Sold by: Check Point Software Technologies
Deployed on AWS
Check Point WAF as a Service (WAFaaS) is an AI-based WAF solution delivering the highest protection against known and zero-day threats through advanced AI and IPS signatures. Check Point WAFaaS provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection. Check Point WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
4.4
Overview
Check Point WAF as a Service (WAFaaS) is an automated solution that delivers superior benefits of a top-tier Web Application Firewall and API Protection, requiring minimal manual intervention. The AI engine continuously learns the behavior of your application, tracking changes throughout its lifecycle. This ensures a minimal false positive rate and reduces tedious rule tuning after each application change. Check Point WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security. Check Point WAFaaS is available in advanced and premium packages. Premium include API Discovery and Zero-day file security. The advanced package provides:
- AI-based engines for prevention of Zero-day Attacks and OWASP Top 10 known attacks.
- AI-based contextual analysis engine to ensure precise detection rate with minimal false positives.
- Snort 3.0 signature enforcement engine.
- Advanced DDoS mitigation to ensure your applications stay accessible to legitimate users by mitigating attacks that overwhelm your network, servers, or applications.
- Rate limiting based on identifiers such as IP address and XFF - limited to 5 rules.
- Intrusion Prevention (IPS), over 2,800 Web CVEs, based on award-winning NSS-Certified IPS.
- Include 3 months of full logs retention - based on the fair usage policy.
You are entitled to free usage of 7 days or 1M HTTP requests whatever comes first, after that you will be billed.
Highlights
- Zero-day prevention: Check Point WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- Deployed within minutes, usage-based pricing: Check Point WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Requires one-time DNS configuration. The consumption is based on the actual number of requests processed by your applications.
- Prevent DDoS and automated bot attacks: Check Point WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
First 10M HTTP requests | $1,500.00 |
10M-60M HTTP requests (price per 1M) | $38.00 |
60M-160M HTTP requests (price per 1M) | $22.00 |
160M HTTP requests and above (price per 1M) | $15.00 |
Vendor refund policy
No Refunds.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
https://supportcenter.checkpoint.com/supportcenter/portal 24x7 email support with emergency phone number. Premier support available for enterprise customers.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Customer reviews
Mohan Janarthanan
Integrated web protection has reduced breaches and now prevents attacks across critical apps
Reviewed on May 22, 2026
Review from a verified AWS customer
What is our primary use case?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall.
The integration is straightforward because I am hosting in the cloud, so Check Point WAF (formerly CloudGuard WAF) can be hosted in a public location wherever my cloud vendor is located as a service provider, and I can host the application within a change of DNS.
What is most valuable?
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF ) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection.
Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions.
The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently.
False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection.
They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
What needs improvement?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform. This is one function they are lagging in.
The reporting functions need improvement. For example, I want to calculate traffic metrics, but I cannot see them in the current Check Point WAF (formerly CloudGuard WAF). To know the overall traffic for today on the application, I have to check multiple dashboards instead of one single dashboard.
For how long have I used the solution?
I have been using it for six months, and Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
Scalability is very good.
How are customer service and support?
The support team is providing good support.
How was the initial setup?
It is easy to deploy and does not require much effort.
What was our ROI?
Return on Investment is a key factor for me in deciding to buy a solution on a major scale, so it is very important for me to consider it. I would say the ROI is about 15 to 20 percent.
Which other solutions did I evaluate?
I am comparing it to F5.
What other advice do I have?
I would definitely recommend this solution because I do not want to implement one more traffic function. I can eliminate the firewall and use Check Point WAF (formerly CloudGuard WAF) alone, thus eliminating Layer 3 traffic directly connecting to my Web Application Firewall.
I would say the TCO is reduced by 20 to 22 percent. The reduction in false positives will definitely be more than 30 percent.
Breach Reduction reduces the false positive part significantly. For example, I have multiple solutions from multiple vendors, and it definitely reduces my false positive alerts and aids in my Breach Reduction efforts. If a person is having a bot attack or if someone attacks with network anomalies on my application, I can identify that.
