Sold by: Check Point Software Technologies
Deployed on AWS
As your organization expands its web applications, generative AI tools, and APIs, the attack surface grows, increasing exposure to sophisticated cyber threats. Check Point WAF for AWS is a prevention-first, AI-powered web application firewall (WAF) solution designed to deliver robust web application, generative and agentic AI, and API security without compromising efficiency or ease of management.
4.4
Overview
The growth of web applications, generative AI, and APIs introduces new vulnerabilities that traditional security solutions struggle to address. Check Point WAF provides web application, generative and agentic AI, and API Protection. The product leverages deep application contextual analysis and an AI-driven machine learning firewall to profile users, monitor application behavior, and detect both known and unknown threats. With over 90% of customers operating in prevention mode and 100% requiring fewer than 10 exception rules, Check Point WAF delivers precise API security while minimizing false positives and simplifying operations.
Advanced Threat Prevention Without Manual Overhead
Check Point WAF provides protection against OWASP Top 10 vulnerabilities, DDoS attacks, API-based threats, and zero-day vulnerabilities - all without requiring ongoing signature updates. Its advanced machine learning firewall capabilities and contextual analysis ensure accurate detection and seamless protection, allowing your security team to focus on strategic priorities rather than managing exceptions.
Optimized for Dynamic Cloud Environments
Built specifically for cloud-native deployments, Check Point WAF integrates natively with AWS services to automate scaling and management. As your applications and APIs evolve, Check Point WAF delivers consistent and reliable web application security without increasing operational overhead. It also supports CI/CD pipeline integration and infrastructure-as-code, enabling API security directly into your development workflows.
Flexible Licensing and Seamless AWS Integration
Check Point WAF is offered as a BYOL (Bring Your Own License) solution, with pricing and entitlements managed directly through Check Point. The underlying AWS infrastructure is billed separately based on standard AWS pricing. This flexibility ensures that CloudGuard aligns with your organizations unique operational and financial needs while maintaining strong integration with AWS services.
Getting Started
To deploy Check Point WAF, click on the "View Usage Instructions" and "Usage Information" below for next steps. For licensing and private offers, contact your Check Point trusted advisor or sales team. AWS infrastructure billing is handled directly through AWS and follows standard pricing models.
Highlights
- AI-Driven Application Security: Protects against both known and unknown cyberattacks including OWASP Top 10 vulnerabilities, DDoS attacks, API threats, AI-driven attacks, and zero-day exploits using AI-powered machine learning. Delivers high efficacy, reduces false positives, and minimizes operational complexity.
- Rapid Deployment and Scalability: Move from setup to active protection within days and gain flexibility for growth for web application, APIs, AI applications and worloads with AWS-native scaling and pay-as-you-go pricing.
- Seamless AWS Integration: Designed for dynamic cloud environments, automates scaling, simplifies management, and integrates natively with AWS services to deliver consistent, reliable web, AI and API security at scale.
Details
Categories
Delivery method
Delivery option
Auto Scaling Group
Single Gateway into existing VPC
Single Gateway into new VPC
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please see seller website for refund details.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Auto Scaling Group
A number of AppSec instances in an Auto Scaling Group. Load balanced by an ELB.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
Navigate to https://portal.checkpoint.com ; if you do not have an existing account, open a new account. Open the main menu (icon is in the top left corner), choose APPLICATION SECURITY under the CloudGuard column, then select Cloud on the left. The Getting Started page will open. After defining the asset, you will be redirected to the Profile page. Note: Obtain the Token for CloudGuard WAF from the Profile page.
Resources
Support
Vendor support
To open a support ticket, send an email to infinity-next-support@checkpoint.com CloudGuard WAF
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Customer reviews
Bala_Krishna
Security has improved for cloud-native apps and now protects APIs with low latency and minimal tuning
Reviewed on Jun 01, 2026
Review provided by PeerSpot
What is our primary use case?
Any cloud-native application is where my clients might be using Check Point WAF (formerly CloudGuard WAF) to secure Layer 7 with low latency. It is one of the best in Layer 7 security.
What is most valuable?
