We are using Check Point CloudGuard as a firewall. Along with the firewall, we have incorporated multiple blades. Initially, the firewall used to be a single security device, and along with that, we required antibot, antivirus, IPS, and IDS devices. Check Point CloudGuard is a combination of all the devices and functionalities in a single device. It is a next-generation firewall. The main use case of this firewall is to protect our entire cloud and provide perimeter cloud security at L3 and L4 levels.
Manager - Enterprise Architecture and Cloud at Axis Bank
Cost-effective, supports automation, and provides good security
Pros and Cons
- "The most important feature is that we are able to use Check Point CloudGuard Firewall for our cloud security. We can make the deployment automated. We do not require manual intervention."
- "We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features."
What is our primary use case?
How has it helped my organization?
It is a next-generation firewall. Threat prevention and threat detection blades are available with the firewall. As soon as you enable the blades and you have the license for it, you are good in terms of threat prevention. You do not need to do any specific settings. You just need to enable the blade, and the firewall will take care of the rest of the things. That is how it works.
We are using the Check Point CloudGuard firewall with autoscaling in the AWS and Azure cloud. We have a minimum capacity of two firewalls and a maximum capacity of ten firewalls. If the CPU utilization increases or the memory utilization increases, the capacity will be increased to three from two. Till the service comes down to the threshold level, it will keep on adding more firewalls, so we have ease of operations. We do need not to worry about what we will do if a firewall fails.
When I joined my organization, we were using this CloudGuard firewall in the active/standby firewall cluster. In such a setup, the firewall that is active processes your traffic. The other firewall is in the standby mode. It is not processing the traffic, but it is still costing you. Even though it is not being used, it is still cost-consuming at the cloud level. We changed the setting to autoscaling. After adopting the autoscaling mode for this firewall, we need a lower number of CPU and memory. All the firewalls are active, so we need not worry about the standby firewalls and all those things. So, we have transitioned from these conventional active/standby firewalls to autoscaling firewalls. With this, we are able to save costs and improve performance. All the firewalls are active/active but with fewer CPU cores. When we have fewer CPU cores, we need less number of licenses, so we were able to save the cost. The performance has also been great.
What is most valuable?
The most important feature is that we are able to use Check Point CloudGuard Firewall for our cloud security. We can make the deployment automated. We do not require manual intervention. With the help of automation, we are able to deploy it within minutes, and we are able to discard it within minutes. We can do hardening and create policies. All those things are very advanced.
Secondly, Check Point is one of the big OEMs available in the world from the firewall perspective. It is better than Palo Alto and Juniper firewalls. It is one of the best firewalls available in the industry.
What needs improvement?
We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features. We are moving to infra as a code, so we are expecting more advancements in this product. Just installing the patches is not going to help us. They need to focus on this area.
I expect Check Point CloudGuard to come up with some AI/ML integration. A firewall is the first L3 security device available to you. It is the single point that manages or processes the traffic for an organization. There is a possibility that the device goes down or gets rebooted for any reason. The integration of artificial intelligence with the devices can help us to know in advance that there might be a surge in traffic. There might be a spike in the traffic, so we can have some additional firewalls integrated. This predictive analysis has to be there. This way, if required, a second, third, or fourth firewall can come into the picture. All the firewalls will process the traffic simultaneously. I am expecting such capability. This sort of feature is available with AWS. We are deploying all the firewalls on AWS, but it would be easy if, in the future, such a feature is available from the OEM or Check Point itself. It will be very helpful for the organization.
We have had a couple of outages because of some misconfiguration. They were human errors but there were no prior indications that if we were making these sorts of changes, this would happen. People making the changes on the firewall were not aware of this, and that is the reason why the outage happened. In a financial organization, an outage of even five minutes can cost a lot.
Buyer's Guide
Check Point Cloud Firewall (formerly CloudGuard Network Security)
July 2026
Learn what your peers think about Check Point Cloud Firewall (formerly CloudGuard Network Security). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
For how long have I used the solution?
In our organization, we have been using it for more than four or five years, but I have hands-on experience with it for the last three years.
What do I think about the stability of the solution?
I would rate it an eight out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a ten out of ten for scalability.
How are customer service and support?
I would rate their support a five out of ten because I never got good support. Whenever I have raised a TAC case, their support has not been great. It is not as good as others.
They need to improve from a knowledge perspective. I had a couple of issues, and they could not understand those issues easily. They should not just take the logs and analyze the logs. They should be providing a solution. Being a financial organization, we cannot afford a long downtime. We expect a faster resolution. If a support engineer is not capable of handling a case, he or she should escalate it to a higher level, but they are not doing that on a regular basis. They make you lose days by dragging the case.
Which solution did I use previously and why did I switch?
In my organization, we have two different Infra teams. We have the Network Security Infrastructure team that manages the on-premises setup, and then we have the Cloud Network Security team that manages the cloud. I am a part of the Cloud Network Security team, and we are using the Check Point firewall. The on-premises team was using Juniper and Palo Alto firewalls, and they are now using the Check Point firewall. It is one of the most effective products we have ever used, and that is the reason why that team has moved from other OEMs to Check Point CloudGuard.
How was the initial setup?
We have deployed it on the cloud. We have AWS, Azure, and GCP clouds.
The deployment was done with the help of AWS CloudFormation templates which are very generalized. I just downloaded the templates and customized them as per our requirements. I faced a few challenges because I was not completely knowledgeable about CloudFormation, etc. It was not very challenging from the Check Point side. It was an easy deployment.
I faced a couple of challenges while integrating it with our existing ecosystem. Even though Check Point is the OEM, we have third-party vendor support here in India. The challenges that I was facing at the time were also new for them, so I sorted out those issues myself by referencing some online articles on Check Point. I was able to overcome those challenges at the time. It was not a big deal. There was no huge challenge.
What about the implementation team?
Initially, we involved people from Check Point and the third-party vendor of Check Point, but at later stages, we were capable enough to develop things in-house, so we did it ourselves.
The Cloud Network Security team has ten people. I am handling the AWS cloud deployment along with a colleague. Other colleagues are involved in Azure and GCP deployment. Overall, there are ten people for deployment and management, but mainly, two or three people are involved in the deployment at a time.
We have deployed it in two regions. It is deployed in the Mumbai and Hyderabad regions of AWS in India.
What was our ROI?
We have seen 70% to 80% ROI.
