Sold by: Check Point Software Technologies
Deployed on AWS
Free Trial
Check Point CloudGuard Network Security is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
4.4
Overview
Video
Video 1
Video
Product video
Check Point CloudGuard Network Security is a cloud-native security gateway that delivers industry-leading threat prevention and multi-layered network security for workloads migrated to or deployed in AWS environments.
Comprehensive Cloud Network Security: CloudGuard Network Security for AWS protects cloud assets with a full suite of advanced security capabilities, including: firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, anti-Bot, threat emulation, and threat extraction. These features enable proactive defense against known and unknown threats, ensuring robust protection for cloud workloads.
Industry-Leading Threat Prevention: CloudGuard Network Security for AWS provides advanced threat prevention to secure AWS environments from sophisticated threats, unapproved access, and application-layer Denial of Service (DoS) attacks with industry-leading catch rates.
Full Control of Network Traffic: CloudGuard Network Security for AWS ensures secure, encrypted data flows between your on-premises network and your AWS VPCs. It inspects traffic entering and exiting private subnets in the VPC ("North-South") as well as between VPCs ("East-West").
Unified Security Management: Extend on-premises security policies into the AWS cloud with unified, centralized management via Check Point CloudGuard Security Management Server. Manage policies, logs, and reports consistently across AWS, hybrid, and on-premises environments from a single pane of glass. This listing includes the gateway only. For management, use Check Point Smart-1 Cloud: https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/
Automated, Scalable Cloud Security: Integrates with infrastructure-as-code tools like Terraform and Ansible for policy automation and cloud-native scaling. CloudGuard dynamically adapts security policies based on real-time cloud metadata and changes. Supports AWS Transit Gateway, auto-scaling, high availability, and multi-AZ redundancy.
Flexible Licensing and Seamless AWS Integration: Deploy within minutes as either a single gateway, as a high availability cluster, or as an auto scaling group via Check Point CloudFormation templates (sk111013). Recommended deployment on a 4 vCPU instance for optimal performance. CloudGuard Network Security integrates with a broad range of AWS services, including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Transit Gateway, AWS Outposts, and Amazon Macie.
Getting Started: Supports both Pay-As-You-Go (PAYG) and Bring Your Own License (BYOL) models with a flexible pricing model that supports both usage-based billing and contract-based subscriptions. Start your free 30-day trial to gain full access to CloudGuards features and capabilities. At the end of the trial, your subscription will automatically convert to a paid, usage-based plan, unless canceled beforehand. Request a private offer for custom pricing and terms. For a guided walkthrough, you may request a product demo through this listing.
Highlights
- Advanced Protection with Security Features: Firewall, DLP, IPS, Application Control, IPsec VPN, URL Filtering, Antivirus, Anti-Bot, Threat Emulation and Threat Extraction.
- Industry-Leading Threat Prevention: Cutting-edge threat prevention with industry-leading catch rate of malware, ransomware and other types of attacks (per Miercom and Cyberratings, 2025).
- Unified Security Management: Provides consistent visibility, policy management, logging, reporting and control across hybrid-clouds and on-premises from a single pane of glass.
Details
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c6in.xlarge Recommended | $0.91 |
m7a.large | $0.80 |
m7a.8xlarge | $5.86 |
c7a.xlarge | $0.91 |
c7i-flex.16xlarge | $11.73 |
r5a.2xlarge | $1.50 |
c7a.12xlarge | $8.79 |
m6a.large | $0.80 |
c5n.4xlarge | $3.00 |
m6a.8xlarge | $5.86 |
Vendor refund policy
Terminate the instance at any given time to stop incurring charges.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Once the instance is running, connect to it using SSH, set an admin password using: 'set user admin password' followed by 'save config'. Then connect to https://[instance] using Internet Explorer (IE) to finalize the configuration. Notes:
- SSH password authentication is disabled in /etc/ssh/sshd_config
- For information regarding Firefox and Chrome refer to sk121373.
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at https://www.checkpoint.com/support-services/contact-support/
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Check Point Software Technologies
By Palo Alto Networks
Top
10
In Log Analysis, Network Infrastructure
Top
10
In Network Infrastructure
Top
10
In Network Infrastructure, Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Traffic Inspection
Inspects traffic entering and exiting private subnets in VPC ("North-South") and between VPCs ("East-West")
Advanced Threat Prevention
Provides multi-layered security capabilities including firewall, IPS, threat emulation, and threat extraction with advanced catch rates
Cloud Infrastructure Integration
Supports infrastructure-as-code tools like Terraform and Ansible, dynamically adapts security policies based on cloud metadata
Security Protocol Coverage
Comprehensive security features including Data Loss Prevention, application control, IPsec VPN, URL filtering, antivirus, and anti-Bot protection
Cloud Service Compatibility
Integrates with AWS services including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, and AWS Transit Gateway
Network Traffic Protection
Advanced cloud-native firewall service powered by FortiOS and FortiGuard Labs threat intelligence for securing cloud network traffic
Threat Intelligence
AI-powered intrusion prevention (IPS), data leak prevention (DLP), and advanced filtering capabilities to block malicious traffic and potential security breaches
Dynamic Policy Management
Security policies that dynamically use cloud metadata tags to follow cloud workloads without requiring static IP updates
Geo-Specific Security Control
Enforcement of compliance policies through geo-IP blocking and traffic restrictions to/from specified countries
Multi-Account Security Aggregation
Capability to consolidate security across multiple VPCs and accounts within an AWS region using a single firewall instance
Threat Prevention
Advanced machine learning-powered inspection engine that detects known and zero-day threats including exploits, malware, spyware, and command and control attacks
Web Security
Inline machine learning-based web security engine for real-time detection of phishing, ransomware, and evasive web-based attacks
File Analysis
Proprietary cloud-based hypervisor for static and dynamic file-based threat detection using advanced sandbox analysis techniques
Protocol Layer Security
Comprehensive security coverage across network layers including DNS-layer attack prevention and network data exfiltration detection
Traffic Visibility
Complete application layer-7 traffic inspection and control with dynamic policy management based on AWS tags, application IDs, and user contexts
Standard contract
No
No
No
Customer reviews
Kevin H.
