We are using it for network security.
The whole reason we got it was to expand and make an extension to the Azure Cloud so that we could establish services that would make a link between the on-prem and the cloud. That was the goal.
We are using it for network security.
The whole reason we got it was to expand and make an extension to the Azure Cloud so that we could establish services that would make a link between the on-prem and the cloud. That was the goal.
We have unified management. It is one of the advantages of this product.
In terms of protection, we have not yet done any kind of penetration tests. We will check them later. In the future, we would also want to use all kinds of features such as IPS, IPSec, etc.
Its advantage is its layout. You do not need to get any unique devices and install them. The installation is easy. The assimilation is less easy because you have to work with a manager in Azure and upload and define all kinds of addresses.
In essence, you do exactly what you do with on-prem. It is the same operation. You can manage it in the same way as on-prem, which is an advantage. You can manage the firewall in the cloud from on-prem, and you do not need any more interventions.
There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true. I am trying to figure it out. If I want to upgrade to a newer version, I have to make new machines. If this is true, it will negatively impact my thoughts regarding the solution.
It is always running. Its availability is high because it is located in two different data centers. This is the purpose of the cloud. It is located in two data centers in two different countries. We have placed one in Frankfurt, and the other one is in Amsterdam or London. That is the advantage. Because it is not the same country or city, the availability is great.
I mainly receive support from an integrator. Check Point did not accompany me as a vendor from the beginning. I am satisfied with the integrator at the moment. He gives me the answers.
We had a few inquiries recently, and he gave me the answers. They were also very helpful during the installation. So, I have had less communication with the manufacturer. For more complex issues, I can communicate with Check Point's support.
I would rate the integrator's support a nine out of ten because sometimes, it takes a long time for the integrator to find the solution to the malfunctions. The glitch related to the deleted machines was very critical for our organization. Things were working normally on the network, but the entire project was simply blocked for a few days. I expected the integrator to open a ticket in a faster way, but he did not open any ticket at all. He resolved it all by himself, but he did not share with us what the solution was. Deleting things and opening them again is not good enough because there is no reassurance that the glitch will not happen again.
We did not use any other solution before this.
The installation is simple. We just had to put it in two centers and deploy it. It was easy.
During the process, we had to wipe a machine. Microsoft gave us some addresses to work with. We used those addresses because we needed public addresses to work with. At first, we were not able to do something properly, so we deleted the machine. When we came back to set up the machine, we had to take new addresses from Microsoft all over again. I do not know whether it was because of Azure or whether it was Check Point´s fault.
I do not know if I have seen a return on investment because we are at the beginning of establishing the cloud. It is not entirely working yet. At the moment, it is not in production, but I assume that there will be an ROI.
It is not expensive.
I wanted to try Palo Alto at first, but because my entire setup was already in Check Point, I did not go in that direction. I wanted unified management. I also consulted my team, and they said that they do not want to come and manage another firewall because of the management and knowledge it requires. The advantage of this solution was unified management.
My recommendation for those who are thinking of installing the product is to check its survivability at the level of downloading a machine and uploading it. Do not upload all the applications straight away to run tests. Research first.
Based on my experience, I would rate it a seven out of ten. There were some malfunctions. There were also issues at the beginning due to the lack of a dependency needed for it to function. The experience is not yet perfect, but like any product, it will improve over time. In the end, I need stability in the cloud, but right now, that feeling is not there. I do not have the feeling of stability where I can say that the production and the service will not drop again. That is the concern. I want to start uploading some kind of application to production soon.
When we began our digital transformation, we had already invested in on-premises Check Point firewalls. We desired the same level of security in the cloud along with the elasticity that the cloud demands.
We have a standard security policy across the organization. Our layered security, including North-South and East-West firewalls, is fantastic.
Compared to the other solutions for identity-based threat detection, the malware and threat prevention capabilities are key features that we have enabled – we actually use all the available features.
On several occasions, we've benefited from zero-day protection. It acts immediately when something is discovered, while other solutions might take much longer to react.
