Check Point CloudGuard Network Security OverviewUNIXBusinessApplication

Check Point CloudGuard Network Security is the #2 ranked solution in top DevSecOps tools, #3 ranked solution in best Cloud Security companies, and #9 ranked solution in best firewalls. PeerSpot users give Check Point CloudGuard Network Security an average rating of 8.4 out of 10. Check Point CloudGuard Network Security is most commonly compared to Azure Firewall: Check Point CloudGuard Network Security vs Azure Firewall. Check Point CloudGuard Network Security is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 22% of all views.
Check Point CloudGuard Network Security Buyer's Guide

Download the Check Point CloudGuard Network Security Buyer's Guide including reviews and more. Updated: December 2022

What is Check Point CloudGuard Network Security?

Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.

Check Point CloudGuard Network Security was previously known as CloudGuard IaaS, Check Point vSEC, CloudGuard IaaS, Check Point Virtual Systems, Check Point CloudGuard Network Security.

Check Point CloudGuard Network Security Customers

Physicians Choice Laboratory Services, Helvetica Insurance

Check Point CloudGuard Network Security Video

Check Point CloudGuard Network Security Pricing Advice

What users are saying about Check Point CloudGuard Network Security pricing:
  • "The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall."
  • "Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing."
  • "It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features."
  • Check Point CloudGuard Network Security Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Advisory Information Security Analyst at a financial services firm with 501-1,000 employees
    Real User
    Top 5
    You can have everything under a single pane of glass
    Pros and Cons
    • "The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard."
    • "The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."

    What is our primary use case?

    It is building the network infrastructure for our cloud environment around it. Primarily, the functionality that we are using it for is the firewall piece in the cloud.

    We have three different things going on right now. I think Dome9 is considered a part of the whole CloudGuard thing. We have AWS and Azure environments behind just straight up Check Point Firewalls. We are in the midst of deploying a new network in AWS that fully leverages the whole IaaS that they offer. Primarily, it's the firewall main piece. However, we are transitioning into using the scale-up, scale-down gateways, which are mostly the network security piece of it.

    How has it helped my organization?

    The granularity and visibility that we are able to get into logging and data going into our AWS environment is significantly more than we could get purely out of the native AWS tools. That is big for alerting and incident response.

    What is most valuable?

    The Auto Scaling functionality is the most valuable feature. Our cloud environments are growing to the point where we need to be able to expand and contract to the size of the environment at will. They pull you to the cloud. With the static environment that we currently have stood up, it works well. However, it would be more efficient having the Auto Scaling even bigger. We are in the middle of that now, but I can already tell you that will be the most impressive thing that we're doing.

    CloudGuard's block rate, malware prevention rate, and exploit resistance rate are tremendous. CloudGuard is functionally equivalent to what we are doing on-prem. It's easy to manage CloudGuard from on-prem and offers the same protection that we're able to give the rest of our environments, which is a big plus for us.

    The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard.

    I might be a little skewed because I have been working with Check Point for so long that a lot of the same logic and language that the rest of Check Point uses becomes intuitive, but I haven't had any issues. Anything we need to get done, we are able to do it relatively easily.

    What needs improvement?

    The room for improvement wouldn't necessarily be with CloudGuard as much as it would be with the services supported by Check Point. A lot of the documentation that Check Point has in place is largely because of the nature of the cloud. However, it is frequently outdated and riddled with bad links. It has been kind of hard to rely on the documentation. You end up having to work with support engineers on it. Something is either not there or wrong. Some of it is good, but frequently it's a rabbit hole of trying to figure out the good information from the bad.

    We use the solution’s native support for AWS Transit Gateway and are integrating it with the Auto Scaling piece now, which is a big portion of it. One of the issues with using the AWS Transit Gateway functionality is that setting up the ingress firewall can be more of a logging type function, as opposed to doing pure, classic firewall functionality. This is with the design that we are using with the Auto Scaling. However, AWS announced about two weeks ago that they have a new feature coming out that will effectively enable us to start blocking on the Check Point side, and with our previous deployment before, we weren't able to do that. While the Check Point side is fine, the functionality that AWS allowed us to use was more of the issue. But now that changes are occurring on the AWS side, those will enable us to get the full use out of the things that we have.

