Check Point Cloud Firewall (formerly CloudGuard Network Security) Reviews

We are using Check Point CloudGuard as a firewall. Along with the firewall, we have incorporated multiple blades. Initially, the firewall used to be a single security device, and along with that, we required antibot, antivirus, IPS, and IDS devices. Check Point CloudGuard is a combination of all the devices and functionalities in a single device. It is a next-generation firewall. The main use case of this firewall is to protect our entire cloud and provide perimeter cloud security at L3 and L4 levels.

It is a next-generation firewall. Threat prevention and threat detection blades are available with the firewall. As soon as you enable the blades and you have the license for it, you are good in terms of threat prevention. You do not need to do any specific settings. You just need to enable the blade, and the firewall will take care of the rest of the things. That is how it works.

We are using the Check Point CloudGuard firewall with autoscaling in the AWS and Azure cloud. We have a minimum capacity of two firewalls and a maximum capacity of ten firewalls. If the CPU utilization increases or the memory utilization increases, the capacity will be increased to three from two. Till the service comes down to the threshold level, it will keep on adding more firewalls, so we have ease of operations. We do need not to worry about what we will do if a firewall fails.

When I joined my organization, we were using this CloudGuard firewall in the active/standby firewall cluster. In such a setup, the firewall that is active processes your traffic. The other firewall is in the standby mode. It is not processing the traffic, but it is still costing you. Even though it is not being used, it is still cost-consuming at the cloud level. We changed the setting to autoscaling. After adopting the autoscaling mode for this firewall, we need a lower number of CPU and memory. All the firewalls are active, so we need not worry about the standby firewalls and all those things. So, we have transitioned from these conventional active/standby firewalls to autoscaling firewalls. With this, we are able to save costs and improve performance. All the firewalls are active/active but with fewer CPU cores. When we have fewer CPU cores, we need less number of licenses, so we were able to save the cost. The performance has also been great.

The most important feature is that we are able to use Check Point CloudGuard Firewall for our cloud security. We can make the deployment automated. We do not require manual intervention. With the help of automation, we are able to deploy it within minutes, and we are able to discard it within minutes. We can do hardening and create policies. All those things are very advanced.

Secondly, Check Point is one of the big OEMs available in the world from the firewall perspective. It is better than Palo Alto and Juniper firewalls. It is one of the best firewalls available in the industry.

We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features. We are moving to infra as a code, so we are expecting more advancements in this product. Just installing the patches is not going to help us. They need to focus on this area.

I expect Check Point CloudGuard to come up with some AI/ML integration. A firewall is the first L3 security device available to you. It is the single point that manages or processes the traffic for an organization. There is a possibility that the device goes down or gets rebooted for any reason. The integration of artificial intelligence with the devices can help us to know in advance that there might be a surge in traffic. There might be a spike in the traffic, so we can have some additional firewalls integrated. This predictive analysis has to be there. This way, if required, a second, third, or fourth firewall can come into the picture. All the firewalls will process the traffic simultaneously. I am expecting such capability. This sort of feature is available with AWS. We are deploying all the firewalls on AWS, but it would be easy if, in the future, such a feature is available from the OEM or Check Point itself. It will be very helpful for the organization.

We have had a couple of outages because of some misconfiguration. They were human errors but there were no prior indications that if we were making these sorts of changes, this would happen. People making the changes on the firewall were not aware of this, and that is the reason why the outage happened. In a financial organization, an outage of even five minutes can cost a lot.

In our organization, we have been using it for more than four or five years, but I have hands-on experience with it for the last three years. 

I would rate it an eight out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a five out of ten because I never got good support. Whenever I have raised a TAC case, their support has not been great. It is not as good as others.

They need to improve from a knowledge perspective. I had a couple of issues, and they could not understand those issues easily. They should not just take the logs and analyze the logs. They should be providing a solution. Being a financial organization, we cannot afford a long downtime. We expect a faster resolution. If a support engineer is not capable of handling a case, he or she should escalate it to a higher level, but they are not doing that on a regular basis. They make you lose days by dragging the case.

