Sold by: Check Point Software Technologies
Deployed on AWS
Check Point WAF as a Service is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
Check Point WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
4.4
Overview
Check Point WAF as a Service (WAFaaS) for AWS simplifies web application security by eliminating the complexity of traditional WAF solutions. Easily deployable via AWS Marketplace, it provides automated API discovery, schema validation, and real-time security updates to minimize misconfigurations and unauthorized data exposure.
Designed for cloud-native agility, Check Point WAFaaS integrates directly with AWS CI/CD pipelines and Infrastructure-as-Code (IaC) frameworks such as AWS CloudFormation and Terraform. This allows security teams to embed protection into their AWS development workflows without slowing down innovation. It prevents cyber threats, including zero-day attacks, OWASP Top 10 vulnerabilities, bot-driven exploits, and large-scale DDoS attacks, ensuring uninterrupted service availability and security compliance.
Check Point WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.
Check Point WAFaaS is available in premium and advanced packages (Advanced package does not include API Discovery and Zero-day file security).
ADVANCED PACKAGE: The Advanced package provides core protection features, including:
- AI-based zero-day prevention: Detects and blocks unknown threats before they exploit vulnerabilities.
- Intrusion Prevention System (IPS): Shields against OWASP Top 10 attacks with over 2,800 Web CVEs.
- AI-driven contextual analysis: Ensures precise threat detection with minimal false positives.
- Advanced DDoS mitigation: Protects applications from overload attacks while keeping services accessible.
- Rate limiting: Controls traffic flow based on IP address and XFF (limited to 5 rules).
- Bot prevention: Detects and blocks automated threats.
- Snort 3.0 signature enforcement: Provides deep packet inspection for enhanced security.
- Includes 3 months of full logs retention (based on the fair usage policy).
PREMIUM PACKAGE: The Premium package includes all Advanced Package features and adds:
- Real-time API discovery & governance: Monitors API traffic for sensitive data exposure and compliance.
- Auto-generated Swagger schema validation: Ensures API security by enforcing structure and access controls.
- Unlimited rate limiting: Expands traffic control beyond IP-based limits, including JWT, cookies, and headers.
- Zero-day file security: Blocks malicious uploads and emerging threats.
- Includes 6 months of full logs retention (based on the fair usage policy).
Highlights
- ZERO-DAY PREVENTION: Check Point WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- DEPLOYED WITHIN MINUTES: Check Point WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Only a one-time DNS configuration is necessary for CloudGuard to start routing traffic securely to applications in the cloud.
- PREVENT DDoS AND AUTOMATED ATTACKS: Check Point WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
SaaS Premium - Up to 10M Req / Month | Check Point WAF as a Service Premium | $1,800.00 |
SaaS Premium - Up to 20M Req / Month | Check Point WAF as a Service Premium | $2,240.00 |
SaaS Premium - Up to 30M Req / Month | Check Point WAF as a Service Premium | $2,680.00 |
SaaS Premium - Up to 40 Req / Month | Check Point WAF as a Service Premium | $3,120.00 |
SaaS Advanced - Up to 10M Req / Month | Check Point WAF as a Service Advanced | $1,500.00 |
SaaS Advanced - Up to 20M Req / Month | Check Point WAF as a Service Advanced | $1,880.00 |
SaaS Advanced - Up to 30M Req / Month | Check Point WAF as a Service Advanced | $2,260.00 |
SaaS Advanced - Up to 40M Req / Month | Check Point WAF as a Service Advanced | $2,640.00 |
Additional pricing options: Custom sizing Req / Month | Check Point WAF as a Service: Custom Sizing | $100,000.00 |
Vendor refund policy
No Refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Customer reviews
Bala_Krishna
Security has improved for cloud-native apps and now protects APIs with low latency and minimal tuning
Reviewed on Jun 01, 2026
Review provided by PeerSpot
What is our primary use case?
Any cloud-native application is where my clients might be using Check Point WAF (formerly CloudGuard WAF) to secure Layer 7 with low latency. It is one of the best in Layer 7 security.
What is most valuable?