What's my experience with pricing, setup cost, and licensing?
I do not know the exact price, but it is fairly priced. It is neither cheap nor costly.
As compared to other OEM vendors in the market, it is cost-effective for us. There are multiple things we need to consider while selecting a certain product. We have AWS, Azure, and GCP clouds, and we have multiple firewalls. All of our firewalls are Check Point CloudGuard firewalls. The cost can vary based on the licenses that you are using. For IPS, IDS, antivirus, antibot, and other capabilities, additional licensing costs might be there. When it comes to security, it gives us great security. Considering that factor, it is cost-effective for us.
Which other solutions did I evaluate?
I have not evaluated other solutions. Based on the input from my seniors, this is the best solution available in the market. I have heard that Palo Alto also has a cloud-based product called Prisma Cloud, which has some advanced features integrated by using AI/ML technologies. I would love to evaluate Prisma Cloud.
What other advice do I have?
I feel confident using this product. In fact, I have completed a few certifications related to Check Point CloudGuard. I am a Check Point certified administrator, and I am also a Check Point Certified Cloud Specialist. I have also been working with automation-related things, and sometimes, we do some bash scripting and shell scripting to make things easier for us. Traditionally, you can only access the firewall via a CLI. That is the basic level, and at the next level, you should be able to do a few daily things in an automated way. I am very good at that.
I would recommend this solution, but it also depends on the requirements. It is a cost-effective solution. If you are a small organization or a startup, you do not need to have this solution. If you are a big organization with 5,000 to 10,000 users, you can go ahead with it. The ROI for our organization was up to 80%, but it necessarily would not be the same for other organizations.
Overall, I would rate it a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Manager Enterprise Cloud at Axis Bank
Highly reliable, great visibility, and centralized management
Pros and Cons
- "The number of options it gives for deployment or security is valuable. When it comes to security, it has a feature that is super awesome for zero-day-based attacks. Their IPS is also very capable. We tested other firewalls, and we understood that it is the best one in the market."
- "The main issue that I have noticed is that for deployment, it still requires a dedicated management server, and the gateway is completely different. That sometimes can cause issues."
What is our primary use case?
Basically, we are using Check Point CloudGuard firewalls everywhere. We are using them at the perimeter and internally.
By implementing this solution, we wanted to protect our perimeter. We are using Check Point along with other solutions to protect our perimeter. We also have many application-level use cases that can be solved with Check Point.
How has it helped my organization?
Most of the things that we have are on the cloud. Its main benefit is reliability. We have tested so many firewalls on the cloud, but when it comes to reliability, other firewalls fail miserably. Check Point is very good. It is a very reliable solution. With other vendors, when you move something to the cloud, the features that they are offering might only work partially. We never faced any such issue with Check Point. They offer features that will work completely. Apart from that, they have solutions for almost every cloud use case. That is another thing we love.
CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. They have a centralized management server. There is a process called CME. If you have multiple clouds, such as AWS, GCP, and Oracle, and you are deploying CloudGuard across all the clouds, you have single management to take care of everything. This is why they provided a unified management solution. CME takes care of scaling and integration. It has a zero-touch approach. It takes care of everything. You just need to deploy it, and the connectivity should be there. It then takes care of everything. It drastically reduces the deployment time and administration overhead.
When any incident happened, it was able to tell us the particular packet associated with that. Based on its internal intelligence, it identifies everything. We were not even aware that there was an attack like that, but it gave us complete clarity about what happened and what was the attack journey. Visibility-wise, it has been very good.
It makes us confident in our security. We have proper visibility into the network. We can see exactly what is happening. We get this level of clarity. Especially when we offload the SSL capability on the firewall, we have unparalleled visibility on even the SSL traffic.
What is most valuable?
The number of options it gives for deployment or security is valuable. When it comes to security, it has a feature that is super awesome for zero-day-based attacks. Their IPS is also very capable. We tested other firewalls, and we understood that it is the best one in the market.
When it comes to the firewall capabilities, the level of information that it offers for any security incident is very good. It gives a very good clarity about what happened and at what time. It is very good.
There is centralization. You can manage everything in a single pane, and you have support for all the software. If it is a Kubernetes, you have a solution for it. If it is IOT, you can cover that. You have gateways as well for network security.
What needs improvement?
The main issue that I have noticed is that for deployment, it still requires a dedicated management server, and the gateway is completely different. That sometimes can cause issues. If it loses communication with the management server and you want to push any sort of critical policy, that would be affected. Apart from that, I do not see any issues. Everything else is going well.
For how long have I used the solution?
We have been working with Check Point firewalls for more than ten years. We are currently using Check Point CloudGuard firewalls.
Check Point also has NGFW firewalls. They are hardware-based firewalls. All the features are identical. The only difference is that one is on a virtual platform, and the other one is on a physical platform.
What do I think about the stability of the solution?
It is reliable.
What do I think about the scalability of the solution?
We are only using auto-scaling firewalls. The good thing is that it scales well. Within seven to ten minutes, it gets integrated with the management server. If there is a failure, the firewall will be ready within ten minutes.
We have a team of around seven people who take care of the network security part. Our environment can go up to 3,000. If you combine the server users and the end users, there are more than 10,000 users.
How are customer service and support?
We work closely with Check Point support when there is any issue or limitation. When we face any issues related to processing, scale-out, or delay, we definitely connect with the Check Point support. They usually provide the solution quickly.
I would rate their support an eight out of ten. The reason why I am not giving them a ten is that we are connected through a third party. We cannot directly engage with Check Point. We usually contact this third party, and they engage Check Point support. We have a technical person assigned directly, which is a good thing, but this is how we initiate the process.
How would you rate customer service and support?
Positive
How was the initial setup?
We are mostly relying on TerraForm. For us, the deployment is very straightforward. When you deploy, it will automatically integrate with its management server, so you do not need to put in any effort. The only thing is that you should have the connectivity between the gateway and the management server. Once you deploy, it automatically gets added to the management. The policy push is automatic. That is very good. So, when it comes to deployment, after pushing the code, you do not need to do anything. Everything will come online. That is the best part.
We do have a couple of gateways in management, but I do not take care of that part. I am mostly on the cloud side.
