Check Point CloudGuard Network Security Reviews

We use Check Point firewalls and SMS servers in on-prem DC and in multi-cloud environments extensively. These are used to protect the perimeter, DMZ, and internal network to protect and inspect network traffic.

The firewalls are best of breed and provide extensive rich features and a diverse range of protection against DDoS, malware, ransomware, and zero-day attacks. Also, it is used for terminating client and mobile VPN tunnels, URL filtering, IDP, DLP, etc. 

The environment is Internal and a multi-tenant hosted for external clients which is a complex setup.

The new Check Point firewalls are best-of-breed and provide next-gen firewall features with AI and ML capabilities. This helps to reduce the operational support overhead and protects against new emerging threats.

Previously we used Juniper, Cisco, and other firewall platforms which have very limited capabilities and offer no inspection or threat-prevention features at all. 

Check Point has changed this dynamic completely and offers a complete security solution to protect all digital assets which is immensely helpful.

Identity awareness, URL filtering, IDS, DLP, Content Filtering, VPN, and Application Control are all excellent. They provide features to inspect internet traffic, data protection compliance, and DDoS attack detection and protection.

The Check Point firewall product that we picked up has an excellent feature set and all the required licenses, it's a nicely engineered firewall technology and has a great support team to escalate.

Features like threat prevention and protection are good to have to protect against zero-day attacks, malware, and ransomware.

Software bugs and OS releases can be very fast to keep up with. Check Point has a history of moving fast with software release and upgrade cycles which are difficult to keep up with at times.

New features should have a single-pane-of-glass view for on-prem DC and cloud environments. 

Licensing costs are very high compared to other vendors. Check Point needs to be competitive to keep the cost down for the customers and partners. 

The previous Check Point OS model had to support multiple OSs which was difficult and cumbersome (i.e. SPLAT, IPSO, GAIA).

I've used the solution for ten years.

We did use a different solution and wanted to have better security capability and visibility.

The solution is expensive but feature-rich.

We looked at other options and checked if the firewalls had all the security and compliance features required by the organization.

My company uses the solution as an Edge firewall and East-West firewall. 

The tool's most valuable feature is its management console. 

Check Point CloudGuard Network Security needs to improve the management of the actual firewalls. Improvement is also needed for the consolidated UI of different security aspects. 

I have been using the product for a year and a half. My company has been using it for eight years. 

We recently had some issues with stability, so it's hit or miss. It seems to have more minor bugs than other platforms, but overall stability is the same.

The speed of the support's response varies. Sometimes, you can get a good engineer who can give you the right answers. 

Neutral

I have used Cisco, Fortinet, Palo Alto, and SonicWall. The worst ones on the list are Cisco, Fortinet, and SonicWall. Palo Alto is better in some areas. Check PointCloudGuard Network Security is top in terms of actual security. But in terms of managing the whole platform, I would put it below Palo Alto.

Check Point CloudGuard Network Security's deployment is easy and takes two hours to complete. 

I did the solution's deployment myself. However, I connected with the consultants whenever needed. 

We've been secure and haven't had any security breaches.

The tool's pricing is been higher than other solutions, but it seems like it's turning downwards.

I rate the overall product a seven out of ten. 

We are using it for network security.

The whole reason we got it was to expand and make an extension to the Azure Cloud so that we could establish services that would make a link between the on-prem and the cloud. That was the goal.

We have unified management. It is one of the advantages of this product.

In terms of protection, we have not yet done any kind of penetration tests. We will check them later. In the future, we would also want to use all kinds of features such as IPS, IPSec, etc.

Its advantage is its layout. You do not need to get any unique devices and install them. The installation is easy. The assimilation is less easy because you have to work with a manager in Azure and upload and define all kinds of addresses.

In essence, you do exactly what you do with on-prem. It is the same operation. You can manage it in the same way as on-prem, which is an advantage. You can manage the firewall in the cloud from on-prem, and you do not need any more interventions.

There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true. I am trying to figure it out. If I want to upgrade to a newer version, I have to make new machines. If this is true, it will negatively impact my thoughts regarding the solution.

