Sold by: Check Point Software Technologies
Deployed on AWS
Check Point WAF as a Service is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
Check Point WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
4.4
Overview
Check Point WAF as a Service (WAFaaS) for AWS simplifies web application security by eliminating the complexity of traditional WAF solutions. Easily deployable via AWS Marketplace, it provides automated API discovery, schema validation, and real-time security updates to minimize misconfigurations and unauthorized data exposure.
Designed for cloud-native agility, Check Point WAFaaS integrates directly with AWS CI/CD pipelines and Infrastructure-as-Code (IaC) frameworks such as AWS CloudFormation and Terraform. This allows security teams to embed protection into their AWS development workflows without slowing down innovation. It prevents cyber threats, including zero-day attacks, OWASP Top 10 vulnerabilities, bot-driven exploits, and large-scale DDoS attacks, ensuring uninterrupted service availability and security compliance.
Check Point WAFaaS delivers a non-agent WAF that can be deployed in less than 15 minutes. Traffic is effortlessly routed through Check Point servers, which automatically issue SSL certificates. Upon redirection, any HTTP requests are intercepted for inspection and forwarded to the application only after validating their security.
Check Point WAFaaS is available in premium and advanced packages (Advanced package does not include API Discovery and Zero-day file security).
ADVANCED PACKAGE: The Advanced package provides core protection features, including:
- AI-based zero-day prevention: Detects and blocks unknown threats before they exploit vulnerabilities.
- Intrusion Prevention System (IPS): Shields against OWASP Top 10 attacks with over 2,800 Web CVEs.
- AI-driven contextual analysis: Ensures precise threat detection with minimal false positives.
- Advanced DDoS mitigation: Protects applications from overload attacks while keeping services accessible.
- Rate limiting: Controls traffic flow based on IP address and XFF (limited to 5 rules).
- Bot prevention: Detects and blocks automated threats.
- Snort 3.0 signature enforcement: Provides deep packet inspection for enhanced security.
- Includes 3 months of full logs retention (based on the fair usage policy).
PREMIUM PACKAGE: The Premium package includes all Advanced Package features and adds:
- Real-time API discovery & governance: Monitors API traffic for sensitive data exposure and compliance.
- Auto-generated Swagger schema validation: Ensures API security by enforcing structure and access controls.
- Unlimited rate limiting: Expands traffic control beyond IP-based limits, including JWT, cookies, and headers.
- Zero-day file security: Blocks malicious uploads and emerging threats.
- Includes 6 months of full logs retention (based on the fair usage policy).
Highlights
- ZERO-DAY PREVENTION: Check Point WAFaaS has demonstrated prevention of zero-day exploits across a wide spectrum of security events, including log4shell, text4shell, and MOVEit, all in real-time.
- DEPLOYED WITHIN MINUTES: Check Point WAFaaS delivers a non-agent Web application Firewall, deployable within minutes. Only a one-time DNS configuration is necessary for CloudGuard to start routing traffic securely to applications in the cloud.
- PREVENT DDoS AND AUTOMATED ATTACKS: Check Point WAFaaS provides real-time detection and automatic mitigation protection against Distributed Denial of Service (DDoS) attacks and bot-driven assaults.
Details
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/month |
|---|---|---|
SaaS Premium - Up to 10M Req / Month | Check Point WAF as a Service Premium | $1,800.00 |
SaaS Premium - Up to 20M Req / Month | Check Point WAF as a Service Premium | $2,240.00 |
SaaS Premium - Up to 30M Req / Month | Check Point WAF as a Service Premium | $2,680.00 |
SaaS Premium - Up to 40 Req / Month | Check Point WAF as a Service Premium | $3,120.00 |
SaaS Advanced - Up to 10M Req / Month | Check Point WAF as a Service Advanced | $1,500.00 |
SaaS Advanced - Up to 20M Req / Month | Check Point WAF as a Service Advanced | $1,880.00 |
SaaS Advanced - Up to 30M Req / Month | Check Point WAF as a Service Advanced | $2,260.00 |
SaaS Advanced - Up to 40M Req / Month | Check Point WAF as a Service Advanced | $2,640.00 |
Additional pricing options: Custom sizing Req / Month | Check Point WAF as a Service: Custom Sizing | $100,000.00 |
Vendor refund policy
No Refunds
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Customer reviews
Dharamveer p.
Strong and reliable WAF for modern web and API security
Reviewed on May 02, 2026
Review provided by G2
What do you like best about the product?
What I like best about Check Point CloudGuard WAF is its strong AI-driven threat protection and ability to handle modern web and API security challenges. It does a great job at blocking common attacks like XSS and SQL injection, as well as more advanced threats like zero-day vulnerabilities without relying heavily on manual rule updates. The real-time detection and low false positives make it reliable in production environments, and it reduces a lot of manual effort for security teams.
Another thing I appreciate is how well it fits into cloud environments. Deployment is relatively smooth, and once configured properly, it provides good visibility into traffic, threats, and application behavior. The automated learning and tuning capabilities also help in reducing the overhead typically required in traditional WAF solutions.