I'm confident that as long as we keep up with the advancements that Check Point continues to make, our security posture is in good hands.
The virtual machine scale sets were crucial, offering the ability to scale up and down.
It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity.
CloudGuard Network Security provides unified security management across our cloud and on-premises environments.
We integrate our management servers with the Check Point Multi-Domain Security Management server. This allows it to interact with Check Point CASB and our SIEM. As alerts arise, we're able to triage them effectively.
In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets.
I've been using CloudGuard Network Security since approximately 2019.
The overall stability is there. Our firewalls monitor our most crucial systems. If those firewalls went down, it would take out almost our entire cloud network.
The scalability is great.
We have Check Point's Diamond support, and they have been fantastic. It's a true partnership, and we always work together to find solutions for anything that's needed.
We have weekly meetings with our sales team, our architecture team, and their team. They are truly integrated as part of our organization.
Positive
We had our native cloud firewall. Our native cloud firewalls lacked intrusion prevention and advanced malware protection.
They offered basic stateful firewalling, and we wanted a more robust solution for our security needs.
When we designed our cloud architecture, Check Point was the primary solution we chose.
It's simple to set up and easy to tear down or upgrade. This provides us with a lot of flexibility in testing.
We did evaluate other solutions. We evaluated other web application firewalls (WAFs).
The ease of use is great. Creating firewalls within templates is straightforward.
The overall depth of features within the solution is one of the key reasons why we chose Check Point as a long-term partner.
Overall, I would rate the solution a ten out of ten.
We utilize CloudGuard Network Security as virtual appliances deployed within virtual machines, acting as firewalls at the perimeter of our data center in QSaver. These virtual appliances safeguard all internet access originating from the virtual machines at our factory in Curitiba, Brazil.
The challenges we sought to tackle through the implementation of CloudGuard Network Security were to ensure the protection of our servers against threats and attempts to breach them via internet-facing avenues.
We found it advantageous due to its ease of implementation and use. There were no delays in receiving customer devices, which enhances security within the environment.
We enjoy all the benefits typically associated with physical appliances, even while utilizing virtual machines. Although it took some time for customers to fully grasp the benefits, as they weren't immediately clear, over time, they began to recognize the value it brings to their security infrastructure.
It offers us unified security management across hybrid CloudGuard deployments, as well as on-premises. The option to manage it bridges physical devices onto the data center. With consolidated logs accessible on the same management interface, it becomes highly convenient and straightforward to operate.
Comparing CloudGuard's network security to other solutions in terms of ease of use is challenging. Additionally, since we're already utilizing Check Point solutions, integrating it with hardware network security proves to be very straightforward and user-friendly.
We have a high level of confidence in the effectiveness of CloudGuard Network Security.
The SSL spectrum proved to be the most valuable for our incoming connections. This feature enabled us, for instance, to successfully prevent Log4J attack attempts.
New features have been introduced recently, but they have not yet been integrated into CloudGuard Vsec. It would be advantageous to have them implemented as they would improve the performance.
I have been using it for three years.
It provides excellent stability capabilities.
It offers good scalability abilities. We have a plan to increase the utilization of CloudGuard Network Security and its services in the future.
I am satisfied with the customer service and support provided. I would rate it eight out of ten.
Positive
In our deployment environment, each instance is strategically positioned at the forefront of the web servers within the data center, effectively serving its purpose. Specifically, it functions to regulate internet access for the servers and manage inbound connections from internet customers to the servers.
It's remarkably easy to deploy, by far the simplest. For instance, it only took us a few minutes to transition to production. This capability is incredibly beneficial, as it allows us to swiftly assist customers during emergencies by deploying a firewall and addressing any threats they may encounter.
Determining the return on investment can be challenging; however, we've observed other companies operating in the same sector with similar approaches. Despite encountering attacks, we have yet to experience any incidents. This absence of incidents serves as a metric for us, indicating the reliability of our alternative solution.