It takes five to ten minutes for initialization and then there is the management part. At the maximum, it will go up to 30 minutes. I usually see everything happening within 15 to 20 minutes and not more than that, but if there is any connectivity issue or any other error, then the duration will get affected. If it is straightforward, it will take a maximum of 30 minutes and not more than that. Because the integration is automatic, I do not need to onboard the gateway to the management server. There is a functionality called CME that takes care of the entire thing.
In terms of maintenance, it does not require any maintenance. The only catch here is that because it is a cloud version, when it comes to upgrades, you cannot upgrade the existing versions to newer versions. We simply deploy the new one. It is not a complicated task. This is the only thing when it comes to maintenance.
What about the implementation team?
I was the main person who took care of the deployment engineering part.
What was our ROI?
I do not have visibility on the ROI, but we are completely satisfied with the performance. We will continue with Check Point in the future. We have been renewing their licenses without thinking about any other firewalls. I consider it as a good investment, but this aspect is managed by a different team.
What's my experience with pricing, setup cost, and licensing?
We have an enterprise licensing team that works closely with Check Point. I know that we have an enterprise agreement with Check Point. That gives us some benefits, but I do not have more information about that.
Which other solutions did I evaluate?
We tried the Azure Firewall. It was good, but zero-day, URL filtering, and NAC capabilities were not there. It was a native firewall, but it was not able to fulfill our use cases. The main competition was against Palo Alto. When we did the comparison, we found Check Point to be more reliable. With the Palo Alto firewall, we had issues with autoscaling. It was not working as expected. These were the two that we tested. Being a bank, we cannot test everything. There was a discussion with Cisco as well, but we did not go with Cisco.
The advantage that Palo Alto has over Check Point is the GUI. They do not require a dedicated management appliance to be deployed to access the firewall capability. They do have that platform, but the individual gateway can be also accessed via a dedicated GUI. With Check Point, you have to have the software called SmartConsole. It is very good, but a company like ours has too many gateways. When you have so many gateways onboarded to the management, it will be slightly slow, but it is not a show-stopper. The GUI is good, but you require the client applications to be installed on your laptop. From the GUI itself, you would not be able to access them. That is one advantage of Palo Alto. You can straightaway access them through the GUI. The software that you need to install for Check Point is a huge one, so the performance depends on the machine. If you have many gateways associated, it can be a bit slow at times.
Check Point is a number one vendor based on the NSS labs and other regulators. In terms of performance and security, Check Point is always number one. Irrespective of how many firewall vendors are there, Check Point will always be number one. Check Point's capability to identify an incident is also very good. Its performance is also good. We were worried that if we moved to the cloud, unlike on-prem, we would not have any dedicated hardware to accelerate something. However, when we migrated to CloudGuard, we did not face any issues.
What other advice do I have?
When it comes to the cloud, I would definitely recommend the solution. One main thing is reliability. I appreciate Check Point for that. For an organization like ours, security is the main thing. Check Point has been able to protect us from various attacks. Autoscaling and other things are also working perfectly. We were able to achieve all of our use cases with the Check Point CloudGuard firewall. I do recommend this solution.
For zero-day attacks, I know there is technically no single solution, but our observation is that for most of the sophisticated attacks, if it is not already there, Check Point will have a solution within a day. When it comes to DDoS and bot-level attacks, Check Point has a sophisticated approach to prevent them in most cases.
Overall, I would rate this solution a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Check Point Cloud Firewall (formerly CloudGuard Network Security)
July 2026
Learn what your peers think about Check Point Cloud Firewall (formerly CloudGuard Network Security). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
Outstanding support, reasonable price, and enables our staff to securely work from home
Pros and Cons
- "The endpoint VPN is super stable. The routing is also very good. We tried a competing product first, but we could not make it work. We came across CloudGuard. The network routing across different virtual networks in Azure and AWS was way ahead of any of the other technologies. That helped us be able to cover the whole network using one single cluster."
- "They are coming out with more SD-WAN express route support from a firewall perspective. That would be great."
What is our primary use case?
We had the firewalls set up in the cloud systems. We were using them for VPN as well as the encryption of traffic coming in and leaving the cloud.
When COVID-19 hit and everybody started to work from home, we did not have a scalable VPN technology. Also, with more people working from home, security was a bigger concern. CloudGuard Network Security addressed both needs in one single product.
How has it helped my organization?
After implementing CloudGuard Network Security, overnight, 500 people could work from home on a secure and encrypted tunnel. What more could we ask for? When COVID-19 hit and everything closed down, we were able to spin this up within 2 weeks.
CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. There is a single admin client that you can use. You can have a firewall deployed on-prem. You can have a firewall deployed in GCP. You can have a firewall deployed in AWS or Microsoft Azure, but you can manage it all with a single pane of glass. You can have a single management station managing all of these.
We are very confident about it and our security. It is a very robust solution.
What is most valuable?
The endpoint VPN is super stable. The routing is also very good. We tried a competing product first, but we could not make it work. We came across CloudGuard. The network routing across different virtual networks in Azure and AWS was way ahead of any of the other technologies. That helped us be able to cover the whole network using one single cluster.
What needs improvement?
They have come such a long way. There may be other areas that other people use, but as far as I am concerned, I have been very happy with it. There are always newer features getting added and new encryption protocols coming. I can see where they are going and how far they have come. I have been using the Check Point firewall since 2010. It has been 14 years, and I have seen how they have improved.
They are coming out with more SD-WAN express route support from a firewall perspective. That would be great. They keep on launching new features. That is how they work.
For how long have I used the solution?
I was one of the first sites to use it as a PoC before they even introduced it to the world. It has been 4 or 5 years.
What do I think about the stability of the solution?
I would rate it a ten out of ten for stability. It has been running since we put it up.
What do I think about the scalability of the solution?
I would rate it a ten out of ten for scalability. It depends on your design. You can either have a static deployment where there is only one firewall, two firewalls, and four firewalls, or you can put it in the elastic mode where it will spin up as the load goes up. It will auto-scale up and auto-scale down. It is fantastic.
How are customer service and support?
They are fantastic. Their technical support is absolutely great. There is ownership right from the top down. They know their product. They stand by their product. If there is a feature that is not working, I have seen them write patches for me in 48 hours. They offered to provide the patch by Sunday evening in Tel Aviv, and by Sunday afternoon, I had an email saying that the patch was available for our download. We could download it and reinstall it. That patch was only written because of something in my deployment. It was not like they had 200 customers who complained about it. I was the only one complaining about it.
