Sold by: Check Point Software Technologies
Deployed on AWS
Check Point WAF as a Service (WAFaaS) is an AI-based WAF solution delivering the highest protection against known and zero-day threats through advanced AI and IPS signatures. Check Point WAFaaS provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection. Check Point WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
4.4
Overview
Check Point WAF as a Service (WAFaaS) is an automated solution that delivers superior benefits of a top-tier Web Application Firewall and API Protection, requiring minimal manual intervention. The AI engine continuously learns the behavior of your application, tracking changes throughout its lifecycle. This ensures a minimal false positive rate and reduces tedious rule tuning after each application change. Check Point WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security. Check Point WAFaaS is available in advanced and premium packages. Premium include API Discovery and Zero-day file security. The advanced package provides:
- AI-based engines for prevention of Zero-day Attacks and OWASP Top 10 known attacks.
- AI-based contextual analysis engine to ensure precise detection rate with minimal false positives.
- Snort 3.0 signature enforcement engine.
- Advanced DDoS mitigation to ensure your applications stay accessible to legitimate users by mitigating attacks that overwhelm your network, servers, or applications.
- Rate limiting based on identifiers such as IP address and XFF - limited to 5 rules.
- Intrusion Prevention (IPS), over 2,800 Web CVEs, based on award-winning NSS-Certified IPS.
- Include 3 months of full logs retention - based on the fair usage policy.
You are entitled to free usage of 7 days or 1M HTTP requests whatever comes first, after that you will be billed.
Highlights
- Zero-day prevention: Check Point WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- Deployed within minutes, usage-based pricing: Check Point WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Requires one-time DNS configuration. The consumption is based on the actual number of requests processed by your applications.
- Prevent DDoS and automated bot attacks: Check Point WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
First 10M HTTP requests | $1,500.00 |
10M-60M HTTP requests (price per 1M) | $38.00 |
60M-160M HTTP requests (price per 1M) | $22.00 |
160M HTTP requests and above (price per 1M) | $15.00 |
Vendor refund policy
No Refunds.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
https://supportcenter.checkpoint.com/supportcenter/portal 24x7 email support with emergency phone number. Premier support available for enterprise customers.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Customer reviews
Bala_Krishna
Security has improved for cloud-native apps and now protects APIs with low latency and minimal tuning
Reviewed on Jun 01, 2026
Review provided by PeerSpot
What is our primary use case?
Any cloud-native application is where my clients might be using Check Point WAF (formerly CloudGuard WAF) to secure Layer 7 with low latency. It is one of the best in Layer 7 security.
What is most valuable?
The biggest advantages of Check Point WAF (formerly CloudGuard WAF) are that it is lightweight and the integration into cloud-native applications is very easy. Check Point WAF (formerly CloudGuard WAF ) produces false positives that are minimal. It has a learning process that is unique, adopting an education model approach. Ease of deployment and efficiency, particularly for API security, are phenomenal. The console is key, with Infinity Portal offering access to all kinds of Check Point products and a unique dashboard and reporting system.
Scaling is easy; once deployed, it takes care of everything without causing any concern for improving hardware or configurations. Check Point WAF (formerly CloudGuard WAF) reduces total cost of ownership, being cheaper compared to any other software.
What needs improvement?
As a reseller, the most difficult part is the lack of awareness. Check Point does not provide any kind of awareness programs to the customers, requiring partners to educate customers.
There are indeed some features missing, particularly connected with integration or with artificial intelligence. Check Point WAF (formerly CloudGuard WAF) faces certain issues with dual ISP tagging on entry-level devices since SD-WAN features were added.
For how long have I used the solution?
I have been selling Check Point WAF (formerly CloudGuard WAF) for almost three to four years.
What do I think about the stability of the solution?
Regarding stability, I am not finding any issues; it is very stable.
What do I think about the scalability of the solution?
Check Point WAF (formerly CloudGuard WAF) is very easy to scale. Once deployed, you forget it; it takes care of everything.
How are customer service and support?
My impression of technical support for Check Point WAF (formerly CloudGuard WAF) is that it is adequate. The technical support team is really good.
If I were to rate support from zero to ten points, I would give them a ten, as they are the best.
Which solution did I use previously and why did I switch?
Check Point WAF (formerly CloudGuard WAF) is good; there are no questions asked.
What was our ROI?
In terms of pricing, Check Point WAF (formerly CloudGuard WAF) is not expensive; it is worth the investment. If there is no downtime or bottlenecks while accessing your application from the internet, that itself is the return on investment.
Which other solutions did I evaluate?
I can tell you specific issues or advantages with products such as FortiGate or Check Point perimeter firewall.
What other advice do I have?