It is always running. Its availability is high because it is located in two different data centers. This is the purpose of the cloud. It is located in two data centers in two different countries. We have placed one in Frankfurt, and the other one is in Amsterdam or London. That is the advantage. Because it is not the same country or city, the availability is great.

I mainly receive support from an integrator. Check Point did not accompany me as a vendor from the beginning. I am satisfied with the integrator at the moment. He gives me the answers. 

We had a few inquiries recently, and he gave me the answers. They were also very helpful during the installation. So, I have had less communication with the manufacturer. For more complex issues, I can communicate with Check Point's support.

I would rate the integrator's support a nine out of ten because sometimes, it takes a long time for the integrator to find the solution to the malfunctions. The glitch related to the deleted machines was very critical for our organization. Things were working normally on the network, but the entire project was simply blocked for a few days. I expected the integrator to open a ticket in a faster way, but he did not open any ticket at all. He resolved it all by himself, but he did not share with us what the solution was. Deleting things and opening them again is not good enough because there is no reassurance that the glitch will not happen again.

We did not use any other solution before this.

The installation is simple. We just had to put it in two centers and deploy it. It was easy. 

During the process, we had to wipe a machine. Microsoft gave us some addresses to work with. We used those addresses because we needed public addresses to work with. At first, we were not able to do something properly, so we deleted the machine. When we came back to set up the machine, we had to take new addresses from Microsoft all over again. I do not know whether it was because of Azure or whether it was Check Point´s fault. 

I do not know if I have seen a return on investment because we are at the beginning of establishing the cloud. It is not entirely working yet. At the moment, it is not in production, but I assume that there will be an ROI.

It is not expensive.

I wanted to try Palo Alto at first, but because my entire setup was already in Check Point, I did not go in that direction. I wanted unified management. I also consulted my team, and they said that they do not want to come and manage another firewall because of the management and knowledge it requires. The advantage of this solution was unified management.

My recommendation for those who are thinking of installing the product is to check its survivability at the level of downloading a machine and uploading it. Do not upload all the applications straight away to run tests. Research first.

Based on my experience, I would rate it a seven out of ten. There were some malfunctions. There were also issues at the beginning due to the lack of a dependency needed for it to function. The experience is not yet perfect, but like any product, it will improve over time. In the end, I need stability in the cloud, but right now, that feeling is not there. I do not have the feeling of stability where I can say that the production and the service will not drop again. That is the concern. I want to start uploading some kind of application to production soon.

Foreign Language:(Hebrew)

המוצר מספק ניהול מאוחד, אבל נראה שלשדרוג הגרסה יש מגבלה

מהו השימוש העיקרי שלנו במוצר?

אנחנו משתמשים בו לאבטחת רשת.

בחרנו אותו כדי להתרחב ולעשות הרחבה ל-Azure Cloud כדי שנוכל להקים שירותים שיעשו קישור בין On-Prem לענן. זו הייתה המטרה.

איך זה עזר לארגון שלי?

יש לנו ניהול מאוחד. זה אחד היתרונות של המוצר הזה.

מבחינת הגנה, עדיין לא עשינו שום סוג של בדיקות חדירה. נבדוק זאת בהמשך. בעתיד, נרצה גם להשתמש בכל מיני תכונות כמו IPS, IPSec וכו'.

מה התכונה הכי משמעותית של המוצר?

היתרון שלו הוא הפריסה שלו. אתה לא צריך להשיג מכשירים ייחודיים ולהתקין אותם. ההתקנה קלה. ההטמעה פחות קלה כי צריך לעבוד עם מנהל ב-Azure ולהעלות ולהגדיר כל מיני כתובות.

בעצם, אתה עושה בדיוק את מה שאתה עושה מ- On Prem. זו אותה פעולה. אתה יכול לנהל אותו באותו אופן כמו ב-On-Prem, וזה יתרון. אתה יכול לנהל את הפיירוול בענן מ-on-prem, ולא צריך יותר התערבויות.

מה טעון שיפור?