The pricing is highly competitive and advantageous, offering great value.
I recommend others to give it a try because of its simplicity in deployment, scalability, and usability. Overall, I would rate it ten out of ten.
Primarily, we are using it for deploying cloud firewalls on Azure to protect our applications. We are using TerraForm.
CloudGuard Network Security helps to streamline bringing in the hardware and putting the effort upfront to do the automation. It takes all that effort away from a human. It streamlines the process and provides security on the cloud.
CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. It gives us one place to look. Security teams have common logging, and our SIEM integration is already built in. We have a gateway. It is logging for SIEM log servers, and they are being sent to our SIEM. No additional changes are required by anyone to know where to look. It is all integrated into our existing solution.
We are pretty confident in our cloud network security using CloudGuard Network Security. I would rate our confidence level a nine out of ten.
The ease of administration with the cloud management extension and the cloud licensing model is valuable.
I have not dealt with it enough to find any pitfalls.
We have been using CloudGuard Network Security for about four months.
So far, it is great. We use scale sets. We have deployed two gateways per region with the scale set settings of two to ten. We do not have much workload yet, so I cannot say how the scaling is working, but overall, I am sure we will be able to scale the gateways.
I did not need support for much of what we have been working on.
We mostly have a public cloud in Azure. Over the next few months, we are looking to port the same functionality we have in Azure to AWS.
The deployment is simple as well as complex. The ARM template to deploy in Azure is very simple, but we have taken that and extracted it to do it via TerraForm. The migration to TerraForm is a little more complicated, but we made it work.
We have not gone far enough to know.
We are using our BYOL. We are using our existing Check Point discounts to work with licensing. Overall, it is very competitive. Its pricing is reasonable to me.
I have not evaluated other solutions.
I would advise taking a look at the solution. It performs well and integrates with our existing solutions. It streamlines processes. It is definitely worth a look.
Overall, I would rate it a nine out of ten. The solution is very similar to what we are doing everywhere else. It integrates well with the Azure services, but nothing is perfect, so I cannot give it a ten.
We primarily use CloudGuard Network Security to deploy cloud firewalls in Azure, safeguarding our applications, and managing them using Terraform.
CloudGuard Network Security streamlines processes by automating tasks, reducing human effort, and enhancing security for cloud deployments.
The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model.
I have been using CloudGuard Network Security for about four months.
We haven't had any stability issues so far.
Scalability has been great. We utilize scale sets, deploying two gateways per region with settings ranging from two to ten.
The initial deployment using the ARM template in Azure was straightforward, but migrating to Terraform added complexity, although we managed to make it work.
Our existing Check Point discounts make the licensing competitive and budget-friendly.
CloudGuard provides unified security management across hybrid clouds and on-premises environments.
Unified security management simplifies our operations by centralizing logging and integrating seamlessly with our existing solutions, ensuring security teams have a single point of reference without needing additional configurations.
My advice would be to consider the solution as it performs well and seamlessly integrates with existing systems, streamlining processes and proving to be highly beneficial.
Overall, I would rate CloudGuard Network Securit as an eight out of ten.
My customers use the solution for technical and internal Azure resources, including remote access VPN.
Some retail customers find the scale-up and scale-down features valuable, particularly with scale sets. This is useful for handling increased loads on devices and utilizing firewalls, similar to on-premises setups with active standby configurations.
The solution allows customers to migrate workloads securely into the cloud space with a trusted vendor, maintaining everything under a single platform. This ensures visibility into their cloud environments similar to on-premises setups, all managed through a single smart console.
Unified security management simplifies operations by providing visibility into both cloud and on-premises infrastructure. The skill set required to manage it remains the same for both environments.
The level of confidence in CloudGuard Network Security, both for myself and my customers, is very high. The product operates familiarly, consistent with what customers are used to, and it is a trusted name in the space.
Based on my previous experience, there were improvements, especially in in-place upgrades. Regarding cost, it might be potentially cheaper considering resource utilization in Azure and VM costs, but licensing could be improved, possibly moving towards a simpler model.