    Buyer's Guide
    Check Point CloudGuard Network Security
    December 2022
    Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,849 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been using it since before it was even called CloudGuard, which has probably been five years now.

    What do I think about the stability of the solution?

    The stability is great. There are no real issues with it. Even when half of AWS went down last week at some point, our stuff stayed up. Check Point is actually fine, it's more of just whether or not AWS is going to stay alive.

    What do I think about the scalability of the solution?

    The scalability is great. That is the big thing. We went from our existing not-that-scalable network to a full scale-up, scale-down. I feel like it's inherently scalable because of that. It gives you as much power or as little power as you need.

    Currently, there are about 150 users in our organization. When the new deployment is done, there will be about 700 users. Right now, it is primarily software development. These are the people who are in there now spinning up and down servers, building out environments, etc. It's just going to be that on a larger scale once the new deployments are out there. We need to have the guardrails in place with CloudGuard and Dome9 to ensure that they don't wreck the company, but it's mainly software development and the various roles inside of that, like architecture. There are a hundred different teams in the company that do dev, so they each have their little functions that they would have to do in there.

    Right now, the solution is lightly used, given the fact that most of our development is taking place on-prem. However, we are eventually moving everything to the cloud. By virtue of that fact, it will be heavily used for the next two to three years.

    How are customer service and support?

    Support has been great. They will get you through any issue.

    The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation.

    Which solution did I use previously and why did I switch?

    We deployed our AWS environment in tandem with our CloudGuard deployment. There were individual pieces of AWS that we were using that we've replaced with CloudGuard, but those pieces were more on the Dome9 side than anything, like flow log exports, that we were able to consolidate back into Dome9 and CloudGuard.

    How was the initial setup?

    The initial setup is generally complex. I have been doing cloud and Check Point stuff for a while. Therefore, when we deployed this stuff, I had a good understanding of how to negotiate both of them. That being said, I can see how a user who doesn't have this level of experience may see it as being difficult. I just have a lot of experience with this stuff and was able to get it stood up relatively easily. But, if you're not in the weeds with Check Point and AWS, then I can definitely see it being complex to set up, especially given the issues with documentation, etc.

    The first deployment without Auto Scaling was probably about a month. It was kind of in tandem with building out the cloud environment. Our latest deployment was about two months, but it has been a significantly more complex design that we were doing, so it was sort of expected. It was not a full-time thing that we're doing. We were working on it a little at a time. If a team already had their AWS environment fully designed and operational, then they could have it up in a week. A lot of our challenges have been just tied to the organization and changing what it wanted out of the deployment, which has been more an internal issue for us.

    Initially, our implementation strategy was a multicloud deployment. Then, it switched to a single cloud. After that, it shifted to the number of environments that we had to get stood up. So, it has been a bit all over the place internally. We know we have to do it, it was just a question of how many networks did we need to stand up, how many environments, etc. From a managerial leadership perspective, it was just telling us what they want.

    Largely because we are a large Check Point shop who used on-prem going into it, most things are identical between the cloud and on-prem deployments. So, the things that we were able to do on-prem, we were then able to easily extend those out to the cloud.

    We use Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances. We had it in place before we had CloudGuard. Therefore, it was an easy transition to integrate that stuff. It wasn't that we had something else in place, then we brought in CloudGuard. We had the Smart Management Suite already set up on the internal end, and we were able to integrate that pretty easily.

    What about the implementation team?

    99 percent of the time, we are doing the deployment ourselves. Here and there, we will have a one-off, but we do the deployment ourselves.

    There are three of us who were involved in the deployment, which are the same people who are doing the maintenance.

    What was our ROI?

    The ROI is significant. We definitely would need more people on this team to manage this stuff if we were not using Check Point. The cost of having more security engineers and cloud engineers, in particular, is expensive. It prevents us from having to blow money on people who are just staring at the cloud all day.

    The use of Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances has freed up our security engineers to perform more important tasks. If we were tied down using four or five different tools, that would be a nightmare for us because we are just a small team. There are about three of us managing the cloud environments right now. If not for this solution, we would easily double or triple our team size. The number of different tools needed to manage (without CloudGuard) would be too much for just three of us.

    What's my experience with pricing, setup cost, and licensing?

