Basically, we are using Check Point CloudGuard firewalls everywhere. We are using them at the perimeter and internally.

By implementing this solution, we wanted to protect our perimeter. We are using Check Point along with other solutions to protect our perimeter. We also have many application-level use cases that can be solved with Check Point. 

Most of the things that we have are on the cloud. Its main benefit is reliability. We have tested so many firewalls on the cloud, but when it comes to reliability, other firewalls fail miserably. Check Point is very good. It is a very reliable solution. With other vendors, when you move something to the cloud, the features that they are offering might only work partially. We never faced any such issue with Check Point. They offer features that will work completely. Apart from that, they have solutions for almost every cloud use case. That is another thing we love.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. They have a centralized management server. There is a process called CME. If you have multiple clouds, such as AWS, GCP, and Oracle, and you are deploying CloudGuard across all the clouds, you have single management to take care of everything. This is why they provided a unified management solution. CME takes care of scaling and integration. It has a zero-touch approach. It takes care of everything. You just need to deploy it, and the connectivity should be there. It then takes care of everything. It drastically reduces the deployment time and administration overhead.

When any incident happened, it was able to tell us the particular packet associated with that. Based on its internal intelligence, it identifies everything. We were not even aware that there was an attack like that, but it gave us complete clarity about what happened and what was the attack journey. Visibility-wise, it has been very good.

It makes us confident in our security. We have proper visibility into the network. We can see exactly what is happening. We get this level of clarity. Especially when we offload the SSL capability on the firewall, we have unparalleled visibility on even the SSL traffic.

The number of options it gives for deployment or security is valuable. When it comes to security, it has a feature that is super awesome for zero-day-based attacks. Their IPS is also very capable. We tested other firewalls, and we understood that it is the best one in the market. 

When it comes to the firewall capabilities, the level of information that it offers for any security incident is very good. It gives a very good clarity about what happened and at what time. It is very good.

There is centralization. You can manage everything in a single pane, and you have support for all the software. If it is a Kubernetes, you have a solution for it. If it is IOT, you can cover that. You have gateways as well for network security.

The main issue that I have noticed is that for deployment, it still requires a dedicated management server, and the gateway is completely different. That sometimes can cause issues. If it loses communication with the management server and you want to push any sort of critical policy, that would be affected. Apart from that, I do not see any issues. Everything else is going well.

We have been working with Check Point firewalls for more than ten years. We are currently using Check Point CloudGuard firewalls.

Check Point also has NGFW firewalls. They are hardware-based firewalls. All the features are identical. The only difference is that one is on a virtual platform, and the other one is on a physical platform.

It is reliable.

We are only using auto-scaling firewalls. The good thing is that it scales well. Within seven to ten minutes, it gets integrated with the management server. If there is a failure, the firewall will be ready within ten minutes.

We have a team of around seven people who take care of the network security part. Our environment can go up to 3,000. If you combine the server users and the end users, there are more than 10,000 users.

We work closely with Check Point support when there is any issue or limitation. When we face any issues related to processing, scale-out, or delay, we definitely connect with the Check Point support. They usually provide the solution quickly.

I would rate their support an eight out of ten. The reason why I am not giving them a ten is that we are connected through a third party. We cannot directly engage with Check Point. We usually contact this third party, and they engage Check Point support. We have a technical person assigned directly, which is a good thing, but this is how we initiate the process.

Positive

We are mostly relying on TerraForm. For us, the deployment is very straightforward. When you deploy, it will automatically integrate with its management server, so you do not need to put in any effort. The only thing is that you should have the connectivity between the gateway and the management server. Once you deploy, it automatically gets added to the management. The policy push is automatic. That is very good. So, when it comes to deployment, after pushing the code, you do not need to do anything. Everything will come online. That is the best part.

We do have a couple of gateways in management, but I do not take care of that part. I am mostly on the cloud side.