The biggest advantages of Check Point WAF (formerly CloudGuard WAF) are that it is lightweight and the integration into cloud-native applications is very easy. Check Point WAF (formerly CloudGuard WAF ) produces false positives that are minimal. It has a learning process that is unique, adopting an education model approach. Ease of deployment and efficiency, particularly for API security, are phenomenal. The console is key, with Infinity Portal offering access to all kinds of Check Point products and a unique dashboard and reporting system.
Scaling is easy; once deployed, it takes care of everything without causing any concern for improving hardware or configurations. Check Point WAF (formerly CloudGuard WAF) reduces total cost of ownership, being cheaper compared to any other software.
What needs improvement?
As a reseller, the most difficult part is the lack of awareness. Check Point does not provide any kind of awareness programs to the customers, requiring partners to educate customers.
There are indeed some features missing, particularly connected with integration or with artificial intelligence. Check Point WAF (formerly CloudGuard WAF) faces certain issues with dual ISP tagging on entry-level devices since SD-WAN features were added.
For how long have I used the solution?
I have been selling Check Point WAF (formerly CloudGuard WAF) for almost three to four years.
What do I think about the stability of the solution?
Regarding stability, I am not finding any issues; it is very stable.
What do I think about the scalability of the solution?
Check Point WAF (formerly CloudGuard WAF) is very easy to scale. Once deployed, you forget it; it takes care of everything.
How are customer service and support?
My impression of technical support for Check Point WAF (formerly CloudGuard WAF) is that it is adequate. The technical support team is really good.
If I were to rate support from zero to ten points, I would give them a ten, as they are the best.
Which solution did I use previously and why did I switch?
Check Point WAF (formerly CloudGuard WAF) is good; there are no questions asked.
What was our ROI?
In terms of pricing, Check Point WAF (formerly CloudGuard WAF) is not expensive; it is worth the investment. If there is no downtime or bottlenecks while accessing your application from the internet, that itself is the return on investment.
Which other solutions did I evaluate?
I can tell you specific issues or advantages with products such as FortiGate or Check Point perimeter firewall.
What other advice do I have?
From a technical perspective, I do not think Check Point is leading in the web application firewall space. Cloudflare , F5, and Barracuda WAFs are noteworthy. Check Point WAF (formerly CloudGuard WAF) can be configured with no prior training.
When I compare Check Point WAF (formerly CloudGuard WAF) with traditional WAFs, I find its learning curve to be simple.
Check Point has an excellent intelligence engine for zero-day attacks, unmatched by Palo Alto. I would rate this review a ten overall.
NasseerQureshi
Unified security has reduced alert fatigue and improved zero-day protection for our applications
Reviewed on May 27, 2026
Review from a verified AWS customer
What is our primary use case?
The customers I have worked with were primarily using Check Point WAF (formerly CloudGuard WAF) as an application security solution, mostly leveraging Check Point CloudGuard for various purposes such as protecting their application servers from the top 10 OWASP attacks and for Zero-Day protection.
My clients were not working separately with Check Point WAF (formerly CloudGuard WAF) ; they were receiving a unified platform that included firewall, email security, and endpoint security, so the integration effectively eliminated silos in their environment.
What is most valuable?
Check Point WAF (formerly CloudGuard WAF ) was valuable primarily because the data center was in Dubai, making it convenient for customers in the region, and the user interface was really helpful and easy to understand.
Check Point WAF (formerly CloudGuard WAF) helps my clients reduce total cost of ownership, and the return on investment was really high for Check Point WAF (formerly CloudGuard WAF), and it was the only product with GenAI security features compared to other WAF products.
Check Point WAF (formerly CloudGuard WAF) provides benefits such as reduction in alert fatigue with fewer false positives, Zero-Day protection, and the introduction of GenAI LLM features that customers really appreciate.
What needs improvement?
A gap for improvement for Check Point WAF (formerly CloudGuard WAF) is the learning curve, as better training modules could help end customers, and pricing and reporting functionality could also be improved.
For how long have I used the solution?
I have been working with Check Point WAF (formerly CloudGuard WAF) for almost two years.