How would you rate customer service and support?
Positive
How was the initial setup?
We did a PoC for one week. We had some major issues because of sizing. We sized CloudGuard too small, so we made it bigger. The next week, we did another PoC, and it worked well. By the third week, we were done. We went live, and everybody was working from home.
I would rate it an eight out of ten in terms of ease of installation.
Their support was good. We set it up when nobody else in the world had seen it. We were probably the third company in the whole world to roll it out. We were that new to it. Nowadays, I would rate their support an eight out of ten, but in those days, it was one out of ten because we were all learning together.
What about the implementation team?
I was the only one involved in its deployment. To deploy this, you need to have a background in IT security and networking put together.
What was our ROI?
We have seen an ROI. 500 people were able to work from home. That itself is a huge ROI.
It is one of the top solutions in the world. We know that it is protecting our entire cloud infrastructure, so it makes a lot of sense.
What's my experience with pricing, setup cost, and licensing?
I quite like the way they priced it. It is very reasonable.
Which other solutions did I evaluate?
We did evaluate other solutions. We looked at Fortinet, and they could not do cross-VNet traffic at that time. We spent almost five or six days. We worked 10 to 12 hours a day. Even after 60 to 70 hours, they could not make it work, but it worked out-of-the-box with CloudGuard Network Security. In terms of ease of use, CloudGuard Network Security is any day easier.
We did not just go with our cloud vendor's cloud firewall because the cloud vendor did not have a firewall at that time. Secondly, even if they did, it is always good to have a third-party product protecting the cloud. If we are using AWS, I would not put an AWS firewall there because if there is a compromise somewhere else, it is most likely going to carry over to their firewall too because everything runs on the same fabric, whereas this is separate. It gives a completely independent security front end.
What other advice do I have?
I would definitely recommend it. I have used it. I know how it works.
Check Point has been one of the pioneers of firewall technology. This is the only product that they really do. They are into cybersecurity firewall technology. They are not like other competitors, such as Cisco or Fortinet, who also have network switches, hubs, routers, etc. Check Point is a dedicated company that does cybersecurity. All in all, this is what they do. You can see the investment coming from the top down. They have ownership of the product. I have raised complaints that have gone up to Gil Shwed. He is the CEO and the founder of Check Point. I have got an email from Gil saying that he knows we are frustrated, but they are working on it, and he will make sure that this gets fixed. That is the kind of ownership they have.
Overall, I would rate CloudGuard Network Security a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Network security engineer at a tech services company with 201-500 employees
Automation and APIs streamline integration and boost confidence in cloud deployments
Pros and Cons
- "It gives us more confidence in secure cloud deployments."
- "The most valuable feature is the automation and the APIs, making our life much easier for integration."
- "Better documentation would be welcome."
What is our primary use case?
Most people ask me to integrate with Point CloudGuard and SecureNet Network. One big client wanted to move his on-prem data center to CloudGuard Azure, and I provided the CloudGuard Network Security Solution for him. His data center was also rendering to our clients, so it was messy. However, it gave them more confidence in Security CloudGuard deployments and integrations. It was quite easy with Terraform, resulting in a very easy deployment.
What is most valuable?
The most valuable feature is the automation and the APIs, making our life much easier for integration. Check Point has excellent, very useful tools to help us with the poster and to see if we're passing the grade.
It gives us more confidence in secure cloud deployments. The network security was very easy to migrate. We did it with Terraform. I just filled in the blanks and Terraform did everything else.
Check Point CloudGuard NetWork Security provides unified security across hybrid clouds as well as on-prem. It's more or less the same across deployments.
Check Point helps companies with their security posture. It has useful tools to help with this aspect to improve security.
What needs improvement?
I'm not sure if I have the experience to discuss improvements.
The deployments can be difficult if a person doesn't know what they are doing.
Better documentation would be welcome.
For how long have I used the solution?
I have been using the solution for a bit over a year. It has been one year and four months or something like that.
What do I think about the stability of the solution?
So far, I haven't had any stability issues.
What do I think about the scalability of the solution?
I haven't had any experience with scaling problems. I didn't need to scale up for my client or use automated scaling.
How are customer service and support?
Support were very helpful. They usually respond quite fast, and they are very knowledgeable about what they do. When we have a problem, we can solve it immediately, and sometimes a one-on-one meeting can be very insightful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I didn't use other vendors since I specifically handle Check Point in my company.
How was the initial setup?
The initial setup is straightforward. First, I speak with the client to understand everything he needs, his current deployment, and how it's done. In the meantime, we can see if there are improvements or small tweaks needed. Then, I deploy in a test environment to ensure everything works without conflicts. Finally, we do a test with Check Point - not a full deployment on the production side. If everything works in the test, we start migrating slowly to the production side. Implementation usually takes one to two weeks.
What about the implementation team?
The deployment could be done with one person if the person knows what they're doing. It iss very easy. Someone who is not familiar with CloudGuard and cloud solutions might find themselves a bit lost with too much information and not knowing where to look.
What's my experience with pricing, setup cost, and licensing?
I don't have insights on the list price.
What other advice do I have?
I would give an eight out of ten for the overall product rating.
I'm a Check Point distributor, mainly.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Distributor and Integrator
Security Engineer at a tech consulting company with 51-200 employees
Enhanced network security with improved visibility and ease of management
Pros and Cons
- "The URL filtering provides a lot of added value compared to the Azure Firewall."
- "The reporting needs enhancement. Currently, we are not always aware of the gateways' status, like CPU and RAM usage."
What is our primary use case?
We use Check Point CloudGuard Network Security to replace an Azure Firewall, securing the network flow in our organization.
What is most valuable?
The URL filtering provides a lot of added value compared to the Azure Firewall. It is easier to use and offers much more visibility on the network activities. It helps us manage our security operations by reusing on-prem solutions with the cloud, therefore improving ease of use.
What needs improvement?
The reporting needs enhancement. Currently, we are not always aware of the gateways' status, like CPU and RAM usage. It would be beneficial to have a report that manages everything and gives an overall view of what is going on.
For how long have I used the solution?
I have been using it for six to ten months.
What do I think about the stability of the solution?
I have experienced a few issues where connectivity is lost temporarily, however, it does not affect traffic processing. It is more about not having management information for a few seconds.
What do I think about the scalability of the solution?