    The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall.

    The only other thing that might come up is if we ever decided to do any managed services type of thing or bring in consultants. Outside of that, their cost is what it is upfront. This is outside of whatever you will end up paying AWS to run the servers. It is all pretty straightforward.

    Which other solutions did I evaluate?

    We kind of always knew it was going to be Check Point because of our extensive on-prem deployment. It just seemed easier for us to just stay with them instead of having multiple firewall providers. The only other real option for us at the time was just going with native AWS firewalls, but we would rather keep that managed ourselves with Check Point.

    The only thing that we ever looked at or compared CloudGuard to is just native AWS tools and whether it makes more sense to use them than CloudGuard. By and large, we just kind of stuck with CloudGuard for the most part. There are definitely more menus that you can navigate over than AWS. Check Point's tools are good and powerful, but given what our deployment looks like, that just complicates things.

    Favorable results of its security effectiveness score from third-party lab tests were very important to us. We didn't evaluate too many other options. Just knowing that it wasn't a piece of garbage was a good indicator upfront that it was worth sticking with Check Point down the road. If you are given more things that you have to look at, then there are more possible threats capable of penetrating an environment. So, if you're able to centralize things as much as possible, then you're on the right foot to catch any issues.

    With the integrated nature of the Check Point suite, you can have everything under a single pane of glass, which is huge. You can do a lot of the things that you can do with Check Point if you had four or five different other vendors, but being able to do it all in one place is convenient and cost-effective.

    In our decision to go with this solution, it was absolutely important that Check Point has been a leader for many years in industry reviews of network firewalls.

    What other advice do I have?

    We should have done the Auto Scaling stuff upfront instead of going static. The biggest lesson was that the tools in place let you embrace the good parts of the cloud, which is flexibility and cost savings. The thing that we kind of learned is we just treated it upfront like it was another on-prem device, but you miss out on the whole point of having infrastructure as a service if you're not going to leverage it to its fullest capabilities.

    Remember that you are doing this in the cloud, so treat it like a cloud device. Don't suddenly try to extend your on-prem network without leveraging the whole capabilities that CloudGuard gives you to scale your network in and out as needed.

    CloudGuard's false positive rate is acceptable and low. You have pretty granular control over everything that you are doing. Even if you're running into false positives, you can easily tweak them and work with CloudGuard to eliminate them.

    I would rate it a nine (out of 10). It does everything that we wanted it to. It kind of grows with AWS, where new AWS functionality is now enabling new CloudGuard functionality by virtue of a couple of changes that they have been making. They sort of work hand in hand. The only reason that stops it from being a 10 (out of 10) is just the limitations of AWS end up being the limitations CloudGuard as well. You take the good and the bad of the cloud.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Genesis Floresta - PeerSpot reviewer
    Senior System Administrator at a tech services company with 501-1,000 employees
    Real User
    When you change a port or security setting on AWS, auto-provisioning applies it automatically to all your firewalls
    Pros and Cons
    • "The scalability is very good; again, very user-friendly. I wouldn't even say "user-friendly" because, as long as you deploy it properly, you can kill an EC2 and it will spin up another one right away, within about a minute and a half. And it will be ready for production right away."
    • "We did not use the AWS Transit Gateway, and that's one of the things that we're currently using. I believe we will be working with Check Point again, in the near future, to implement it, once they start having proper support for a single customer with multiple accounts. When we were using them, we had to install Check Point on each and every single account."

    What is our primary use case?

    We mainly used CloudGuard for IPS and IDS in our AWS environment, and we also used it for additional logging to see what was going in and out of our network in AWS. We have very limited visibility, especially when it comes to logging, and AWS does not support IPS and IDS as of now.

    How has it helped my organization?

    The way they implemented their auto-provisioning, where you just change a port or a security setting on AWS and it applies it automatically to all your firewalls, is good. You don't have to go into both of your firewalls, if you have redundancy like we did. You just need to change it on one of them in AWS, and that change applies to both of the firewalls. That saved us a lot of time. Usually, on physical firewalls, if you have to do that, you're going to have to either do command line, or if you don't want to do command line you have to do console and do multiple changes everywhere, from firewall rules to access rules. With Check Point, all you have to do is one change in the AWS console, and it will apply it within your firewall. Without that we would have had to do that in AWS, then go into the SmartConsole for Check Point.