It takes five to ten minutes for initialization and then there is the management part. At the maximum, it will go up to 30 minutes. I usually see everything happening within 15 to 20 minutes and not more than that, but if there is any connectivity issue or any other error, then the duration will get affected. If it is straightforward, it will take a maximum of 30 minutes and not more than that. Because the integration is automatic, I do not need to onboard the gateway to the management server. There is a functionality called CME that takes care of the entire thing.

In terms of maintenance, it does not require any maintenance. The only catch here is that because it is a cloud version, when it comes to upgrades, you cannot upgrade the existing versions to newer versions. We simply deploy the new one. It is not a complicated task. This is the only thing when it comes to maintenance.

I was the main person who took care of the deployment engineering part. 

I do not have visibility on the ROI, but we are completely satisfied with the performance. We will continue with Check Point in the future. We have been renewing their licenses without thinking about any other firewalls. I consider it as a good investment, but this aspect is managed by a different team.

We have an enterprise licensing team that works closely with Check Point. I know that we have an enterprise agreement with Check Point. That gives us some benefits, but I do not have more information about that.

We tried the Azure Firewall. It was good, but zero-day, URL filtering, and NAC capabilities were not there. It was a native firewall, but it was not able to fulfill our use cases. The main competition was against Palo Alto. When we did the comparison, we found Check Point to be more reliable. With the Palo Alto firewall, we had issues with autoscaling. It was not working as expected. These were the two that we tested. Being a bank, we cannot test everything. There was a discussion with Cisco as well, but we did not go with Cisco.

The advantage that Palo Alto has over Check Point is the GUI. They do not require a dedicated management appliance to be deployed to access the firewall capability. They do have that platform, but the individual gateway can be also accessed via a dedicated GUI. With Check Point, you have to have the software called SmartConsole. It is very good, but a company like ours has too many gateways. When you have so many gateways onboarded to the management, it will be slightly slow, but it is not a show-stopper. The GUI is good, but you require the client applications to be installed on your laptop. From the GUI itself, you would not be able to access them. That is one advantage of Palo Alto. You can straightaway access them through the GUI. The software that you need to install for Check Point is a huge one, so the performance depends on the machine. If you have many gateways associated, it can be a bit slow at times.

Check Point is a number one vendor based on the NSS labs and other regulators. In terms of performance and security, Check Point is always number one. Irrespective of how many firewall vendors are there, Check Point will always be number one. Check Point's capability to identify an incident is also very good. Its performance is also good. We were worried that if we moved to the cloud, unlike on-prem, we would not have any dedicated hardware to accelerate something. However, when we migrated to CloudGuard, we did not face any issues. 

When it comes to the cloud, I would definitely recommend the solution. One main thing is reliability. I appreciate Check Point for that. For an organization like ours, security is the main thing. Check Point has been able to protect us from various attacks. Autoscaling and other things are also working perfectly. We were able to achieve all of our use cases with the Check Point CloudGuard firewall. I do recommend this solution.

For zero-day attacks, I know there is technically no single solution, but our observation is that for most of the sophisticated attacks, if it is not already there, Check Point will have a solution within a day. When it comes to DDoS and bot-level attacks, Check Point has a sophisticated approach to prevent them in most cases.

Overall, I would rate this solution a nine out of ten. 

We had the firewalls set up in the cloud systems. We were using them for VPN as well as the encryption of traffic coming in and leaving the cloud.

When COVID-19 hit and everybody started to work from home, we did not have a scalable VPN technology. Also, with more people working from home, security was a bigger concern. CloudGuard Network Security addressed both needs in one single product.

After implementing CloudGuard Network Security, overnight, 500 people could work from home on a secure and encrypted tunnel. What more could we ask for? When COVID-19 hit and everything closed down, we were able to spin this up within 2 weeks.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. There is a single admin client that you can use. You can have a firewall deployed on-prem. You can have a firewall deployed in GCP. You can have a firewall deployed in AWS or Microsoft Azure, but you can manage it all with a single pane of glass. You can have a single management station managing all of these.