The scalability is really good and relies totally on CloudGuard, whether it is on Azure or AWS. At least on Azure, it works fine.
How are customer service and support?
The customer service is good. They helped me with the few issues I had, meeting my expectations. Their support for traditional security projects is good, and I found the same support quality for cloud projects.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used solutions for on-prem security management, yet not for the cloud.
How was the initial setup?
The initial deployment was easy, taking about a week.
What other advice do I have?
I rate the overall solution an eight out of ten. It would be ideal to have improved reporting features for a comprehensive overview.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr Security Engineer at a computer software company with 51-200 employees
Robust protection with advanced threat prevention, seamless scalability, and centralized management, ensuring comprehensive security for cloud environments
Pros and Cons
- "Additionally, the centralized reporting and management, accessible through a single pane of glass, offer consistency and efficiency across multi-cloud environments."
- "While Check Point does offer some VWAN offerings, they appear to be more static and less tailored to cloud-native environments compared to Palo Alto's dynamic and flexible approach."
What is our primary use case?
Many traditional on-premise customers transitioning to the cloud often prioritize solutions like CloudGuard, especially when dealing with scale sets and clusters. These customers are accustomed to constructing their own network infrastructure and are drawn to CloudGuard for its compatibility with these setups. This primary use case highlights the appeal of CloudGuard for organizations seeking to maintain control over their network security while migrating to cloud environments.
How has it helped my organization?
The unified security management significantly impacts security operations and management positively. It's undeniably beneficial, offering streamlined processes and enhanced control. With the rise of infrastructure as code and tools like Terraform, there's a shift towards a separate manager pushing policies to gateways, which can introduce complexity. However, advancements like dynamic resets, enabled directly on the gateway without manager intervention, represent a significant leap forward, simplifying operations and propelling the company towards more efficient security management.
The most significant benefit for our customers lies in the familiarity and comfort of transitioning from on-premise Check Point solutions to CloudGuard's unified management system. This seamless continuity offers reassurance and confidence in navigating the cloud security landscape, making the transition smoother and more intuitive for them.
When compared to other migration solutions in terms of identity-centric security threats, Check Point stands out for its efficacy rates, particularly evident in its threat cloud and AI capabilities. The integration of various security features, along with the collaborative aspect where information from all Check Point Gateways feeds into a collective pool, underscores the robust security aspect of the platform. This is where Check Point consistently sets itself apart in the security landscape.
We maintain a high level of confidence in our security posture, provided everything is configured correctly. Check Point offers additional solutions to address gaps beyond the firewall's capabilities, especially in scenarios where threats may circumvent it or exploit other entry points. Network security alone may not suffice, but Check Point's supplementary solutions, such as Network Calabrio, complement our defenses effectively, serving as a solid foundation for our overall security strategy.
Our clients appreciate the familiar look and feel of Check Point's interface, which maintains the security standards they've come to trust. While there are numerous reports comparing efficacy rates of cloud-native solutions, they often fall short in comparison to third-party vendors like Check Point.
What is most valuable?
The auto-scaling feature is undoubtedly one of the most valuable aspects of having Check Point security in the cloud. It provides excellent protection by dynamically adjusting resources based on demand. Additionally, the centralized reporting and management, accessible through a single pane of glass, offer consistency and efficiency across multi-cloud environments. This unified approach ensures seamless security management regardless of the cloud platform, making it a highly advantageous feature of Check Point's cloud security solutions.
What needs improvement?
Check Point's primary competitor, Palo Alto Networks, offers a SaaS firewall solution that can be deployed in both traditional virtual networks (VNETs) and virtual wide area networks (VWANs). This firewall solution features auto-scaling and consumption-based pricing, allowing users to scale according to their needs seamlessly. While Check Point does offer some VWAN offerings, they appear to be more static and less tailored to cloud-native environments compared to Palo Alto's dynamic and flexible approach.
For how long have I used the solution?
I have been working with it for approximately five years.
What do I think about the stability of the solution?
In terms of stability, I've never encountered any issues where a gateway went down or experienced faults. My experience across various environments has been consistently positive, without any instances of gateway crashes or failures for any specific reasons.
What do I think about the scalability of the solution?
The scalability aspect functions seamlessly, although there's a significant process involved, particularly with the CME and management components recognizing new gateways and pushing necessary files. Despite the complexity, the CME serves as an effective tool for deploying scripts and managing tasks. However, the requirement for management to push configurations to the firewall adds an additional layer of intricacy beyond simply pushing to the gateway.
How are customer service and support?
The technical support provided by Check Point is commendable. Once a case reaches the right hands, resolutions are often swift. However, there can be challenges in initially getting the case directed to the appropriate personnel, which is not uncommon for organizations of our size. I would rate it seven out of ten.
How would you rate customer service and support?
Neutral
What about the implementation team?
I've implemented various deployments, with one of the most extensive being a multi-tier architecture utilizing different scale sets for handling ingress, egress, and east-west traffic internally. This particular deployment spanned across two regions, with a total of twelve instances distributed among the scale sets, each serving a distinct function. Essentially, it aimed to replicate a traditional data center environment in the cloud, catering to the specific needs of the organization.
Which other solutions did I evaluate?
Lately, I've been engaged in numerous discussions surrounding cloud-native firewall solutions like AWS Firewall or Azure Firewall, as well as offerings such as Palo Alto's SaaS firewall and CloudGuard NGFW.
CloudGuard compares favorably, offering a familiar and user-friendly experience akin to Check Point's traditional products. The trend towards cloud-native solutions is evident, particularly among non-security-focused individuals. The flexibility to assist in migrating customers who are embracing cloud-native approaches, integrating seamlessly with platforms like Azure WolfStack and AWS real stack, is a significant advantage. This ease of migration is a notable strength of competitors like Palo Alto.
What other advice do I have?
It functions well, especially the auto-scaling feature, despite the complexity involved, particularly with integrating Azure load balancers. Consolidating these components would be beneficial, but without a SaaS offering, reliance on Azure's resources or cloud-native resources remains a factor. Overall, I would rate it eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Senior Network Security Engineer at a manufacturing company with 10,001+ employees
Helps to have unified policies and stands out with high-availability gateways
Pros and Cons
- "We are using gateways, and I appreciate the high-availability gateways they have. They stand out more than the competitors."