I rate Check Point WAF (formerly CloudGuard WAF) overall as an 8 or 8.5 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
HarishJogadiya
Cloud security has improved and delivers live threat visibility and reduced attack surface
Reviewed on May 21, 2026
Review provided by PeerSpot
What is our primary use case?
I have been using Check Point WAF (formerly CloudGuard WAF) on a public cloud.
What is most valuable?
The features of Check Point WAF (formerly CloudGuard WAF) relate to addressing global attacks that we require. The threat map, which displays information on a live basis, helps us understand the types of points logs, and that is the best part.
I utilize Check Point WAF (formerly CloudGuard WAF ) alongside other Check Point products. They integrate with internal systems-level security devices, which we are using to communicate internally. The integration makes the tools work better and is helping us significantly.
Beyond user-level benefits, we are receiving some advantages that are really helping us. Check Point WAF (formerly CloudGuard WAF) did reduce my total cost of ownership for my web application firewall, though not by a substantial amount, but it is acceptable.
What needs improvement?
In my opinion, there is some room for improvement regarding pricing, which we require, and much of it relates to the license base and support.
For how long have I used the solution?
I have been using it for more than two to three years, and I confirm that I am currently running on it.
What do I think about the stability of the solution?
Regarding my experience with the deployment, sometimes we encounter difficulties, but overall it is good, and we achieve our time-based objectives. I would rate the stability as eight to nine.
How are customer service and support?
I rate the technical support from one to ten as eight to nine.
Which solution did I use previously and why did I switch?
I did not work with other WAFs before Check Point WAF (formerly CloudGuard WAF).
How was the initial setup?
The initial setup is simplified, and I confirm that it is good for understanding.
What about the implementation team?
As of now, I have not integrated with third-party solutions because it is not required.
What was our ROI?
The investment regarding return on investment is not yet realized, but we are considering that investment base.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What other advice do I have?
Check Point WAF (formerly CloudGuard WAF) is the best option on the market, and it is good for us. The potential attack surface level involves asking about vulnerabilities across the networks, which is why we confirm that it is really helping us.
I find Check Point WAF (formerly CloudGuard WAF) to be good, though I cannot say it is popular in my region.
I would recommend Check Point WAF (formerly CloudGuard WAF) to others, but it depends on the environment. I think it is currently suitable for any types of companies, specifically in the database, which we require.
I confirm that I do not require additional features for Check Point WAF (formerly CloudGuard WAF), and it is currently adequate. I rate this product nine out of ten overall.
Nijat I.
Excellent Traffic Insights for Securing Web Apps and APIs
Reviewed on May 12, 2026
Review provided by G2
What do you like best about the product?
Check Point WAF was mostly used for monitoring and securing internet-facing applications and APIs receiving traffic from outside clients. The majority of daily operations entailed examining rejected requests, analyzing security events post-deployment, and tuning protection rules in case legitimate traffic was impacted.
The main asset in terms of operational activities was insight provided at the HTTP and API level. This allowed for examination of request patterns, header details, path and URL parameters and, if needed, the actual contents of blocked requests, rather than looking at basic network data. It made things more clear whether strange behavior was caused by legitimate application operation, automated scanning, or attack attempts against available services.
Post-updates policy tuning was done occasionally because even minor front-end or API changes were affecting some protection settings.
The main asset in terms of operational activities was insight provided at the HTTP and API level. This allowed for examination of request patterns, header details, path and URL parameters and, if needed, the actual contents of blocked requests, rather than looking at basic network data. It made things more clear whether strange behavior was caused by legitimate application operation, automated scanning, or attack attempts against available services.
Post-updates policy tuning was done occasionally because even minor front-end or API changes were affecting some protection settings.
What do you dislike about the product?
The tuning phase can be a lengthy one due to traffic fluctuations or custom APIs. Initially, I had to spend quite some time ensuring that blocked calls were indeed malicious or a result of the application's normal activity misinterpreted as something else.
Additionally, there is a need for constant tuning when dealing with multiple applications as well as keeping a balance between tight protection and not interrupting the production traffic.
