Check Point CloudGuard Network Security Reviews

We use it to secure our network. We use it to manage our firewalls and some of the other services that we have with them.

By implementing CloudGuard Network Security, we mainly wanted visibility.

CloudGuard Network Security saves time from having to go to multiple places to look for different things. It gives us the ability to see it all in one place. We could realize its benefits in less than 90 days.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We are able to combine different aspects into one place.

I am confident in our cloud network security. Check Point is a great company. They stay up to date on everything that is happening, and they keep us informed about anything that needs to be done to maintain that security posture.

The visibility is most valuable. It allows us to see all of our devices from one place, and it gives us the ability to manage push updates and things like that from one place.

Its price is fair, but it can be more favorable.

We have been using CloudGuard Network Security for about two years.

It feels very stable to me.

Its scalability is good. It is being used across multiple departments. There are 300 users and a lot of endpoints.

We do not have any plans to increase its usage this year. We might do that in 2025.

Their support is great. I would rate them a nine out of ten.

Positive

We did not use any similar solution previously.

I was not too much involved in its deployment. My role is not as technical as it used to be.

We worked with partners to help us with the deployment who had expertise in this, so it was pretty straightforward. Our implementation strategy was to work with a partner.

We had a Check Point partner for implementation. Our experience with them was good. 

We have seen an ROI in terms of time and labor costs. People do not have to spend as much time on different things. They have one interface to manage different things.

It is fairly priced, but it can be a little expensive from time to time. 

I am not aware of any solutions that we have evaluated. Check Point is our firewall vendor, so we went with them. We were able to have just one partner and one point of contact for any issues. Having a bunch of different products creates problems of its own. You do not know whom to call and whom not to call for an issue. Having one single contact to oversee all that is beneficial to us.

I would advise taking your time. Be patient, and you will see results. It does not take much time, but some people want to see a return right away. It took us about 90 days to see the return. It is more based on you getting in it and doing things with it, but be patient.

I would rate CloudGuard Network Security a nine out of ten.

We have deployed CloudGuard in our environment to protect conversations between different network segments. For example, we can protect north-south traffic and east-west traffic.

We deploy our production workload in different cloud provider environments, such as GCP, Azure, AWS, and IBM.

CloudGuard Network Security enhances our network security from an end-to-end connectivity point of view. We can deliver high-performance security to our different functional teams to support our business.

CloudGuard Network Security provides us with unified security management across hybrid-clouds and on-prem. We have one unified platform to manage on-premises gateway and CloudGuard gateway. We have a unified and standard way to ensure compliance and enforce all the definition requirements and process outcomes.

Check Point is at the top end of the market when it comes to security and threat prevention. They have a service called ThreatCloud. We get frequent updates from ThreatCloud. We can look at the numbers, signatures, and bad IPs they provide to us, and we can compare this information with other vendors or competitors. It gives us confidence that they are better in terms of threat detection.

All the features that we subscribe to from CloudGuard NGTP are valuable. All the threat prevention and access control features give us the network security that we expect.

From the policy optimization point of view, they can do better. This is not just for CloudGuard. CloudGuard is one little piece managed by Check Point. They can also integrate a third-party policy management solution to improve that. For example, Tufin is focused on policy optimization and management.

They can also offer solutions faster to address customer concerns.

We have been using this solution for five or six years in our environment.

Check Point overall is pretty stable. We can rely on them. This is one of the key reasons why we stuck with Check Point for more than 20 years.

It is good. They have all kinds of solutions from on-premises to the cloud. There might be some limitations to their partnership with certain cloud providers. They can speed up to give us better solutions, especially for CloudGuard. I know some competitors offer solutions to address customer concerns faster than Check Point. It is an area for improvement.

Our experience has been good. Their sales engineers and support engineers are pretty good, but they also have some gaps. They can improve that. I would rate them an eight out of ten.

Positive

We have seen an ROI because they fixed the gap. We were able to put a solution to fix a gap. It gives us confidence about how secure our environment is.

