Check Point Cloud Firewall (formerly CloudGuard Network Security) Reviews

We have a constant need to evolve and are migrating towards the cloud due to greater availability and better benefits at the level of hardware and computing.

With the understanding that we must have a faster, more efficient team with greater benefits when creating equipment or application services, we were looking for a solution with high user acceptance. We also wanted to meet the external and internal needs of the company and maintain solid corporate governance that includes offering the highest level of security standards. This product allowed us to create that level of security and develop natively in the cloud.  

The product has allowed us to develop applications from the cloud - even with large environments and well-segmented security lines. We're managing to prevent threats from any front with automated security. We can easily design, install, and configure everything from the cloud in a coherent way. It's easy to establish security policies to manage local and cloud environments now.

I am turning to a multi-cloud solution. Being able to achieve analysis and prevention of advanced threats and security in the network regardless of the environment has been great. It doesn't matter whether they are hybrid clouds, local networks can be resolved entirely in the cloud, and everything is managed from a single panel. We've managed to achieve a centralized visualization of our infrastructure, giving us greater insights and an overview of everything that happens in the organization.

The CloudGuard Network Security solution has given us an overview yet has allowed us to segment the cloud in many ways. We can create networks where we can separate the data, information, and structure of history. We can segment databases into smaller groups by type or quality of the resource. 

We're able to validate in a logical and physical way across layers and can segment data to allow for greater reach in terms of management. In the future, we'd like characteristics to be further simplified. While today we can manage some scopes, there are still some segments in the OSI layer we cannot manage. We'd like visibility on security and perimeter management qualities in order to reach other layers of the OSI model. Right now, we don't have the scope to reach some physical layers. 

I've been using the solution for less than a year.

Our primary use case for this solution is for basic cloud network security, posture management and threat hunting. The solution is deployed on cloud.

The solution assures protection on cloud and ensures the workload is protected in the same manner when deployed on-premises.

The threat prevention capabilities are very valuable.

The product's support team, the UI, and the user interface can be improved.

We have been using this solution for four years.

The solution is stable.

The solution is scalable. However, we have not needed to scale yet.

Our experience with technical support can be improved in terms of response time.

The initial setup was straightforward. Some processes were easy click-through processes which needed some configurations and technical expertise to set up. Hence, some technical expertise is required.

The solution is reasonably priced in comparison with other products.

I rate the solution seven out of ten. The solution is reliable and would fulfil what it is marketed to achieve. It provides very good security protection, but the customer support response times could be improved.

We use Check Point CloudGuard Network Security for the firewall. The firewall protects our various customers in the optic cloud.

Check Point CloudGuard is quick to deploy and easy for the customer to use. The user interface is user-friendly and easy to use.

The solution is not that flexible when deploying on-prem.

I have been using Check Point CloudGuard Network Security for six months.

We have had many performance issues with Check Point CloudGuard on the cloud. The issue is with the OS version at this point.

Because we are in the demo phase of using Check Point CloudGuard, we only have a small amount of users, all in our IT department.

Personally, I have not had to reach out to customer service and support, however, I understand that our clients have many clinical issues.

Positive

The initial deployment is easy. The length of time to deploy depends on the number of customers, or the number of websites the customer has. It can take anywhere from one day to a few days to deploy Check Point CloudGuard.

We use an in-house technical team to deploy the solution.

Check Point CloudGuard is proving to be a good solution for both the profit of the company and for deployment for the customer.

Check Point CloudGuard is a suitable solution for many customers that are using the cloud.

Overall, I would rate the solution a nine out of 10.

We are integrators and implemented this product for a customer to monitor traffic and secure a network on cloud. This is a threat prevention solution and I'm the enterprise security lead. Our company is based in the Philippines and we are customers of Check Point. 

Deploying this solution has made it easier for our security analysts to monitor the network on cloud. Based on compliance, we can easily give evidence to different auditors or regulators on how to protect our cloud infrastructure. 

Advanced check prevention is a great feature that provides threat intelligence at speed. We can easily identify malicious activity and check for any vulnerabilities. The solution has great functionality and we can see the movement of data. If there's any malicious activity, we can easily stitch or make a story out of that data. I think when it comes to functionality, it's a good monitoring tool. 

The cost is a little high, it doesn't suit every budget. I'd like to see the ability to integrate with other security solutions which is not currently possible. If you need to integrate, you have to buy a Check Point product as well so you're paying for features. 

The solution is stable. 

The solution is scalable and I think they might increase their scope on different virtual, private clouds or private subnets. Monitoring involves anywhere from three to five people. 

When it comes to Check Point support, we just file a ticket on the portal. They respond based on the severity of the problem. They've been very responsive on inquiries and issues that we encountered although we haven't had any major issues.