    I'm the only one who does security for both our on-prem and our cloud environments. Having Check Point there, I didn't really have to do much. It gave me peace of mind that it would do its job. I did check on it on a daily basis, just to make sure everything was okay and that there was no unwanted traffic during the day or during the night before. I didn't see anything unusual and if I did see something, it was one of those one-offs because another team was doing testing or something like that.

    What is most valuable?

    The IPS, IDS and logging were some of the features that I found useful. Also, the automation using AWS CloudFormation, the way we deployed it to our system, was very simple.

    The comprehensiveness of CloudGuard's threat prevention security, looking at the logs, was really good. It would tell me if there was any unwanted traffic on our system, it would keep track of that. We checked it to make sure that everything was okay. It gave me the information that I needed to keep our network safe.

    It's also pretty user-friendly. I've used multiple firewalls, both physical and virtual, and to me, Check Point is on top when it comes to ease of use and understanding the firewall installation. It's very very simple. And the way they implemented CloudFormation and the auto provisioning, is hands-down one of the best.

    What needs improvement?

    We did not use the AWS Transit Gateway, and that's one of the things that we're currently using. I believe we will be working with Check Point again, in the near future, to implement it, once they start having proper support for a single customer with multiple accounts. When we were using them, we had to install Check Point on each and every single account.

    I believe they're working on a solution for that. I know they're utilizing Transit Gateway for it, and that is exactly what we're using right now. I'm excited for them to have that ready, and for us to put it in our system.

    In general, cloud infrastructure or a cloud-based environment, is very fast when it comes to technology. Things get developed right away. Check Point just needs to adapt to those changes quicker.

    For how long have I used the solution?

    We used Check Point CloudGuard IaaS for over two years. We stopped using it about six to eight months ago. Our environment basically expanded to such a large scale that it wasn't feasible for us to use CloudGuard in our multiple-account production environment.

    We are definitely planning on redeploying CloudGuard at some point because we always need IPS and IDS and better logging. AWS only has two or three companies that do IPS/IDS. We definitely need those kinds of protection and Check Point, in my opinion, is one of the best so I still want to put it in place. But their solution doesn't really match our requirements. That's the only reason we moved away from Check Point.

    What do I think about the stability of the solution?

    Its stability was really good.

    What do I think about the scalability of the solution?

    They do implement Auto Scaling and that was one of the requirements that I asked them about. One of their southbound firewalls did not have Auto Scaling at that time, so that's why I requested it.

    The scalability is very good; again, very user-friendly. I wouldn't even say "user-friendly" because, as long as you deploy it properly, you can kill an EC2 and it will spin up another one right away, within about a minute and a half. And it will be ready for production right away.

    Our production environment never decreased, it only increased. Our presence in AWS quadrupled over the time that we used CloudGuard. I'm managing about 32 accounts that, obviously, need protection. Once they implement that particular solution, we'll be very happy to have them integrated within our environment.

    The number of users of CloudGuard, because we had deployed it in our production environment, was as many customers as we had. All traffic went through CloudGuard.

    How are customer service and technical support?

    I never dealt with tech support. I dealt more with our account manager. We never had issues with Check Point, so I never had a chance to talk to their support.

    Which solution did I use previously and why did I switch?

    We were using native AWS protection.

    How was the initial setup?

    The initial deployment wasn't too complicated because they had CloudFormation. The only thing that I had issues with was having to integrate that within our company's requirements. Our needs kept changing because we were new to AWS. But that was not an issue with Check Point. And once the requirements within the company had been solidified, we deployed the solution to four or five environments in our AWS and it was fine throughout. We even did their second version of CloudGuard, and again, it was easy.

    It's pretty straightforward. It's literally just a matter of selecting the right version of Check Point, your VPC, your management, your password, and that's pretty much it. It's pretty simple.

    With the way AWS does things, our deployment took about half a day. And that was mainly because there were dependencies on CloudFormation, where it would wait for a task to finish, and AWS depends on the region that you're in. If you pick a very busy region, then it takes longer than usual. So half a day is giving it padding, in terms of time.

    Once it was up and running, it required just me for maintenance.

    What about the implementation team?