ישנה מגבלה בשדרוג הגרסה. אנחנו משתמשים בגרסה 81.10 ולפי מה שהבנתי זה בעייתי לשדרג את הגרסה הזו. אני לא יודע אם זה נכון. אני מנסה להבין את זה. אם אני רוצה לשדרג לגרסה חדשה יותר, אני צריך ליצור מכונות חדשות. אם זה נכון, זה ישפיע לרעה על המחשבות שלי לגבי המוצר.

מה אני חושב על יציבות המוצר?

המוצר פועל תמיד. הזמינות שלו גבוהה מכיוון שהוא ממוקם בשני מרכזי נתונים שונים. זו מטרת הענן. הוא ממוקם בשני מרכזי נתונים בשתי מדינות שונות. הקמנו אחד בפרנקפורט והשני באמסטרדם או בלונדון. זה היתרון. מכיוון שלא מדובר באותה מדינה או עיר, הזמינות גדולה.

איך שירות הלקוחות והתמיכה?

אני מקבל בעיקר תמיכה מאינטגרטור. צ'ק פוינט לא ליוותה אותי כספק מההתחלה. אני מרוצה מהאינטגרטור כרגע. הוא נותן לי את התשובות.

היו לנו כמה תקלות לאחרונה והוא סיפק לי את כל התשובות. הוא גם עזר מאוד במהלך ההתקנה. עם היצרן הייתה לי פחות תקשורת. לבעיות מורכבות יותר, אני יכול לתקשר עם התמיכה של צ'ק פוינט.

הייתי מדרג את תמיכת האינטגרטור תשע מתוך עשר, כי לפעמים לוקח הרבה זמן עד שהאינטגרטור מוצא את הפתרון לתקלות. התקלה הקשורה למכונות שנמחקו הייתה קריטית מאוד עבור הארגון שלנו. דברים עבדו כרגיל ברשת ופתאום כל הפרויקט פשוט נחסם לכמה ימים. ציפיתי שהאינטגרטור יפתח טיקט בצורה מהירה יותר, אבל הוא לא פתח טיקט בכלל. הוא פתר את הכל לבד, הוא גם לא שיתף אותנו לגבי מה היה הפתרון לתקלה. למחוק דברים ולפתוח אותם שוב זה לא מספיק טוב כי זה לא מבטיח לנו שהתקלה לא תחזור על עצמה.

באיזה מוצר השתמשתי בעבר ומדוע החלפתי אותו?

לא השתמשנו בשום מוצר אחר לפניו.

איך הייתה ההתקנה הראשונית?

ההתקנה הייתה פשוטה. היינו צריכים לשים אותו בשני מרכזים ולפרוס אותו. זה היה קל.

במהלך התהליך, היינו צריכים למחוק מכונה. מיקרוסופט נתנה לנו כמה כתובות לעבוד איתן. השתמשנו בכתובות האלה כי היינו צריכים כתובות ציבוריות לעבוד איתן. בהתחלה לא הצלחנו לעשות משהו כמו שצריך, אז מחקנו את המכונה. כשחזרנו להגדיר את המכונה, היינו צריכים לקחת מחדש כתובות חדשות ממיקרוסופט. אני לא יודע אם זה היה בגלל Azure או אם זו הייתה אשמתו של צ'ק פוינט.

מה היה החזר ההשקעה שלנו?

אני לא יודע אם ראיתי את ההחזר על ההשקעה, כי אנחנו בתחילת הקמת הענן וזה עדיין לא לגמרי עובד. כרגע הוא לא בייצור, אבל אני מניח שיהיה החזר של ההשקעה.

מה דעתי על התמחור, עלות התקנה ורישוי?

זה לא יקר.

אילו מוצרים נוספים שקלתי?

רציתי לנסות את פאלו אלטו בהתחלה, אבל בגלל שכל ההתקנה שלי כבר הייתה בצ'ק פוינט, לא הלכתי לכיוון הזה. רציתי ניהול מאוחד. התייעצתי גם עם הצוות שלי והם אמרו שהם לא רוצים לנהל פיירוול נוסף בגלל הניהול והידע שזה דורש. היתרון של המוצר הזה הוא הניהול המאוחד.