We are very confident about it and our security. It is a very robust solution.

The endpoint VPN is super stable. The routing is also very good. We tried a competing product first, but we could not make it work. We came across CloudGuard. The network routing across different virtual networks in Azure and AWS was way ahead of any of the other technologies. That helped us be able to cover the whole network using one single cluster.

They have come such a long way. There may be other areas that other people use, but as far as I am concerned, I have been very happy with it. There are always newer features getting added and new encryption protocols coming. I can see where they are going and how far they have come. I have been using the Check Point firewall since 2010. It has been 14 years, and I have seen how they have improved.

They are coming out with more SD-WAN express route support from a firewall perspective. That would be great. They keep on launching new features. That is how they work.

I was one of the first sites to use it as a PoC before they even introduced it to the world. It has been 4 or 5 years.

I would rate it a ten out of ten for stability. It has been running since we put it up.

I would rate it a ten out of ten for scalability. It depends on your design. You can either have a static deployment where there is only one firewall, two firewalls, and four firewalls, or you can put it in the elastic mode where it will spin up as the load goes up. It will auto-scale up and auto-scale down. It is fantastic.

They are fantastic. Their technical support is absolutely great. There is ownership right from the top down. They know their product. They stand by their product. If there is a feature that is not working, I have seen them write patches for me in 48 hours. They offered to provide the patch by Sunday evening in Tel Aviv, and by Sunday afternoon, I had an email saying that the patch was available for our download. We could download it and reinstall it. That patch was only written because of something in my deployment. It was not like they had 200 customers who complained about it. I was the only one complaining about it.

Positive

We did a PoC for one week. We had some major issues because of sizing. We sized CloudGuard too small, so we made it bigger. The next week, we did another PoC, and it worked well. By the third week, we were done. We went live, and everybody was working from home. 

I would rate it an eight out of ten in terms of ease of installation.

Their support was good. We set it up when nobody else in the world had seen it. We were probably the third company in the whole world to roll it out. We were that new to it. Nowadays, I would rate their support an eight out of ten, but in those days, it was one out of ten because we were all learning together.

I was the only one involved in its deployment. To deploy this, you need to have a background in IT security and networking put together.

We have seen an ROI. 500 people were able to work from home. That itself is a huge ROI.

It is one of the top solutions in the world. We know that it is protecting our entire cloud infrastructure, so it makes a lot of sense.

I quite like the way they priced it. It is very reasonable.

We did evaluate other solutions. We looked at Fortinet, and they could not do cross-VNet traffic at that time. We spent almost five or six days. We worked 10 to 12 hours a day. Even after 60 to 70 hours, they could not make it work, but it worked out-of-the-box with CloudGuard Network Security. In terms of ease of use, CloudGuard Network Security is any day easier.

We did not just go with our cloud vendor's cloud firewall because the cloud vendor did not have a firewall at that time. Secondly, even if they did, it is always good to have a third-party product protecting the cloud. If we are using AWS, I would not put an AWS firewall there because if there is a compromise somewhere else, it is most likely going to carry over to their firewall too because everything runs on the same fabric, whereas this is separate. It gives a completely independent security front end.

I would definitely recommend it. I have used it. I know how it works.

Check Point has been one of the pioneers of firewall technology. This is the only product that they really do. They are into cybersecurity firewall technology. They are not like other competitors, such as Cisco or Fortinet, who also have network switches, hubs, routers, etc. Check Point is a dedicated company that does cybersecurity. All in all, this is what they do. You can see the investment coming from the top down. They have ownership of the product. I have raised complaints that have gone up to Gil Shwed. He is the CEO and the founder of Check Point. I have got an email from Gil saying that he knows we are frustrated, but they are working on it, and he will make sure that this gets fixed. That is the kind of ownership they have.

Overall, I would rate CloudGuard Network Security a nine out of ten.

We are using CloudGuard Network Security to protect North-South traffic or VPCs. We are using the CloudGuard firewall between the Internet and VPCs. All the traffic needs to pass through the firewall.

