Sold by: Check Point Software TechnologiesÂ
Deployed on AWS
Are you looking for an automated Web Application Firewall (WAF) with precise prevention and no management overheads? CloudGuard WAF delivers AI-enabled Web Application and API protection.
4.4
Overview
With deep application contextual analysis, CloudGuard WAF eliminates the tradeoff between the level of application security and the complexity of managing it. Your applications drive your business. As they evolve, grow, and expose more APIs, your attack surface expands. CloudGuard WAF learns how an application is typically used by profiling the user and the app content. It then scores each request accordingly, eliminating false positives while maintaining the highest security standards. CloudGuard WAF is easy to deploy and requires no ongoing maintenance as it continues to protect your evolving applications and APIs.
Advantages
- 90% of CloudGuard WAF customers run in prevent mode, demonstrating the hands-off nature of the management required
- 100% of CloudGuard WAF customers have less than 10 exception rules!
- CloudGuard WAF goes from deployment to active protection in just days, not weeks.
Click on the "View Usage Instructions" and "Usage Information" below to get next steps for setting up CloudGuard WAF.
This is a BYOL Image. Pricing and entitlements for this product are directly with Check Point. As an AWS partner Check Point enables marketplace transaction on this listing through a private offer provided by Check Point. Please contact your Check Point trusted advisers (link to a list of CP sellers / or directly to check point SDRs). Payment for the underlaying infrastructures are paid directly to AWS and is based on AWS pricing.
Highlights
- Precise Prevention: Contextual app analysis for high fidelity application security to prevent known and unknown cyberattacks.
- Automated by Design: Auto-deploy, hands-off management and AI-powered short learning cycles.
- Flexible deployment: Protect all applications in any cloud environment built on any architecture.
Details
Categories
Delivery method
Delivery option
Auto Scaling Group
Single Gateway into existing VPC
Single Gateway into new VPC
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please see seller website for refund details.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Auto Scaling Group
A number of AppSec instances in an Auto Scaling Group. Load balanced by an ELB.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
Navigate to https://portal.checkpoint.com ; if you do not have an existing account, open a new account. Open the main menu (icon is in the top left corner), choose APPLICATION SECURITY under the CloudGuard column, then select Cloud on the left. The Getting Started page will open. After defining the asset, you will be redirected to the Profile page. Note: Obtain the Token for CloudGuard WAF from the Profile page.
Resources
Vendor resources
Support
Vendor support
To open a support ticket, send an email to infinity-next-support@checkpoint.com CloudGuard WAF
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Check Point CloudGuard WAF-as-a-Service (WAFaaS) is an AI-based WAF and API discovery and security solution, delivering the highest protection against known and zero-day threats using advanced AI & IPS. The CloudGuard WAF-as-a-Service provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection, and comprehensive API discovery and schema validation. CloudGuard WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
Check Point CloudGuard WAF-as-a-Service (WAFaaS) is an AI-based WAF solution delivering the highest protection against known and zero-day threats through advanced AI and IPS signatures. CloudGuard WAFaaS provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection. CloudGuard WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
Check Point CloudGuard WAFaaS is an AI-driven, fully managed web application firewall that provides advanced security for applications and APIs. It delivers real-time protection against zero-day threats, OWASP Top 10 vulnerabilities, DDoS attacks, and more, ensuring high availability, AWS security compliance, and uninterrupted service.
CloudGuard WAFaaS integrates seamlessly with AWS services, including Amazon Route 53, AWS WAF, AWS Shield, AWS API Gateway, Amazon CloudFront, and AWS Lambda, enabling automated threat prevention with minimal operational overhead.
- CloudGuard WAF
- CloudGuard CDR
- CloudGuard Network Security
- CloudGuard CNAPP
- CloudGuard Posture Management
- CloudGuard Code Security
- CloudGuard Workload
- Developer Security
Customer reviews
Evans Vasavan
Cloud security has improved and unified dashboards now provide clear threat visibility
Reviewed on Dec 09, 2025
Review from a verified AWS customer
What is our primary use case?
