalls, we can use the same objects/networks instead of having two sets of object databases or scripting something to have both of them synched.
What is most valuable?
Having the whole environment be under the same management is definitely is a plus.
Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.
It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.
What needs improvement?
In the first phase, Cloud Guard Firewalls didn't allow minor and major upgrades. Fortunately, now you can install normal hotfixes and minor upgrades (JHF) on the Cloud firewalls. For major upgrades, it's still necessary to destroy the VMs and re-create them again. Doing that would mean new public IPs as well. We created a script for that. I still hope that major upgrades will be possible in the near future too, otherwise, you still have to script a lot for basic maintenance, instead of using tools like CDT.
What do I think about the scalability of the solution?
The product is very scalable due to using the scale-set.
Disclosure: My company has a business relationship with this vendor other than being a customer. We're a Check Point partner and use their products as well for our own environment.
Network, Systems and Security Engineer at SOLTEL Group
Good dashboard for centralized management, effective protection against zero-day attacks
Pros and Cons
- "The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways."
- "This solution effectively protects us against any next-generation attack."
- "In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes."
- "Throughput on the virtual firewall is an issue in case the organization wants to migrate a workload to the cloud, and it becomes a bottleneck."
What is our primary use case?
We had a big problem with how to protect our host services, which are directly accessed via the cloud. We wanted to protect our organization tenant and workload from any next-generation attack. For this protection, we implemented the Check Point solution named CloudGuard Network.
This NGFW is provided by Check Point and has all of the capabilities that are required to protect against next-generation attacks at the perimeter level.
The modules or security features that we use are provided as part of the base license. These include VPN, IPS, Application Control, and Content Awareness. Together, these are strong and help to protect the organization.
How has it helped my organization?
This solution effectively protects us against any next-generation attack.
What is most valuable?
The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways.
Whether it is hosted on-premises or on the cloud with the NGTX license, it provides additional security capabilities such as SandBlast, which is able to extract and emulate file execution in a virtual sandbox. It will identify activity and actions, and the system can be configured accordingly.
It provides hyperscaling capabilities for both on-premises and cloud-based security gateways. An on-premises security gateway can be configured for hyperscaling using the Maestro 140 or Maestro 170. In the cloud, on AWS it can be hyper-scaled using the AWS gateway load balancer.
It's able to protect against advanced threats and prevent zero-day attacks using both SandBlast and IPS signatures.
What needs improvement?
Throughput is impacted drastically once the security modules are enabled on the firewall.
As it is a software-based firewall, there is no dedicated throughput available for each module.
In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes.
Throughput on the virtual firewall is an issue in case the organization wants to migrate a workload to the cloud, and it becomes a bottleneck.
For how long have I used the solution?
We have been using the Check Point CloudGuard Network for between two and five years.
What other advice do I have?
The combination of NGFW + URL Filtering + Antivirus + Anti Bot, with 8 vCore D4 v2, is able to provide a throughput of 4Gbps.
On Azure, the combination of NGFW + URL Filtering + Anit Virus + Anit Bot, with 8vCore c5n 2xlarge, is able to provide a throughput of 4.7Gbps. It is similar to AWS.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Chief Information Security Officer at Abcl
Provides consolidated visibility and management, but the HA failover time is slow and the documentation needs to be improved
Pros and Cons
- "SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic."
- "This product is quick to deploy, scalable, and is a fully functional firewall available in the cloud."
- "Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM."
- "The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect."
What is our primary use case?
As we are moving our workloads to the cloud, it means that we now have a need to protect our cloud infrastructure. This will ensure that our business is deploying products faster and with all of the required security.
Our solution needs to be able to protect workloads hosted on multiple clouds with the required security control. The license should be a subscription-based model so that we can add or remove depending upon the requirement to scale.
It needs to support a microservice platform such as Docker or another container, and it should be quick to deploy.
How has it helped my organization?
This solution gives us advanced threat prevention to protect our workloads from attacks including zero-day and other types of attacks.
It is able to provide cloud network security along with orchestration and automation. It also provides consolidated, consistent visibility and management across all clouds including public, private, and hybrid environments.