איזה עוד עצה יש לי?

ההמלצה שלי למי שחושב להתקין את המוצר היא לבדוק את השרידות שלו ברמת הורדת מכונה והעלאתה. לא להעלות את כל האפליקציות מיד, כדאי להריץ בדיקות ולחקור קודם.

בהתבסס על הניסיון שלי, הייתי מדרג את המוצר שבע מתוך עשר. היו כמה תקלות. היו בעיות גם בהתחלה בגלל חוסר העצמאות הדרושה לתפקוד. החוויה עדיין לא מושלמת, אבל כמו כל מוצר, היא תשתפר עם הזמן. בסופו של דבר, אני צריך יציבות בענן, אבל כרגע, התחושה הזו לא שם. אין לי תחושת יציבות שבה אני יכול להגיד שהייצור והשירות לא יירדו שוב. זו הדאגה. אני רוצה להתחיל להעלות איזושהי אפליקציה לייצור בקרוב.

We utilize CloudGuard Network Security as virtual appliances deployed within virtual machines, acting as firewalls at the perimeter of our data center in QSaver. These virtual appliances safeguard all internet access originating from the virtual machines at our factory in Curitiba, Brazil.

The challenges we sought to tackle through the implementation of CloudGuard Network Security were to ensure the protection of our servers against threats and attempts to breach them via internet-facing avenues.

We found it advantageous due to its ease of implementation and use. There were no delays in receiving customer devices, which enhances security within the environment.

We enjoy all the benefits typically associated with physical appliances, even while utilizing virtual machines. Although it took some time for customers to fully grasp the benefits, as they weren't immediately clear, over time, they began to recognize the value it brings to their security infrastructure.

It offers us unified security management across hybrid CloudGuard deployments, as well as on-premises. The option to manage it bridges physical devices onto the data center. With consolidated logs accessible on the same management interface, it becomes highly convenient and straightforward to operate.

Comparing CloudGuard's network security to other solutions in terms of ease of use is challenging. Additionally, since we're already utilizing Check Point solutions, integrating it with hardware network security proves to be very straightforward and user-friendly.

We have a high level of confidence in the effectiveness of CloudGuard Network Security.

The SSL spectrum proved to be the most valuable for our incoming connections. This feature enabled us, for instance, to successfully prevent Log4J attack attempts.

New features have been introduced recently, but they have not yet been integrated into CloudGuard Vsec. It would be advantageous to have them implemented as they would improve the performance.

I have been using it for three years.

It provides excellent stability capabilities.

It offers good scalability abilities. We have a plan to increase the utilization of CloudGuard Network Security and its services in the future.

I am satisfied with the customer service and support provided. I would rate it eight out of ten.

Positive

In our deployment environment, each instance is strategically positioned at the forefront of the web servers within the data center, effectively serving its purpose. Specifically, it functions to regulate internet access for the servers and manage inbound connections from internet customers to the servers.

It's remarkably easy to deploy, by far the simplest. For instance, it only took us a few minutes to transition to production. This capability is incredibly beneficial, as it allows us to swiftly assist customers during emergencies by deploying a firewall and addressing any threats they may encounter.

Determining the return on investment can be challenging; however, we've observed other companies operating in the same sector with similar approaches. Despite encountering attacks, we have yet to experience any incidents. This absence of incidents serves as a metric for us, indicating the reliability of our alternative solution.

The pricing is highly competitive and advantageous, offering great value.

I recommend others to give it a try because of its simplicity in deployment, scalability, and usability. Overall, I would rate it ten out of ten.

Primarily, we are using it for deploying cloud firewalls on Azure to protect our applications. We are using TerraForm.

CloudGuard Network Security helps to streamline bringing in the hardware and putting the effort upfront to do the automation. It takes all that effort away from a human. It streamlines the process and provides security on the cloud.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. It gives us one place to look. Security teams have common logging, and our SIEM integration is already built in. We have a gateway. It is logging for SIEM log servers, and they are being sent to our SIEM. No additional changes are required by anyone to know where to look. It is all integrated into our existing solution.