    I was the only one from our organization involved with the deployment.

    In the initial installation, the first time, I was working with a Check Point engineer, because we were new to AWS and the Check Point integration with AWS. We came from Azure. We needed somebody just to make sure that we were doing the right thing. But after that, we never needed Check Point support. They would check in on us, just to make sure everything was good.

    The engineer was really good. He was there to walk us through and to make sure we understood every piece of the deployment. After that, I put together some documentation based on our needs. From then on, future deployment was fairly simple.

    What was our ROI?

    The ROI is in the number of people managing it. Technically, you don't need to manage it. If you have an on-prem, you constantly need to manage the firewall. You need to make sure everything is okay, when it comes to hardware, software, and managing the actual firewall. With CloudGuard on the cloud, we eliminated two of the three. We didn't need to care about the hardware or about the software upgrades. If we did need to upgrade, it was just with respect to CloudFormation. We didn't need to do any firmware. The only thing we needed to do was manage an interface, which is what you're going to do anyway. 

    You only need just one person to do it. When it comes to return on investment, you don't need to hire a full team to manage your whole network. If you have a firewall team, with Check Point CloudGuard, you don't need it anymore. It's just a single person because, if a Check Point goes down, it gets spun up right away. You don't need to call anybody or order hardware or anything like that.

    What's my experience with pricing, setup cost, and licensing?

    Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing.

    Which other solutions did I evaluate?

    Before picking Check Point, I checked Cisco, Fortinet, and Palo Alto. At that moment, when we were doing a PoC, Check Point was ahead of them when it comes to implementation, deployment, and ease of use.

    Deployment was the big thing for us because we knew that we were going to be deploying this multiple times. We wanted redundancy, and ease of use and deployment. Check Point nailed those top-three requirements, so it was the clear choice for us. The others didn't have the robust capabilities of Check Point or CloudGuard, to do the things that we wanted. Those included ease of deployment using CloudFormation, scalability using Auto Scaling and the auto-provisioning within CloudGuard.

    What other advice do I have?

    My advice: Get it. It's a great product. It's a great solution.

    In terms of CloudGuard's block rate, malware prevention rate, and exploit resistance rate, we didn't really do much testing when it comes to those types of scenarios. But I've used Check Point as a physical firewall before, and it was great. It detected threats and gave me an alert as soon as it detected them. It was really good.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Check Point CloudGuard Network Security
    December 2022
    Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
    657,849 professionals have used our research since 2012.
    DBA Team Lead with 51-200 employees
    Real User
    Top 10
    Offers simple solutions, such as the virtual appliance
    Pros and Cons
    • "Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it."
    • "I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."

    What is our primary use case?

    We are a small consulting company. We have around 100 employees. We don't use advanced firewalls because we don't really have important data that can be hacked. Nobody is going to care about our data because it's only the HR department's timesheet data on our on-premise systems. The firewall is protecting remote access, allowing the employees to access our office environment. So sometimes employees connect to our systems which have some test systems on it. They run some tests about the consulting we've given to clients. That's all. We just have basic things on our firewall. Just two things are important for us - the site to site VPN, which we have with some customers, and the government site. That is important. That's why I want to change the firewall to a new and up-to-date one so maybe it will be an improvement to prevent some hackers.

    What is most valuable?

    After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

    What needs improvement?

    In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

    But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

    I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

    How are customer service and technical support?

    I can't give it any review about Check Point technical support because I am only working here for about three years and by the time I started at the company it already did not have support.

    How was the initial setup?

    I have no idea about the initial setup, but it seems like it's not so complex. The initial set up is probably not that hard, but not that easy, either. If I were to delegate the firewall system to a junior guy, I think that he's not going to manage Check Point, but he'll probably manage FortiGate.

    What other advice do I have?

    In the past, my clients were all using Check Point Systems. When I reviewed it at that time, back 10 years ago, Check Point was number one, as far as I remember, meaning FortiGate wasn't a major solution in Turkey. Nobody was talking about FortiGate then. Now FortiGate, is a major player in the firewall industry in Turkey. Most of our clients are migrating to FortiGate because they say it's cheaper than Check Point. So when I see the Check Point's GUI, it's really complicated. My recommendation would be for Check Point customers to first learn about Check Point's GUI, which is pretty advanced, for me at least.