- "Some more built-in marketplace templates would be nice. It would be nice to see more vendor assistance in deployments and backup of recoveries versus having customers rely upon that themselves. That would make it a lot more seamless and aligned with the standard on-premise model that is there. Check Point can extend the same posture that they have to CloudGuard and make that transition very seamless."
What is our primary use case?
We are using it for in and out of our cloud from on-premises. Security from our SD-WAN and express route connectivity is our main use case.
We also have vendor integrations. SAP RISE was the big one that we recently had where we were using dedicated CloudGuard network gateways for straight vendor implementations.
How has it helped my organization?
The ease of deployment has been a benefit. Having Check Point on-premises definitely helped with moving to the cloud. It feels very similar after you migrate. It was not as cumbersome as on-premises, and it was a little less scary for others. It enabled others within our company to adopt.
We have unified security management across hybrid clouds as well as on-prem. We are using just gateways to the cloud, and we have the same management server and the same console as on-prem gateways. It definitely allows you to have unified policies across the board. This seamless integration is a huge plus. Smart-1 Cloud is the next portion to go up to, so we can remove the complexity of management, such as login and whatnot, from our responsibilities.
By using CloudGuard Network Security, we have a good foundation. The history of Check Point has a reliability that I trust. Most of the improvements we do are more internal. There are actions that we, as customers, need to do. It helps to have vendors like Check Point who will go out of their way to help you make their product seamless. It is only as good as how you use it. That has been a big positive, and we have had a good accounts team that has been able to bring proper resources to us, and we encourage those additional resources they provide to us to help us be successful.
For identifying security threats, our company uses a portfolio of different kinds of vector spots and inspection spots. Some of that is handled by another team, and I do not have direct insight into that. However, it has definitely added some automatic reaction with our on-premise setup, which has helped us integrate cross-platform. That portion has been great because no one wants to be too vendor-dependent. You want to be vendor-agnostic. The fact that we can utilize it across multiple vendors has been a positive for us.
What is most valuable?
We are using gateways, and I appreciate the high-availability gateways they have. They stand out more than the competitors.
The Check Point architecture team adapting fluently to the architecture that each cloud has is valuable. They are adaptive to customer solutions, which is a big advantage.
What needs improvement?
Some more built-in marketplace templates would be nice. It would be nice to see more vendor assistance in deployments and backup of recoveries versus having customers rely upon that themselves. That would make it a lot more seamless and aligned with the standard on-premise model that is there. Check Point can extend the same posture that they have to CloudGuard and make that transition very seamless.
Check Point does not have as big a footprint in engineering teams as Cisco or Palo Alto has, especially in the US market. Therefore, finding someone who understands Check Point is a lot harder. If Check Point can make it easier for seamless transitions, it will build the confidence of engineers and help with the adoption of a new vendor for those engineers. Anything they can do to help with that is a competitive advantage, and it works for any company looking into it.
For how long have I used the solution?
I have been using CloudGuard Network Security for about three years.
What do I think about the stability of the solution?
It is very stable, but in any virtualized environment, you are still dependent on your cloud provider. If Amazon, Microsoft, Google, or any other cloud provider reboots the gateway because they are doing some maintenance and did not tell you about it, it is not Check Point's fault. It is something where you have to correlate whether you had an outage or lost a node. You still have to report that. It still looks like that your Check Point firewall went down, so guilty until proven innocent type of deal comes into play. That has been a little bit more challenging than when it is your hardware on-premises. Outside of a power issue or an upstream switch, if something goes wrong in the box, it is not on Check Point. At that point, you can hammer down to the cloud. Having shared resources makes it a little bit difficult to delineate. You have to go case by case.
What do I think about the scalability of the solution?
I have not directly experienced the need for scaling, particularly horizontally. Based on studies, presentations, documentation, and architecture, scalability is definitely there, so I have confidence that if my business needs to shift to high throughput and high sessions, Check Point will have a solution for me to do that seamlessly.
How are customer service and support?
I have always had challenges with TAC. There still seems to be a difference in the type or level of tech support you get based on the region you call into. That has been a little bit more challenging. We have had issues with getting the same candid answers where they were regurgitating without looking through. At the support level, we have had some challenges back and forth, but when we talk to our account team or our sales engineer and say that we have a problem, their reaction is very quick. Their escalation internals take care of that. They get us the right people.
For additional deployments from the cloud perspective, we have always had great contacts to get to. I have been very happy with the level of support Check Point has given us for new deployments' design ideas and problems. The feature roadmap they chose has been excellent.
Overall, I would rate their customer service and support an eight out of ten. I am dropping points because of the TAC issues that I have had.
Which solution did I use previously and why did I switch?
We do use another vendor that does a similar function. The vendor is Fortinet. Both vendors have their own pros and cons. The big difference between the two from a cloud network security perspective is that the high availability model that Check Point has is not what the competitor has. So, you are still relying upon load balancers, and you are still relying upon cloud failover, which adds a little bit of complexity. This high availability has been a huge plus. We have not seen our current vendors or other vendors be able to do so.
We, as such, have not switched. We have a different vendor we use, and we have not made the decision to switch. We are still at that deciding factor because we are seeing where things fit with both platforms. From an ROI perspective, switching would not be advantageous to us at this point based on what we are getting, but it is definitely something that is looked upon as we look at life cycles. We can then make a decision one way or the other to meet our business needs.
The decision to go for CloudGuard instead of our cloud vendor's cloud firewall was predated. There were some implementations that were already there. We have made additional investments where we did go between vendor A and vendor B and made a decision. I made the decision and chose Check Point, not just for the single pane of glass and ease of management but also for the high availability. For the high availability that we were deploying, there was no other solution that could give us the seamlessness we were looking for. We could not get that from other vendors, so it became evident that going for Check Point was the right decision to make.
How was the initial setup?
We are a Microsoft Azure Shop, and the deployment model would be high-availability gateways. We are not using gateway low balancers. We are just using the high-availability deployments.
In terms of ease of deployment, I cannot speak for the earlier years, but I did hear that there were some pain points. That was more of a combination of cloud maturity in Microsoft and Check Point integrations. There were other challenges related to intermixing and the knowledge base. This was when Check Point was new to our company, and we probably did not have the right MSP support. A lot of those gaps and failures were due to the support and not having that strong knowledge base and operating support afterward. Recent deployments, from 2020 to 2024, are different. There is a night and day kind of difference. We had instant Check Point support. They walked us through and sat on the call while we deployed in real-time with our CloudOps teams. It was seamless. We ran into a gap, and we were easily able to fix it right then and there. They were very collaborative. It has just been a night-and-day type of scenario.
