Check Point CloudGuard Network Security Reviews

We are a small consulting company. We have around 100 employees. We don't use advanced firewalls because we don't really have important data that can be hacked. Nobody is going to care about our data because it's only the HR department's timesheet data on our on-premise systems. The firewall is protecting remote access, allowing the employees to access our office environment. So sometimes employees connect to our systems which have some test systems on it. They run some tests about the consulting we've given to clients. That's all. We just have basic things on our firewall. Just two things are important for us - the site to site VPN, which we have with some customers, and the government site. That is important. That's why I want to change the firewall to a new and up-to-date one so maybe it will be an improvement to prevent some hackers.

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

I can't give it any review about Check Point technical support because I am only working here for about three years and by the time I started at the company it already did not have support.

I have no idea about the initial setup, but it seems like it's not so complex. The initial set up is probably not that hard, but not that easy, either. If I were to delegate the firewall system to a junior guy, I think that he's not going to manage Check Point, but he'll probably manage FortiGate.

In the past, my clients were all using Check Point Systems. When I reviewed it at that time, back 10 years ago, Check Point was number one, as far as I remember, meaning FortiGate wasn't a major solution in Turkey. Nobody was talking about FortiGate then. Now FortiGate, is a major player in the firewall industry in Turkey. Most of our clients are migrating to FortiGate because they say it's cheaper than Check Point. So when I see the Check Point's GUI, it's really complicated. My recommendation would be for Check Point customers to first learn about Check Point's GUI, which is pretty advanced, for me at least.

But when I talk to my friends who are managing IT, they are migrating to FortiGate. They say, FortiGate is very easy to manage and I should really think about it now. When I was first introduced to Check Point it was really advanced. I didn't understand when I first looked into it. I just wanted a solution. pfSense has the same problem. By the way, according to your report, some customers said that pfSense needs improvement on the management and the GUI and aspects like that, so maybe I'll need another review of OPNsense versus Check Point and FortiGate etc...

We didn't have any problems at all. Just in one case, actually. We have a rule that pops up from nowhere which we didn't create. When we restart our Virtual System firewall, it creates a rule which messes up all our internet connection. So if I were to give a number from one to 10, I would probably say Check Point is a nine out of 10. Other than that, we haven't had any problems. Check Point is pretty reliable. I think it's our company's problem that we couldn't patch it after it froze. Maybe an up to date, patched version doesn't have this problem. 

Overall, it's really working for us. I don't have any problems other than it's just outdated.

As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.

Clients have been using it and they haven't had any negative feedback. 

The initial setup is straightforward.

The product is scalable.

We find the stability to be quite good.

Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The scalability is there if a company needs to expand it. 

Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback. 

That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.

I also work with Sophos, Fortinet, and Palo Alto. 

The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security. 

The initial setup is not overly complex. It's quite simple and straightforward.

The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.

For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.

I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities. 

I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.

Check Point CloudGuard Network Security is the best security software for protecting IT systems inside out. There is no compromise with system security if the CloudGuard Network solution is intact. It provides threat prevention and protection from malware and enables system and server security up to 100%.

We have numerous API integration of our internal IT systems with outside servers and network systems, where security lapses are a huge concern. CloudGuard helped in providing complete security and protected entry of threat entrants in our system from outside servers.

CloudGuard Network Security has enabled the security system to operate safely without any trouble. It has resulted in saving on huge expenses for organizations as it's a cost-effective and cheap alternative compared to its market competitors. It brings a secure IT environment for a workforce, which leads to boosting productivity and an increased revenue stream for the organization. This leads to increased productivity and prosperity.

Also, it's the one-stop solution for preventing systems from security threats and all kinds of endpoints in the IT space.

There are no security lapses and 100% restriction of threat entrants in the system or server.

It's a cost-effective solution with no false positive cases.

The product helps in bringing productivity and enhanced customer experience for users.

We have a happy workforce and more workforce retention and increased IT environment sustainability.

There is 100% proactive detection of root causes and root sources.

It is dynamic and agile, and its features and utilities continuously improve and evolve.

It's the best-unified endpoint management solution for IT systems globally. The product is available for all kinds of business users.

We really believe in ongoing improvements for emerging business needs. The business and product development team should introduce a high-end feedback collection mechanism and analyze the customer requirements constructively.

The feedback mechanism is best to understand the user and market needs. All kinds and sizes of businesses should be approached to provide feedback so that unanimous decisions and unbiased reviews/feedback can be collected.

Also, more customized strategic pricing can be involved and introduced so that more and more businesses can be attracted for trial and usage of the software. 

We've used the solution for almost a year now.

The product offers amazing stability and we had no discomfort or hassle in the setup.

The solution is scalable and attractive.

The solution has strong customer support and agile service experience.

Positive

We use McAfee solutions earlier due to the company and parent organization's long-term association with McAfee.

After subsequent years of usage, we felt a dire need of usage of advanced security solutions. After receiving continuous good feedback from peer organizations, we landed at Check Point.

It's been a great experience so far.

The setup is effortless and not complicated at all.

We implemented the solution through vendor team management.