    But when I talk to my friends who are managing IT, they are migrating to FortiGate. They say, FortiGate is very easy to manage and I should really think about it now. When I was first introduced to Check Point it was really advanced. I didn't understand when I first looked into it. I just wanted a solution. pfSense has the same problem. By the way, according to your report, some customers said that pfSense needs improvement on the management and the GUI and aspects like that, so maybe I'll need another review of OPNsense versus Check Point and FortiGate etc...

    We didn't have any problems at all. Just in one case, actually. We have a rule that pops up from nowhere which we didn't create. When we restart our Virtual System firewall, it creates a rule which messes up all our internet connection. So if I were to give a number from one to 10, I would probably say Check Point is a nine out of 10. Other than that, we haven't had any problems. Check Point is pretty reliable. I think it's our company's problem that we couldn't patch it after it froze. Maybe an up to date, patched version doesn't have this problem. 

    Overall, it's really working for us. I don't have any problems other than it's just outdated.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Bernard Otieno - PeerSpot reviewer
    Technical Engineer at Harnssen Group Limited
    Real User
    Top 5
    Great for cloud security with good stability and helpful local technical support
    Pros and Cons
    • "Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions."
    • "Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point."

    What is our primary use case?

    As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.

    What is most valuable?

    Clients have been using it and they haven't had any negative feedback. 

    The initial setup is straightforward.

    The product is scalable.

    We find the stability to be quite good.

    Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

    What needs improvement?

    To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

    There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

    Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

    Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

    What do I think about the stability of the solution?

    We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

    What do I think about the scalability of the solution?

    The scalability is there if a company needs to expand it. 

    How are customer service and support?

    Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback. 

    That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.

    Which solution did I use previously and why did I switch?

    I also work with Sophos, Fortinet, and Palo Alto. 

    The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security. 

    How was the initial setup?

    The initial setup is not overly complex. It's quite simple and straightforward.

    What's my experience with pricing, setup cost, and licensing?

    The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.

    What other advice do I have?

    For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.

    I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities. 

    I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
    PeerSpot user
    SHRINKHALA SINGH - PeerSpot reviewer
    Senior Manager at Agriculture Skill Council of India
    User
    Top 5
    Cost-effective with good productivity and 100% proactive detection
    Pros and Cons
    • "It is dynamic and agile, and its features and utilities continuously improve and evolve."
    • "The business and product development team should introduce a high-end feedback collection mechanism and analyze the customer requirements constructively."

    What is our primary use case?

    Check Point CloudGuard Network Security is the best security software for protecting IT systems inside out. There is no compromise with system security if the CloudGuard Network solution is intact. It provides threat prevention and protection from malware and enables system and server security up to 100%.

    We have numerous API integration of our internal IT systems with outside servers and network systems, where security lapses are a huge concern. CloudGuard helped in providing complete security and protected entry of threat entrants in our system from outside servers.

    How has it helped my organization?

    CloudGuard Network Security has enabled the security system to operate safely without any trouble. It has resulted in saving on huge expenses for organizations as it's a cost-effective and cheap alternative compared to its market competitors. It brings a secure IT environment for a workforce, which leads to boosting productivity and an increased revenue stream for the organization. This leads to increased productivity and prosperity.

    Also, it's the one-stop solution for preventing systems from security threats and all kinds of endpoints in the IT space.

    What is most valuable?

    There are no security lapses and 100% restriction of threat entrants in the system or server.

    It's a cost-effective solution with no false positive cases.

    The product helps in bringing productivity and enhanced customer experience for users.

    We have a happy workforce and more workforce retention and increased IT environment sustainability.

    There is 100% proactive detection of root causes and root sources.

    It is dynamic and agile, and its features and utilities continuously improve and evolve.

    It's the best-unified endpoint management solution for IT systems globally. The product is available for all kinds of business users.

    What needs improvement?

    We really believe in ongoing improvements for emerging business needs. The business and product development team should introduce a high-end feedback collection mechanism and analyze the customer requirements constructively.

    The feedback mechanism is best to understand the user and market needs. All kinds and sizes of businesses should be approached to provide feedback so that unanimous decisions and unbiased reviews/feedback can be collected.