The biggest advantages of Check Point WAF (formerly CloudGuard WAF) are that it is lightweight and the integration into cloud-native applications is very easy. Check Point WAF (formerly CloudGuard WAF ) produces false positives that are minimal. It has a learning process that is unique, adopting an education model approach. Ease of deployment and efficiency, particularly for API security, are phenomenal. The console is key, with Infinity Portal offering access to all kinds of Check Point products and a unique dashboard and reporting system.
Scaling is easy; once deployed, it takes care of everything without causing any concern for improving hardware or configurations. Check Point WAF (formerly CloudGuard WAF) reduces total cost of ownership, being cheaper compared to any other software.
What needs improvement?
As a reseller, the most difficult part is the lack of awareness. Check Point does not provide any kind of awareness programs to the customers, requiring partners to educate customers.
There are indeed some features missing, particularly connected with integration or with artificial intelligence. Check Point WAF (formerly CloudGuard WAF) faces certain issues with dual ISP tagging on entry-level devices since SD-WAN features were added.
For how long have I used the solution?
I have been selling Check Point WAF (formerly CloudGuard WAF) for almost three to four years.
What do I think about the stability of the solution?
Regarding stability, I am not finding any issues; it is very stable.
What do I think about the scalability of the solution?
Check Point WAF (formerly CloudGuard WAF) is very easy to scale. Once deployed, you forget it; it takes care of everything.
How are customer service and support?
My impression of technical support for Check Point WAF (formerly CloudGuard WAF) is that it is adequate. The technical support team is really good.
If I were to rate support from zero to ten points, I would give them a ten, as they are the best.
Which solution did I use previously and why did I switch?
Check Point WAF (formerly CloudGuard WAF) is good; there are no questions asked.
What was our ROI?
In terms of pricing, Check Point WAF (formerly CloudGuard WAF) is not expensive; it is worth the investment. If there is no downtime or bottlenecks while accessing your application from the internet, that itself is the return on investment.
Which other solutions did I evaluate?
I can tell you specific issues or advantages with products such as FortiGate or Check Point perimeter firewall.
What other advice do I have?
From a technical perspective, I do not think Check Point is leading in the web application firewall space. Cloudflare , F5, and Barracuda WAFs are noteworthy. Check Point WAF (formerly CloudGuard WAF) can be configured with no prior training.
When I compare Check Point WAF (formerly CloudGuard WAF) with traditional WAFs, I find its learning curve to be simple.
Check Point has an excellent intelligence engine for zero-day attacks, unmatched by Palo Alto. I would rate this review a ten overall.
NasseerQureshi
Unified security has reduced alert fatigue and improved zero-day protection for our applications
Reviewed on May 27, 2026
Review from a verified AWS customer
What is our primary use case?
The customers I have worked with were primarily using Check Point WAF (formerly CloudGuard WAF) as an application security solution, mostly leveraging Check Point CloudGuard for various purposes such as protecting their application servers from the top 10 OWASP attacks and for Zero-Day protection.
My clients were not working separately with Check Point WAF (formerly CloudGuard WAF) ; they were receiving a unified platform that included firewall, email security, and endpoint security, so the integration effectively eliminated silos in their environment.
What is most valuable?
Check Point WAF (formerly CloudGuard WAF ) was valuable primarily because the data center was in Dubai, making it convenient for customers in the region, and the user interface was really helpful and easy to understand.
Check Point WAF (formerly CloudGuard WAF) helps my clients reduce total cost of ownership, and the return on investment was really high for Check Point WAF (formerly CloudGuard WAF), and it was the only product with GenAI security features compared to other WAF products.
Check Point WAF (formerly CloudGuard WAF) provides benefits such as reduction in alert fatigue with fewer false positives, Zero-Day protection, and the introduction of GenAI LLM features that customers really appreciate.
What needs improvement?
A gap for improvement for Check Point WAF (formerly CloudGuard WAF) is the learning curve, as better training modules could help end customers, and pricing and reporting functionality could also be improved.
For how long have I used the solution?
I have been working with Check Point WAF (formerly CloudGuard WAF) for almost two years.
