Sold by: Check Point Software Technologies
Deployed on AWS
As your organization expands its web applications, generative AI tools, and APIs, the attack surface grows, increasing exposure to sophisticated cyber threats. Check Point WAF for AWS is a prevention-first, AI-powered web application firewall (WAF) solution designed to deliver robust web application, generative and agentic AI, and API security without compromising efficiency or ease of management.
4.4
Overview
The growth of web applications, generative AI, and APIs introduces new vulnerabilities that traditional security solutions struggle to address. Check Point WAF provides web application, generative and agentic AI, and API Protection. The product leverages deep application contextual analysis and an AI-driven machine learning firewall to profile users, monitor application behavior, and detect both known and unknown threats. With over 90% of customers operating in prevention mode and 100% requiring fewer than 10 exception rules, Check Point WAF delivers precise API security while minimizing false positives and simplifying operations.
Advanced Threat Prevention Without Manual Overhead
Check Point WAF provides protection against OWASP Top 10 vulnerabilities, DDoS attacks, API-based threats, and zero-day vulnerabilities - all without requiring ongoing signature updates. Its advanced machine learning firewall capabilities and contextual analysis ensure accurate detection and seamless protection, allowing your security team to focus on strategic priorities rather than managing exceptions.
Optimized for Dynamic Cloud Environments
Built specifically for cloud-native deployments, Check Point WAF integrates natively with AWS services to automate scaling and management. As your applications and APIs evolve, Check Point WAF delivers consistent and reliable web application security without increasing operational overhead. It also supports CI/CD pipeline integration and infrastructure-as-code, enabling API security directly into your development workflows.
Flexible Licensing and Seamless AWS Integration
Check Point WAF is offered as a BYOL (Bring Your Own License) solution, with pricing and entitlements managed directly through Check Point. The underlying AWS infrastructure is billed separately based on standard AWS pricing. This flexibility ensures that CloudGuard aligns with your organizations unique operational and financial needs while maintaining strong integration with AWS services.
Getting Started
To deploy Check Point WAF, click on the "View Usage Instructions" and "Usage Information" below for next steps. For licensing and private offers, contact your Check Point trusted advisor or sales team. AWS infrastructure billing is handled directly through AWS and follows standard pricing models.
Highlights
- AI-Driven Application Security: Protects against both known and unknown cyberattacks including OWASP Top 10 vulnerabilities, DDoS attacks, API threats, AI-driven attacks, and zero-day exploits using AI-powered machine learning. Delivers high efficacy, reduces false positives, and minimizes operational complexity.
- Rapid Deployment and Scalability: Move from setup to active protection within days and gain flexibility for growth for web application, APIs, AI applications and worloads with AWS-native scaling and pay-as-you-go pricing.
- Seamless AWS Integration: Designed for dynamic cloud environments, automates scaling, simplifies management, and integrates natively with AWS services to deliver consistent, reliable web, AI and API security at scale.
Details
Categories
Delivery method
Delivery option
Auto Scaling Group
Single Gateway into existing VPC
Single Gateway into new VPC
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please see seller website for refund details.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Auto Scaling Group
A number of AppSec instances in an Auto Scaling Group. Load balanced by an ELB.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
Navigate to https://portal.checkpoint.com ; if you do not have an existing account, open a new account. Open the main menu (icon is in the top left corner), choose APPLICATION SECURITY under the CloudGuard column, then select Cloud on the left. The Getting Started page will open. After defining the asset, you will be redirected to the Profile page. Note: Obtain the Token for CloudGuard WAF from the Profile page.
Resources
Support
Vendor support
To open a support ticket, send an email to infinity-next-support@checkpoint.com CloudGuard WAF
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Customer reviews
BintuFatimah T P.
Robust AI-Driven Security with Room for UI Enhancement
Reviewed on Apr 14, 2026
Review provided by G2
What do you like best about the product?
I like Check Point CloudGuard WAF for its ability to combine intelligent automation with strong visibility, making it a reliable solution for securing cloud applications while reducing operational overhead. It balances advanced security capabilities with usability and scalability effectively, which is great for both security operations and compliance-focused teams. It also integrates well with broader security and cloud ecosystems, which enhances visibility, monitoring, and incident response. The AI-driven protection, excellent visibility, and scalability for cloud environments are strong points, making it a solution I recommend for strengthening application security.
What do you dislike about the product?
I think there are a few areas where Check Point CloudGuard WAF could be improved. I would appreciate more guided onboarding and configuration support. Also, an enhanced UI/UX for policy management and log analysis would be beneficial. I'd like to see greater flexibility in custom rule creation and deeper integration with SIEM and GRC platforms. Expanded documentation and real-world use cases would also be helpful, along with better cost transparency and scalability options. While the setup was moderately easy, there is a learning curve during initial configuration, and the documentation and guidance could improve.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to secure cloud-hosted apps, handle web threats, reduce false positives, improve traffic visibility, simplify multi-cloud security, support compliance, and lower operational overhead.
jawher s.
Effortless Cloud Security with Automated Protection
Reviewed on Apr 08, 2026
Review provided by G2
What do you like best about the product?
