Sold by: Check Point Software Technologies
Deployed on AWS
Free Trial
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and a built-in security management server
4.4
Overview
Video
Video 1
Video
Product video
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers industry-leading threat prevention and multi-layered network security for workloads migrated to or deployed in AWS environments.
Comprehensive Cloud Network Security: Check Point Cloud Firewall for AWS protects cloud assets with a full suite of advanced security capabilities, including: firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, anti-bot, threat extraction, and threat emulations. These features enable proactive defense against known and unknown threats, ensuring robust protection for cloud workloads.
Industry-Leading Threat Prevention: Check Point Cloud Firewall for AWS provides advanced threat prevention to secure AWS environments from sophisticated threats, unapproved access, and application-layer Denial of Service (DoS) attacks with industry-leading catch rates (Miercom 2025 and Cyberratings 2025).
Full Control of Network Traffic: Check Point Cloud Firewall for AWS ensures secure, encrypted data flows between your on-premises network and your AWS VPCs. It inspects traffic entering and exiting private subnets in the VPC ("North-South") as well as between VPCs ("East-West").
Unified Security Management: Extend on-premises security policies into the AWS cloud with unified, centralized management via Check Point Security Management Server. Manage policies, logs, and reports consistently across AWS, hybrid, and on-premises environments from a single pane of glass. This listing includes the gateway only. For management, use Check Point Smart-1 Cloud: https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/
Automated, Scalable Cloud Security: Integrates with infrastructure-as-code tools like Terraform and Ansible for policy automation and cloud-native scaling. CloudGuard dynamically adapts security policies based on real-time cloud metadata and changes. Supports AWS Transit Gateway, auto-scaling, high availability, and multi-AZ redundancy.
Seamless AWS Integration: Check Point Cloud Firewall integrates with a broad range of AWS services, including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Transit Gateway, AWS Outposts, and Amazon Macie.
The Security Management Server is included in this "All-In-One" offering; there is no need to choose one of the Check Point Security Management offers. This offering will be deployed as a single "All-In-One" Check Point Cloud Firewall gateway and Security Management Server via Check Point CloudFormation templates (sk111013) or via automation tools such as Ansible, Terraform, etc. This PAYG distributed security gateway is managed from a central Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass.To maintain the highest quality and security of our management solutions, Check Point recommends installing the latest recommended Jumbo Hotfix, especially after the initial deployment. Start your free 30-day trial to gain full access to Cloud Firewall's features and capabilities.
Highlights
- Advanced Protection with Security Features: firewall, DLP, IPS, applicationcControl, IPsec VPN, URL Filtering, antivirus, anti-bot, threat extraction, and threat emulation. Includes Security Management Server.
- Industry-Leading Threat Prevention: Cutting-edge threat prevention with industry-leading catch rate of malware, ransomware and other types of attacks (per Miercom and Cyberratings, 2025).
- Unified Security Management: Provides consistent visibility, policy management, logging, reporting and control across hybrid-clouds and on-premises from a single pane of glass.
Details
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c6in.xlarge Recommended | $0.95 |
c7i.xlarge | $0.95 |
m7a.24xlarge | $16.107 |
c7i.2xlarge | $1.575 |
c6i.12xlarge | $8.76 |
c5n.18xlarge | $12.9255 |
c6i.2xlarge | $1.575 |
m6a.48xlarge | $33.10 |
c7i.12xlarge | $8.76 |
c6i.24xlarge | $16.107 |
Vendor refund policy
Terminate the instance at any given time to stop incurring charges.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Once the instance is running, connect to it using SSH, set an admin password using: 'set user admin password' followed by 'save config'. Then connect to https://[instance] using Internet Explorer (IE) to finalize the configuration. Notes:
- SSH password authentication is disabled in /etc/ssh/sshd_config
- For information regarding Firefox and Chrome refer to sk121373.
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at https://www.checkpoint.com/support-services/contact-support/
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Check Point Software Technologies
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Layered Threat Prevention
Firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, anti-bot, threat extraction, and threat emulation capabilities
Traffic Inspection and Control
Inspects and controls North-South traffic entering and exiting private subnets in VPC as well as East-West traffic between VPCs with encrypted data flows
Infrastructure-as-Code Integration
Integrates with infrastructure-as-code tools including Terraform and Ansible for policy automation and cloud-native scaling with dynamic policy adaptation based on real-time cloud metadata
AWS Service Integration
Integrates with Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Transit Gateway, AWS Outposts, and Amazon Macie
Centralized Security Management
Built-in Security Management Server providing unified policy management, enforcement, logging, and reporting across AWS, hybrid, and on-premises environments from a single console
Advanced Threat Prevention
Safeguards network from known and zero-day threats including exploits, malware, spyware, and command and control attacks using researcher-grade signatures and machine learning inspection engine.
