Sold by: Check Point Software TechnologiesÂ
Deployed on AWS
Are you looking for an automated Web Application Firewall (WAF) with precise prevention and no management overheads? CloudGuard WAF delivers AI-enabled Web Application and API protection.
Overview
With deep application contextual analysis, CloudGuard WAF eliminates the tradeoff between the level of application security and the complexity of managing it. Your applications drive your business. As they evolve, grow, and expose more APIs, your attack surface expands. CloudGuard WAF learns how an application is typically used by profiling the user and the app content. It then scores each request accordingly, eliminating false positives while maintaining the highest security standards. CloudGuard WAF is easy to deploy and requires no ongoing maintenance as it continues to protect your evolving applications and APIs.
Advantages
- 90% of CloudGuard WAF customers run in prevent mode, demonstrating the hands-off nature of the management required
- 100% of CloudGuard WAF customers have less than 10 exception rules!
- CloudGuard WAF goes from deployment to active protection in just days, not weeks.
Click on the "View Usage Instructions" and "Usage Information" below to get next steps for setting up CloudGuard WAF.
This is a BYOL Image. Pricing and entitlements for this product are directly with Check Point. As an AWS partner Check Point enables marketplace transaction on this listing through a private offer provided by Check Point. Please contact your Check Point trusted advisers (link to a list of CP sellers / or directly to check point SDRs). Payment for the underlaying infrastructures are paid directly to AWS and is based on AWS pricing.
Highlights
- Precise Prevention: Contextual app analysis for high fidelity application security to prevent known and unknown cyberattacks.
- Automated by Design: Auto-deploy, hands-off management and AI-powered short learning cycles.
- Flexible deployment: Protect all applications in any cloud environment built on any architecture.
Details
Categories
Delivery method
Delivery option
Auto Scaling Group
Single Gateway into existing VPC
Single Gateway into new VPC
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please see seller website for refund details.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Auto Scaling Group
A number of AppSec instances in an Auto Scaling Group. Load balanced by an ELB.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
Navigate to https://portal.checkpoint.com ; if you do not have an existing account, open a new account. Open the main menu (icon is in the top left corner), choose APPLICATION SECURITY under the CloudGuard column, then select Cloud on the left. The Getting Started page will open. After defining the asset, you will be redirected to the Profile page. Note: Obtain the Token for CloudGuard WAF from the Profile page.
Resources
Vendor resources
Support
Vendor support
To open a support ticket, send an email to infinity-next-support@checkpoint.com CloudGuard WAF
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Check Point CloudGuard WAF-as-a-Service (WAFaaS) is an AI-based WAF and API discovery and security solution, delivering the highest protection against known and zero-day threats using advanced AI & IPS. The CloudGuard WAF-as-a-Service provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection, and comprehensive API discovery and schema validation. CloudGuard WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
Check Point CloudGuard WAF-as-a-Service (WAFaaS) is an AI-based WAF solution delivering the highest protection against known and zero-day threats through advanced AI and IPS signatures. CloudGuard WAFaaS provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection. CloudGuard WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
Check Point CloudGuard WAFaaS is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
CloudGuard WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
- CloudGuard WAF
- CloudGuard CDR
- CloudGuard Network Security
- CloudGuard CNAPP
- CloudGuard Posture Management
- CloudGuard Code Security
- CloudGuard Workload
- Developer Security
Customer reviews
4.2
7 ratings
7 AWS reviews
|
65 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Ruben Cordero
AI-driven threat detection has reduced incidents and saved team hours weekly
Reviewed on Nov 22, 2025
Review provided by PeerSpot
What is our primary use case?
Check Point CloudGuard WAFÂ 's main use case is protecting web application APIs from external threats. It helps us block common attacks like SQL injections, cross-site scripting, and bot traffic, while also ensuring compliance with the security standards.
One unique aspect of our use case for Check Point CloudGuard WAFÂ is how we leverage it to protect customer APIs that are critical to our business. Because we develop and host several in-house applications, we needed a solution that could adapt quickly to new endpoints and traffic patterns. Check Point CloudGuard WAFÂ has been especially helpful here, automatically learning and adjusting protection without requiring constant manual tuning.
What is most valuable?
The best features Check Point CloudGuard WAFÂ offers include AI-driven threat prevention, protection against OWASP Top 10, and zero-day attacks.
The zero-day attack protection in Check Point CloudGuard WAF has been very effective for us. Instead of waiting for signature updates or manual rule changes, the system uses AI to detect abnormal patterns and block suspicious traffic automatically.
Check Point CloudGuard WAF has positively impacted our organization by strengthening application security while reducing the workload in our team. The AI-driven protection against zero-day attacks and OWASP Top 10 vulnerabilities means threats are blocked automatically before patches are applied. This noticeably reduced the number of incidents we needed to investigate, freeing up time for more strategic projects.
Check Point CloudGuard WAF's ability to preemptively block zero-day attacks is one of its strongest advantages. Instead of relying on traditional signature updates, it uses AI and contextual analysis to spot abnormal traffic patterns and block them before they can exploit vulnerabilities. For example, during the Log4Shell disclosure, Check Point CloudGuard WAF was already blocking the suspicious payloads without us needing to manually adjust rules.
The breach reduction feature of Check Point CloudGuard WAF is one of the most impactful aspects of the solution. It proactively blocks suspicious traffic before it can exploit vulnerabilities, which has noticeably reduced the risk of breach in our environment.