CloudGuard Network Security provides features, such as threat emulation, that native cloud solutions do not offer. AWS, Azure, and GCP have a lot of features, but you sometimes need to pay charges for specific features. With Check Point products, you have all these features in one license. You pay once and you can use everything.

CloudGuard Network Security improves our security against advanced threats. Others do not offer features like threat emulation out of the box. CloudGuard Network Security protects very well against advanced threats.

We have a high level of confidence in our cloud network security by using CloudGuard Network Security. The product is similar to what we use in traditional data centers. The infrastructure is almost the same. The way to manage the policies is the same. It is very easy to implement and manage CloudGuard networks. There is some difference when you are using auto-provision, but in the end, it is the same technology. It is easy for a traditional network engineer to work with CloudGuard.

We did not go for the cloud vendor's cloud firewall because we wanted to be able to manage all the firewalls, policies, and other things from a single point. 

The most valuable feature for me is that you have just one license. You can test and implement everything you need with one license. You do not need to pay for separate module licenses when you want IPS or other features. The license includes everything that you need.

The version upgrades need improvement. We faced issues while upgrading our CloudGuard Network Gateway. When we tried to use the template that Check Point offers on their site, it was not available for the second to the latest version, so I was forced to upgrade my management server. That was very challenging for us.

I have been working with Check Point CloudGuard Network Security for 8 years.

I cannot remember the last time I had an issue. It is stable, but every product has a few bugs. If you maintain the configuration and the versions, everything is fine.

We do not have any problems because we can use the auto-provision templates. If I need to scale up or scale down, I can do this. If there is any issue, it is very transparent. For example, if I lose my gateway, the manager will automatically create a gateway and bring everything up.

Their support is very good. Their response is fast. You can contact an engineer in a few minutes, but it depends on the severity of the issue. In the case of a high-severity issue, you can talk to an engineer to assist you with an issue.

Compared to other vendors our company has been working with, Check Point has better support. They have the best technical staff.

Positive

We only use Check Point products. In our data center, we are only using CloudGuard.

It is very easy. With a few clicks, you can implement your firewall. 

It is fair. Its license covers all the features. There is a cost-benefit. The licensing for the cloud is better than on-premises because, with on-premises, you have to pay separately for different things.

Overall, I would rate CloudGuard Network Security a nine out of ten.

Primarily, we are using it for deploying cloud firewalls on Azure to protect our applications. We are using TerraForm.

CloudGuard Network Security helps to streamline bringing in the hardware and putting the effort upfront to do the automation. It takes all that effort away from a human. It streamlines the process and provides security on the cloud.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. It gives us one place to look. Security teams have common logging, and our SIEM integration is already built in. We have a gateway. It is logging for SIEM log servers, and they are being sent to our SIEM. No additional changes are required by anyone to know where to look. It is all integrated into our existing solution.

We are pretty confident in our cloud network security using CloudGuard Network Security. I would rate our confidence level a nine out of ten.

The ease of administration with the cloud management extension and the cloud licensing model is valuable.

I have not dealt with it enough to find any pitfalls.

We have been using CloudGuard Network Security for about four months.

So far, it is great. We use scale sets. We have deployed two gateways per region with the scale set settings of two to ten. We do not have much workload yet, so I cannot say how the scaling is working, but overall, I am sure we will be able to scale the gateways.

I did not need support for much of what we have been working on.

We mostly have a public cloud in Azure. Over the next few months, we are looking to port the same functionality we have in Azure to AWS. 

The deployment is simple as well as complex. The ARM template to deploy in Azure is very simple, but we have taken that and extracted it to do it via TerraForm. The migration to TerraForm is a little more complicated, but we made it work.

We have not gone far enough to know.

We are using our BYOL. We are using our existing Check Point discounts to work with licensing. Overall, it is very competitive. Its pricing is reasonable to me.

I have not evaluated other solutions.