Advanced URL Filtering
Defends against phishing, ransomware, and web-based attacks using inline machine learning-based web security engine with real-time detection of previously unseen threats and dynamic policy controls.
File-Based Threat Detection
Identifies file-based threats through inline static and dynamic analysis in the cloud with proprietary hypervisor technology for detection of sandbox-resistant malware.
DNS Security
Detects and prevents sophisticated DNS-layer network attacks and data exfiltration attempts.
Dynamic Policy Management
Applies policy definitions to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones with automatic adaptation to infrastructure changes without manual intervention.
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Standard contract
No
No
No
Customer reviews
Sandip K.
Strong Cloud Security and Easy Policy Creation with Check Point Cloud Firewall
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
I like check point cloud firewall because it has very strong cloud security and also it is very easy to use and also it has a very effective threat prevention capacity and also we can easily create policy in check point cloud firewall.
What do you dislike about the product?
I dislike most about check point cloud firewall is that the setup is little bit complicated at first, so new users need more time to get familiar with product and also requires guidance for new users to understand the features of it.
What problems is the product solving and how is that benefiting you?
The check point cloud firewall helps us to protect cloud environment from attack and also prevent from unauthorized access from the internet. It helps us to improve network security in our cloud environment and also gives visibility of network and easy policy.
Financial Services
Top-Notch Cloud Firewall with Powerful Threat Prevention
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
Excellent cloud firewall! The main benefits are powerful Threat Prevention and centralized policy management. Deployment is seamless, and the security is top-notch.
What do you dislike about the product?
Heavy and complex tool. SmartConsole has a steep learning curve. Setting up auto-scaling in the cloud is tricky, and premium licensing is costly.
. But overall is ok
. But overall is ok
What problems is the product solving and how is that benefiting you?
It solves cloud security gaps with advanced threat prevention and central control. It benefits me by blocking complex attacks and easing policy management.
Wealie Antar
Cloud security has improved visibility and detection and supports confident migrations
Reviewed on May 22, 2026
Review provided by PeerSpot
What is our primary use case?
I am no longer working with Barracuda products and have shifted to Check Point Cloud Firewall (formerly CloudGuard Network Security) . Check Point Cloud Firewall (formerly CloudGuard Network Security) is used within my company.
The features I find most valuable include the reporting, detection rate of the firewall, and automatic blocking of content in inbound traffic.
I utilize only the Check Point Cloud Firewall (formerly CloudGuard Network Security) firewall and am not using any other Check Point products alongside it.
What is most valuable?
The features I find most valuable include the reporting, detection rate of the firewall, and automatic blocking of content in inbound traffic.
The benefits I have seen using it include reporting, the dashboard, and how it catches the logs. This is particularly valuable for a manager who has to deal with multiple things.
Check Point Cloud Firewall (formerly CloudGuard Network Security) has impacted my organization positively so far.
What needs improvement?
Check Point Cloud Firewall (formerly CloudGuard Network Security) can be improved by bundling more products. As a consumer in the market, I would appreciate at least one or two extra features within the box.
Competitors in the market such as Palo Alto or Fortinet offer more features within their ecosystem. Palo Alto offers extra features within their offering, though it is expensive. If Check Point is not bidding competitively, people may let go of Check Point. The offerings and the price being paid sometimes make Check Point difficult to justify during the initial purchase.
Check Point Cloud Firewall (formerly CloudGuard Network Security) is not very user-friendly. The UI is complex to understand initially, but once I became familiar with it, it became easier.
Exploring the full capabilities by just browsing the website is not possible. Visiting the website regularly is necessary if you are new to Check Point Cloud Firewall (formerly CloudGuard Network Security).
For how long have I used the solution?
I have been working with Check Point Cloud Firewall (formerly CloudGuard Network Security) for almost a year.
What do I think about the scalability of the solution?
The initial setup was somewhat challenging. Check Point Cloud Firewall (formerly CloudGuard Network Security) offers versatility and elasticity for expansion. In case of major workloads, I can vertically stack and grow by adding new hardware. The old and new hardware work in harmony together.
How are customer service and support?
The technical support is quite good so far, particularly the local support.
Which solution did I use previously and why did I switch?
Before finally choosing Check Point Cloud Firewall (formerly CloudGuard Network Security), I evaluated other options including Fortinet and Palo Alto.