We've seen an ROI of 80% to 85%.

In my book, Check Point comes as quite a handy and cost-effective alternative for the security enablement of IT systems. It's cheap and easy for deployment and is the best solution so far. Its signing of SLA and maintaining long-term key association and collaboration with service partners is really effortless and easy. We've had a highly professional partner experience.

Licensing is usually annual.

Setup and deployment costs are offered with discounts that are attractive and  sustainable.

We analyzed and did trials for Cisco Secure Firewall and other security solutions like Trend Micro, etc.

I would strongly recommend everyone to go for a trial of this security solution ASAP. It is one of the best experiences ever.

Check Point CloudGuard Network Security helps resolve potential regulatory and compliance issues when moving to the cloud. The high-visibility rule base's granular approach helps us with potential security leaks and highlights items to focus on for immediate action.

The functionality that we're using it for is the cloud firewall piece.

For this reason, it was necessary to implement this tool in our organization and the results have been very positive, providing the necessary security.

One of the main characteristics that Check Point CloudGuard Network Security has given us is granularity and visibility. The data that enters our Azure environment integrates in a great way in the cloud and in on-premises. This is important for the alerts and the response to incidents that arise in our platform in the cloud, for the moment, we are very satisfied to have acquired this solution and to have implemented it in the cloud and with other systems on-premise that have given us a lot of security and peace of mind.

One of the features that I liked the most and that I feel is very useful is auto-scaling. Our Azure cloud environment is constantly growing and this allows us to expand as well. 

Another very accurate feature is CloudGuard's malware prevention and exploit resistance rate and they have given us a lot of security since the database is very large. 

It is easy to manage CloudGuard from on-premises and offers the same protection as we can provide to the rest of our environments, which is a great advantage for us.

One of the areas that should be improved is the updates of the products. It is somewhat problematic in the area of the cloud. In the case of migration from on-premise to the cloud, it is difficult to replace the licenses. It should be something very transparent and thus save us the time to go to support but in general, the tool is shared very well in security and protection of privacy and if they are lucky they can add more features that help us our security would be great they should always be one step ahead of cyberattacks.

We have implemented it one year ago.

Check Point CloudGuard Network Security maintains very good stability, and, best of all, maintains excellent compatibility with Azure.

The scalability is great. You can make a network scale up or down. This allows you to have good control of bandwidth in the organization or to be able to distribute it in the different departments of the company.

Currently, since the implementation, not much support has been used, therefore, I rate it as excellent.

Positive

The Check Point brand has always been used in our organization.

The configuration was very simple since the tool and the wizard are very interactive and user-friendly. It was not very difficult to do the installation and configuration.

The implementation started with a vendor and the IT team. The engineer that worked with us presented great knowledge of the product.

By using a tool of this type, the cost of personnel decreases since the tool performs quite well with the functions that it was designed for.

The price and the licenses have been good. They maintain a competitive price with the other companies.

Other options were not evaluated as we like to keep the same brand across solutions.

When doing a cloud deployment, remember you are doing this in the cloud so treat it like a cloud device, as good configuration brings good results.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.

The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.

This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.

The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

We have been using the Check Point Virtual Systems for about three years, starting in late 2017.

The solution is stable and we haven't had any support cases opened that are connected with it.

The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.

We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't have any logical separation of security solutions before implementing this product.

The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.

Our in-team has a Check Point Certified engineer as part of it.

Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.

We recently migrated a certain number of servers to the Azure cloud. At the moment, we are in a hybrid state; the idea is to be 100% in the cloud soon. As a result, we also needed to build an infrastructure for our perimeter network that would supply all the needs of the company and its users. 

With this technology and Azure, we want to have all the vulnerabilities that arise under control to be able to attack them with this tool and its recommendations since the integration with Azure is very good and safe.

In the beginning, we had everything in on-premise and with not very good security. We always had vulnerabilities on computers with the most vulnerable users, so when we migrated to the cloud, we wanted to do it right and with all the security possible to avoid everything that had happened to us on-premises. Now, we currently have a hybrid system; however, using Check Point CloudGuard Network Security has given us unilateral security in both environments and also helped minimize user vulnerabilities.

Before making the decision of which tool was useful for us to work with in the Azure cloud, we reviewed several brands. These include FortiGate, Check Point, pfSense, and OPNsense. 

What stood out about Check Point was that it has several fairly simple features and also presents a very good GUI. It is interactive, dynamic, pleasant for the user, and also easy to configure and install. This helped us a lot during the migration since we had a secure and reliable network at the time of our migration to the cloud.

Most of the documentation that Check Point has is out of date and has bad links. This makes it difficult to trust the documentation.

The Check Point infrastructure adapts well to the cloud, however, they are doing it very slowly. They must accelerate those changes.

They should improve the support it provides and the response times since they are a bit bad in that sense.

The latency that it presents when entering the control panel can be frustrating.  Other than that, it complies with the desired functions.

The solution has been in use for about one year.

The stability of the tool is excellent and robust while providing peace of mind.

The solution maintains excellent scalability and is very functional.

Technical support should be improved. We have had several problems with delivery time and the resolution of cases.