In my organization, we have two different Infra teams. We have the Network Security Infrastructure team that manages the on-premises setup, and then we have the Cloud Network Security team that manages the cloud. I am a part of the Cloud Network Security team, and we are using the Check Point firewall. The on-premises team was using Juniper and Palo Alto firewalls, and they are now using the Check Point firewall. It is one of the most effective products we have ever used, and that is the reason why that team has moved from other OEMs to Check Point CloudGuard.

We have deployed it on the cloud. We have AWS, Azure, and GCP clouds.

The deployment was done with the help of AWS CloudFormation templates which are very generalized. I just downloaded the templates and customized them as per our requirements. I faced a few challenges because I was not completely knowledgeable about CloudFormation, etc. It was not very challenging from the Check Point side. It was an easy deployment.

I faced a couple of challenges while integrating it with our existing ecosystem. Even though Check Point is the OEM, we have third-party vendor support here in India. The challenges that I was facing at the time were also new for them, so I sorted out those issues myself by referencing some online articles on Check Point. I was able to overcome those challenges at the time. It was not a big deal. There was no huge challenge.

Initially, we involved people from Check Point and the third-party vendor of Check Point, but at later stages, we were capable enough to develop things in-house, so we did it ourselves.

The Cloud Network Security team has ten people. I am handling the AWS cloud deployment along with a colleague. Other colleagues are involved in Azure and GCP deployment. Overall, there are ten people for deployment and management, but mainly, two or three people are involved in the deployment at a time.

We have deployed it in two regions. It is deployed in the Mumbai and Hyderabad regions of AWS in India.

We have seen 70% to 80% ROI. 

I do not know the exact price, but it is fairly priced. It is neither cheap nor costly.

As compared to other OEM vendors in the market, it is cost-effective for us. There are multiple things we need to consider while selecting a certain product. We have AWS, Azure, and GCP clouds, and we have multiple firewalls. All of our firewalls are Check Point CloudGuard firewalls. The cost can vary based on the licenses that you are using. For IPS, IDS, antivirus, antibot, and other capabilities, additional licensing costs might be there. When it comes to security, it gives us great security. Considering that factor, it is cost-effective for us.

I have not evaluated other solutions. Based on the input from my seniors, this is the best solution available in the market. I have heard that Palo Alto also has a cloud-based product called Prisma Cloud, which has some advanced features integrated by using AI/ML technologies. I would love to evaluate Prisma Cloud.

I feel confident using this product. In fact, I have completed a few certifications related to Check Point CloudGuard. I am a Check Point certified administrator, and I am also a Check Point Certified Cloud Specialist. I have also been working with automation-related things, and sometimes, we do some bash scripting and shell scripting to make things easier for us. Traditionally, you can only access the firewall via a CLI. That is the basic level, and at the next level, you should be able to do a few daily things in an automated way. I am very good at that.

I would recommend this solution, but it also depends on the requirements. It is a cost-effective solution. If you are a small organization or a startup, you do not need to have this solution. If you are a big organization with 5,000 to 10,000 users, you can go ahead with it. The ROI for our organization was up to 80%, but it necessarily would not be the same for other organizations.

Overall, I would rate it a nine out of ten.

Our main use case for Check Point CloudGuard Network Security is to provide a service to third-party organizations, as we are the vendor that implements firewall devices. Currently, we have implemented the network Check Point security firewall in many of our clients that is on-premises, but now we are exploring options for clients that are on cloud and we are trying to achieve the same level of security for the clients' machines that are on the cloud.

The main use case would be to use HTTPS inspection as well as a DLP feature that is provided in the Next Generation Firewall so that none of the traffic containing PII or PHI and personal HIPAA traffic does not get over the internet from our customers or from our end.

The best feature that Check Point CloudGuard Network Security provides is CDR, Content Disarm and Re-arm, where it inspects the files and then looks into the file, takes out the malicious code, reconstructs it and sends it to the user. Another valuable feature would be its Zero-phishing capabilities.

I have found the effectiveness of CDR and Zero-phishing features to be great, and we are even seeing it in our environment. We have not yet faced any phishing links in our organization as a result of the zero-phishing features of Check Point CloudGuard Network Security.

Check Point CloudGuard Network Security has positively impacted our organization by making our cloud platform more secure. Traditional firewalls cannot be relied upon to protect everything, and the firewall ratings for AWS as well as cloud native firewalls are not that high. Having Check Point CloudGuard Network Security in the cloud has helped us secure our cloud platforms.