I use Check Point CloudGuard WAFÂ for security purposes. We have multiple clouds deployed in AWSÂ . I look after and manage the incoming threats, and if there are any possibilities, I check in the XDRÂ , which we also have. It gives a unified solution.
I receive lots of false positive reports that I bifurcate and provide to my manager. I manage any threats that have entered or are coming, and any processes that have been run. I manage these and provide reports to the concerned department to validate them.
The solution for blocking zero-day attacks and detecting hidden anomalies is very good. I can see lots of threats and how they are being blocked. That is the best aspect of Check Point CloudGuard WAFÂ solution.
What is most valuable?
The best feature in Check Point CloudGuard WAFÂ is its user-friendly dashboard. It is very detailed in a bifurcated manner, providing each and every detail about every threat or process that has been run.
The efficiency improvements provided by Check Point CloudGuard WAFÂ compared to traditional WAF products is that traditional products give much more false reports. I previously used Forcepoint WAF, which gave very false reports. Check Point gives a proper report, whereas I can see and validate that particular report. That is very useful in Check Point.
The main benefits that I have seen from using Check Point CloudGuard WAF is that the security posture is very good. It analyzes and delivers the threats, enriches the intelligence, and I get proper clarity in my organization. There are lots of APIs which I get through the security platform. The threat hunting provides details about how the threat has been run and how it is running in the sandbox.
Check Point CloudGuard WAF gives much more clarity in the organization about what traffic has been passed on which systems and switches. It gives complete clarity in a single dashboard. If any random person checks the console, they would understand what threats have been going on and what things have been running in my organization. That is the best part about it.
What needs improvement?
Currently, there is nothing in the areas of Check Point CloudGuard WAF that I would like to see improved or enhanced in the future. If there is anything in the roadmap, I would definitely like to try that particular segment, and I am also willing to add some new features with much more clarity. It depends upon the roadmap.
Features that I would like to see included in the future are pretty much all there, but if there are any other enhanced features that can be implemented, particularly the integration part with other products would be better. Some products do not get integrated, so if those products become compatible with Check Point CloudGuard WAF solution, that would be much better.
For how long have I used the solution?
I have been working with Check Point CloudGuard WAF product for the Web Application Firewall for two years.
What do I think about the stability of the solution?
I have not faced any stability issues with Check Point CloudGuard WAF.
What do I think about the scalability of the solution?
I do find Check Point CloudGuard WAF scalable.
How are customer service and support?
If any crucial updates or malfunction has happened with Check Point, I contact the TAC team. They are well responsive, and I like it very well.
On a scale of one to 10, I would rate the tech support around eight.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In the past, I worked on Forcepoint WAF. Currently, I am working on Check Point CloudGuard WAF.
Before joining this organization, which was two years ago, there was a different solution in place. I got feedback from there that the particular solution was not able to provide detailed reports or detailed clarity that Check Point CloudGuard WAF solution provides. That is how they switched to Check Point CloudGuard WAF. The solution is not only user-friendly but also has lots of technologies and engines running, and depending upon how policies are set, false positive activity got reduced. I can customize the policies depending upon the reports, which helped reduce false positive reports.
Check Point CloudGuard WAF helped me reduce my false positive rate.
How was the initial setup?
The onboarding process and initial setup for me personally was pretty straightforward since it was in the cloud. There were no challenges, and it was perfectly fine.
What about the implementation team?
We did not deploy Check Point CloudGuard WAF ourselves. We involved a partner who deployed it and then handed it over to us.
What was our ROI?
Check Point CloudGuard WAF product does reduce the TCO, Total Cost of Ownership, for my Web Application Firewall.
What's my experience with pricing, setup cost, and licensing?
The setup cost was taken with the head of the department, who handled the pricing and everything.
Which other solutions did I evaluate?
The key differences, both pros and cons of Check Point CloudGuard WAF compared to other WAF technologies that I have worked with are very much in favor of Check Point CloudGuard WAF, because it provides entire cloud security and security postures. I do not think there are any cons currently.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
oscarina s.
Proactive Threat Prevention with Easy Setup
Reviewed on Dec 01, 2025
Review provided by G2
What do you like best about the product?