I finally chose Check Point Cloud Firewall (formerly CloudGuard Network Security) because of everything it offers. In my country, the pricing falls in the middle range. Palo Alto is the most expensive option, and Fortinet is the cheapest. I do not prefer Fortinet because I feel they are not very strong with detection. Palo Alto was too expensive for my budget.
How was the initial setup?
The initial setup was somewhat challenging. Check Point Cloud Firewall (formerly CloudGuard Network Security) offers versatility and elasticity for expansion. In case of major workloads, I can vertically stack and grow by adding new hardware. The old and new hardware work in harmony together.
What was our ROI?
It is very difficult to determine any return on investment with Check Point Cloud Firewall (formerly CloudGuard Network Security) within a very short span of time. It has only been a year, so I may be able to assess this after another year or so.
Which other solutions did I evaluate?
Before finally choosing Check Point Cloud Firewall (formerly CloudGuard Network Security), I evaluated other options including Fortinet and Palo Alto.
What other advice do I have?
Check Point Cloud Firewall (formerly CloudGuard Network Security) has a nominal impact on my organization. Currently, the landscape is mainly relying on identity. Based on the identity side, Check Point Cloud Firewall (formerly CloudGuard Network Security) does not have much responsibility within my premise or within my system architecture.
Check Point Cloud Firewall (formerly CloudGuard Network Security) has impacted my confidence in secure cloud deployments and migrations. The product is not very user-friendly, and the UI is complex to understand initially, but once I became familiar with it, it became easier. Exploring the full capabilities by just browsing the website is not possible. Visiting the website regularly is necessary if you are new to Check Point Cloud Firewall (formerly CloudGuard Network Security).
Karsh Trivedi
Network security has protected our cloud workloads and simplifies secure access for remote sites
Reviewed on May 20, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Check Point Cloud Firewall (formerly CloudGuard Network Security) is to secure my Amazon Web Services , also known as AWS environment.
I use Check Point Cloud Firewall (formerly CloudGuard Network Security) to secure my AWS environment by configuring it to be the main entry point for any web request that comes into our EC2 servers. It is in the public subnet and has been configured to communicate with the private subnet.
How has it helped my organization?
Check Point Cloud Firewall (formerly CloudGuard Network Security) has positively impacted my organization by mainly helping us secure our cloud environment at the network base. It was a bit cheaper than whatever AWS was offering. Being a network level of security, it was more aligned with what we were thinking as a use case.
What is most valuable?
The best features Check Point Cloud Firewall (formerly CloudGuard Network Security) offers for me are its Threat Protection and Check Point VPN facilities.
The Threat Protection feature helps me in my day-to-day work by actually protecting us from malicious requests getting in by itself. It has machine learning rules deployed on their end, which helps us identify and automatically block malicious requests coming in from the web.
Additionally, I was using RADIUS VPN and it is quite stable for providing site-to-site connectivity between my endpoints to my cloud environment.
What needs improvement?
The only thing I think can be improved about Check Point Cloud Firewall (formerly CloudGuard Network Security) is their syslog logging facility. Currently, the logs that come into our SIEM platform via syslog are creating a lot of noise. If something had to be improved, I would suggest it improves its logging facility and provides more contextualized logs so that it is easier for security analysts to understand and make queries around it.
For how long have I used the solution?
I have been using Check Point Cloud Firewall about three years.
What do I think about the stability of the solution?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is stable.
What do I think about the scalability of the solution?
The scalability of Check Point Cloud Firewall (formerly CloudGuard Network Security) is pretty good and automated.
How are customer service and support?
The customer support for Check Point Cloud Firewall (formerly CloudGuard Network Security) is pretty good.
I would rate the customer support a 10 out of 10 because it provides a lot of information and it quickly helps in resolving the issue.
Which solution did I use previously and why did I switch?
I did not use any different solution than Check Point Cloud Firewall (formerly CloudGuard Network Security).
How was the initial setup?
I was not a part of pricing, setup cost, or licensing.
What about the implementation team?
I did not evaluate any other options before choosing Check Point Cloud Firewall (formerly CloudGuard Network Security).
Which other solutions did I evaluate?
I have not compared Check Point Cloud Firewall (formerly CloudGuard Network Security) to any other solutions.
What other advice do I have?
I would suggest that if your budget allows it and you know how to configure it properly, do go for Check Point Cloud Firewall (formerly CloudGuard Network Security) as it is a very good product to be used. I would rate this product a 9 out of 10 overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
RahulKamble
Centralized security management has improved compliance visibility across multiple sectors
Reviewed on May 18, 2026
Review provided by PeerSpot
What is our primary use case?
We are the system integrator for Check Point Cloud Firewall (formerly CloudGuard Network Security) .