Positive

We look for other security solutions like FortiGate, Check Point, pfSense, and OPNsense.

The configuration of the tool was very easy since it is very user-friendly.

The implementation was done internally. In the first phase, we were accompanied by an engineer from the provider.

It is always good to make an excellent investment in security since it will be profitable in the future.

Usually, all security tools are expensive yet worth it. Check Point usually keeps a competitive price in the market.

We proceeded to look for information from different providers, such as Cisco and Palo Alto, among others.

I'd advise new users, if they are going to acquire a tool of this type, to look for the greatest amount of information on the solution to uncover which offers them the most benefits.

As we are moving our workloads to the cloud, it means that we now have a need to protect our cloud infrastructure. This will ensure that our business is deploying products faster and with all of the required security.

Our solution needs to be able to protect workloads hosted on multiple clouds with the required security control. The license should be a subscription-based model so that we can add or remove depending upon the requirement to scale.

It needs to support a microservice platform such as Docker or another container, and it should be quick to deploy.

This solution gives us advanced threat prevention to protect our workloads from attacks including zero-day and other types of attacks.

It is able to provide cloud network security along with orchestration and automation. It also provides consolidated, consistent visibility and management across all clouds including public, private, and hybrid environments.

This product is quick to deploy, scalable, and is a fully functional firewall available in the cloud. We were able to scale as required based on load and performance. With Covid-19, our users, including our Customer Center agents, are completely remote and rely on Check Point Cloud Guard to provide flexibility and seamless access. 

We have the ability to easily encrypt/decrypt traffic according to the security policy, as well as integrate between Active Directory, Cloud Guard Azure objects & application control.

It provides micro-segmentation functionality through complete visibility and control of traffic following between EAST-WEST and North-SOUTH with VPC and Outside VPC.

We are using multiple security features including the firewall, DLP, IPS, application control, IPsec VPN, Antivirus, and Anti-Bot. SandBlast provides Threat Extraction and Threat Emulation for zero-day attacks.

SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.

Unified Security Management provides security policy management, enforcement, and reporting for public, private, hybrid-clouds, and on-premises networks in a single-pane-of-glass.

Seamless cloud-native integration with Azure, AWS, GCP, Oracle Cloud, and more.

System hardening could be improved, as password complexity is not enforced by default on root / command-line passwords.

The documentation provided by Check Point can be rough and needs to have a lot more detail incorporated in order to help the implementor and administrator.

The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect. Consequently, there may be an issue in migrating the mission-critical business applications. 

Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM.

We are performing a PoC with the product. 

As with other Check Point products, this solution is scalable.

Support from OEM is excellent.

We have a different solution that works in silos and we are doing this PoC to check the functionality/features.

Integration and setting up the solution are straightforward.

We are performing our PoC with assistance from the OEM.

The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard.

We did not evaluate other options.

We use the solution for safeguarding the network security infrastructure. This has been one of the greatest achievements since we come across CloudGuard Network Security. 

It has launched effective security measures that can monitor security and provide feedback. 

Workflows across the company ecosystem have can flow smoothly without experiencing any challenges. 

The multi-channel security system monitors our cloud and hybrid servers. Transfer of files from the company database to the cloud servers goes through secure channels mapped by this platform.

A well-established encryption system now secures communication and workflow management systems. Data compromisation situations reported before have been fully eliminated since we deployed this software. There is increased production with secure workflow channels. The IT team can access and control the network security of interlinked company applications. We have developed a modern digital infrastructure that can access and give reliable reports based on real-time results. We no longer experience continuous system failures with automated performance monitoring tools.

Network security threat tools can launch and give advanced reports to the IT team on the future performance of various systems. 

The data analysis dashboards provide comprehensive reports and graphic representations of network security. 

We have secured our digital systems with high-grade security tools that cannot be bypassed by ransomware attacks. The customer service technical team provided virtual training to our team and provided the best article guidelines. 

The automatic features seal all loopholes that could be exploited by cybercriminals.

The operations require skilled manpower with extended experience of working with networking systems for better results. 

The cost depends on company size, and licensing terms are not favorable to small-scale businesses. 

The good sides are many from my experience, and I could recommend it to any growing company that requires the best-performing network security. From the first deployment, we have experienced improved and secure network infrastructure. We have been working closely with the customer service team, and there is no situation that has led to negative objections. 

A combination of on-premises and cloud computing services under one interface could enhance simple and comprehensive monitoring. 

They can integrate tools with policy recommendations and notification alerts on when to remove specific objects of the user's choice.

I've used the solution for one to two years.

The product's stable performance has stimulated business growth.

The set network security planning has been achieved, and we are happy with it.

The customer support team never disappoints.

Positive

We started with this tool and have no intentions of leaving it soon.

The setup was complicated since we had to get proper guidelines from the customer support team.

We deployed through a vendor team, and their level of expertise is high.

The ROI has grown positively since we deployed it.

Companies can try it for themselves and explore its great benefits.

We landed straight to CloudGuard Network Security due to the positive comments made by our partners.

I am satisfied with the current performance.