We have a pretty good partnership with Check Point. We have a global subscription and agreement. They give us a pretty good corporate discount.

We have a global subscription to cover everything, not just the cloud but also the on-premises gateway. We have all the threat prevention subscriptions as well, which makes us stick with Check Point. Even though we get a better price offer from competitors, this global discount makes its pricing a better deal for us.

Before deploying it, we did compare it with other vendors. We looked at the major players in the market, such as Palo Alto and Fortinet.

We did not go for a cloud-native solution because they could not provide the same security as Check Point. We deployed CloudGuard in all of our cloud environments because we felt that their native solutions could not satisfy our requirements. We were also able to add selective threat prevention features, which native-gateway solutions might not have had. This is a value-add when we deploy CloudGuard in a cloud.

CloudGuard Network Security is easy to use for us. Because we have been using Check Point, it is easier for us to integrate new features, rather than deploying a new environment.

Overall, I would rate CloudGuard Network Security a nine out of ten.

We are using it for perimeter inbound and outbound detection.

It is running in an EC2 instance in AWS.

For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing. 

It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.

It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

I have been using CloudGuard Network Security for two years.

It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS. 

So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution. 

There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.

That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.

We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.

The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.

Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.

Positive

The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.

It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.

We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.

In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.

We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.

There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.

In my company, we use the solution just to secure my AWS Network Insights and inside production. We use it for security purposes.

With the solution, we just need to filter the traffic coming from the internet and Direct Connect. So it filters the traffic, basically. It permits access. In short, it just filters the traffic and permits the traffic. The aforementioned details are the purposes for which we use the tool.

We use the tool as a basic firewall. It's a technical firewall. As a technical firewall, we use SmartConsole or Check Point Firewall.

The deployment phase takes too much time. I would like the deployment to be faster.

I have been using Check Point CloudGuard Network Security for two and a half years. We are using Check Point R80.10 SmartConsole in our organization.

Stability-wise, I rate the solution a seven out of ten since it takes too much time for deployment. However, it is flexible since we used to push the policy normally. It takes hardly ten seconds to install the policy. It's much easier.

I have been using the solution in my company for the last year. Other than the employees in my company, more than 25,000 users are using the solution hosted on AWS.

Basically, the application, which is hosted, is used internally. It's the same user account because it's not exposed anywhere on the internet. If anyone wants to access the solution from the internet, the traffic comes from Direct Connect, and from Direct Connect, it goes to AWS.

The initial setup was not much complex. The setup phase was good enough to be able to navigate through it.

It took a long time to deploy it. We need to run this on EC2 instances, so it took almost two hours to deploy the solution. After deploying the solution slowly, and gradually, we have to push the policy on the firewall. It takes time to deploy, but it's a stable one.

The solution is deployed on the cloud. It's a software we install in EC2 instances on AWS, which we use as a firewall.

We currently have six to seven resources managing the deployments and maintenance.

During deployment, we took technical help from Check Point.

It is a good-to-use tool that is also flexible.

Overall, I rate the solution a seven out of ten.

We primarily use it for egress internet traffic for four clouds, as well as between clouds to on-prem. Those are the main use cases. We have another small use case for ingress traffic, but it is a very small use case right now.

By implementing CloudGuard Network Security, we wanted to get network visibility in our clouds. That was the main point. We also wanted to provide a segregation layer with stateful inspection with all the next-generation features, such as IPS.

CloudGuard Network Security certainly has made our organization more secure. Our business partners cannot inadvertently open up the access that they should not be just to get things done. They now have to go through our firewall. We have got the inspection layer. Our security organization can see threats if they come in and take action on them. We were able to realize its benefits almost instantly.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We heavily use global policy to join on-prem and the cloud, as well as multiple clouds. It is a huge benefit for us as we can set a global standard for policy and then push that across all the different security zones.

We are very confident in our cloud network's security. We have had many years of experience developing it, so we were very aware of the design and the solution within each cloud. We are confident with how we deploy it, and we have plans to make it more efficient as we go.