This product is quick to deploy, scalable, and is a fully functional firewall available in the cloud. We were able to scale as required based on load and performance. With Covid-19, our users, including our Customer Center agents, are completely remote and rely on Check Point Cloud Guard to provide flexibility and seamless access.
We have the ability to easily encrypt/decrypt traffic according to the security policy, as well as integrate between Active Directory, Cloud Guard Azure objects & application control.
It provides micro-segmentation functionality through complete visibility and control of traffic following between EAST-WEST and North-SOUTH with VPC and Outside VPC.
What is most valuable?
We are using multiple security features including the firewall, DLP, IPS, application control, IPsec VPN, Antivirus, and Anti-Bot. SandBlast provides Threat Extraction and Threat Emulation for zero-day attacks.
SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.
Unified Security Management provides security policy management, enforcement, and reporting for public, private, hybrid-clouds, and on-premises networks in a single-pane-of-glass.
Seamless cloud-native integration with Azure, AWS, GCP, Oracle Cloud, and more.
What needs improvement?
System hardening could be improved, as password complexity is not enforced by default on root / command-line passwords.
The documentation provided by Check Point can be rough and needs to have a lot more detail incorporated in order to help the implementor and administrator.
The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect. Consequently, there may be an issue in migrating the mission-critical business applications.
Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM.
For how long have I used the solution?
We are performing a PoC with the product.
What do I think about the scalability of the solution?
As with other Check Point products, this solution is scalable.
How are customer service and technical support?
Support from OEM is excellent.
Which solution did I use previously and why did I switch?
We have a different solution that works in silos and we are doing this PoC to check the functionality/features.
How was the initial setup?
Integration and setting up the solution are straightforward.
What about the implementation team?
We are performing our PoC with assistance from the OEM.
What's my experience with pricing, setup cost, and licensing?
The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard.
Which other solutions did I evaluate?
We did not evaluate other options.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Advisory Information Security Analyst at a financial services firm with 501-1,000 employees
You can have everything under a single pane of glass
Pros and Cons
- "The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard."
- "CloudGuard is functionally equivalent to what we are doing on-prem, it's easy to manage CloudGuard from on-prem and offers the same protection that we're able to give the rest of our environments, which is a big plus for us."
- "The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
What is our primary use case?
It is building the network infrastructure for our cloud environment around it. Primarily, the functionality that we are using it for is the firewall piece in the cloud.
We have three different things going on right now. I think Dome9 is considered a part of the whole CloudGuard thing. We have AWS and Azure environments behind just straight up Check Point Firewalls. We are in the midst of deploying a new network in AWS that fully leverages the whole IaaS that they offer. Primarily, it's the firewall main piece. However, we are transitioning into using the scale-up, scale-down gateways, which are mostly the network security piece of it.
How has it helped my organization?
The granularity and visibility that we are able to get into logging and data going into our AWS environment is significantly more than we could get purely out of the native AWS tools. That is big for alerting and incident response.
What is most valuable?
The Auto Scaling functionality is the most valuable feature. Our cloud environments are growing to the point where we need to be able to expand and contract to the size of the environment at will. They pull you to the cloud. With the static environment that we currently have stood up, it works well. However, it would be more efficient having the Auto Scaling even bigger. We are in the middle of that now, but I can already tell you that will be the most impressive thing that we're doing.
CloudGuard's block rate, malware prevention rate, and exploit resistance rate are tremendous. CloudGuard is functionally equivalent to what we are doing on-prem. It's easy to manage CloudGuard from on-prem and offers the same protection that we're able to give the rest of our environments, which is a big plus for us.
The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard.
I might be a little skewed because I have been working with Check Point for so long that a lot of the same logic and language that the rest of Check Point uses becomes intuitive, but I haven't had any issues. Anything we need to get done, we are able to do it relatively easily.
What needs improvement?
The room for improvement wouldn't necessarily be with CloudGuard as much as it would be with the services supported by Check Point. A lot of the documentation that Check Point has in place is largely because of the nature of the cloud. However, it is frequently outdated and riddled with bad links. It has been kind of hard to rely on the documentation. You end up having to work with support engineers on it. Something is either not there or wrong. Some of it is good, but frequently it's a rabbit hole of trying to figure out the good information from the bad.
