Sold by: Check Point Software TechnologiesÂ
Deployed on AWS
Free Trial
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
Overview
Video
Video 1
Video
Product video
CloudGuard Network Security for AWS delivers advanced, multi-layered network security for the AWS cloud environment and protects cloud assets. Security features include Firewall, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot.
CloudGuard Network Security enables secure VPN connectivity between AWS and enterprise networks, data centers and secure clients with simplified setup, deployment and management. CloudGuard Network Security includes SSL/TLS traffic inspection with traffic forwarding and SNI support for advanced threat prevention inside secure SSL traffic.
The Check Point CloudGuard for AWS Security Blueprint provides best practices for designing a secure cloud-based deployment allowing agility, scalability and efficiency. The blueprint promotes automation of processes using APIs and supports Infrastructure As Code practices.
This CloudGuard Network Security gateway will be deployed as a single gateway, as a high availability cluster, or as an Auto Scaling group via Check Point CloudFormation templates (sk111013) or via automation tools such as Ansible, Terraform, etc.
This PAYG distributed security gateway is managed from a central Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass.
The Security Management Server is not included in this offering. To manage CloudGuard Network Security Gateway it is recommended using Check Point Smart-1 Cloud (https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/Â ).
Highlights
- Fully integrated and industry-leading advanced threat prevention security features include: Firewall, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot. Depending on your existing license, SandBlast adds Threat Extraction (removes exploitable content & promptly delivers sanitized content to users) and Threat Emulation (prevents infections from new malware & targeted attacks using threat sandboxing with the best possible catch rate, and is virtually immune to evasion techniques).
- Provides advanced threat prevention to inspect traffic entering and leaving private subnets in the VPC ("North-South") as well as between VPCs ("East-West"). Designed for the dynamic security requirements of cloud deployments, CloudGuard Network Security is cloud-native: it seamlessly integrates with native AWS controls to enable rapid deployment, while supporting network segmentation, AWS Transit Gateway, auto-scaling and high availability across multiple Availability Zones.
- Check Point is an APN Advanced Technology Partner with Networking and Security Competencies. CloudGuard Network Security is integrated with a broad range of AWS services, including AWS GWLB, AWS Cloud WAN, AWS Outposts, Amazon GuardDuty, Amazon CloudWatch, AWS Security Hub, AWS Transit Gateway, AWS CloudTrail and VPC Flow Logs. CloudGuard Network Security also provides a library of CloudGuard CloudFormation templates (CFTs) to simplify deployment.
Details
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c6in.xlarge Recommended | $0.89 |
r5a.large | $0.44 |
r5a.8xlarge | $7.94 |
c5n.9xlarge | $8.34 |
r5.2xlarge | $1.78 |
r7a.large | $0.44 |
c5n.large | $0.44 |
r7a.8xlarge | $7.94 |
m5.xlarge | $0.89 |
m6i.4xlarge | $3.56 |
Vendor refund policy
Terminate the instance at any given time to stop incurring charges.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Once the instance is running, connect to it using SSH, set an admin password using: 'set user admin password' followed by 'save config'. Then connect to https://[instance] using Internet Explorer (IE) to finalize the configuration. Notes:
- SSH password authentication is disabled in /etc/ssh/sshd_config
- For information regarding Firefox and Chrome refer to sk121373.