I have been using the product for four to five years.
CloudGuard Network Security has improved its stability. It is a stable platform.
The tool has improved its scalability over the four years.
The support experience can be hit or miss. It depends on the expertise of the support representative. Some are highly skilled and knowledgeable, while others require more guidance. There might be room for improvement in this aspect.
Neutral
The tool's deployment is straightforward, whether through the marketplace or templates. It offers flexibility for making amendments before deployment.
On a scale of one to ten, I would rate the solution an eight. The ease of deployment, the single management function, and the features it provides, especially in terms of scale sets and scaling, contribute to it being a solid platform. Many customers are increasingly interested in using it to protect their assets within Azure and AWS, which are the two main areas of operation.
If a colleague is considering purchasing the solution for its security features and licensing, my advice would be to ensure correct deployment. While the solutions are generally straightforward to deploy, there are nuances, especially in Azure infrastructure, that can make troubleshooting more challenging. It's crucial to either use a knowledgeable partner for deployment or ensure a clear understanding of the process before proceeding, as it may be more complicated than anticipated.
We are using it for perimeter inbound and outbound detection.
For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing.
It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.
It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.
The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.
There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.
I have been using CloudGuard Network Security for two years.
It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS.
So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution.
There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.
That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.
We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.
The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.
Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.
Positive
The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.
It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.
We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.
In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.
We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.
There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.
We use it to protect cloud infrastructure, workloads, and applications from advanced threats and attacks.
For our operations team, CloudGuard proved to be the ideal solution. Troubleshooting became much simpler as all traffic—allowed or blocked—could be found in a single point, the SmartConsole. Integrating CloudGuard with VMware was straightforward; we established a connection between Check Point Management and VMware, allowing for the automated deployment of CloudGuard in NSX as a service. This automation made deployment and management a breeze, allowing us to easily specify the number of CloudGuard instances needed, which would then be deployed automatically.
CloudGuard's integration with the SmartConsole ensured continuity for our administrators, who could continue using familiar tools and methods. The ability to manage everything within the virtual environment provided speed and flexibility. With CloudGuard, we could define rules to control traffic with precision, redirecting or blocking as needed.
Check Point's approach of preventing threats at the outset aligns with this perspective, eliminating the need to constantly battle against incoming threats. This proactive stance instills a strong sense of security, as it significantly reduces the likelihood of breaches. Given our positive experiences and lack of any negative encounters with the product, we feel extremely confident in its ability to safeguard our environment effectively.
One of the most crucial and beneficial aspects of Check Point is its ability to consolidate and present logs in a clear and easily accessible manner. This centralized approach offers immense value, as it allows users to access all network security information from a single point, eliminating the need to navigate through multiple tools and sources. With Check Point, users can conveniently find and manage all security-related data in one centralized location.
Its centralized control, ease of use, and flexibility are the most valuable for our data center security.
The licensing structure is unclear, so a transparent and flexible licensing structure would be preferable.
We have been working with it for five years.
In terms of stability and reliability, the virtual machine running CloudGuard functions seamlessly and as anticipated, demonstrating no issues or disruptions.
Regarding scalability, you have the flexibility to deploy as many instances as necessary. If additional instances are required, you can easily add them to production by obtaining the necessary licenses.
While we haven't encountered significant issues necessitating support, we did face occasional challenges with perimeter gateways rather than CloudGuard itself.
Before this project, we collaborated with a sister company that utilized Cisco ACI, but it didn't prove to be the right fit. Considering our longstanding partnership with Check Point as our security provider, particularly for network and cloud traffic, choosing CloudGuard for East-West traffic inspection seemed like a natural extension. Additionally, observing our sister company's positive experience with CloudGuard on Cisco ACI further reinforced our confidence in the product as the best solution for our needs.
Initially, we sought the help of a partner for deployment, but for upgrades and migrations, we largely handled them ourselves. Fortunately, these processes weren't overly complex, and we found helpful documentation on the Check Point website to guide us through them.