    Also, more customized strategic pricing can be involved and introduced so that more and more businesses can be attracted for trial and usage of the software. 

    For how long have I used the solution?

    We've used the solution for almost a year now.

    What do I think about the stability of the solution?

    The product offers amazing stability and we had no discomfort or hassle in the setup.

    What do I think about the scalability of the solution?

    The solution is scalable and attractive.

    How are customer service and support?

    The solution has strong customer support and agile service experience.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We use McAfee solutions earlier due to the company and parent organization's long-term association with McAfee.

    After subsequent years of usage, we felt a dire need of usage of advanced security solutions. After receiving continuous good feedback from peer organizations, we landed at Check Point.

    It's been a great experience so far.

    How was the initial setup?

    The setup is effortless and not complicated at all.

    What about the implementation team?

    We implemented the solution through vendor team management.

    What was our ROI?

    We've seen an ROI of 80% to 85%.

    What's my experience with pricing, setup cost, and licensing?

    In my book, Check Point comes as quite a handy and cost-effective alternative for the security enablement of IT systems. It's cheap and easy for deployment and is the best solution so far. Its signing of SLA and maintaining long-term key association and collaboration with service partners is really effortless and easy. We've had a highly professional partner experience.

    Licensing is usually annual.

    Setup and deployment costs are offered with discounts that are attractive and  sustainable.

    Which other solutions did I evaluate?

    We analyzed and did trials for Cisco Secure Firewall and other security solutions like Trend Micro, etc.

    What other advice do I have?

    I would strongly recommend everyone to go for a trial of this security solution ASAP. It is one of the best experiences ever.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Adriamcam - PeerSpot reviewer
    Consultant at ITQS
    Reseller
    Top 5Leaderboard
    Easy to manage and implement with simple configuration capabilities
    Pros and Cons
    • "One of the main characteristics that Check Point CloudGuard Network Security has given us is granularity and visibility."
    • "It is somewhat problematic in the area of the cloud."

    What is our primary use case?

    Check Point CloudGuard Network Security helps resolve potential regulatory and compliance issues when moving to the cloud. The high-visibility rule base's granular approach helps us with potential security leaks and highlights items to focus on for immediate action.

    The functionality that we're using it for is the cloud firewall piece.

    For this reason, it was necessary to implement this tool in our organization and the results have been very positive, providing the necessary security.

    How has it helped my organization?

    One of the main characteristics that Check Point CloudGuard Network Security has given us is granularity and visibility. The data that enters our Azure environment integrates in a great way in the cloud and in on-premises. This is important for the alerts and the response to incidents that arise in our platform in the cloud, for the moment, we are very satisfied to have acquired this solution and to have implemented it in the cloud and with other systems on-premise that have given us a lot of security and peace of mind.

    What is most valuable?

    One of the features that I liked the most and that I feel is very useful is auto-scaling. Our Azure cloud environment is constantly growing and this allows us to expand as well. 

    Another very accurate feature is CloudGuard's malware prevention and exploit resistance rate and they have given us a lot of security since the database is very large. 

    It is easy to manage CloudGuard from on-premises and offers the same protection as we can provide to the rest of our environments, which is a great advantage for us.

    What needs improvement?

    One of the areas that should be improved is the updates of the products. It is somewhat problematic in the area of the cloud. In the case of migration from on-premise to the cloud, it is difficult to replace the licenses. It should be something very transparent and thus save us the time to go to support but in general, the tool is shared very well in security and protection of privacy and if they are lucky they can add more features that help us our security would be great they should always be one step ahead of cyberattacks.

    For how long have I used the solution?

    We have implemented it one year ago.

    What do I think about the stability of the solution?

    Check Point CloudGuard Network Security maintains very good stability, and, best of all, maintains excellent compatibility with Azure.

    What do I think about the scalability of the solution?

    The scalability is great. You can make a network scale up or down. This allows you to have good control of bandwidth in the organization or to be able to distribute it in the different departments of the company.

    How are customer service and support?

    Currently, since the implementation, not much support has been used, therefore, I rate it as excellent.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    The Check Point brand has always been used in our organization.

    How was the initial setup?

    The configuration was very simple since the tool and the wizard are very interactive and user-friendly. It was not very difficult to do the installation and configuration.