I appreciate the proactive and AI-driven threat prevention offered by Check Point CloudGuard WAF. It effectively detects and blocks threats like SQL injections, remote code execution, and automated bots without the need for traditional signature updates. This advanced AI-driven security extends protection against a wide range of threats, including zero-day exploits and API attacks, all with minimal effort. I find the product’s capability to ensure comprehensive threat coverage with reduced manual intervention to be highly valuable. Additionally, the initial setup process is very easy, which facilitates a smooth adoption and fast deployment.
What do you dislike about the product?
The steep learning curve is largely due to the sheer number of features and the extensive configuration needed before the system feels truly comfortable to use. With so many profiles, protections, exception paths, and tuning options available, it can be difficult to determine exactly what is necessary from the very beginning.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect web applications by automatically detecting and blocking threats like SQL injections and API attacks, without needing traditional signature updates.
Accounting
Strong Protection, Overwhelming Setup
Reviewed on Nov 30, 2025
Review provided by G2
What do you like best about the product?
I appreciate Check Point CloudGuard WAF's ability to provide a balance between strong protection and low maintenance. The product effectively shields our web applications on AWS by allowing straightforward rule setup for API protection, virtual patching, and blocking common web attacks. One of the standout features for me is the ability to apply virtual patches instantly, which is crucial when developers need more time to address vulnerabilities. I also find the auto-updates to threat signatures invaluable for keeping us protected against the latest threats. The learning mode is another advantage, as it quickly propagates policy changes, allowing our security measures to adapt swiftly. Switching to Check Point CloudGuard WAF from AWS WAF has resulted in stronger, more automated protection with enhanced visibility, which aligns perfectly with the time constraints we face. This product delivers a robust solution while minimizing the hands-on management typically required.
What do you dislike about the product?
I find the initial setup of Check Point CloudGuard WAF overwhelming. Upon logging in, the dashboard presents many menus, which can be quite daunting. Implementing a more intuitive feature such as a 'Connect Cloud Environment' could significantly ease this process.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect web apps with virtual patching, strong API defense, and automatic threat updates, balancing strong protection with low maintenance. It also automates tasks that were too manual with AWS WAF, enhancing efficiency and visibility.
Jean Carlos B.
Quick and Effective Protection, but with Configuration Challenges
Reviewed on Nov 30, 2025
Review provided by G2
What do you like best about the product?
I love that Check Point CloudGuard WAF protects our web applications and cloud APIs against a wide range of threats, which is crucial in today's digital environment. I especially value its ability to prevent bot attacks, ensuring the secure operation of our applications, in addition to effectively protecting us against scammers. I find that the implementation is quick and simplified, which is a great benefit by minimizing the time and effort needed to get the system up and running. I am also impressed with its multi-platform security that provides solid protection, and the high protection rate it offers highlights its effectiveness. Additionally, the initial configuration of Check Point CloudGuard WAF is very simple and suitable for users of different experience levels, which greatly facilitates the integration process.
What do you dislike about the product?
Possible bottleneck in the performance of the computer's processor and poor management of configurations. It overloads the computer's CPU a lot despite the hardware's power.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard WAF to protect web applications and APIs in the cloud from threats, including fraudsters and bots, with quick deployment and multi-platform security.
Aditya K.
Effortless Deployment and Robust Threat Prevention with CloudGuard WAF
Reviewed on Nov 29, 2025
Review provided by G2
What do you like best about the product?
CloudGuard WAF’s biggest strengths are strong automated threat prevention, multi-cloud support, and ease of deployment for modern application environments.
What do you dislike about the product?
Trial periods and evaluation phases might be limited, It may longer trials or better QA/testing support before committing. And the rest parts are good.
What problems is the product solving and how is that benefiting you?
Uploaded files can hide malware or malicious payloads; CloudGuard’s “file security” inspects uploads and blocks dangerous content before it reaches your application. And traditional WAFs often require manual tuning of rules and signatures a tedious, error-prone task. CloudGuard’s AI-driven contextual detection and automated policy/rule management reduce manual maintenance and cut down false positives.