The only thing that Check Point CloudGuard Network Security lacks is that for VPN, you need to buy a different model. You need to be in the HA sort of things to establish the IPSec between another firewall or maybe another cloud vendor, and that is the only thing that bothers me about Check Point CloudGuard Network Security.

We have recently been using Check Point CloudGuard Network Security.

Check Point CloudGuard Network Security is a stable product.

The pay-as-you-go model is very good for its scalability feature.

Customer support has been awesome, and they respond within fifteen to twenty minutes of opening the ticket. I would rate the customer support a ten out of ten.

Positive

We did not use any other solution prior to Check Point CloudGuard Network Security, as it is the first solution that we are testing.

The experience with pricing, setup cost, and licensing has been that the pricing is very competitive because of the bring your own license as well as pay-as-you-go model. We got the best pricing available.

I have seen a return on investment, and we are still in evaluation mode using a trial license. I believe that it will save our time because we can manage everything from a single platform.

We have not used any of the other products competing with Check Point CloudGuard Network Security. We are exploring it, and after this evaluation, we may think of exploring others.

I would rate Check Point CloudGuard Network Security around eight or nine out of ten.

We are currently using Check Point CloudGuard Network Security on public cloud on AWS. AWS is our cloud provider.

We did not purchase Check Point CloudGuard Network Security through the AWS Marketplace. We directly talked to the distributor and have been using a trial license for this.

Check Point CloudGuard Network Security provides unified security management across hybrid clouds as well as on-premises, which makes everything easy because you can push policies and see everything across every Check Point Next Generation Firewall across your entire cloud and on-premises in a single management server. This helps tremendously and makes our job much easier to view logs, push policies, and manage everything.

Check Point CloudGuard Network Security has helped us reduce our organizational risk significantly, and I believe in Check Point strongly because it has only four critical CVEs from 2020 to 2025. We do not have to have a major upgrade every time compared to its competition, which has had more than fifteen to sixteen critical vulnerabilities from 2020 to 2025. This certainly proves that Check Point's secured firewall OS security is better than its competitors and it will provide the best security to its network.

I feel very comfortable using Check Point CloudGuard Network Security because I have been using Check Point on-premises as well. Migrating to Check Point CloudGuard Network Security feels similar to doing the migration on Check Point Next Generation Firewall on-premises.

I utilize Check Point CloudGuard Network Security alongside Check Point Infinity Playbooks to have some automated tailored solutions. For example, if a certain IP address has a request of multiple times, maybe fifteen times per second, then I block that traffic, saying that it is a DDoS. This is what I am testing right now and it is working perfectly.

If you are considering using Check Point CloudGuard Network Security and do not want to compromise on security, then Check Point CloudGuard Network Security is the only product you should look for.

Public Cloud

Amazon Web Services (AWS)

Our end customer is using Azure to host a few applications in the cloud, and we utilize CloudGuard Network Security to secure those assets.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. Our customer is also using Check Point on-premises, so we have one place to create all of our policies. It is a lot easier than doing it at different places. We have the same policy in different clouds and on-premises. That is a great thing. There is a seamless experience and the same management. That is a great advantage over using Azure's native firewall.

CloudGuard Network Security has helped reduce our organizational risk by about 15%. That is because of the ease of working with one big policy that spans the entire organization.

With CloudGuard Network Security, we get a unified solution. It does not matter if we are on AWS, Azure, or Google Cloud. The migration with Scale Set is nice to work with. It is very easy to upgrade and so on.

Scale Set is highly beneficial. It is easy to upgrade and maintain. 

It is pretty great in all aspects, but the integration could be easier, especially with Scale Set and related features. It was somewhat challenging a few years ago to set it up, but once completed, it worked well. Easier integration with on-premises solutions could be beneficial.

I have used the solution for about three years.

The track record is excellent, with nothing to complain about.

The scalability is great.

Their support is great. We get quick responses. The customer support consists of very talented people. They are nice to work with.

Positive

I have used Azure Firewall. I have not extensively worked on AWS. In Sweden, our focus is primarily on Azure.