    What about the implementation team?

    The implementation started with a vendor and the IT team. The engineer that worked with us presented great knowledge of the product.

    What was our ROI?

    By using a tool of this type, the cost of personnel decreases since the tool performs quite well with the functions that it was designed for.

    What's my experience with pricing, setup cost, and licensing?

    The price and the licenses have been good. They maintain a competitive price with the other companies.

    Which other solutions did I evaluate?

    Other options were not evaluated as we like to keep the same brand across solutions.

    What other advice do I have?

    When doing a cloud deployment, remember you are doing this in the cloud so treat it like a cloud device, as good configuration brings good results.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Oleg Pekar - PeerSpot reviewer
    Senior Network/Security Engineer at Skywind Group
    Real User
    Top 5
    Easy to manage and greatly improves security
    Pros and Cons
    • "The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing."
    • "As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult."

    What is our primary use case?

    Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

    The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

    The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

    How has it helped my organization?

    The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.

    The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.

    This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.

    What is most valuable?

    The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

    As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

    What needs improvement?

    As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

    In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

    For how long have I used the solution?

    We have been using the Check Point Virtual Systems for about three years, starting in late 2017.

    What do I think about the stability of the solution?

    The solution is stable and we haven't had any support cases opened that are connected with it.

    What do I think about the scalability of the solution?

    The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.

    How are customer service and support?

    We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

    The longest issue took about one month to be resolved, which we consider too long.

    Which solution did I use previously and why did I switch?

    We didn't have any logical separation of security solutions before implementing this product.

    How was the initial setup?

    The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.

    What about the implementation team?

    Our in-team has a Check Point Certified engineer as part of it.

    Which other solutions did I evaluate?

    Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Team Lead Manager at a tech vendor with 51-200 employees
    Real User
    Top 10
    Straightforward implementation, good support and stability, and useful for checking services and easily verifying logs
    Pros and Cons
    • "The Capsule solution and application filters are the most valuable. It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good."
    • "This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks. It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall."

    What is our primary use case?

    We integrate this solution, and we also provide the maintenance of the device. We are using this solution for those sites that are kind of medium in size and require a more complex solution but don't have too much space for big equipment.

    How has it helped my organization?

    It is useful for us for checking services, instead of protocols, because we have some services that are very smart and can change ports. It is also useful for verifying the logs. SmartLog is very practical, and it is easy to identify stuff and make corrections.

    What is most valuable?

    The Capsule solution and application filters are the most valuable. 

    It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good.

    What needs improvement?

    This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks.

    It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.

    For how long have I used the solution?

    I have been using this solution for more or less ten years.

    What do I think about the stability of the solution?

    It is pretty stable.

    What do I think about the scalability of the solution?

    With the virtual assistant, its scalability is very good.

    How are customer service and technical support?

    Their technical support is really good.

    How was the initial setup?

    The initial setup is pretty easy. Where it is not that simple is the integration of different blades and the customization of rules, which are really dependent on the policies of a company. When we are dealing with a small company, it is easy, but when we are dealing with global corporations that have previously-defined policies and the integration with the profiles, it is a little bit more tricky and complex.

    The deployment takes a couple of days, but when the deployment is more complex and requires assessments, it could take one or two weeks.

    What about the implementation team?

    We are an integrator. The number of people that are required for the deployment and maintenance of this product depends on the organization. The deployment could be done by one or two people, but for the maintenance of the device, big companies require more people because they are establishing new connections with third parties and so on, which means that it requires many changes.

    What's my experience with pricing, setup cost, and licensing?

    It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features.

    Which other solutions did I evaluate?

    Our clients also evaluate Palo Alto and Cisco. Palo Alto, Check Point, and Cisco are the top solutions at the moment. In terms of performance, all three are pretty much the same, but it is much easier to check logs on the firewall in Check Point than Cisco or Palo Alto. Check Point is also quicker and more intuitive. Its view is also better than others.

    What other advice do I have?

    I would recommend this solution. It is pretty straightforward to implement. It is easy, and it doesn't require too much time to make a clean implementation. I am not really sure about using it in a really small company. It depends on the budget.

    I would rate Check Point Virtual Systems a nine out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2022
    Buyer's Guide
    Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.