We work with the BFSI, Bank and Finance domain, government segment, as well as corporate industry. In the BFSI and bank and finance sectors, we have deployed this solution to multiple customers including many corporate banks, financial institutes, and trading companies. Most trading companies are using Check Point Cloud Firewall (formerly CloudGuard Network Security) from our side, and we have deployed it for multiple customers.
For application control, intrusion prevention, IPS, anti-bot, sandboxing, zero-day attacks, Zero Trust Network, ZTNA , and multiple features including remote access, encryption communication, and secure integration with Active Directory and LDAP, our customers typically use this solution.
What is most valuable?
Smart console and centralized policy management are the most valuable and useful features of Check Point Cloud Firewall (formerly CloudGuard Network Security). This is the best feature in Check Point along with logging, monitoring, and event monitoring features.
Customers are using it for multiple users, multiple applications, multiple sites, URLs, and many other things. Therefore, they need complete visibility. When logs are collected centrally, a central administrator and central log manager can pull all the details and use them whenever an audit occurs or any kind of compliance is required; they can pull those details easily.
Check Point Cloud Firewall (formerly CloudGuard Network Security) has multiple models available based on user base and user count, including 1530, 1570, and 1590. These are all Quantum Cloud Firewall models, and the Quantum series and 7000 series are also available.
Check Point Cloud Firewall (formerly CloudGuard Network Security) has features that other products do not have, including a very good email security solution. Customers want to switch from those products to Check Point because it has comprehensive email security solutions, and Check Point Cloud Firewall (formerly CloudGuard Network Security) covers that as well. Check Point Harmony Collaboration is the best solution for email security.
What needs improvement?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is already good in the enterprise segment and corporate industries. However, they should have some smaller appliances for some small SMB customers.
For how long have I used the solution?
I have been working with this product specifically for the last 12 years.
What do I think about the stability of the solution?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is a really stable firewall from both hardware and application perspectives, so I do not anticipate finding any challenges with power fluctuations or anything else that might go wrong. Check Point Cloud Firewall (formerly CloudGuard Network Security) is rugged and does not crash.
What do I think about the scalability of the solution?
Check Point Cloud Firewall (formerly CloudGuard Network Security) has multiple models available based on user base and user count, including 1530, 1570, and 1590. These are all Quantum Cloud Firewall models, and the Quantum series and 7000 series are also available.
How are customer service and support?
I do not often communicate with the technical support of Check Point Cloud Firewall (formerly CloudGuard Network Security) because we have our expert team that implements those solutions themselves.
Which solution did I use previously and why did I switch?
Customers were using other solutions such as Sophos and Fortinet before they migrated to Check Point Cloud Firewall (formerly CloudGuard Network Security). The transition was very easy for them as they received all the details in a single dashboard, in a single pane of situation, and all the details are available in log event management solutions.
Customers typically used Fortinet, Sophos, and SonicWall before using Check Point Cloud Firewall (formerly CloudGuard Network Security).
How was the initial setup?
I do participate in the initial setup of Check Point Cloud Firewall (formerly CloudGuard Network Security).
There is no complexity in the implementation for Check Point Cloud Firewall (formerly CloudGuard Network Security); it is easy to configure.
I have not faced many challenges during the initial setup; it has always been straightforward and simple.
What about the implementation team?
We are the system integrator for Check Point Cloud Firewall (formerly CloudGuard Network Security).
What was our ROI?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is definitely a cost-effective solution. When customers buy it and when they expand on this technology, it definitely gives them ROI, return on investment.
Which other solutions did I evaluate?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is easy to implement, easy to use, easy to install, and easy to configure, especially compared to other competitors such as Palo Alto, Fortinet, Sophos, and SonicWall. Therefore, Check Point is pretty comfortable and easy to use.
Check Point Cloud Firewall (formerly CloudGuard Network Security) can be integrated with other firewalls, other network switches, and other network devices with the same solutions. There is nothing hard to implement; it is easy to integrate with other technologies.
What other advice do I have?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is a good solution for organizational prospects helping to reduce risk. Customers are using multiple features such as malware detection, ransomware, zero-day attacks with ZTNA . All the features are available as blade technologies, while others have UTM features; Check Point has blade security solutions, and that is the main use case.
Check Point Cloud Firewall (formerly CloudGuard Network Security) comes under MPLS, SD-WAN, VLAN, and all those features. Moreover, all bundled solutions are available in Check Point, so I do not see that many additional features are needed.
Regarding the documentation I usually use, it is in a presentation type of document focused on customer presentation. I use different types of documents, and if anything is readily available for customer presentations, that is very helpful. Every detail I need is already in the documentation, and I can find it easily.
I give this solution a rating of 9 out of 10.