We are pretty confident in our cloud network security using CloudGuard Network Security. I would rate our confidence level a nine out of ten.

The ease of administration with the cloud management extension and the cloud licensing model is valuable.

I have not dealt with it enough to find any pitfalls.

We have been using CloudGuard Network Security for about four months.

So far, it is great. We use scale sets. We have deployed two gateways per region with the scale set settings of two to ten. We do not have much workload yet, so I cannot say how the scaling is working, but overall, I am sure we will be able to scale the gateways.

I did not need support for much of what we have been working on.

We mostly have a public cloud in Azure. Over the next few months, we are looking to port the same functionality we have in Azure to AWS. 

The deployment is simple as well as complex. The ARM template to deploy in Azure is very simple, but we have taken that and extracted it to do it via TerraForm. The migration to TerraForm is a little more complicated, but we made it work.

We have not gone far enough to know.

We are using our BYOL. We are using our existing Check Point discounts to work with licensing. Overall, it is very competitive. Its pricing is reasonable to me.

I have not evaluated other solutions.

I would advise taking a look at the solution. It performs well and integrates with our existing solutions. It streamlines processes. It is definitely worth a look.

Overall, I would rate it a nine out of ten. The solution is very similar to what we are doing everywhere else. It integrates well with the Azure services, but nothing is perfect, so I cannot give it a ten.

We use it to analyze all the traffic in our network. It is the main tool for security services and networking in our company.

We increased our security score by introducing the tool. We are continuing to grow and improve. In terms of policies, we have a lot of benefits in terms of the security cluster and how it works.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We have a hybrid scenario in the company. We have 3% of services in the cloud, and we can use the same clusters and the same policies that we have on the on-premise side for our cloud services. We have the same benefits for both.

We are pretty confident in our cloud network security using CloudGuard Network Security. We are not exactly an Internet-exposure company, but we have a cloud setup. We are pretty confident with its configuration assessment. With Check Point as our partners, we are protected, and we can be confident in our security.

Microsegmentation is very useful for us because we minimize the surface attack. The easy management of the policies is great for us because we are a small team and having easy management is great and useful for us.

At this point, we are very happy with what is happening with their horizon. At CPX, we heard that we can see all the things on the same platform. That is what we have been asking for, and hopefully, we are going to start seeing it this year.

I have been using CloudGuard Network Security since 2020.

It is stable. I cannot remember a time when we had any issues with it. Our operations are 24/7.

It is scalable. We do not have any problems with it.

We have had a good experience with the support and customer service, and we are happy with them.

I would rate them a nine out of ten. A unique issue that we have is related to the language. When the first level of support cannot resolve an issue and the issue needs to be escalated, we have a language challenge because the team is based in India. There are some limitations on both ends.

Positive

We used our cloud vendor's security but did not get as many details when we had any issues. We immediately moved to Check Point, and we are more confident of Check Point.

At first, we used Azure and Defender, and before we changed to CheckPoint, we used ESET. So, we had ESET and then we started rolling out Check Point. We had a mix with the cloud vendor solution, and then we went for Check Point.

We have a mix of on-premises and cloud. We use the Infinity services.

My team deployed it. I have three security engineers on the team, and with the help of Check Point, we deployed it. We upgraded very recently in December, and it was a good experience. It has been running well.

We used the services of a company based in Panama. With the Infinity contract, we had some professional time with Check Point, and they helped us set up some of the things. They reviewed some of the things that we deployed, so we have all the best practices.

I do not have a lot of details on that, but our uptime is pretty high. 

It is an expensive product, but when you realize that you need it, it does not feel so expensive.

We have had a good experience with them as partners. They have helped us with designing and having good architecture and the best equipment at the best prices. We find it a good deal. 

We evaluated Microsoft's security suite. The thing that made us decide on Check Point was that Check Point had the least zero-day attack score. We have a lot of solutions from Check Point, and we stayed with Check Point.