What do I think about the stability of the solution?
I can rate stability at approximately 8.5.
What do I think about the scalability of the solution?
I can say scalability is a 9.
How are customer service and support?
Technical support is rated at 10.
Which solution did I use previously and why did I switch?
I am currently working with Palo Alto as the product I replaced Check Point WAF (formerly CloudGuard WAF) with. I totally moved to Palo Alto from Check Point WAF (formerly CloudGuard WAF).
How was the initial setup?
The initial setup for Check Point WAF (formerly CloudGuard WAF) is simple; it is not that complex as long as a customer has a basic understanding of how WAF works.
Deployment was really easy for Check Point WAF (formerly CloudGuard WAF); it does not have any complex deployment requirements.
Which other solutions did I evaluate?
Barracuda is the main competitor of Check Point WAF (formerly CloudGuard WAF), along with Fortinet, but Barracuda excels in application security and is doing great in this space.
What other advice do I have?
No product can provide 100% protection, but Check Point WAF (formerly CloudGuard WAF) uses multi-method protection with AI machine learning to detect abnormalities, alongside features like ThreatCloud for real-time analysis of potential zero-day threats. I will highly recommend Check Point WAF (formerly CloudGuard WAF) to other users. I have given this review an overall rating of 8.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
ІгорКузьменко
Security has improved for critical web services and supports complex protection needs
Reviewed on May 26, 2026
Review from a verified AWS customer
What is our primary use case?
Check Point WAF (formerly CloudGuard WAF) is required by customers who have web resources and assets that are important to them and in production. These resources include internet shops, services, and financial services. Without a web application firewall, the business stops, and customers need to implement this solution. Insurance companies, banks, and similar organizations fall into this category.
What is most valuable?
Check Point WAF (formerly CloudGuard WAF) is easy to deploy and provides a complete solution.
Check Point 's approach differs from others because it uses artificial intelligence elements and an AI-based approach. The WAF solution operates as a complex solution with multiple functionalities rather than a simple one.
The solution helps reduce the false positive rate. Productivity shows that only 10 to 25 percent will be false positives.
What needs improvement?
The interface and deployment require qualified skills and a qualified engineer who knows this product very well.
In general, Check Point products load the system somewhat and require more performance and better performance equipment on the customer side.
When compared to solutions specialized only on WAF , such as Imperva or Cloudflare , Check Point WAF (formerly CloudGuard WAF) is a lighter version and does not have as well-performed a load balancer or anti-DDoS option.
For how long have I used the solution?
We started using Check Point WAF (formerly CloudGuard WAF) two years ago.
What do I think about the scalability of the solution?
Check Point WAF (formerly CloudGuard WAF) scores eight to nine points on a ten-point scale for scalability. This scalability is one of the top features of Check Point solutions in general and especially for Check Point WAF (formerly CloudGuard WAF). It is a main approach of the Check Point team.
How are customer service and support?
I cannot be objective in this question because we have our own service team with engineers on our staff. We handle most tickets and cases ourselves.
What about the implementation team?
We operate as a partner company in projects and serve as an integrator for different solutions, including security solutions.
What's my experience with pricing, setup cost, and licensing?
Regarding total cost of ownership, I cannot describe this accurately. Concerning the price for Check Point WAF (formerly CloudGuard WAF) and license costs, the pricing is good, and the approach could be better.
Which other solutions did I evaluate?
Regarding competitors, Cloudflare is the most popular and best-selling solution on the Ukrainian market now, and this trend will continue.
What other advice do I have?
Check Point WAF (formerly CloudGuard WAF) and more Check Point solutions are oriented toward cloud infrastructure, cloud, or hybrid infrastructure. I would give Check Point WAF (formerly CloudGuard WAF) an overall rating of nine points.
Mohan Janarthanan
Integrated web protection has reduced breaches and now prevents attacks across critical apps
Reviewed on May 22, 2026
Review from a verified AWS customer
What is our primary use case?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall.