Only after acquiring a good understanding of how signature definitions, exceptions, and policies worked internally did troubleshooting become easier.
Additionally, there is a need for constant tuning when dealing with multiple applications as well as keeping a balance between tight protection and not interrupting the production traffic.
Only after acquiring a good understanding of how signature definitions, exceptions, and policies worked internally did troubleshooting become easier.
What problems is the product solving and how is that benefiting you?
The reliance on traditional firewall filtering and manual monitoring for web application security was much higher before the deployment of Check Point WAF, as these methods were insufficient when detecting potential attacks on application layer.
With the implementation of the new system, security monitoring became more application-focused, allowing us to detect malicious activity targeted at our web applications and web APIs, as well as minimizing vulnerability to standard web attacks and gaining more control over incoming traffic.
With the implementation of the new system, security monitoring became more application-focused, allowing us to detect malicious activity targeted at our web applications and web APIs, as well as minimizing vulnerability to standard web attacks and gaining more control over incoming traffic.
Dharamveer p.
Strong and reliable WAF for modern web and API security
Reviewed on May 02, 2026
Review provided by G2
What do you like best about the product?
What I like best about Check Point CloudGuard WAF is its strong AI-driven threat protection and ability to handle modern web and API security challenges. It does a great job at blocking common attacks like XSS and SQL injection, as well as more advanced threats like zero-day vulnerabilities without relying heavily on manual rule updates. The real-time detection and low false positives make it reliable in production environments, and it reduces a lot of manual effort for security teams.
Another thing I appreciate is how well it fits into cloud environments. Deployment is relatively smooth, and once configured properly, it provides good visibility into traffic, threats, and application behavior. The automated learning and tuning capabilities also help in reducing the overhead typically required in traditional WAF solutions.
Another thing I appreciate is how well it fits into cloud environments. Deployment is relatively smooth, and once configured properly, it provides good visibility into traffic, threats, and application behavior. The automated learning and tuning capabilities also help in reducing the overhead typically required in traditional WAF solutions.
What do you dislike about the product?
What I dislike about Check Point CloudGuard WAF is that the initial setup and fine-tuning can take time, especially for teams that are new to the platform. Some advanced configurations require deeper understanding, and integration with other tools is not always as seamless as expected. Cost can also be a factor, particularly for smaller teams or organizations.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF solves the problem of securing web applications and APIs against evolving cyber threats without heavy manual intervention. It automates threat detection and prevention, reduces operational workload, and ensures continuous protection against both known and unknown attacks. For me, it helps in improving overall application security posture while saving time on manual monitoring and rule management.
Overall, my experience has been positive, especially in terms of strong protection, automation, and reduced manual effort in managing application security.
Overall, my experience has been positive, especially in terms of strong protection, automation, and reduced manual effort in managing application security.
Jawher S.
Strong Multi-Cloud Protection, Needs Easier Tuning
Reviewed on Apr 28, 2026
Review provided by G2
What do you like best about the product?
I use Check Point CloudGuard WAF to protect cloud-native apps and APIs from OWASP Top 10 threats, like injection and XSS, while also providing bot mitigation and granular traffic inspection. I like its seamless integration with the CI/CD pipeline, allowing security policies to be deployed as code without slowing down development. This automation ensures security enforcement with every development, eliminating manual policy updates and reducing human error, which lets developers ship faster while protecting new code immediately. I appreciate its integration with CI/CD tools like Jenkins and CircleCI, and security platforms like Wiz and AWS Network Firewall. We switched to Check Point CloudGuard WAF from a legacy web app firewall because it lacked API security and multi-cloud support, and CloudGuard WAF provides better automation and centralized policy management.
What do you dislike about the product?
The policy tuning can be complex, leading to occasional false positives. Also, dashboard sync delays sometimes occur across multi-cloud environments. The learning curve and tuning effort for non-trivial apps keep it from being a perfect fit for every team.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to secure cloud apps and APIs against automated attacks, zero-day exploits, and reduce manual rule tuning. It integrates seamlessly with CI/CD pipelines, automating security enforcement and allowing faster code deployment.