We are now not evaluating other solutions because, since 2020, we have chosen Check Point as our partner. It continues to be the best solution for us to improve our score. We are not looking for software solutions from other vendors.

We always keep track of the service and the score, and with Check Point, there has always been the highest score.

I would rate CloudGuard Network Security a ten out of ten. We are happy with the uptime and management. It is a good tool, and it provides a lot of value for us. We are happy.

We primarily use CloudGuard Network Security to deploy cloud firewalls in Azure, safeguarding our applications, and managing them using Terraform.

CloudGuard Network Security streamlines processes by automating tasks, reducing human effort, and enhancing security for cloud deployments.

The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model.

I have been using CloudGuard Network Security for about four months.

We haven't had any stability issues so far.

Scalability has been great. We utilize scale sets, deploying two gateways per region with settings ranging from two to ten.

The initial deployment using the ARM template in Azure was straightforward, but migrating to Terraform added complexity, although we managed to make it work.

Our existing Check Point discounts make the licensing competitive and budget-friendly.

CloudGuard provides unified security management across hybrid clouds and on-premises environments.

Unified security management simplifies our operations by centralizing logging and integrating seamlessly with our existing solutions, ensuring security teams have a single point of reference without needing additional configurations.

My advice would be to consider the solution as it performs well and seamlessly integrates with existing systems, streamlining processes and proving to be highly beneficial.

Overall, I would rate CloudGuard Network Securit as an eight out of ten.

The solution is a core operating system, and we use it for threat intelligence.

CloudGuard has a better catch rate with respect to any attack which is happening. We once faced an attack in a customer's environment on one of our data centers, and Check Point Firewall blocked that attack. The solution's performance is on the higher side.

The feature most valuable to me is the NDTX blade that Check Point provides, and I like how the solution is not vulnerable. We haven't had any vulnerabilities in Check Point in the last six months, which is a plus point because the OS Check Point provides is hardened enough that it's not vulnerable to the newer issues, so the network security solution is given in a proper way. These features are an advantage for our customers.

The solution is easy to use once deployed if the administrators have a basic understanding of firewalling. Administrators just have to check the traffic passing through the solution, which will log the traffic properly. And if anything gets dropped, the solution will showcase that to you. The management server Check Point uses is a gold standard.

Check Point CloudGuard is not a feature-centric product because Check Point concentrates on security. For example, if a customer asks for reporting, it might not be available, like a bandwidth report. At most, the reports are given with respect to security, not infrastructure.

I've used CloudGuard for the last three years.

We have more than 50 customers.

Customer support needs to think about what the customer is talking about. They need to improve on that.

CloudGuard is not a plug-and-play product and requires proper technical knowledge to deploy it. You need the help of a proper professional to deploy it. Deployment hardly takes four hours, but that's only if you know what you're doing. You need to plan the deployment with respect to AWS. You have to know what exactly the customers have deployed in AWS or Azure, or any cloud solution, and based on the review, you need to do their architecture before you can start the deployment. The first step, then, is to understand the customer's data because everything is on a template when it comes to the cloud. You should understand which template you need to use on any cloud. It is impossible to deploy if you're not aware of the customer's environment and how the cloud infrastructure is made. After selecting the proper template, you have to do the implementation. The implementation will go smoothly if you understand the customer's requirements and infrastructure.

I would not say Check Point is very expensive, but when customers compare it with Sophos or any other products, the price is on the higher side.

In terms of features, FortiGate has more features in terms of routing.

Our customers use Check Point solutions both on-premise and on the cloud.

Check Point's research and development happening in terms of threat intelligence is better than its competitors, and Check Point's vulnerabilities are fewer. Check Point CloudGuard Network Security has proper security in place with respect to the vulnerabilities. They do not have any vulnerabilities right now. And the research and development happening on Check Point is on the higher side. Most zero-day attacks are protected against. Customers should go for Check Point because of these two points.

If a customer wants FortiGate instead, it's all about whether they can map the budget with Check Point or any other security solution. I cannot compare Check Point and FortiGate, though, because each has its own market.

I rate Check Point CloudGuard Network Security a nine out of ten.