Resources
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at https://www.checkpoint.com/support-services/contact-support/Â
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Check Point Software Technologies
By Palo Alto Networks
Top
10
In Log Analysis
Top
10
In Network Infrastructure
Top
10
In Network Infrastructure, Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Network Traffic Inspection
Advanced multi-layered security inspection for traffic entering and leaving private subnets and between VPCs
Threat Prevention Mechanisms
Includes Firewall, IPS, Application Control, Antivirus, Anti-Bot, Threat Extraction, and Threat Emulation capabilities
Cloud Integration
Native integration with AWS services including GWLB, Cloud WAN, Outposts, GuardDuty, CloudWatch, Security Hub, Transit Gateway, CloudTrail, and VPC Flow Logs
VPN Connectivity
Secure SSL/TLS traffic inspection with IPsec VPN connectivity between AWS and enterprise networks, supporting traffic forwarding and SNI
Deployment Flexibility
Supports single gateway, high availability cluster, and auto-scaling group deployments using CloudFormation templates and automation tools
Network Traffic Protection
Advanced cloud-native firewall service powered by FortiOS and FortiGuard Labs threat intelligence for securing cloud network traffic
Threat Intelligence
AI-powered intrusion prevention (IPS), data leak prevention (DLP), and advanced filtering capabilities to block malicious traffic and potential security breaches
Dynamic Policy Management
Security policies that dynamically use cloud metadata tags to follow cloud workloads without requiring static IP updates
Geo-Specific Security Control
Enforcement of compliance policies through geo-IP blocking and traffic restrictions to/from specified countries
Multi-Account Security Aggregation
Capability to consolidate security across multiple VPCs and accounts within an AWS region using a single firewall instance
Threat Prevention
Advanced machine learning-powered inspection engine that detects known and zero-day threats including exploits, malware, spyware, and command and control attacks
Web Security
Inline machine learning-based web security engine for real-time detection of phishing, ransomware, and evasive web-based attacks
File Analysis
Proprietary cloud-based hypervisor for static and dynamic file-based threat detection using advanced sandbox analysis techniques
Protocol Layer Security
Comprehensive security coverage across network layers including DNS-layer attack prevention and network data exfiltration detection
Traffic Visibility
Complete application layer-7 traffic inspection and control with dynamic policy management based on AWS tags, application IDs, and user contexts
Standard contract
No
No
No
Customer reviews
4.3
21 ratings
21 AWS reviews
|
199 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
reviewer2753559
Improved security posture and streamlined compliance while user interface could be more intuitive
Reviewed on Aug 29, 2025
Review from a verified AWS customer
">
What is our primary use case?
The main use case for Check Point CloudGuard Network Security is for perimeter security and analyzing traffic in the network environment.
Check Point CloudGuard Network Security offers deep visibility into traffic, detailed logs, and real-time monitoring to see what applications, users, and devices are communicating on the network. Apart from that, it prevents lateral movement, stops phishing attacks, and mitigates DDoS. The main use case is to provide protection for a hybrid environment such as on-prem and multi-cloud by having consistent security. It enforces zero trust access to critical applications.
What is most valuable?
The best features that Check Point CloudGuard Network Security offers include deep visibility into traffic, detailed logs, and real-time monitoring to see what applications, users, and devices are communicating on the network. Apart from that, it prevents lateral movement, stops phishing attacks, and mitigates DDoS. The solution provides protection for hybrid environments such as on-prem and multi-cloud by having consistent security and enforces zero trust access to critical applications.
The best feature is unified threat prevention, including IPS, antivirus, anti-bot, URL filtering, and Sandboxing in one platform. It provides seamless integration with AWS , Azure , and GCP. Furthermore, it offers centralized management from which we can manage security policies across cloud and on-prem solutions in a single console, known as Smart Console. From this, we can implement automation and DevOps support, as well as infrastructure as code security templates for faster deployment.
Cloud-native integration automatically adapts to changes in our AWS , Azure , or GCP environments; for instance, if a new workload is spun up, policies are applied instantly. Centralized management offers one console for both on-prem and multi-cloud environments. Additionally, automation and DevOps support allow security policies to be deployed as code and integrated into CI/CD pipelines.
Check Point CloudGuard Network Security has positively impacted our organization by improving our security posture. We have seen a sharp reduction in successful intrusion attacks because of its unified threat prevention, along with greater visibility and control. CloudGuard gave us full visibility into east-west traffic inside our local or cloud environment. Previously, we monitored north-south traffic, which helped detect unauthorized lateral movement early. It has enabled faster incident response and stronger compliance with standards such as PCI DSS, HIPAA, and GDPR, which made audits smoother and helped us maintain continuous compliance in the cloud.
What needs improvement?
Areas for improvement for Check Point CloudGuard Network Security include user interface and usability, pricing and licensing, integration with third-party tools, reporting and analytics, depth of automation, and support.
In terms of user interface and usability, the Smart Console UI is feature-rich; however, for new admins, navigation is not always intuitive, and log search feels clunky compared to SIM tools. Policy editing could be faster with bulk or drag-and-drop options, and dashboards need more customization. Streamlining these would make day-to-day use much better.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for the past one year.
What do I think about the stability of the solution?
Check Point CloudGuard Network Security is stable.
How are customer service and support?
Customer support for Check Point CloudGuard Network Security is average. I would rate the customer support as six on a scale of 1 to 10.
How would you rate customer service and support?
Neutral
What was our ROI?