The initial setup was pretty straightforward. It's like running our VM on cloud, just speeding it up. When it comes to implementation strategy, we need to list all the assets or the traffic VLANs or network segmentation we want to monitor. From there, we assess how many nodes CloudGuard Network Security needs to monitor all those VLANs. It then takes two to three weeks to implement, given the likelihood of some challenges along the way. Deployment is carried out using a mix of Check Point engineers and in-house IT people. 

In terms of security solutions and return on investment, it's really about the total assets you're protecting.

If you're managing a large cloud infrastructure this is an expensive solution. Check Point has different bundles when it comes to CloudGuard and it's a modular system.

Before purchasing it's important to assess the size of your cloud infrastructure. You need to have a concrete plan for which virtual or private network or clouds you have to scope and to do that before deciding which solution you want and what functionality you need. 

I rate this solution eight out of 10 since there has been some improvement with regard to integrations.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.

The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.

This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.

The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

We have been using the Check Point Virtual Systems for about three years, starting in late 2017.

The solution is stable and we haven't had any support cases opened that are connected with it.

The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.

We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't have any logical separation of security solutions before implementing this product.

The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.

Our in-team has a Check Point Certified engineer as part of it.

Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.

As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.

Clients have been using it and they haven't had any negative feedback. 

The initial setup is straightforward.

The product is scalable.

We find the stability to be quite good.

Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The scalability is there if a company needs to expand it. 

Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback. 

That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.

I also work with Sophos, Fortinet, and Palo Alto. 

The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security. 

The initial setup is not overly complex. It's quite simple and straightforward.

The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.

For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.

I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities. 

I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.

We use a hybrid environment, so we have an on-premise data center and branch offices as well as resources in the cloud. On-premise is secured with different Check Point Gateways while for our security in the cloud we use Check Point Cloud Guard.

Depending on the traffic, we use different Cloud Guard firewalls. External traffic is handled by using a scale-set that can adapt on the fly to increase/decrease the number of firewall instances.

Internal traffic is handled by a normal Cloud Guard HA cluster with a certain amount of cores.

We used the Cloud Guard technology quite early on and used Check Point's Blueprint for our Cloud Datacenter design. By being able to use real firewalls instead of the cloud's own IP tables/inferior IPS we're able to maintain security across the whole environment (on-premise and cloud).

With the possibility to administer the cloud firewalls within the same management as on-premise firewalls, we can use the same objects/networks instead of having two sets of object databases or scripting something to have both of them synched.

Having the whole environment be under the same management is definitely is a plus.

Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.

It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.

In the first phase, Cloud Guard Firewalls didn't allow minor and major upgrades. Fortunately, now you can install normal hotfixes and minor upgrades (JHF) on the Cloud firewalls. For major upgrades, it's still necessary to destroy the VMs and re-create them again. Doing that would mean new public IPs as well. We created a script for that. I still hope that major upgrades will be possible in the near future too, otherwise, you still have to script a lot for basic maintenance, instead of using tools like CDT.

The product is very scalable due to using the scale-set.

I have been using Check Point CloudGuard for 3 years now. I use it in the financial sector, and use the gateways for perimeter security, east-west traffic inspections, and internet access. We have gateways for production, development, and outbound (internet access). The blades for IPS, FW, And URL filtering have been enabled with no problems. All the gateways are stable. We mostly use it for VPN site to site, and we can establish VPNs with Azure and other services. 

Check Point CloudGuard Network Security has established communications with other devices and other cloud providers. CloudGuard has improved the passage of CIS and PCI regulations. The functions for autoscaling save costs for the company and the centralized management helps us with administration. CloudGuard complements the security model of the company. We only need one solution for all cloud providers as it offers good compatibility with lots of protection. the easy funtion of use the licence core in other gateways helmpe to save cost. And the easy VPN configuration helpme to stablish more than 100 VPN in an shortly time.

The most valuable features are the VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. They help me to align with any compliance or regulations within our financial sector. The VPN blade has helped me to establish tactical communications. The logs help with troubleshooting and they are great. The IPS blade helps me to meet regulations and protect against intrusion. The applications control makes it easy to configure and created profiles. It blocks all the non-authorized applications. 

CheckPoint CloudGuard could be better at solving cases. In many cases, the client should be able to request or obtain a sufficient explanation or to obtain an appropriate answer. Check Point should improve the queue clients need to go through to obtain access to direct support chat. This should be for users with privileged access.  

CheckPoint features that should be included in the next release include the possibility to create a cluster on AWS and a Multi-region Cluster. They need to also include the possibility to use a managed web portal. 

I've been using the solution for about 3 years.

The scalability is very good.

Technical support is very good.

The initial setup is easy.

The team that helped us was very good.

The ROI we've had has been very good.