When we initially adopted CloudGuard, we operated under a different licensing model based on the number of hosts. The licensing model has since transitioned to a cluster-based variant.
Overall, I would rate it ten out of ten.
For any private cloud data center leveraging software-defined networking through VMware or Cisco ACI, CloudGuard stands out as the optimal choice. It offers unparalleled flexibility and ease of management, making it the ideal solution for customers already utilizing Check Point in conjunction with virtual networks within their data centers.
The solution helps protect network security by offering threat prevention, addressing vulnerabilities, and utilizing blades.
We use it for the protection of our internal services. We're a Telco company, our internal users are on the machines. We also have some external services that we protect. We protect our customers and our public cloud with it.
VMware is our public cloud provider.
Threat prevention is the biggest benefit we see from it.
The network security is the most valuable aspect of CloudGuard. I am a network engineer so it's the most relevant feature to me.
CloudGuard Network Security provides us with unified security management across hybrid-clouds and on-prem. We manage all of those environments through this one solution.
It's user-friendly. It's a multi-domain solution. CloudGuard is really, really good.
I have experience with FortiGate and Cisco. I worked with them at previous jobs. FortiGate is easy and user-friendly when it comes to the configuration, but it is unstable in some countries and the routing tables have problems. The configuration of the network is in the same management platform, which might be better for some.
In comparison, CloudGaurd is very stable.
Cisco is hard to use, FortiGate is easy and CloudGuard is somewhere in the middle when it comes to ease of use.
When it comes to identifying security threats, CloudGuard is really good compared to its competition.
I am confident that CloudGuard's Network Security can protect us. It enables me to sleep very well at night.
We utilize logging systems, and geolocation is crucial for us as some applications must only be accessible from our country. However, there have been occasional issues with this feature. It drops requests. It's not always precise.
I have been using the product for two years.
My team has been using it for five to six years.
CloudGuard Network Security is very stable.
We have 28 licenses. We have 800 servers on our private cloud.
Their support is fast. They answer quickly.
Positive
We integrate with NSX. The setup wasn't hard.
We have seen ROI. It saves us time because it's stable. It's easily administered. We have time to do other tasks. It is easy.
Licensing is complicated. When a license expires, we have to renew it and the process is complicated. They should make the process easier.
Using CloudGuard Network Security saves time due to its stability and ease of administration. The solution is not complex, allowing administrators to focus on other tasks. The configuration process is straightforward. It can integrate with NSX.
I rate the product a nine out of ten. We manage a total of 800 servers that host a variety of components, including our infrastructure, customer applications, databases, application sites, and disaster recovery systems
We use the product as an internal firewall between Azure, on-premises, and the internet.
The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours.
It eliminates the need to manually import hundreds of IP addresses into firewalls and architecture objects. This process now happens automatically.
The tool helps us to automate processes. Operating it is relatively easy, especially for standard tasks like implementing firewall rules for source, destination, port, or URL. Our team can handle these tasks.
We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations.
I have been using the product since 2016.
The product is stable.
CloudGuard Network Security's scalability is easy.
The tool's first response is usually prompt, and issues are generally resolved. Additionally, the support team proactively follows up, reminding us to provide necessary details when we might be on a high workload.
Positive
The deployment experience varies depending on the structure of your environment. In our case, we invested significant time in designing our network and aligning it with our existing Check Point environment. Once the overall design was complete, the actual deployment was straightforward. We have automated most of the process, enabling us to set up the environment within a few hours. Additional nodes can be added in just 20-30 minutes.
We had evaluated Barracuda before CloudGuard Network Security. We chose CloudGuard Network Security since Check Point knowledge was available in-house.
Invest time in analyzing the templates provided by Check Point and tailor them to your specific requirements. Understanding the deployment process is crucial, as it allows you to benefit from it in later stages. You can optimize it later based on the needs. I rate the overall product a nine out of ten.