I have seen a return on investment from using Check Point CloudGuard Network Security in both money and time saved.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing for Check Point CloudGuard Network Security is that it was good.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Insurance
Comprehensive CloudGuard Security for Dynamic Environments
Reviewed on Aug 22, 2025
Review provided by G2
What do you like best about the product?
What I like most about Check Point CloudGuard Network Security is its ability to deliver consistent and powerful attack protection across many cloud platforms, including AWS, Azure, and GCP. The extensive integration with native cloud services allows for flexible deployment while maintaining high levels of security. Advanced threat intelligence, unified security management, and automatic posture correction provide robust protection for dynamic cloud workloads. Scalability and visibility across hybrid and multi-cloud setups are also significant benefits, making compliance simpler to manage and operational risk lower.
What do you dislike about the product?
What I detest about Check Point CloudGuard Network Security is how hard the initial setup and configuration can be, particularly in multi-cloud situations where rules must be fine-tuned for each platform. The user interface, although powerful, might be less intuitive than comparable cloud-native systems, resulting in a lengthier learning curve for novice admins. Licensing and cost control may also be difficult for firms that are fast expanding, since they need careful planning to minimize unforeseen charges. Furthermore, interaction with third-party monitoring and automation systems might be improved to streamline operations.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard Network Security is assisting us with the difficulty of safeguarding workloads and applications in hybrid and multi-cloud settings. It offers consistent visibility, enhanced threat protection, and unified security policies, reducing complexity while ensuring regulatory compliance. Data breaches are considerably reduced by defending against zero-day attacks, misconfigurations, and unauthorized access. The ability to incorporate security into cloud-native operations boosts agility, enabling teams to innovate without sacrificing security. Finally, it has helped us improve our overall security posture by simplifying cloud operations and lowering human overhead.
Computer & Network Security
Great NGFW for the cloud
Reviewed on Aug 20, 2025
Review provided by G2
What do you like best about the product?
Our overall experience with Check Point CloudGuard Network Security has been very positive, as the solution was easy to implement and integrates seamlessly with our cloud environment while maintaining the same reliability we are used to from on-prem clusters.
What do you dislike about the product?
I dislike that the upgrade process is not as streamlined as it could be, since it requires changes on both the firewalls and the cloud load balancers, which adds extra steps compared to on-prem upgrades.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard Network Security is solving the challenge of extending the same level of protection we have on-prem into our cloud environments. It was easy to implement, and the clusters work just like the on-prem appliances we’re already familiar with, which makes operations smooth for the team. The solution gives us superb logging to the SMS, so we have great visibility into traffic, and it integrates well with our existing workflows. The main benefit is that we can run our cloud workloads with the same level of security and confidence as on-prem, without adding unnecessary complexity.
Stephano M.
Seamless Cloud Integration Balances Reliability with High Deployment Complexity and Cost
Reviewed on Aug 20, 2025
Review provided by G2
What do you like best about the product?
Seamless integration with AWS and Azure, from GWLB to Autoscaling, it works perfectly.
What do you dislike about the product?
Architecture is complex to setup and to manage. High-skilled team required to manage the infrastructure.
What problems is the product solving and how is that benefiting you?
It centralizes east-west and north-south access control. It inspects traffic, is able to host VPN's, NATs the traffic (possibility of centralized ingress), IPS, Anti-bot and Anti-virus blades.
Computer & Network Security
Robust Cloud Security with Excellent Unified Management
Reviewed on Jul 23, 2025
Review provided by G2
What do you like best about the product?
The advanced threat prevention is truly best-in-class. We have deep visibility into our cloud traffic, and the ability to apply consistent, granular security policies across our hybrid and multi-cloud environments from a single console (Smart-1 Cloud) is a massive operational advantage.
What do you dislike about the product?
The initial learning curve can be steep for engineers not already familiar with the Check Point autoscaling ecosystem. Furthermore, the pricing structure can be complex to navigate, requiring careful planning to ensure cost-effectiveness, especially with dynamic workloads.
What problems is the product solving and how is that benefiting you?
CloudGuard solves our main security challenges by providing a single, unified management platform for our on-prem and multi-cloud (AWS, Azure) environments. This creates a consistent security posture, which reduces management overhead and simplifies compliance audits. Its advanced threat prevention, including IPS and sandboxing, protects our critical workloads from threats that native cloud tools cannot block. Finally, it gives us deep, granular visibility into all traffic flows, which is crucial for faster incident response and effective reporting.