Another thing I appreciate is how well it fits into cloud environments. Deployment is relatively smooth, and once configured properly, it provides good visibility into traffic, threats, and application behavior. The automated learning and tuning capabilities also help in reducing the overhead typically required in traditional WAF solutions.
What do you dislike about the product?
What I dislike about Check Point CloudGuard WAF is that the initial setup and fine-tuning can take time, especially for teams that are new to the platform. Some advanced configurations require deeper understanding, and integration with other tools is not always as seamless as expected. Cost can also be a factor, particularly for smaller teams or organizations.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF solves the problem of securing web applications and APIs against evolving cyber threats without heavy manual intervention. It automates threat detection and prevention, reduces operational workload, and ensures continuous protection against both known and unknown attacks. For me, it helps in improving overall application security posture while saving time on manual monitoring and rule management.
Overall, my experience has been positive, especially in terms of strong protection, automation, and reduced manual effort in managing application security.
Overall, my experience has been positive, especially in terms of strong protection, automation, and reduced manual effort in managing application security.
Jawher S.
Strong Multi-Cloud Protection, Needs Easier Tuning
Reviewed on Apr 28, 2026
Review provided by G2
What do you like best about the product?
I use Check Point CloudGuard WAF to protect cloud-native apps and APIs from OWASP Top 10 threats, like injection and XSS, while also providing bot mitigation and granular traffic inspection. I like its seamless integration with the CI/CD pipeline, allowing security policies to be deployed as code without slowing down development. This automation ensures security enforcement with every development, eliminating manual policy updates and reducing human error, which lets developers ship faster while protecting new code immediately. I appreciate its integration with CI/CD tools like Jenkins and CircleCI, and security platforms like Wiz and AWS Network Firewall. We switched to Check Point CloudGuard WAF from a legacy web app firewall because it lacked API security and multi-cloud support, and CloudGuard WAF provides better automation and centralized policy management.
What do you dislike about the product?
The policy tuning can be complex, leading to occasional false positives. Also, dashboard sync delays sometimes occur across multi-cloud environments. The learning curve and tuning effort for non-trivial apps keep it from being a perfect fit for every team.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to secure cloud apps and APIs against automated attacks, zero-day exploits, and reduce manual rule tuning. It integrates seamlessly with CI/CD pipelines, automating security enforcement and allowing faster code deployment.
Mikolaj .
AI-Driven Protection with Complex Setup
Reviewed on Apr 27, 2026
Review provided by G2
What do you like best about the product?
I really appreciate the AI-driven protection of Check Point CloudGuard WAF. It helps in protecting web apps and APIs from SQL injections, XSS, and DoS attacks by analyzing incoming traffic and blocking malicious activity in real-time. This reduces the need for manual security management.
What do you dislike about the product?
The setup was a little bit complex, requiring me to understand specifications and documentation.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF for protecting web apps and APIs from SQL injections, XSS, and DoS, analyzing and blocking malicious activity, and reducing the need for manual security management.
BintuFatimah T P.
Robust AI-Driven Security with Room for UI Enhancement
Reviewed on Apr 14, 2026
Review provided by G2
What do you like best about the product?
I like Check Point CloudGuard WAF for its ability to combine intelligent automation with strong visibility, making it a reliable solution for securing cloud applications while reducing operational overhead. It balances advanced security capabilities with usability and scalability effectively, which is great for both security operations and compliance-focused teams. It also integrates well with broader security and cloud ecosystems, which enhances visibility, monitoring, and incident response. The AI-driven protection, excellent visibility, and scalability for cloud environments are strong points, making it a solution I recommend for strengthening application security.
What do you dislike about the product?
I think there are a few areas where Check Point CloudGuard WAF could be improved. I would appreciate more guided onboarding and configuration support. Also, an enhanced UI/UX for policy management and log analysis would be beneficial. I'd like to see greater flexibility in custom rule creation and deeper integration with SIEM and GRC platforms. Expanded documentation and real-world use cases would also be helpful, along with better cost transparency and scalability options. While the setup was moderately easy, there is a learning curve during initial configuration, and the documentation and guidance could improve.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to secure cloud-hosted apps, handle web threats, reduce false positives, improve traffic visibility, simplify multi-cloud security, support compliance, and lower operational overhead.
jawher s.
Effortless Cloud Security with Automated Protection
Reviewed on Apr 08, 2026
Review provided by G2
What do you like best about the product?
I like how Check Point CloudGuard WAF delivers strong automated threat prevention with minimal tuning, making cloud app protection feel both powerful and effortless. I also really appreciate how seamlessly CloudGuard WAF integrates with cloud-native workflows, applying protections automatically as new services spin up so security never slows down development. It's great how CloudGuard automatically applies security policies to every new cloud resource as it's created, so nothing ever launches unprotected and you don't have to slow down development to keep things secure.
What do you dislike about the product?
CloudGuard WAF could improve by making advanced configuration and log analysis faster and less cumbersome. It would benefit from clearer, more intuitive advanced settings and a faster, more searchable log viewer that makes deep dive investigation less time-consuming.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect cloud applications by detecting, blocking, and mitigating web attacks. It solves the headache of constantly monitoring web defenses by automatically blocking threats like OWASP Top 10, bot attacks, and zero-day exploits, making protection feel both powerful and effortless.