I would advise taking a look at the solution. It performs well and integrates with our existing solutions. It streamlines processes. It is definitely worth a look.

Overall, I would rate it a nine out of ten. The solution is very similar to what we are doing everywhere else. It integrates well with the Azure services, but nothing is perfect, so I cannot give it a ten.

I use CloudGuard Network Security to enhance our cloud exchange points' security. Our customers can seamlessly connect across multiple clouds within the region, and CloudGuard provides next-generation firewall services to ensure their data and applications are protected.

CloudGuard Network Security has significantly improved our organization by helping us tap into the Check Point customer market.

The VPN features in CloudGuard Network Security have been the most valuable for us. It allows us to scale securely within our infrastructure, providing both strong security and VPN capabilities.

In the next release, including VRF support would be highly beneficial. Many customers have been requesting this feature, as it is currently lacking in Check Point's offerings, which can make architectural designs more cumbersome compared to competitors.

I have been working with CloudGuard Network Security for two and a half years.

As for scalability, it could be even better with VRF support, as it would allow for more efficient scaling without the need to deploy separate firewalls for different workloads.

CloudGuard Network Security has been quite stable.

I would rate technical support for CloudGuard as an eight out of ten.To make it a ten, I would expect more proactive assistance and smoother transitions between support levels.

Positive

When comparing CloudGuard Network Security to other solutions like Fortinet and Palo Alto Firewalls, they are similar in terms of identifying security threats. They all offer robust features such as antivirus, deep packet inspection, and IPS. Some of our customers have transitioned from Palo Alto to Check Point. While I don't have specific reasons, it could be related to factors like pricing.

We deployed it across multiple locations, utilizing AWS for SMS management. The environment was designed to ensure security and privacy, with all deployments being private despite being in the public cloud. Our implementation strategy was flexible, depending on the customer's needs, focusing on workload security first and then gradually migrating workloads. The initial deployment was straightforward.

One significant difference between CloudGuard Network Security and other solutions is the lack of VRF support. This means that when dealing with customers who have multiple segments and exchange points, deploying new firewalls becomes necessary. Competitors' solutions typically include VRF support, making scaling much easier and eliminating the need for additional firewall purchases.

We chose CloudGuard over other vendors because it allows us to provide unified security across multiple cloud providers like AWS, Azure, and Google Cloud. Unlike native cloud firewalls, CloudGuard offers scalability and the ability to expand across different platforms, meeting our customers' needs for consistent security across diverse cloud environments.

We implemented CloudGuard Network Security to meet our customers' demands for enhanced security features and centralized management. They specifically requested Check Point CloudGuard for its robust capabilities, including SMS and MDS for global management.

Using CloudGuard Duo Security has provided us with the ability to manage globally through MDS, which has been a valuable capability. It is convenient to have multiple pockets of global management from UniFi OS.

We realized the benefits of CloudGuard Duo Security quickly after deployment. Understanding the architecture, especially the MDS setup for higher-level organization control, allowed us to establish multiple pockets of management efficiently.

Unified security management allows us to streamline our security operations significantly. With centralized management through SMS and MDS, we can efficiently oversee not only the firewalls within our cloud exchange points but also on-premises devices, enabling a cohesive and unified security architecture across all environments.

I'm very confident in CloudGuard Network Security because it helps us secure our global network. With CloudGuard, we can set up rules to protect against risks from on-premises traffic and ensure security through various measures like single sign-on integration and VPN restrictions.

CloudGuard Network Security is a great product that fulfills firewall needs effectively and provides detailed insights. However, in multi-segment environments requiring multiple VRFs, it can be cumbersome and costly due to the need for separate firewalls.

The best lesson I have learned from using CloudGuard Network Security is to carefully consider the scalability requirements of each environment. While Check Point offers robust features, the lack of VRF support can lead to increased costs and complexity, especially in multi-segment setups where separate firewalls are needed for each segment.

Overall, I would rate CloudGuard Network Security as an eight out of ten.