We use the solution’s native support for AWS Transit Gateway and are integrating it with the Auto Scaling piece now, which is a big portion of it. One of the issues with using the AWS Transit Gateway functionality is that setting up the ingress firewall can be more of a logging type function, as opposed to doing pure, classic firewall functionality. This is with the design that we are using with the Auto Scaling. However, AWS announced about two weeks ago that they have a new feature coming out that will effectively enable us to start blocking on the Check Point side, and with our previous deployment before, we weren't able to do that. While the Check Point side is fine, the functionality that AWS allowed us to use was more of the issue. But now that changes are occurring on the AWS side, those will enable us to get the full use out of the things that we have.
For how long have I used the solution?
We have been using it since before it was even called CloudGuard, which has probably been five years now.
What do I think about the stability of the solution?
The stability is great. There are no real issues with it. Even when half of AWS went down last week at some point, our stuff stayed up. Check Point is actually fine, it's more of just whether or not AWS is going to stay alive.
What do I think about the scalability of the solution?
The scalability is great. That is the big thing. We went from our existing not-that-scalable network to a full scale-up, scale-down. I feel like it's inherently scalable because of that. It gives you as much power or as little power as you need.
Currently, there are about 150 users in our organization. When the new deployment is done, there will be about 700 users. Right now, it is primarily software development. These are the people who are in there now spinning up and down servers, building out environments, etc. It's just going to be that on a larger scale once the new deployments are out there. We need to have the guardrails in place with CloudGuard and Dome9 to ensure that they don't wreck the company, but it's mainly software development and the various roles inside of that, like architecture. There are a hundred different teams in the company that do dev, so they each have their little functions that they would have to do in there.
Right now, the solution is lightly used, given the fact that most of our development is taking place on-prem. However, we are eventually moving everything to the cloud. By virtue of that fact, it will be heavily used for the next two to three years.
How are customer service and technical support?
Support has been great. They will get you through any issue.
The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation.
Which solution did I use previously and why did I switch?
We deployed our AWS environment in tandem with our CloudGuard deployment. There were individual pieces of AWS that we were using that we've replaced with CloudGuard, but those pieces were more on the Dome9 side than anything, like flow log exports, that we were able to consolidate back into Dome9 and CloudGuard.
How was the initial setup?
The initial setup is generally complex. I have been doing cloud and Check Point stuff for a while. Therefore, when we deployed this stuff, I had a good understanding of how to negotiate both of them. That being said, I can see how a user who doesn't have this level of experience may see it as being difficult. I just have a lot of experience with this stuff and was able to get it stood up relatively easily. But, if you're not in the weeds with Check Point and AWS, then I can definitely see it being complex to set up, especially given the issues with documentation, etc.
The first deployment without Auto Scaling was probably about a month. It was kind of in tandem with building out the cloud environment. Our latest deployment was about two months, but it has been a significantly more complex design that we were doing, so it was sort of expected. It was not a full-time thing that we're doing. We were working on it a little at a time. If a team already had their AWS environment fully designed and operational, then they could have it up in a week. A lot of our challenges have been just tied to the organization and changing what it wanted out of the deployment, which has been more an internal issue for us.
Initially, our implementation strategy was a multicloud deployment. Then, it switched to a single cloud. After that, it shifted to the number of environments that we had to get stood up. So, it has been a bit all over the place internally. We know we have to do it, it was just a question of how many networks did we need to stand up, how many environments, etc. From a managerial leadership perspective, it was just telling us what they want.
Largely because we are a large Check Point shop who used on-prem going into it, most things are identical between the cloud and on-prem deployments. So, the things that we were able to do on-prem, we were then able to easily extend those out to the cloud.
We use Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances. We had it in place before we had CloudGuard. Therefore, it was an easy transition to integrate that stuff. It wasn't that we had something else in place, then we brought in CloudGuard. We had the Smart Management Suite already set up on the internal end, and we were able to integrate that pretty easily.
What about the implementation team?