What needs improvement?
Check Point CloudGuard WAF's support is only available in English. I gave Check Point CloudGuard WAF a rating of 9 out of 10 because the language limitation of support keeps it from being a perfect score, as I prefer support in different languages.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for around six years.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is very stable.
What do I think about the scalability of the solution?
Check Point CloudGuard WAF's scalability is very good, and I have no issues with this.
How are customer service and support?
Check Point CloudGuard WAF's customer support is very great and very fast.
I would give Check Point CloudGuard WAF a rating of 10 for customer support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Azure WAF, but I decided to switch to Check Point CloudGuard WAF.
How was the initial setup?
The first deployment of Check Point CloudGuard WAF was initially difficult because the documentation is not intuitive, but it is no longer an issue.
What about the implementation team?
I do not utilize Check Point CloudGuard WAF alongside any other Check Point products. I prefer to use a centralized WAF or specialist WAF to assess the efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAFs.
What was our ROI?
I have saved a significant amount of time and resources since implementing Check Point CloudGuard WAF. Before, our teams often spent several hours manually tuning rules and chasing false positives. The detection has now cut the workload by more than half, freeing up three or four hours less per week.
Check Point CloudGuard WAF has reduced our total cost of ownership by approximately 10%. I consider the time saved as a return on investment since using Check Point CloudGuard WAF.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for Check Point CloudGuard WAF are excellent, and I have no concerns with them.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Check Point CloudGuard WAF.
What other advice do I have?
Check Point CloudGuard WAF is an excellent security tool, and my advice to others looking into using it is that it is complete and modern. Check Point CloudGuard WAF is an excellent solution for web applications, and you should consider it for future deployments. I would rate this product 9 out of 10.
Alejandro M.
Seamless Deployment and Robust Threat Protection with Minimal Maintenance
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
The combination of seamless deployment and strong, intelligent threat protection is the greatest upside. The Ease of Implementation was a significant win, allowing us to onboard critical applications with minimal downtime or configuration overhead. The managed intelligence behind the WAF dramatically reduces false positives while effectively stopping complex Layer 7 attacks, freeing up our team to focus on other priorities. Its low maintenance requirement and high-fidelity alerting are also major benefits.
What do you dislike about the product?
While the core WAF functionality is excellent, the reporting and dashboard visualization could be improved for enterprise-level visibility. It sometimes requires extra effort to correlate specific security events across a large fleet of applications outside of the primary console. Furthermore, the initial licensing model required a bit more negotiation to align perfectly with our specific scale-out architecture. However, the strong Customer Support helped us resolve these initial issues quickly.
What problems is the product solving and how is that benefiting you?
The primary problem solved is the comprehensive and proactive defense of critical web applications and APIs against the escalating threat landscape, particularly zero-day attacks and OWASP Top 10 vulnerabilities. This ensures regulatory compliance is consistently met without excessive manual oversight. The benefit is a significant reduction in operational risk and a dramatic increase in security team efficiency, as the intelligent, automated protection means we spend far less time on triage and fine-tuning rules, ultimately accelerating our application deployment timelines.
Computer Software
Seamless Cloud Integration and Effortless Deployment for DevOps
Reviewed on Nov 19, 2025
Review provided by G2
What do you like best about the product?
I liked that it integrates well with cloud environments and supports laC workflows and this makes the deployment smooth for the Devops team.It is very effective against common web attacks like SQL injection, XSS etc.
What do you dislike about the product?
The User Interface is powerful but it felt slightly overwhelming at first open. Some advanced and powerful options are bit hidden in the menus. Sometimes I felt UI lag issues.
What problems is the product solving and how is that benefiting you?
Cloudguard WAF helped us to tackle two major issues , securing our API's and protecting out web app from modern attacks pattern. During our trial we were able to quickly setup protections against SQL injection and DDOs attack. It gave us better visibility into the suspicious requests and helped us to understand where our product was vulnerable. We used the trial to evaluate whether we could adopt it long term and the experience was vey positive.
Medical Devices
My review: Check Point CloudGuard WAF
Reviewed on Nov 18, 2025
Review provided by G2
What do you like best about the product?
the level of automation! The fact that we didnt have to rely on constant signature updates and changes. The system, sensitive documentation and quality management system are fully protected.
What do you dislike about the product?
The learning curve! I always say it's totally worth it after you've crossed it. It may feel at times that more guidance is needed to really get acquainted with the workings od the tool.
What problems is the product solving and how is that benefiting you?
In the medical device industry and from my point of view, protecting sensitive patient files is the most important feature it has. It is also protecting product art, patents, schemes and product development information.
aditya t.
Powerful, Automated Protection for Modern Cloud Applications
Reviewed on Nov 18, 2025
Review provided by G2
What do you like best about the product?
It's designed to protect our websites , Api and cloud applications from cyber attacks. This protects our application from being hacked. random heavy traffic does not cause the website to go down. reduces false positives saving time for developers and testing. fully automated setup requires very little manual tuning. very powerful for modern cloud native applications.
What do you dislike about the product?
It's many users say that its policies and rules are not easy to configure correctly. it's very expensive. technical engineers are not always available and troubleshooting takes time.
What problems is the product solving and how is that benefiting you?
it's protects your website and API's from all types of cyberattacks , keep data secure makes compliance esay and strengthens your business continuity. cybercriminals try to steal personal , financial and sensitive data stored in databases . cloud guard blocks such attempts by using DPI.