We primarily use it for egress internet traffic for four clouds, as well as between clouds to on-prem. Those are the main use cases. We have another small use case for ingress traffic, but it is a very small use case right now.

By implementing CloudGuard Network Security, we wanted to get network visibility in our clouds. That was the main point. We also wanted to provide a segregation layer with stateful inspection with all the next-generation features, such as IPS.

CloudGuard Network Security certainly has made our organization more secure. Our business partners cannot inadvertently open up the access that they should not be just to get things done. They now have to go through our firewall. We have got the inspection layer. Our security organization can see threats if they come in and take action on them. We were able to realize its benefits almost instantly.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We heavily use global policy to join on-prem and the cloud, as well as multiple clouds. It is a huge benefit for us as we can set a global standard for policy and then push that across all the different security zones.

We are very confident in our cloud network's security. We have had many years of experience developing it, so we were very aware of the design and the solution within each cloud. We are confident with how we deploy it, and we have plans to make it more efficient as we go.

Most recently, it would be the dynamic objects or datacenter objects. The query feature is going to be a game-changer for us as we move forward. It simplifies our policy, and it gives us a way to dynamically learn and discover things in the cloud instead of having a static way.

Currently, we are struggling with licensing just because of the pace and growth of our cloud. Keeping up with licensing for new regions and new gateway usage is certainly something we are looking into. We are working with our accounting to figure out how we can improve. The licensing piece is big for us.

We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1.

I have been using CloudGuard Network Security for probably five years.

From our experience in five years, it has been very stable.

It seems to be very scalable. We have plans to increase the usage of CloudGuard Network Security.

We do scale sets across our clouds and across many regions globally. The number of applications behind it is in the hundreds if not thousands.

It is an excellent service. I would rate their support a nine out of ten. Improving a little bit in the smaller clouds such as Oracle and Google would help a lot.

Positive

We did not specifically use any similar solution in the cloud. It was brand new.

We have a public cloud and then a hybrid with on-prem. We have AWS, Azure, Google, and Oracle.

In terms of the version, on-prem, we use Maestro, and in the cloud, we use the latest CloudGuard. We use the software version R80.40 and are about to upgrade to R81.20.

Its deployment was a little complex for us because we have a very large cloud environment and we are multi-cloud. We had an existing estate, so it was hard to put a firewall in the path and not break things.

We are still implementing it because we are taking a cloud-by-cloud approach. We have done AWS and Azure. It took probably two years to do that, so I would assume that for Google and Oracle, it is going to take at least a year.

In terms of the implementation strategy, we first develop the IEC for the code to deploy it, and then we deploy it and test it in a sandbox environment. We then deploy it to non-prod and roll it out to those regions, and after that, we would do the same with prod.

We implemented it ourselves.

We have seen an ROI, but I do not have any metrics.

Pricing-wise, it is pretty competitive. However, I would like to see more flexible licensing. There should be more of a consume what you need and true-up type of model.

In the past, we have evaluated other solutions. When we tested them, they did not have the same feature set or functionality that CloudGuard had. When I initially tested years ago, the scaling probably was not as efficient. The support was also a big factor. The support that we got from those vendors was not as good as from our account team with Check Point. 

When we looked at the cloud provider firewalls, they did not match up to what Check Point could do with the various deep packet features and functions like IPS. The feature set was the main difference. At the time, the cloud providers could not provide IPS or deep packet features. That was a big driver for us with Check Point. The fact that we could not integrate policy with our on-prem firewalls, which were from Check Point, was another big driver because we wanted a unified policy. Our existing relationship with Check Point helped as well.

To those evaluating CloudGuard Network Security, I would advise certainly engaging with the Check Point account team. Get their solutions team to help you walk through the solution and talk to others in the industry about their experiences.

The biggest lesson that I have learned from using this solution is to deploy it as soon as you can in your cloud journey.

I would rate CloudGuard Network Security a nine out of ten.