Straightforward Security Tool, Needs Better Support
Reviewed on Jan 11, 2026
Review provided by G2
What do you like best about the product?
I like that Check Point CloudGuard Network Security is straight to the point when securing our customers' network security. The initial setup was pretty straightforward, making it easier to deploy at work.
What do you dislike about the product?
The support is kind of bad. Sometimes the workers don't know their own product properly.
What problems is the product solving and how is that benefiting you?
It helps us secure customer's network security.
Pedro Leão
Cloud security has reduced alerts and improves real-time protection for critical workloads
Reviewed on Dec 23, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for Check Point CloudGuard Network Security has been securing cloud network traffic, and I mainly rely on it to protect workloads in the cloud and enforce consistent security policies across cloud environments.
A quick example of how I use Check Point CloudGuard Network Security to protect my cloud workloads is by inspecting inbound traffic to public-facing services; recently, it blocked suspicious scans and unauthorized access attempts before they could reach my cloud applications.
What is most valuable?
The best features Check Point CloudGuard Network Security offers include cloud-native threat prevention that inspects traffic in real time, consistent policy enforcement across multi-cloud environments, and automation and integration with cloud platforms for easier deployment.
The feature that made the biggest difference for me is the real-time threat prevention because it stops malicious traffic and risky behavior before it ever reaches my cloud workloads. This has significantly reduced actual incidents and false positives that I need to chase.
Check Point CloudGuard Network Security has positively impacted my organization by reducing successful attacks and risky cloud traffic, meaning fewer incidents reach production systems. It has also cut down the time my team spends troubleshooting threats, letting us focus more on proactive cloud security, which has freed up my time.
Since deploying Check Point CloudGuard Network Security, I have seen about a 40% drop in cloud network alerts, which has cut down noise and false positives, helping my team save roughly 25% of time previously spent on manual investigation and threat cleanup.
What needs improvement?
I think the initial setup of Check Point CloudGuard Network Security can be simpler; onboarding could be more intuitive for new cloud teams, and it could also have more flexible custom reporting and better documentation examples.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for about a year.
What do I think about the stability of the solution?
Check Point CloudGuard Network Security is stable.
What do I think about the scalability of the solution?
The scalability of Check Point CloudGuard Network Security has been very good; it handles growth in workloads and traffic smoothly, and the policies scale across accounts without performance issues.
How are customer service and support?
I think the customer support for Check Point CloudGuard Network Security has been responsive and helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously relied mainly on AWS Native security controls, and I switched to Check Point CloudGuard Network Security because I needed stronger threat prevention, better visibility, and centralized policy management, as the AWS Native security controls were too limited for me, necessitating a solution with greater visibility.
How was the initial setup?
I think the initial setup of Check Point CloudGuard Network Security can be simpler; onboarding could be more intuitive for new cloud teams, and it could also have more flexible custom reporting and better documentation examples.
What was our ROI?
I have seen a return on investment from Check Point CloudGuard Network Security, with a clear impact reflected in a 40% reduction in cloud network alerts and about 25% less time spent by my team on manual investigations and threat analysis. This means less operational overhead and more time for proactive cloud projects, translating to measurable cost savings and better efficiency overall.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Check Point CloudGuard Network Security was a bit complex to map out at first; the setup cost was fair, especially through the AWS Marketplace , though planning the right license levels took some initial effort, so overall, it feels like good value for the level of cloud protection I get.
Which other solutions did I evaluate?
I evaluated other solutions, including Palo Alto, the AWS Native Controls, and Fortinet.
Compared to Palo Alto, AWS Native Controls, and Fortinet, Check Point CloudGuard Network Security was easier to integrate with my AWS environment and roll out consistent policies across accounts, so the day-to-day ops felt quicker. Compared to AWS Native, it is more feature-rich, and versus Palo Alto, it is similar in capability but slightly friendlier for multi-cloud automation.
What other advice do I have?
Check Point CloudGuard Network Security provides me with unified security management across my cloud and hybrid environments, and having a single console for policies and visibility simplifies operations, reduces errors, and makes it much easier to manage security consistently as I scale.