What about the implementation team?
For the first implementation, we used an MSP consultant in collaboration with Check Point. We did the recent deployment in-house directly with Check Point.
What was our ROI?
We are yet to figure that part out. There is a lot of tuning on our side, and we have definitely seen its remediation and prevention capabilities help us in very critical situations. Knowing that we could be proactive instead of constantly being reactive has definitely put me at much more ease at night. There are some improvements to that.
Investment-wise, this is where you look at the consolidation and realize that you might have different vendor technologies that might be doing the same thing. This is something we will have to look at. It is not necessarily a Check Point problem. It is something that we, as an enterprise, have to look into.
What's my experience with pricing, setup cost, and licensing?
My experience has been extremely positive. It was not a concern because I had an account team that fought for pricing for our company. They were not pushing me to professional services for certain help. I was instantly getting a CloudGuard architect to help us out. They understood our environment and bridged the gap where we needed that help with our public cloud provider and with Check Point, in this case. That is what made the experience. They allowed us to scale it well, and that is where Check Point has done very well.
They realize that customers need to be adaptive in their cloud deployments, and they are much quicker than on-prem. They know that in the end, their product speaks for itself, so pricing has always been very competitive compared to other vendors. I have always had account teams no matter what company I have worked for, and they have always done a good job of meeting that gap. So, its pricing was not the reason we made the decision.
What other advice do I have?
I would rate CloudGuard Network Security a nine out of ten. The ease of template deployment would have been nice. There was also a little bit of weirdness with the licensing models for our on-premise management. That is pretty much it. Otherwise, I am extremely happy with it. They are not negatives. It is still great.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Network Architect at Thomson Reuters
Unified security management, excellent support, and competitive pricing
Pros and Cons
- "The query feature is going to be a game-changer for us as we move forward."
- "We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1."
What is our primary use case?
We primarily use it for egress internet traffic for four clouds, as well as between clouds to on-prem. Those are the main use cases. We have another small use case for ingress traffic, but it is a very small use case right now.
By implementing CloudGuard Network Security, we wanted to get network visibility in our clouds. That was the main point. We also wanted to provide a segregation layer with stateful inspection with all the next-generation features, such as IPS.
How has it helped my organization?
CloudGuard Network Security certainly has made our organization more secure. Our business partners cannot inadvertently open up the access that they should not be just to get things done. They now have to go through our firewall. We have got the inspection layer. Our security organization can see threats if they come in and take action on them. We were able to realize its benefits almost instantly.
CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We heavily use global policy to join on-prem and the cloud, as well as multiple clouds. It is a huge benefit for us as we can set a global standard for policy and then push that across all the different security zones.
We are very confident in our cloud network's security. We have had many years of experience developing it, so we were very aware of the design and the solution within each cloud. We are confident with how we deploy it, and we have plans to make it more efficient as we go.
What is most valuable?
Most recently, it would be the dynamic objects or datacenter objects. The query feature is going to be a game-changer for us as we move forward. It simplifies our policy, and it gives us a way to dynamically learn and discover things in the cloud instead of having a static way.
What needs improvement?
Currently, we are struggling with licensing just because of the pace and growth of our cloud. Keeping up with licensing for new regions and new gateway usage is certainly something we are looking into. We are working with our accounting to figure out how we can improve. The licensing piece is big for us.
We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1.
For how long have I used the solution?
I have been using CloudGuard Network Security for probably five years.
What do I think about the stability of the solution?
From our experience in five years, it has been very stable.
What do I think about the scalability of the solution?
It seems to be very scalable. We have plans to increase the usage of CloudGuard Network Security.
We do scale sets across our clouds and across many regions globally. The number of applications behind it is in the hundreds if not thousands.
How are customer service and support?
It is an excellent service. I would rate their support a nine out of ten. Improving a little bit in the smaller clouds such as Oracle and Google would help a lot.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not specifically use any similar solution in the cloud. It was brand new.
How was the initial setup?
We have a public cloud and then a hybrid with on-prem. We have AWS, Azure, Google, and Oracle.
In terms of the version, on-prem, we use Maestro, and in the cloud, we use the latest CloudGuard. We use the software version R80.40 and are about to upgrade to R81.20.
Its deployment was a little complex for us because we have a very large cloud environment and we are multi-cloud. We had an existing estate, so it was hard to put a firewall in the path and not break things.
We are still implementing it because we are taking a cloud-by-cloud approach. We have done AWS and Azure. It took probably two years to do that, so I would assume that for Google and Oracle, it is going to take at least a year.
In terms of the implementation strategy, we first develop the IEC for the code to deploy it, and then we deploy it and test it in a sandbox environment. We then deploy it to non-prod and roll it out to those regions, and after that, we would do the same with prod.
What about the implementation team?
We implemented it ourselves.
What was our ROI?
We have seen an ROI, but I do not have any metrics.
What's my experience with pricing, setup cost, and licensing?
Pricing-wise, it is pretty competitive. However, I would like to see more flexible licensing. There should be more of a consume what you need and true-up type of model.
Which other solutions did I evaluate?
In the past, we have evaluated other solutions. When we tested them, they did not have the same feature set or functionality that CloudGuard had. When I initially tested years ago, the scaling probably was not as efficient. The support was also a big factor. The support that we got from those vendors was not as good as from our account team with Check Point.
When we looked at the cloud provider firewalls, they did not match up to what Check Point could do with the various deep packet features and functions like IPS. The feature set was the main difference. At the time, the cloud providers could not provide IPS or deep packet features. That was a big driver for us with Check Point. The fact that we could not integrate policy with our on-prem firewalls, which were from Check Point, was another big driver because we wanted a unified policy. Our existing relationship with Check Point helped as well.
What other advice do I have?
To those evaluating CloudGuard Network Security, I would advise certainly engaging with the Check Point account team. Get their solutions team to help you walk through the solution and talk to others in the industry about their experiences.
The biggest lesson that I have learned from using this solution is to deploy it as soon as you can in your cloud journey.
I would rate CloudGuard Network Security a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Technology/Systems Consultant at a computer software company with 501-1,000 employees
Efficiently manages varying workloads and provides good insights
Pros and Cons
- "We get good insights into security, and we are more secure because we have more insights than we would get from other products."