99 percent of the time, we are doing the deployment ourselves. Here and there, we will have a one-off, but we do the deployment ourselves.
There are three of us who were involved in the deployment, which are the same people who are doing the maintenance.
What was our ROI?
The ROI is significant. We definitely would need more people on this team to manage this stuff if we were not using Check Point. The cost of having more security engineers and cloud engineers, in particular, is expensive. It prevents us from having to blow money on people who are just staring at the cloud all day.
The use of Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances has freed up our security engineers to perform more important tasks. If we were tied down using four or five different tools, that would be a nightmare for us because we are just a small team. There are about three of us managing the cloud environments right now. If not for this solution, we would easily double or triple our team size. The number of different tools needed to manage (without CloudGuard) would be too much for just three of us.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall.
The only other thing that might come up is if we ever decided to do any managed services type of thing or bring in consultants. Outside of that, their cost is what it is upfront. This is outside of whatever you will end up paying AWS to run the servers. It is all pretty straightforward.
Which other solutions did I evaluate?
We kind of always knew it was going to be Check Point because of our extensive on-prem deployment. It just seemed easier for us to just stay with them instead of having multiple firewall providers. The only other real option for us at the time was just going with native AWS firewalls, but we would rather keep that managed ourselves with Check Point.
The only thing that we ever looked at or compared CloudGuard to is just native AWS tools and whether it makes more sense to use them than CloudGuard. By and large, we just kind of stuck with CloudGuard for the most part. There are definitely more menus that you can navigate over than AWS. Check Point's tools are good and powerful, but given what our deployment looks like, that just complicates things.
Favorable results of its security effectiveness score from third-party lab tests were very important to us. We didn't evaluate too many other options. Just knowing that it wasn't a piece of garbage was a good indicator upfront that it was worth sticking with Check Point down the road. If you are given more things that you have to look at, then there are more possible threats capable of penetrating an environment. So, if you're able to centralize things as much as possible, then you're on the right foot to catch any issues.
With the integrated nature of the Check Point suite, you can have everything under a single pane of glass, which is huge. You can do a lot of the things that you can do with Check Point if you had four or five different other vendors, but being able to do it all in one place is convenient and cost-effective.
In our decision to go with this solution, it was absolutely important that Check Point has been a leader for many years in industry reviews of network firewalls.
What other advice do I have?
We should have done the Auto Scaling stuff upfront instead of going static. The biggest lesson was that the tools in place let you embrace the good parts of the cloud, which is flexibility and cost savings. The thing that we kind of learned is we just treated it upfront like it was another on-prem device, but you miss out on the whole point of having infrastructure as a service if you're not going to leverage it to its fullest capabilities.
Remember that you are doing this in the cloud, so treat it like a cloud device. Don't suddenly try to extend your on-prem network without leveraging the whole capabilities that CloudGuard gives you to scale your network in and out as needed.
CloudGuard's false positive rate is acceptable and low. You have pretty granular control over everything that you are doing. Even if you're running into false positives, you can easily tweak them and work with CloudGuard to eliminate them.
I would rate it a nine (out of 10). It does everything that we wanted it to. It kind of grows with AWS, where new AWS functionality is now enabling new CloudGuard functionality by virtue of a couple of changes that they have been making. They sort of work hand in hand. The only reason that stops it from being a 10 (out of 10) is just the limitations of AWS end up being the limitations CloudGuard as well. You take the good and the bad of the cloud.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Check Point Cloud Firewall (formerly CloudGuard Network Security) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2026
Product Categories
Firewalls Managed Security Services Providers (MSSP) Software Defined WAN (SD-WAN) Solutions Cloud and Data Center Security WAN Edge Unified Threat Management (UTM)Popular Comparisons
SentinelOne Singularity Cloud Security
Palo Alto Networks NG Firewalls
Cato SASE Cloud Platform
Check Point Harmony SASE (formerly Perimeter 81)
Check Point Quantum Force (NGFW)
Check Point CloudGuard CNAPP
Buyer's Guide
Download our free Check Point Cloud Firewall (formerly CloudGuard Network Security) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?
- If you could go back, would you change your decision to buy that firewall and why?

