Most recently, it would be the dynamic objects or datacenter objects. The query feature is going to be a game-changer for us as we move forward. It simplifies our policy, and it gives us a way to dynamically learn and discover things in the cloud instead of having a static way.

Currently, we are struggling with licensing just because of the pace and growth of our cloud. Keeping up with licensing for new regions and new gateway usage is certainly something we are looking into. We are working with our accounting to figure out how we can improve. The licensing piece is big for us.

We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1.

I have been using CloudGuard Network Security for probably five years.

From our experience in five years, it has been very stable.

It seems to be very scalable. We have plans to increase the usage of CloudGuard Network Security.

We do scale sets across our clouds and across many regions globally. The number of applications behind it is in the hundreds if not thousands.

It is an excellent service. I would rate their support a nine out of ten. Improving a little bit in the smaller clouds such as Oracle and Google would help a lot.

Positive

We did not specifically use any similar solution in the cloud. It was brand new.

We have a public cloud and then a hybrid with on-prem. We have AWS, Azure, Google, and Oracle.

In terms of the version, on-prem, we use Maestro, and in the cloud, we use the latest CloudGuard. We use the software version R80.40 and are about to upgrade to R81.20.

Its deployment was a little complex for us because we have a very large cloud environment and we are multi-cloud. We had an existing estate, so it was hard to put a firewall in the path and not break things.

We are still implementing it because we are taking a cloud-by-cloud approach. We have done AWS and Azure. It took probably two years to do that, so I would assume that for Google and Oracle, it is going to take at least a year.

In terms of the implementation strategy, we first develop the IEC for the code to deploy it, and then we deploy it and test it in a sandbox environment. We then deploy it to non-prod and roll it out to those regions, and after that, we would do the same with prod.

We implemented it ourselves.

We have seen an ROI, but I do not have any metrics.

Pricing-wise, it is pretty competitive. However, I would like to see more flexible licensing. There should be more of a consume what you need and true-up type of model.

In the past, we have evaluated other solutions. When we tested them, they did not have the same feature set or functionality that CloudGuard had. When I initially tested years ago, the scaling probably was not as efficient. The support was also a big factor. The support that we got from those vendors was not as good as from our account team with Check Point. 

When we looked at the cloud provider firewalls, they did not match up to what Check Point could do with the various deep packet features and functions like IPS. The feature set was the main difference. At the time, the cloud providers could not provide IPS or deep packet features. That was a big driver for us with Check Point. The fact that we could not integrate policy with our on-prem firewalls, which were from Check Point, was another big driver because we wanted a unified policy. Our existing relationship with Check Point helped as well.

To those evaluating CloudGuard Network Security, I would advise certainly engaging with the Check Point account team. Get their solutions team to help you walk through the solution and talk to others in the industry about their experiences.

The biggest lesson that I have learned from using this solution is to deploy it as soon as you can in your cloud journey.

I would rate CloudGuard Network Security a nine out of ten. 

We primarily use CloudGuard Network Security to deploy cloud firewalls in Azure, safeguarding our applications, and managing them using Terraform.

CloudGuard Network Security streamlines processes by automating tasks, reducing human effort, and enhancing security for cloud deployments.

The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model.

I have been using CloudGuard Network Security for about four months.

We haven't had any stability issues so far.

Scalability has been great. We utilize scale sets, deploying two gateways per region with settings ranging from two to ten.

The initial deployment using the ARM template in Azure was straightforward, but migrating to Terraform added complexity, although we managed to make it work.

Our existing Check Point discounts make the licensing competitive and budget-friendly.

CloudGuard provides unified security management across hybrid clouds and on-premises environments.

Unified security management simplifies our operations by centralizing logging and integrating seamlessly with our existing solutions, ensuring security teams have a single point of reference without needing additional configurations.

My advice would be to consider the solution as it performs well and seamlessly integrates with existing systems, streamlining processes and proving to be highly beneficial.

Overall, I would rate CloudGuard Network Securit as an eight out of ten.