- "We are having issues with updatable objects in the Scale Set solution. It needs to be fixed by Check Point."
What is our primary use case?
We have been using Scale Set with Check Point. We use it to scale up and down in Azure depending on the workload. It is scalable, and it is easy to scale up and down depending on the usage. If we have a lot of traffic, it automatically adds a new firewall, and if the traffic slows down, it just removes the firewall. I do not need to worry about the load because it would not be an issue when scaling.
How has it helped my organization?
The management server provides unified management. We save a lot of time by not having to log in to different platforms. It is good to have everything in the same place. It saves maybe half an hour a day.
What is most valuable?
We get good insights into security, and we are more secure because we have more insights than we would get from other products.
What needs improvement?
We are having issues with updatable objects in the Scale Set solution. It needs to be fixed by Check Point.
The setup instructions are not correct. They should be corrected. We sent the product feedback last week. Several things were misspelled and incorrect in the documentation, and it got updated.
For how long have I used the solution?
We have been using Scale Set with Check Point for about four years.
What do I think about the stability of the solution?
We do not have any issues with the product. Usually, the issues are with the Azure platform, such as an Azure host going down. It is not a Check Point issue.
Which solution did I use previously and why did I switch?
I have been working with Azure Firewall for five years. It is a lot smoother to work with Check Point. When it comes to rule sets and IPS, Azure Firewall does not have too many functions. It does not look nice, and it is not easy to make rules. It is a lot of a headache to work with Azure Firewall. It also costs a lot more.
We cannot get any fancy reports from Azure Firewall the way we can from Check Point. We do not have any insights with Azure Firewall. We get a lot better insights with Check Point.
How was the initial setup?
It is easy if you know what to do. If you follow Check Point instructions, it is hard because the instructions are not correct.
What's my experience with pricing, setup cost, and licensing?
I do not have too much to compare to, but if I compare it with Azure Firewall, Scale Set is quite good. It has quite a good price.
What other advice do I have?
I can only speak for Scale Set. I would rate it an eight out of ten because it is a good solution. I like it.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Global network and telecom director at a hospitality company with 10,001+ employees
Offers central console management that ensures we have uniform threat prevention policies
Pros and Cons
- "The most valuable feature for us is the scale set, which allows us to scale horizontally, vertically and dynamically depending on the traffic load."
- "There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful."
What is our primary use case?
I use it to protect our public cloud workloads today. It safeguards them directly from the internet and also from the corporate network. We have interconnected our Azure environments with our on-premises network, including our data centre. CloudGuard Network Security helps protect workloads within Azure from both the corporate network and the internet.
How has it helped my organization?
CloudGuard Network Security has significantly improved our operations. Its automatic scaling capability, based on the network load, eliminates the need for capacity planning.
We don't need capacity planning anymore or do proactive actions in order to always have that capacity planning, it does it automatically. Our network engineers now focus on administering the entire cluster rather than managing individual members and their loads.
Our confidence in our cloud network security is pretty high, largely because of central console management. It ensures that we have uniform threat prevention policies applied globally, which significantly boosts our confidence in the system.
What is most valuable?
The most valuable feature for us is the scale set, which allows us to scale horizontally, vertically and dynamically depending on the traffic load.
It provides us with unified security management across both CloudGuard and on-premises environments. We use CloudGuard Network Security for Azure and have a single management console that allows full visibility into logs and consolidated logs across all environments. This ensures we maintain consistent IPS, IDS, and threat prevention policies across all regions and data centres.
What needs improvement?
There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful. A more cloud-native approach is needed because even it is PaaS services require public cloud resources, even if the traffic load is low. These resources are still required for high availability and resiliency.
So, a full PaaS solution with improvements on that end, basically.
For how long have I used the solution?
I have been using it for five years now.
How are customer service and support?
We have many different firewalls worldwide in our environment. Check Point support provides direct, 24/7 support, even when some components may be outdated. Since almost 95% of our hardware is supported, they're still able to provide support for the remaining 5%, which is greatly appreciated.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We opted for CloudGuard primarily due to two factors, which ultimately became three.
- First was the Azure consumption cost, which was lower compared to competitors.
- Secondly, its plug-and-play capability is straight out of the box, as deployment is directly made from the Azure Cloud Marketplace. In contrast, with competitors, you have to manually import and deploy the image they provide, which isn’t off the shelf.
- The third factor was the scaling solution offered by CloudGuard, which we found to be the fastest.
How was the initial setup?
I was involved. It was straightforward, out of the box, plug and play.
What about the implementation team?
We didn’t use a reseller or integrator; it’s really simple to deploy, and we had the capability to set it up on our own.
What was our ROI?
I haven't calculated it because we deployed CloudGuard Network Security as part of our cloud journey. The ROI wasn't calculated solely on that part; it was more about the overall process of closing the data centre and moving to the cloud.
What's my experience with pricing, setup cost, and licensing?
The licesning has some good features. For example, the scaling feature is free of charge, allowing multiple scale-ups and scale-downs over a two-week period, which is pretty good.
However, since we are still on an IaaS infrastructure, we end up paying for firewalls that are operational without actually handling traffic loads. This is why a PaaS approach would yield more benefits for us.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. The reason it's not a ten relates to the need for a more cloud-native solution that fits today's requirements. The deployment was five years ago, and we're still waiting for Check Point to evolve to truly have cloud-native capabilities.
I'd advise looking into the scale set feature and the out-of-the-box capability, which were really the silver bullets for us. It was a strong requirement, and if anyone is seeking that kind of solution, I would greatly recommend it.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free Check Point Cloud Firewall (formerly CloudGuard Network Security) Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2026
Product Categories
Firewalls Managed Security Services Providers (MSSP) Software Defined WAN (SD-WAN) Solutions Cloud and Data Center Security WAN Edge Unified Threat Management (UTM)Popular Comparisons
SentinelOne Singularity Cloud Security
Palo Alto Networks NG Firewalls
Cato SASE Cloud Platform
Check Point Harmony SASE (formerly Perimeter 81)
Check Point Quantum Force (NGFW)
Check Point CloudGuard CNAPP
Buyer's Guide
Download our free Check Point Cloud Firewall (formerly CloudGuard Network Security) Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?
- If you could go back, would you change your decision to buy that firewall and why?

