We went with CloudGuard because we have been working with Check Point products for quite some time. It is an easy choice. We are already familiar with on-premises network security, so choosing the same in the cloud is a big benefit.

Maintaining the policy is not difficult at all with CloudGuard. In fact, it is easier compared to Azure Firewall, which seems a few years behind Check Point. The solution is effective for utilizing all security features Check Point provides. Although I have not used all CloudGuard features yet, its network security is akin to an on-premises firewall.

We have a CloudGuard in the cloud, and we use normal quantum gateways.

It was not as simple as on-premises, but there were good guides on how to do it, so we managed in the end.

We are the integrator in this case. We managed the implementation for one of the end customers. However, we had support from local Check Point representatives.

The main return on investment has been in the time spent working with the solution. Since everything is unified in both cloud and on-premises environments, troubleshooting is faster.

It has saved about 50% of the time. If we had two solutions, we would have to troubleshoot two solutions.

Handling costs is not my department. Licensing has been quite acceptable. It is a bit easier now, but when I began working with CloudGuard, it was a bit too technical.

My overall product rating is a nine out of ten. A slightly easier setup process would be great. Check Point is performing well. The cloud is evolving rapidly, and Check Point is keeping up efficiently. 

Public Cloud

Microsoft Azure

I have implemented the solution for customers at about three or four different companies now. I primarily use it for general Cloud Security to protect Azure. In most cases, it has always been about securing Azure.

For me, Checkpoint in general is characterized by the ease of day-to-day use, management, log review, and all that. This is a big plus because I can execute these tasks effectively through the Cloud, which is the biggest point for me. It is a significant improvement over Azure's security features, providing enhanced security when Checkpoint is implemented. This is especially beneficial nowadays, as businesses are working with fewer people who need to accomplish more tasks.

In my experience, the failover times are a bit poor during an HA failover in the Cloud. However, this also depends on API calls in Azure, so there is not much I can do there. If there is something I could improve, it would be this aspect.

I would say that I have used Network Security for about two years.

The first few setups are always a bit uncertain, like wondering what is going to happen. The documentation is great, but the problem with Cloud technologies is that it changes all the time, leading to outdated documentation. It can be a bit challenging in the beginning, but once I get used to it, the process is acceptable.

The stability is good, apart from the failover I mentioned before, which takes a bit of time. Again, it is not really Checkpoint's fault; it is just due to Cloud architecture. Overall, stability is good, and upgrades are proceeding well.

Scalability offers two solutions: the gateway and the load balancer setup. The load balancer setup is fantastic. If I need anything, it spins up or spins down and works smoothly. When I adopted it around three years ago, I deployed clusters in the Cloud with two firewalls in HA, but the failover was not ideal. Depending on the scenario, I need to choose the right solution.

Technical support has greatly improved over the last couple of years. It used to be less effective, but now it is in a good state. Also, interactions with salespeople from Checkpoint are going well. I have talked with Palo Alto support as well, and Checkpoint is way better.

Neutral

I just started at the company I am working for now, but my previous customer used Palo Alto. They have the same products, of course, but the usability is not the same. It is stable and good, but the usability is not equivalent.

I use multiple approaches. First, I create an architectural design and check with their Cloud team to see their implementation of their environment. Depending on that, I proceed accordingly. It is really customer-based.

For us, it is not really applicable since we sell it and that is the end of it. However, the feedback from customers has been positive. It performs well, effectively doing its job without slowing down and stopping threats. I think the customer is also receiving a significant return on investment from the solution.

The most significant advantage for a day-to-day user like me is the logs. In Palo Alto, I need to manage brackets and everything, and issues arise if something is spaced incorrectly. In Checkpoint, I can input whatever I need and get the required results. This is a major win in troubleshooting. Logging is okay on both platforms, but if I know exactly what to type in Palo Alto, it is manageable. However, they are quite similar without too big a difference. For email security, Checkpoint offers a big advantage, but that is unrelated to Network Security.

I would give it a solid eight. This is quite a good score in my opinion. Absolutely. I rate the overall solution an 8 on a scale of 1 to 10.

I am using a Public Cloud deployment model.

I use Microsoft Azure as the cloud provider.

I am tasked with deploying firewalls in Azure Cloud, AWS, and VMware. This involves setting up virtual machines in VMware and is essentially focused on these tasks.