What do I think about the stability of the solution?
I can rate stability at approximately 8.5.
What do I think about the scalability of the solution?
I can say scalability is a 9.
How are customer service and support?
Technical support is rated at 10.
Which solution did I use previously and why did I switch?
I am currently working with Palo Alto as the product I replaced Check Point WAF (formerly CloudGuard WAF) with. I totally moved to Palo Alto from Check Point WAF (formerly CloudGuard WAF).
How was the initial setup?
The initial setup for Check Point WAF (formerly CloudGuard WAF) is simple; it is not that complex as long as a customer has a basic understanding of how WAF works.
Deployment was really easy for Check Point WAF (formerly CloudGuard WAF); it does not have any complex deployment requirements.
Which other solutions did I evaluate?
Barracuda is the main competitor of Check Point WAF (formerly CloudGuard WAF), along with Fortinet, but Barracuda excels in application security and is doing great in this space.
What other advice do I have?
No product can provide 100% protection, but Check Point WAF (formerly CloudGuard WAF) uses multi-method protection with AI machine learning to detect abnormalities, alongside features like ThreatCloud for real-time analysis of potential zero-day threats. I will highly recommend Check Point WAF (formerly CloudGuard WAF) to other users. I have given this review an overall rating of 8.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
ІгорКузьменко
Security has improved for critical web services and supports complex protection needs
Reviewed on May 26, 2026
Review from a verified AWS customer
What is our primary use case?
Check Point WAF (formerly CloudGuard WAF) is required by customers who have web resources and assets that are important to them and in production. These resources include internet shops, services, and financial services. Without a web application firewall, the business stops, and customers need to implement this solution. Insurance companies, banks, and similar organizations fall into this category.
What is most valuable?
Check Point WAF (formerly CloudGuard WAF) is easy to deploy and provides a complete solution.
Check Point 's approach differs from others because it uses artificial intelligence elements and an AI-based approach. The WAF solution operates as a complex solution with multiple functionalities rather than a simple one.
The solution helps reduce the false positive rate. Productivity shows that only 10 to 25 percent will be false positives.
What needs improvement?
The interface and deployment require qualified skills and a qualified engineer who knows this product very well.
In general, Check Point products load the system somewhat and require more performance and better performance equipment on the customer side.
When compared to solutions specialized only on WAF , such as Imperva or Cloudflare , Check Point WAF (formerly CloudGuard WAF) is a lighter version and does not have as well-performed a load balancer or anti-DDoS option.
For how long have I used the solution?
We started using Check Point WAF (formerly CloudGuard WAF) two years ago.
What do I think about the scalability of the solution?
Check Point WAF (formerly CloudGuard WAF) scores eight to nine points on a ten-point scale for scalability. This scalability is one of the top features of Check Point solutions in general and especially for Check Point WAF (formerly CloudGuard WAF). It is a main approach of the Check Point team.
How are customer service and support?
I cannot be objective in this question because we have our own service team with engineers on our staff. We handle most tickets and cases ourselves.
What about the implementation team?
We operate as a partner company in projects and serve as an integrator for different solutions, including security solutions.
What's my experience with pricing, setup cost, and licensing?
Regarding total cost of ownership, I cannot describe this accurately. Concerning the price for Check Point WAF (formerly CloudGuard WAF) and license costs, the pricing is good, and the approach could be better.
Which other solutions did I evaluate?
Regarding competitors, Cloudflare is the most popular and best-selling solution on the Ukrainian market now, and this trend will continue.
What other advice do I have?
Check Point WAF (formerly CloudGuard WAF) and more Check Point solutions are oriented toward cloud infrastructure, cloud, or hybrid infrastructure. I would give Check Point WAF (formerly CloudGuard WAF) an overall rating of nine points.
Mohan Janarthanan
Integrated web protection has reduced breaches and now prevents attacks across critical apps
Reviewed on May 22, 2026
Review from a verified AWS customer
What is our primary use case?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall.
The integration is straightforward because I am hosting in the cloud, so Check Point WAF (formerly CloudGuard WAF) can be hosted in a public location wherever my cloud vendor is located as a service provider, and I can host the application within a change of DNS.
