
Overview
The growth of web applications, generative AI, and APIs introduces new vulnerabilities that traditional security solutions struggle to address. Check Point WAF provides web application, generative and agentic AI, and API Protection. The product leverages deep application contextual analysis and an AI-driven machine learning firewall to profile users, monitor application behavior, and detect both known and unknown threats. With over 90% of customers operating in prevention mode and 100% requiring fewer than 10 exception rules, Check Point WAF delivers precise API security while minimizing false positives and simplifying operations.
Advanced Threat Prevention Without Manual Overhead
Check Point WAF provides protection against OWASP Top 10 vulnerabilities, DDoS attacks, API-based threats, and zero-day vulnerabilities - all without requiring ongoing signature updates. Its advanced machine learning firewall capabilities and contextual analysis ensure accurate detection and seamless protection, allowing your security team to focus on strategic priorities rather than managing exceptions.
Optimized for Dynamic Cloud Environments
Built specifically for cloud-native deployments, Check Point WAF integrates natively with AWS services to automate scaling and management. As your applications and APIs evolve, Check Point WAF delivers consistent and reliable web application security without increasing operational overhead. It also supports CI/CD pipeline integration and infrastructure-as-code, enabling API security directly into your development workflows.
Flexible Licensing and Seamless AWS Integration
Check Point WAF is offered as a BYOL (Bring Your Own License) solution, with pricing and entitlements managed directly through Check Point. The underlying AWS infrastructure is billed separately based on standard AWS pricing. This flexibility ensures that CloudGuard aligns with your organizations unique operational and financial needs while maintaining strong integration with AWS services.
Getting Started
To deploy Check Point WAF, click on the "View Usage Instructions" and "Usage Information" below for next steps. For licensing and private offers, contact your Check Point trusted advisor or sales team. AWS infrastructure billing is handled directly through AWS and follows standard pricing models.
Highlights
- AI-Driven Application Security: Protects against both known and unknown cyberattacks including OWASP Top 10 vulnerabilities, DDoS attacks, API threats, AI-driven attacks, and zero-day exploits using AI-powered machine learning. Delivers high efficacy, reduces false positives, and minimizes operational complexity.
- Rapid Deployment and Scalability: Move from setup to active protection within days and gain flexibility for growth for web application, APIs, AI applications and worloads with AWS-native scaling and pay-as-you-go pricing.
- Seamless AWS Integration: Designed for dynamic cloud environments, automates scaling, simplifies management, and integrates natively with AWS services to deliver consistent, reliable web, AI and API security at scale.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Vendor refund policy
Please see seller website for refund details.
Custom pricing options
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Auto Scaling Group
A number of AppSec instances in an Auto Scaling Group. Load balanced by an ELB.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
Navigate to https://portal.checkpoint.com ; if you do not have an existing account, open a new account. Open the main menu (icon is in the top left corner), choose APPLICATION SECURITY under the CloudGuard column, then select Cloud on the left. The Getting Started page will open. After defining the asset, you will be redirected to the Profile page. Note: Obtain the Token for CloudGuard WAF from the Profile page.
Resources
Support
Vendor support
To open a support ticket, send an email to infinity-next-support@checkpoint.com CloudGuard WAF
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Ai-driven cloud security has strengthened threat prevention and improved security posture
What is our primary use case?
The main purpose is to have network security through machine learning, which can offer threat detection and intelligence for my endpoints, and I am looking for application security.
I am looking for an AI-based solution that can strengthen my cloud-native security, automate security, and better prevent threats.
I am looking for an AI-based solution and unified cloud-native security from the SaaS platform to improve my security posture.
What is most valuable?
Check Point WAF (formerly CloudGuard WAF) is a SaaS platform that gives unified cloud-native security across my applications, workloads, and network, allowing me to automate security, prevent threats, ensure compliance, and manage my security posture well across all my cloud environments.
It conducts security scoring and risk scoring, which helps prioritize my security needs, and the advanced threat detection is also very fine, providing actionable information for my current security threats by collecting and analyzing data through threat actors and IOCs, offering tactical, technical, and operational features.
What needs improvement?
The false positive rate is a concern, but I could recommend improvements where false positives have to be minimized better.
This all depends on how the rules are customized and configured, and it can also improve with planning during the initial configuration, including threat intelligence and APIs, so it could enhance how it defends against attacks and prompts injections.
It can find the threat actors behind it, and I find that strategically and technically it is effective, although the AI-related features could improve, especially as global AI capabilities evolve, which are advancing more than what Check Point WAF (formerly CloudGuard WAF) provides compared to competitors.
There are no glitches; I believe improvement could be made primarily in API Gateway and API security, especially by enabling enhanced AI-related features for better fine-tuning.
For how long have I used the solution?
I have experience of two years with the product.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is definitely a highly scalable solution without any doubt.
How are customer service and support?
The customer support is very good.
Which solution did I use previously and why did I switch?
How was the initial setup?
The deployment and initial setup are really straightforward; they provide enough documentation, videos, and deployment documents that are really helpful to complete it faster.
What was our ROI?
The return on investment is very good as it has increased my security posture and the operational efficiency of my engineers.
What's my experience with pricing, setup cost, and licensing?
It is a little bit expensive, but the pricing model is acceptable, though a reduction would make it more competitive with leaders such as Palo Alto.
Which other solutions did I evaluate?
I purchased from a different source.
What other advice do I have?
The configurations are pretty easy, and it is plug-and-play, which gives me regular updates.
I would assess the solution as positive in this regard.
All the integrations are pretty easy through API connectivity, which I can recommend more, and it also helps with modern AI-based vulnerabilities to conduct token tests and improve detection.
I would rate this review a 9 out of 10.
AI-driven protection has strengthened our API security and reduced successful web attacks
What is our primary use case?
What is most valuable?
I believe AI-driven threat detection and prevention capabilities help in identifying, blocking, and responding to application threats more effectively. The AI helps in Check Point WAF (formerly CloudGuard WAF) because it creates a targeted exclusion list based on its learning period. It can detect and stop or prevent threats based on context tuning and historical data.
What needs improvement?
For how long have I used the solution?
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
How are customer service and support?
How was the initial setup?
What other advice do I have?
Despite the complex nature and high price, I think the product is worth buying because it is effective. The configuration is complex, so it is not as easy as with other products. However, I believe it is worth the investment because the security is excellent. For security, Check Point WAF (formerly CloudGuard WAF) is a leader without a doubt. Check Point WAF (formerly CloudGuard WAF) is a very good, highly secure enterprise-level product, but it does have limitations, including the price and the need for trained personnel. I also encounter many errors during HA mode configuration, which can be tricky. I have a hybrid model for deployment. I would rate this review an eight overall.