It does a great job protecting the clouds.

The important point is that the solution is integrated into our management system (if they already have Check Point). It's just one more gateway to add. We have it on Azure and others. The advantage lies in the integration within our existing ecosystem, which is amazing.

It's good at identifying threats and on par with the market - at least, in comparison to the others we work with. 

We have confidence in secure cloud deployments and integrations. It's important to have confidence. Even if nothing happens, you are protected, You never know when bad luck will happen. There are some public cases that were missing network security on the cloud, and they were affected. It's a must-have, like an insurance policy. 

The license model could be simpler. We have some issues with the license since it tries to be simple, and yet in some cases, it tends to be complex. Apart from that, I do not recall any other issues.

I have been using the solution for roughly four years.

The stability is generally good. Sometimes there are issues we do not understand, especially with older features. Outside of that, the stability is good. It could be better. For instance, when we are working on a release and do an upgrade, we start experiencing unexpected issues. New features might have problems, however, for existing ones, we expect the same level of functionality as before.

We do not use scalability. I do not have much experience with auto scaling, however, it could be beneficial. Usually, our customers use a model that involves bringing their own licenses with static gateways, not scaling out.

Check Point support has its ups and downs. Sometimes, the support is good, and other times, we are a bit desperate. Overall, I would say the customer service is good, not marvellous. There are some challenges.

Positive

As integrators, we also work with other solutions. The main difference is we can take advantage of integrative management. If you already have an environment with Check Point, it's easy and an advantage. 

We typically deploy to the cloud. We create an implementation strategy with our clients. 

Usually, the customer is very savvy and knows what they want. We provide some advice, however, usually, they have their own ideas on what to do and when to do it.

It is important to have this solution because even if nothing happens, you are not protected without it. You never know when bad luck might knock at your door. 

I rate it eight out of ten. 

You need to have some kind of protection in the cloud. Maybe the native protection is enough, maybe it is not. Having protection gives more confidence in the solution. 

Hybrid Cloud

Other

The primary use case for Check Point CloudGuard Network Security is auto-scaling, which is required for us and serves as one of our primary cases for use.

Features like Threat Extraction and Threat Emulation in Check Point CloudGuard Network Security are the most useful features for us.

Check Point CloudGuard Network Security has reduced our threat landscape to a great extent and is performing excellently when it comes to finding risks in external email attachments, which is the major benefit for us.

There is nothing where I have come to a roadblock where I think that a particular feature is missing. There is no feature that I think is missing.

I have been using Check Point CloudGuard Network Security for the last six years.

Integrating Check Point CloudGuard Network Security with a different solution works fine. Scalability is wonderful, and there are no concerns.

Integrating Check Point CloudGuard Network Security with a different solution works fine. Scalability is wonderful, and there are no concerns.

Technical support by Check Point is good. I can rate it nine out of ten.

Positive

Check Point CloudGuard Network Security was my first solution of this kind.

The setup was straightforward. The documentation was pretty clear, and as I followed it, the process was simple.

Implementation of Check Point CloudGuard Network Security did not take much time. Implementation was planned for several weeks, but the planning took a bit of time. The actual technical work did not take much time.

I implemented Check Point CloudGuard Network Security myself.

Pricing does not fall under my responsibilities as I am a technical person and do not focus on pricing.

I am not looking for any new solution.

Check Point, being the global leader in providing network security, also provides Check Point appliances. The operating system itself is time-tested, and this time-tested software platform gives us confidence. The firmware, Gaia OS, has given us the confidence to go with Check Point.

We are four people using the product in our organization at the moment.

The product is quite quick, but when it comes to communication, there is some lack of communication regarding escalation and related matters.

I have given this product a review rating of ten out of ten.

We have used Check Point for on-premise network security, normal firewalling, also application control, antivirus, et cetera. We have around 120 clusters with Check Point managed by MDS, and we also have a Maestro environment. 

We have some services in Azure cloud, and I have Check Point's product there to protect them. It's in development at the moment. 

Check Point CloudGuard Network Seucrity is easy to build in the cloud and easy to scale. You can create scale sets, and then it handles it by itself, how much traffic comes in, et cetera.