I like how Check Point CloudGuard WAF delivers strong automated threat prevention with minimal tuning, making cloud app protection feel both powerful and effortless. I also really appreciate how seamlessly CloudGuard WAF integrates with cloud-native workflows, applying protections automatically as new services spin up so security never slows down development. It's great how CloudGuard automatically applies security policies to every new cloud resource as it's created, so nothing ever launches unprotected and you don't have to slow down development to keep things secure.
What do you dislike about the product?
CloudGuard WAF could improve by making advanced configuration and log analysis faster and less cumbersome. It would benefit from clearer, more intuitive advanced settings and a faster, more searchable log viewer that makes deep dive investigation less time-consuming.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect cloud applications by detecting, blocking, and mitigating web attacks. It solves the headache of constantly monitoring web defenses by automatically blocking threats like OWASP Top 10, bot attacks, and zero-day exploits, making protection feel both powerful and effortless.
Sachin-Yadav
AI-driven protection has reduced attack impact and now secures web apps and APIs in real time
Reviewed on Apr 07, 2026
Review provided by PeerSpot
What is our primary use case?
I use Check Point CloudGuard WAF for web application and API protection. I can provide a scenario where I used Check Point CloudGuard WAF to defend against an SQL injection attack on a web app. It detects query patterns via machine learning and then blocks requests instantly without needing any rule writing.
What is most valuable?
Check Point CloudGuard WAF offers various capabilities including AI-based threat prevention, API security, DDoS protection at multi-layer, L3 and L7 protection, bot protection, behavioral analysis, and fingerprinting.
AI-based threat prevention stands out for me because instead of relying on static signatures that have been added in the cloud, it uses behavioral baselines. For example, if I'm using an application with behavioral application capabilities, it provides me high security using AI-based threat prevention. Behavioral learning mode has been divided into various phases. The first phase is the learning mode where it automatically learns. Whenever I onboard any app, it observes the traffic for a short duration or builds a statistical model for that application, and no manual training is required. In phase two, enforcement mode, any new request is evaluated against known attack patterns via machine learning.
Real-time response is really helpful when onboarding any application with Check Point CloudGuard WAF . When we onboard any application, it creates a statistical model of that application, and according to that, it observes known attack patterns, then blocks them instantly, providing another layer of security.
Check Point CloudGuard WAF has really reduced the headache of IT engineers and has helped me in security through machine learning.
What needs improvement?
Check Point CloudGuard WAF can be improved in several ways. We have faced slowness issues in our network after onboarding it on any application. The cost can be higher than traditional WAF solutions, and its heavy reliance on AI also means we have less manual control. Maximum work is done via AI, so that can be reduced.
The cost can be decreased, and regarding manual controls, I just wanted to say that relying directly on AI is not good for our environment because AI is copying our data.
According to other traditional OEMs, we experience a few issues with pricing. The pricing is high compared to other vendors, and I have already mentioned the high reliance on AI, which can be a concern.
Customer support can be improved because we have to reach out to the distributors for support. That could be directly controlled by the OEM.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for more than a year.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is really stable.
What do I think about the scalability of the solution?
Its scalability is strongly stable. It allows cloud-native elastic scaling and is delivered via SaaS and a deployment agent.
The performance of Check Point CloudGuard WAF has improved compared to other traditional OEMs, and it is easy to use due to AI and machine learning. Management is also straightforward, but it can be improved for new users by providing specific training.
Which solution did I use previously and why did I switch?
I was not using any solution previously. Check Point CloudGuard WAF is my first solution.
What was our ROI?
It has saved me time.
What's my experience with pricing, setup cost, and licensing?
Pricing is a little bit high compared to other OEMs, and the setup cost was handled by a partner.
Which other solutions did I evaluate?
I have not evaluated any other options.
What other advice do I have?
I want to strongly advise this product to other users. Not because of pricing—while the pricing is a little high, the level of security provided is much more critical. I would rate this product an 8.
Munyaradzi Allan N.
AI-Powered Security with a Price Tag
Reviewed on Mar 29, 2026
Review provided by G2
What do you like best about the product?
I really appreciate Check Point CloudGuard WAF as it stands out as a modern, AI-driven web application and API protection platform that does far more than traditional WAFs. I like its prevention-first approach using contextual AI and machine-learning models to detect new and unknown threats before they are documented, which is especially appealing for organizations that prioritize true zero-day resilience. It addresses multiple modern security issues that traditional WAFs struggle with.
What do you dislike about the product?
the pricing is high, many companies might not benefit from this
What problems is the product solving and how is that benefiting you?
I find Check Point CloudGuard WAF prevents zero-day attacks before they're known, addressing multiple modern security challenges traditional WAFs struggle with.
Yosra M.
Centralized Protection with Seamless Cloud Integration
Reviewed on Mar 26, 2026
Review provided by G2
What do you like best about the product?
I like most about Check Point CloudGuard WAF is its seamless integration with cloud environments and the ability to enforce consistent security policies across multiple platforms through a single console. It also provides strong centralized protection and cloud-native integration. The initial setup was relatively simple thanks to the cloud-native integration and automated policy template.
What do you dislike about the product?
One area that could be improved is the initial setup and policy tuning, which can feel complex and time-consuming, especially for teams without deep prior experience with Check Point's ecosystem.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect our cloud-native applications from web attacks, centralize security policy management, automate defense, and solve the challenge of securing distributed cloud applications with unified visibility, automated threat prevention, and simplified compliance management.