I utilize Check Point CloudGuard Network Security alongside other Check Point products like Check Point Quantum Force and Harmony Endpoints, which integrate through a shared management and threat intelligence layer, giving me consistent visibility and protection across cloud, network, and endpoints.
My advice to others looking into using Check Point CloudGuard Network Security is to plan your cloud architecture and policies early and start with a phased rollout.
I would rate Check Point CloudGuard Network Security an eight on a scale of one to ten because I think there is always room to be better.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
NIKHIL G.
A best tool for cloud network security
Reviewed on Dec 18, 2025
Review provided by G2
What do you like best about the product?
Cloud guard helps me clearly see and control cloud network traffic from one place, which makes managing security much easy and simpler this is the best thing about cloud guard
What do you dislike about the product?
It simplifies cloud network security by giving better visibility and reducing the actual effort needed to monitor traffic security which i don't like about the network security
What problems is the product solving and how is that benefiting you?
It helps secure cloud workloads by controlling traffic and avoiding manual security checks by enabling the network security polices which improves the monitoring
Soe Moe T.
Strong Cloud Protection with Some Setup Challenges
Reviewed on Dec 17, 2025
Review provided by G2
What do you like best about the product?
The finest thing for Check Point Cloud Guard Newtwork Security, In my opinion is how well it protects my cloud traffic. I appropriate how simple it is to maintain security policy in one location and it is dependable and work nicely with cloud vendors. Also threat protection seems modern and reliable.
What do you dislike about the product?
Set and configuration can occasionally be a little challenging particularly in more complicated environments. Update and policy changes may take some time to implement.
What problems is the product solving and how is that benefiting you?
We can safe guard cloud workloads and traffic from outside attacks and configuration errors with the aid of Cloud Guard Network Security. It maintains consistency in our rules and facilities the management of security across various cloud platforms.
Devraj Kc
Cloud security has strengthened compliance and now protects internet access for our workloads
Reviewed on Dec 15, 2025
Review from a verified AWS customer
What is our primary use case?
The main use case of using Check Point CloudGuard Network Security is to secure all of our cloud infrastructures while they are browsing the internet and scanning everything.
We use Check Point CloudGuard Network Security for HTTPS inspection as well as URL filtering and providing only a certain limited access for the VMs to certain websites.
What is most valuable?
The best features Check Point CloudGuard Network Security offers are its threat emulation and threat extraction blade as well as bring your own license where you can use the on-prem Check Point CloudGuard and decommission it to use in the cloud.
I believe Check Point CloudGuard Network Security has impacted our organization positively because it is one of the stable products that I have used till now, and we do not have to upgrade Check Point CloudGuard Network Security for any sort of CVE or bug in its OS and it is very stable.
Check Point CloudGuard Network Security has decreased the organizational risk because it provides compliance with HIPAA as well as PCI DSS by means of its compliance blade. It makes it easier for us to determine if we are compliant or not.
It made me more secure because when you talk about security, Check Point CloudGuard Network Security is on top of the list with 99.8 in blocking malware according to the Miercom list. I believe it has had a positive effect and we have not had any incidents.
What needs improvement?
Check Point CloudGuard Network Security needs to focus more on the VPN side by being more flexible with configuring the VPN with route-based VPN and having a failover with it.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for about five to six months, and we are still in the evaluation phase.
What do I think about the stability of the solution?
We have not faced any incident to date when using Check Point CloudGuard Network Security. We have faced zero downtime, and we have not been compromised.
Check Point CloudGuard Network Security is one of the stable products I have used.
What do I think about the scalability of the solution?
Check Point CloudGuard Network Security is very scalable. It depends upon your license, and if you purchase the right kind of license, then it is very scalable.
How are customer service and support?
The customer support for Check Point CloudGuard Network Security is on point. If you raise a case, they will reply within half an hour. I would rate the customer support for Check Point CloudGuard Network Security at a 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use a different solution previously.
How was the initial setup?
The setup was acceptable. We got a good deal.
What about the implementation team?
We only need fewer employees because Check Point CloudGuard Network Security is easier to use in the cloud and we do not have to tweak every setting. However, we are yet to see a good return on investment.
What was our ROI?
We do not need as many employees because Check Point CloudGuard Network Security is easier to use in the cloud and we do not have to tweak every setting. However, we are yet to see a good return on investment.
What's my experience with pricing, setup cost, and licensing?
We are a partner with Check Point CloudGuard Network Security.
Which other solutions did I evaluate?
We did not evaluate any other options.
What other advice do I have?
Currently, we have not used Check Point CloudGuard Network Security alongside with any other Check Point products.
Check Point CloudGuard Network Security does provide unified management access. Currently, we do not have any on-prem devices, but you can use the CloudGuard management system to onboard both cloud as well as on-prem gateways, where you can see the logs for both the devices. Currently, we have not used it on-prem, so we do not have this capability.
If you are looking at the value and security and you do not want to compromise, then Check Point CloudGuard Network Security is one of the best solutions you could have in your organization. I would give this review an overall rating of 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)