It has helped us have unified security management across hybrid clouds as well as on-prem. There are only a few services that you can't manage in our on-prem management. For example, if you are using SD-WAN or something, you must use the Infiniti portal with its services.

More support from our partners would be beneficial. A lot could be explained more. It's often a use case that the management is behind NAT, and I need to know what to do to connect my cloud gateways. Documentation is very good from Check Point, however, in this case, it could be better. Maybe more support in building up these environments would be helpful. We are a big company, so we have different teams, and guidance from Check Point would be useful. I need certain things, teams, and permissions, which might make it easier.

I have used it for network security for around 13 years.

I have no problems with stability. There is no downtime. Sometimes, it's a bit difficult to connect to our management.

I can create scale sets, and then it handles how much traffic comes in, adjusts usage, and then scales up or down.

I haven't used other solutions. I've only used other platforms, such as AWS and Azure. It has marketplace templates you can use.

The deployment is very good. It is plug and play. I can choose what I want and what kind of product, and then I simply click "continue" to start. YOu can make your own properties. 

I don't have much information about the pricing. 

We're a Check Point customer. 

It's a very interesting product. However, it's a whole infrastructure, so I have to learn a lot of things besides Check Point to set up the environment. On-premise, we also have switch infrastructure, and it's now something we are familiar with over the years. In the cloud, it's more about clicking here and there to pair it together, which is a different experience. Sometimes I don't know if something is missing because of cloud permissions or if it's due to a lack of knowledge. Maybe more support in building up this environment. 

I give it a ten out of ten.

Public Cloud

My primary use case is to protect the cloud applications that we store specifically in Azure. 

It has helped our organization with security. We have other Check Point firewalls, so we can accumulate everything in one place and manage everything in one place.

It provides unified security management. It makes things easier and faster. We can manage it all in one place in one policy package. We do not have to worry about anything else.

It has helped us reduce our organizational risk.

The most valuable features for me are related to management. I can use the data center objects directly in the policy without worrying about specific static IP addresses. The data center objects update automatically if the IP addresses change. 

There is room for improvement in how it handles deployment itself, but I am not sure. It could be due to Azure's limitations, not Check Point's. Deploying a new firewall is quite bulky and not straightforward, especially in managing the resource group and networks. These issues seem to come more from the Azure part. It is hard to tell.

I have used the solution for about a year now.

The stability is good. I find it really good.

We do not use it regularly, but I tested it and it is quite good.

My experience with customer service was good. On a scale from one to ten, I would rate it a nine out of ten, leaving a gap for improvement.

Positive

I previously used Azure Native Firewall. Other solutions were just tested. We did not use them. We left Azure Native Firewall due to the firewall's slow performance, especially for operations like applying rules. The general functionality of that firewall was incomparable to CloudGuard. 

We have a hybrid environment. We have Azure Cloud.

The initial setup was fine for me. All the complications likely come from Azure. Generally, from Check Point's perspective, it is pretty simple to set up the firewall and attach it to the management. It is easy.

In terms of the implementation strategy, we follow a default or standard deployment plan for all firewalls. It is pretty much the same for on-prem and cloud firewalls, with some differences depending on the cloud, but generally, it is the same list of things to do.

We are integrating ourselves. We did it all in-house.

From the engineering side, it reduces the amount of time I spend on doing changes on the firewalls, like adding rules, which eventually saves money for the company.

Generally, it has been fine for me. I can find my way around the price list, and it is pretty simple.

We did a comparison before we went with CloudGuard, though not for this customer. We generally researched different solutions like Palo Alto, FortiGate, Cisco, and Azure Firewall. We mostly work with Azure, so we did not look into AWS or other solutions.

We went for Check Point because of its ease of management, security features, and cost. Check Point management is way easier. It saves so much time. That is why I prefer to stick to Check Point solutions. Check Point was also one of the cheapest ones. 

The management part simplifies many things. Regarding security features, there are good competitors, and I can replace Check Point with them easily, but it is the management aspect that makes it different for me.

In terms of security threats, I have not done a lot of heavy testing on threats, but my experience is pretty much on par with Palo Alto solutions. FortiGate is a bit less, and I did not even try Cisco security. In my experience, the easy management of Check Point makes all the difference.

I would rate the solution an eight out of ten.