What is most valuable?
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF ) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection.
Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions.
The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently.
False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection.
They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
What needs improvement?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform. This is one function they are lagging in.
The reporting functions need improvement. For example, I want to calculate traffic metrics, but I cannot see them in the current Check Point WAF (formerly CloudGuard WAF). To know the overall traffic for today on the application, I have to check multiple dashboards instead of one single dashboard.
For how long have I used the solution?
I have been using it for six months, and Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
Scalability is very good.
How are customer service and support?
The support team is providing good support.
How was the initial setup?
It is easy to deploy and does not require much effort.
What was our ROI?
Return on Investment is a key factor for me in deciding to buy a solution on a major scale, so it is very important for me to consider it. I would say the ROI is about 15 to 20 percent.
Which other solutions did I evaluate?
I am comparing it to F5.
What other advice do I have?
I would definitely recommend this solution because I do not want to implement one more traffic function. I can eliminate the firewall and use Check Point WAF (formerly CloudGuard WAF) alone, thus eliminating Layer 3 traffic directly connecting to my Web Application Firewall.
I would say the TCO is reduced by 20 to 22 percent. The reduction in false positives will definitely be more than 30 percent.
Breach Reduction reduces the false positive part significantly. For example, I have multiple solutions from multiple vendors, and it definitely reduces my false positive alerts and aids in my Breach Reduction efforts. If a person is having a bot attack or if someone attacks with network anomalies on my application, I can identify that.
I rate Check Point WAF (formerly CloudGuard WAF) overall as an 8 or 8.5 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
HarishJogadiya
Cloud security has improved and delivers live threat visibility and reduced attack surface
Reviewed on May 21, 2026
Review provided by PeerSpot
What is our primary use case?
I have been using Check Point WAF (formerly CloudGuard WAF) on a public cloud.
What is most valuable?
The features of Check Point WAF (formerly CloudGuard WAF) relate to addressing global attacks that we require. The threat map, which displays information on a live basis, helps us understand the types of points logs, and that is the best part.
I utilize Check Point WAF (formerly CloudGuard WAF ) alongside other Check Point products. They integrate with internal systems-level security devices, which we are using to communicate internally. The integration makes the tools work better and is helping us significantly.
Beyond user-level benefits, we are receiving some advantages that are really helping us. Check Point WAF (formerly CloudGuard WAF) did reduce my total cost of ownership for my web application firewall, though not by a substantial amount, but it is acceptable.
What needs improvement?
In my opinion, there is some room for improvement regarding pricing, which we require, and much of it relates to the license base and support.
For how long have I used the solution?
I have been using it for more than two to three years, and I confirm that I am currently running on it.
What do I think about the stability of the solution?
Regarding my experience with the deployment, sometimes we encounter difficulties, but overall it is good, and we achieve our time-based objectives. I would rate the stability as eight to nine.
How are customer service and support?
I rate the technical support from one to ten as eight to nine.
Which solution did I use previously and why did I switch?
I did not work with other WAFs before Check Point WAF (formerly CloudGuard WAF).
How was the initial setup?
The initial setup is simplified, and I confirm that it is good for understanding.
What about the implementation team?
As of now, I have not integrated with third-party solutions because it is not required.
What was our ROI?
The investment regarding return on investment is not yet realized, but we are considering that investment base.
What's my experience with pricing, setup cost, and licensing?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What other advice do I have?
Check Point WAF (formerly CloudGuard WAF) is the best option on the market, and it is good for us. The potential attack surface level involves asking about vulnerabilities across the networks, which is why we confirm that it is really helping us.
I find Check Point WAF (formerly CloudGuard WAF) to be good, though I cannot say it is popular in my region.
I would recommend Check Point WAF (formerly CloudGuard WAF) to others, but it depends on the environment. I think it is currently suitable for any types of companies, specifically in the database, which we require.
I confirm that I do not require additional features for Check Point WAF (formerly CloudGuard WAF), and it is currently adequate. I rate this product nine out of ten overall.