The integration is straightforward because I am hosting in the cloud, so Check Point WAF (formerly CloudGuard WAF) can be hosted in a public location wherever my cloud vendor is located as a service provider, and I can host the application within a change of DNS.
What is most valuable?
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF ) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection.
Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions.
The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently.
False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection.
They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
What needs improvement?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform. This is one function they are lagging in.
The reporting functions need improvement. For example, I want to calculate traffic metrics, but I cannot see them in the current Check Point WAF (formerly CloudGuard WAF). To know the overall traffic for today on the application, I have to check multiple dashboards instead of one single dashboard.
For how long have I used the solution?
I have been using it for six months, and Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
Scalability is very good.
How are customer service and support?
The support team is providing good support.
How was the initial setup?
It is easy to deploy and does not require much effort.
What was our ROI?
Return on Investment is a key factor for me in deciding to buy a solution on a major scale, so it is very important for me to consider it. I would say the ROI is about 15 to 20 percent.
Which other solutions did I evaluate?
I am comparing it to F5.
What other advice do I have?
I would definitely recommend this solution because I do not want to implement one more traffic function. I can eliminate the firewall and use Check Point WAF (formerly CloudGuard WAF) alone, thus eliminating Layer 3 traffic directly connecting to my Web Application Firewall.
I would say the TCO is reduced by 20 to 22 percent. The reduction in false positives will definitely be more than 30 percent.
Breach Reduction reduces the false positive part significantly. For example, I have multiple solutions from multiple vendors, and it definitely reduces my false positive alerts and aids in my Breach Reduction efforts. If a person is having a bot attack or if someone attacks with network anomalies on my application, I can identify that.
I rate Check Point WAF (formerly CloudGuard WAF) overall as an 8 or 8.5 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
HarishJogadiya
Cloud security has improved and delivers live threat visibility and reduced attack surface
Reviewed on May 21, 2026
Review provided by PeerSpot
What is our primary use case?
I have been using Check Point WAF (formerly CloudGuard WAF) on a public cloud.
What is most valuable?
The features of Check Point WAF (formerly CloudGuard WAF) relate to addressing global attacks that we require. The threat map, which displays information on a live basis, helps us understand the types of points logs, and that is the best part.
I utilize Check Point WAF (formerly CloudGuard WAF ) alongside other Check Point products. They integrate with internal systems-level security devices, which we are using to communicate internally. The integration makes the tools work better and is helping us significantly.
Beyond user-level benefits, we are receiving some advantages that are really helping us. Check Point WAF (formerly CloudGuard WAF) did reduce my total cost of ownership for my web application firewall, though not by a substantial amount, but it is acceptable.
What needs improvement?
In my opinion, there is some room for improvement regarding pricing, which we require, and much of it relates to the license base and support.
For how long have I used the solution?
I have been using it for more than two to three years, and I confirm that I am currently running on it.
What do I think about the stability of the solution?
Regarding my experience with the deployment, sometimes we encounter difficulties, but overall it is good, and we achieve our time-based objectives. I would rate the stability as eight to nine.
How are customer service and support?
I rate the technical support from one to ten as eight to nine.
Which solution did I use previously and why did I switch?
I did not work with other WAFs before Check Point WAF (formerly CloudGuard WAF).
How was the initial setup?
The initial setup is simplified, and I confirm that it is good for understanding.
What about the implementation team?
As of now, I have not integrated with third-party solutions because it is not required.
What was our ROI?
The investment regarding return on investment is not yet realized, but we are considering that investment base.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What other advice do I have?
Check Point WAF (formerly CloudGuard WAF) is the best option on the market, and it is good for us. The potential attack surface level involves asking about vulnerabilities across the networks, which is why we confirm that it is really helping us.
I find Check Point WAF (formerly CloudGuard WAF) to be good, though I cannot say it is popular in my region.
I would recommend Check Point WAF (formerly CloudGuard WAF) to others, but it depends on the environment. I think it is currently suitable for any types of companies, specifically in the database, which we require.
I confirm that I do not require additional features for Check Point WAF (formerly CloudGuard WAF), and it is currently adequate. I rate this product nine out of ten overall.