Our primary use case is for segmentation and next-generation protection. 

Our clients choose CloudGuard as a natural progression of their solutions. They understand Microsoft and CloudGuard fits. They are vendor-oriented. They stick with Microsoft. They have a lot of experience with Check Point and this fits in. 

Check Point Management is the best and Azure management is also very good. It's simple and has high security. There are no additional costs which is one of the advantages. 

Compared to other solutions, CloudGuard is easier to use. 

I don't see much need for improvement. 

In Czech, we are a little behind the USA and Germany so we have matured in our mentality to move towards the cloud. 

Check Point could show us use cases that would help us in Czech and could help us with security threats in our specific country.

The level of confidence our clients have in their cloud network security using CloudGuard Network Security depends. Some are very confident but some are worried about information being exploited. When compared to other vendors, CloudGuard is the best when it comes to threat protection.

I have been implementing CloudGuard for our clients for four years. 

It's stable.

It scales well for our clients' needs. We have deployed over 2,000 servers.

Support is good for CloudGuard. It could depend on the support person who is helping us. Different regions offer different levels of support. Israel and US offer the best support.

Positive

It's easy for me to deploy. 

Every project needs different pricing. I believe that when we talk with the particular guys, we will find a price for the customer. They are flexible in terms of that because we need to be flexible, and we have many companies who are aggressive with discounts. 

I rate the overall product an eight out of ten. 

We utilize CloudGuard Network Security as virtual appliances deployed within virtual machines, acting as firewalls at the perimeter of our data center in QSaver. These virtual appliances safeguard all internet access originating from the virtual machines at our factory in Curitiba, Brazil.

The challenges we sought to tackle through the implementation of CloudGuard Network Security were to ensure the protection of our servers against threats and attempts to breach them via internet-facing avenues.

We found it advantageous due to its ease of implementation and use. There were no delays in receiving customer devices, which enhances security within the environment.

We enjoy all the benefits typically associated with physical appliances, even while utilizing virtual machines. Although it took some time for customers to fully grasp the benefits, as they weren't immediately clear, over time, they began to recognize the value it brings to their security infrastructure.

It offers us unified security management across hybrid CloudGuard deployments, as well as on-premises. The option to manage it bridges physical devices onto the data center. With consolidated logs accessible on the same management interface, it becomes highly convenient and straightforward to operate.

Comparing CloudGuard's network security to other solutions in terms of ease of use is challenging. Additionally, since we're already utilizing Check Point solutions, integrating it with hardware network security proves to be very straightforward and user-friendly.

We have a high level of confidence in the effectiveness of CloudGuard Network Security.

The SSL spectrum proved to be the most valuable for our incoming connections. This feature enabled us, for instance, to successfully prevent Log4J attack attempts.

New features have been introduced recently, but they have not yet been integrated into CloudGuard Vsec. It would be advantageous to have them implemented as they would improve the performance.

I have been using it for three years.

It provides excellent stability capabilities.

It offers good scalability abilities. We have a plan to increase the utilization of CloudGuard Network Security and its services in the future.

I am satisfied with the customer service and support provided. I would rate it eight out of ten.

Positive

In our deployment environment, each instance is strategically positioned at the forefront of the web servers within the data center, effectively serving its purpose. Specifically, it functions to regulate internet access for the servers and manage inbound connections from internet customers to the servers.

It's remarkably easy to deploy, by far the simplest. For instance, it only took us a few minutes to transition to production. This capability is incredibly beneficial, as it allows us to swiftly assist customers during emergencies by deploying a firewall and addressing any threats they may encounter.

Determining the return on investment can be challenging; however, we've observed other companies operating in the same sector with similar approaches. Despite encountering attacks, we have yet to experience any incidents. This absence of incidents serves as a metric for us, indicating the reliability of our alternative solution.

The pricing is highly competitive and advantageous, offering great value.

I recommend others to give it a try because of its simplicity in deployment, scalability, and usability. Overall, I would rate it ten out of ten.