From a technical perspective, I do not think Check Point is leading in the web application firewall space. Cloudflare , F5, and Barracuda WAFs are noteworthy. Check Point WAF (formerly CloudGuard WAF) can be configured with no prior training.
When I compare Check Point WAF (formerly CloudGuard WAF) with traditional WAFs, I find its learning curve to be simple.
Check Point has an excellent intelligence engine for zero-day attacks, unmatched by Palo Alto. I would rate this review a ten overall.
Luciano P.
Strong OWASP Protection and AI-Driven Threat Prevention That Scales
Reviewed on May 29, 2026
Review provided by G2
What do you like best about the product?
Strong protection against OWASP Top 10 attacks
Easy integration with cloud environments
Good real-time threat prevention and bot protection
Centralized management and visibility
AI-driven threat intelligence from Check Point
Scalable for enterprise workloads
Helpful automation and policy tuning feature
Easy integration with cloud environments
Good real-time threat prevention and bot protection
Centralized management and visibility
AI-driven threat intelligence from Check Point
Scalable for enterprise workloads
Helpful automation and policy tuning feature
What do you dislike about the product?
Initial setup can be complex
Can be expensive for smaller companies
Some advanced configurations require expertise
Dashboard/UI can feel overwhelming at first
Occasional false positives that need tuning
Support response time may vary depending on the plan
Can be expensive for smaller companies
Some advanced configurations require expertise
Dashboard/UI can feel overwhelming at first
Occasional false positives that need tuning
Support response time may vary depending on the plan
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF is solving web application security problems by blocking attacks such as SQL injection, XSS, bots, and API threats. It helps secure cloud applications, reduce security incidents, improve visibility into traffic, and support compliance requirements. The benefits include stronger protection for business applications, reduced downtime, lower risk of data breaches, faster threat response, and improved operational efficiency through centralized management and automation.
Merin K O.
Powerful Security with a Complex Setup
Reviewed on May 29, 2026
Review provided by G2
What do you like best about the product?
I use Check Point WAF to protect our internet-facing web application and APIs from web-based threats like SQL injection and cross-domain issues. The solution provides advanced threat prevention and automated policy cleaning. I appreciate the traffic inspection and reverse migration capabilities that ensure application availability and maintain security compliance. It supports both community and hybrid environments. We also integrate it with our broader security ecosystem, which helps in monitoring and provides better visibility for threat detection. Cloud integration capabilities have simplified development, providing better visibility to application networks and stronger protection against top vulnerabilities.
What do you dislike about the product?
While Check Point WAF provides strong application security and configuration capabilities, there are some areas that could be improved. The initial set of policy tuning process can be complex for new administrators, requiring a good understanding of web application traffic patterns. The interface could be more user-friendly, and the reporting and dashboard customization options could be enhanced to provide more actionable insights. Additionally, licensing can be challenging for smaller organizations, I assume. Faster deployment templates for cloud-native applications would further simplify the implementation.
What problems is the product solving and how is that benefiting you?
I use Check Point WAF to protect our web application and APIs from threats like SQL injection and ensure security compliance. It offers advanced threat prevention, automated policy cleaning, and supports hybrid environments, though initial setup needs expertise.
Ivan D.
Modern WAF that actually reduces tuning, not perfect but solid
Reviewed on May 28, 2026
Review provided by G2
What do you like best about the product?
I appreciate how quickly you can get it up and running. Compared to older WAFs that take time to tune, this one is much faster to deploy and requires less ongoing maintenance, which makes a real difference in day-to-day operations.
What do you dislike about the product?
The platform is also not the most intuitive at first. While the core functionality is strong, getting familiar with some of the advanced features and configuration options takes time, especially if you’re used to simpler WAF solutions.
What problems is the product solving and how is that benefiting you?
It helps a lot with handling modern threats like API abuse, OWASP-type attacks, and zero-days without waiting for signatures or manual rule updates. That means you’re not always reacting after the fact — it blocks things much earlier in the cycle.
Rithin m.
Catches Zero-Day Attacks with Low False Positives and a Unified Security Dashboard
Reviewed on May 27, 2026
Review provided by G2
What do you like best about the product?
The AI engine catches zero-day attacks without throwing false positives at us all day. Bot protection killed our scraping problem, and managing cloud plus on-prem from one dashboard saves real time.
What do you dislike about the product?
The initial learning curve is steeper than I'd like. Documentation could be clearer for advanced policy tuning, and the console can feel sluggish when pulling reports across larger time ranges.
What problems is the product solving and how is that benefiting you?
It solves the problem of constant manual tuning that older WAFs needed. Now our APIs are shielded from injection attacks and credential stuffing automatically, and our team spends way less time triaging noise.