Sold by: Check Point Software Technologies
Deployed on AWS
Free Trial
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
4.4
Overview
Video
Video 1
Video
Product video
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers industry-leading threat prevention and multi-layered network security for workloads migrated to or deployed in AWS environments.
Comprehensive Cloud Network Security: Check Point Cloud Firewall for AWS protects cloud assets with a full suite of advanced security capabilities, including: firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, anti-bot, threat extraction, and threat emulations. These features enable proactive defense against known and unknown threats, ensuring robust protection for cloud workloads.
Industry-Leading Threat Prevention: Check Point Cloud Firewall for AWS provides advanced threat prevention to secure AWS environments from sophisticated threats, unapproved access, and application-layer Denial of Service (DoS) attacks with industry-leading catch rates (Miercom 2025 and Cyberratings 2025).
Full Control of Network Traffic: Check Point Cloud Firewall for AWS ensures secure, encrypted data flows between your on-premises network and your AWS VPCs. It inspects traffic entering and exiting private subnets in the VPC ("North-South") as well as between VPCs ("East-West").
Unified Security Management: Extend on-premises security policies into the AWS cloud with unified, centralized management via Check Point Security Management Server. Manage policies, logs, and reports consistently across AWS, hybrid, and on-premises environments from a single pane of glass. This listing includes the gateway only. For management, use Check Point Smart-1 Cloud: https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/
Automated, Scalable Cloud Security: Integrates with infrastructure-as-code tools like Terraform and Ansible for policy automation and cloud-native scaling. CloudGuard dynamically adapts security policies based on real-time cloud metadata and changes. Supports AWS Transit Gateway, auto-scaling, high availability, and multi-AZ redundancy.
Seamless AWS Integration: Check Point Cloud Firewall integrates with a broad range of AWS services, including Gateway Load Balancer, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Transit Gateway, AWS Outposts, and Amazon Macie.
This Check Point Cloud Firewall gateway will be deployed as a single gateway, as a high availability cluster, or as an Auto Scaling group via Check Point CloudFormation templates (sk111013) or via automation tools such as Ansible, Terraform, etc. This PAYG-distributed security gateway is managed from a central Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass. The Security Management Server is not included in this offering. To manage Check Point Cloud Firewall Gateway, it is recommended using Check Point Smart-1 Cloud (https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/ ).
Highlights
- Advanced Protection with Security Features: firewall, DLP, IPS, applicationcControl, IPsec VPN, URL Filtering, antivirus, anti-bot, threat extraction, and threat emulation. Includes Security Management Server.
- Industry-Leading Threat Prevention: Cutting-edge threat prevention with industry-leading catch rate of malware, ransomware and other types of attacks (per Miercom and Cyberratings, 2025).
- Unified Security Management: Provides consistent visibility, policy management, logging, reporting and control across hybrid-clouds and on-premises from a single pane of glass.
Details
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c6in.xlarge Recommended | $1.33 |
c7i-flex.12xlarge | $11.43 |
m6a.4xlarge | $3.73 |
c6in.4xlarge | $3.73 |
c5d.24xlarge | $20.93 |
c7i.16xlarge | $14.94 |
c5.24xlarge | $20.93 |
c4.xlarge | $1.33 |
c7i-flex.xlarge | $1.33 |
c5d.12xlarge | $11.43 |
Vendor refund policy
Terminate the instance at any given time to stop incurring charges.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Once the instance is running, connect to it using SSH, set an admin password using: 'set user admin password' followed by 'save config'. Then connect to https://[instance] using Internet Explorer (IE) to finalize the configuration. Notes:
- SSH password authentication is disabled in /etc/ssh/sshd_config
- For information regarding Firefox and Chrome refer to sk121373.
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at https://www.checkpoint.com/support-services/contact-support/
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Check Point Software Technologies
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Multi-Layered Threat Prevention
Includes firewall, Data Loss Prevention (DLP), Intrusion Prevention System (IPS), application control, IPsec VPN, URL filtering, antivirus, anti-bot, threat extraction, and threat emulation capabilities
Advanced Threat Detection and Analysis
Incorporates Threat Extraction and Threat Emulation technologies for proactive defense against known and unknown threats with industry-leading catch rates
Traffic Inspection and Control
Inspects and controls encrypted data flows between on-premises networks and AWS VPCs, supporting both North-South (VPC ingress/egress) and East-West (inter-VPC) traffic inspection
Cloud Infrastructure Integration
Integrates with AWS Gateway Load Balancer, AWS Transit Gateway, AWS Security Hub, VPC Ingress Routing, AWS Traffic Mirroring, AWS Outposts, and Amazon Macie; supports deployment via CloudFormation templates, Terraform, and Ansible
Centralized Security Policy Management
Provides unified, centralized management of security policies, logs, and reports across AWS, hybrid, and on-premises environments through Check Point Security Management Server
Advanced Threat Prevention
Safeguards network from known and zero-day threats including exploits, malware, spyware, and command and control attacks using researcher-grade signatures and machine learning inspection engine.
Advanced URL Filtering
Defends against phishing, ransomware, and web-based attacks using inline machine learning-based web security engine with real-time detection of previously unseen threats and dynamic policy controls.
File-Based Threat Detection
Identifies file-based threats through inline static and dynamic analysis in the cloud with proprietary hypervisor technology for detection of sandbox-resistant malware.
DNS Security
Detects and prevents sophisticated DNS-layer network attacks and data exfiltration attempts.
Dynamic Policy Management
Applies policy definitions to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones with automatic adaptation to infrastructure changes without manual intervention.
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Standard contract
No
No
No
Customer reviews
Viral Shaa
Cloud security has unified hybrid policies and now protects critical energy workloads continuously
Reviewed on Apr 30, 2026
Review from a verified AWS customer
What is our primary use case?
My usual use cases for Check Point Cloud Firewall (formerly CloudGuard Network Security) involve onboarding as an energy company, where it acts as the cloud-native security platform that extends the traditional firewall and threat prevention capabilities into public cloud environments like AWS , Azure , or GCP . We set up a virtual security gateway inside our cloud network to provide unified policy management, advanced threat prevention, segmentation for the network, and visibility across the cloud and system. From an administrator standpoint, it protects the workload, inspects traffic, and enforces the necessary rules. Day-to-day, my responsibilities include logging, monitoring, and policy control for Check Point Cloud Firewall (formerly CloudGuard Network Security) , making it a strong fit for our organization, especially in the energy sector where we need critical systems to stay up to date throughout twenty-four seven.
For secure cloud migration, Check Point Cloud Firewall (formerly CloudGuard Network Security) integrates seamlessly across AWS , Azure , and GCP , supporting auto-scaling, native logging, and automation, making it a strong fit for our organization while modernizing our infrastructure and maintaining strict compliance requirements. Using this tool helps us avoid complications like needing to prove compliance for SOC 1 or SOC 2, as these platforms are already compliant.
What is most valuable?
I would say Check Point Cloud Firewall (formerly CloudGuard Network Security) is valuable due to its hybrid cloud security features. It offers granular policy management across the on-premises and cloud environments, giving administrators consistent control for configuration drift. We need to change the policy and the inbound and outbound traffic settings, indicating what traffic must be blocked or allowed, and this capability with Check Point provides significant input into our security strategy.
Check Point Cloud Firewall (formerly CloudGuard Network Security) provides unified security management across both hybrid clouds and on-premises environments. Unified security management affects my security operations positively, as we maintain critical systems on the cloud that require strong security and air gap networks. This cloud-native routing and policy installation helps close gaps in protecting critical applications and environments from exposure to the public cloud.
From an administrator's perspective, Check Point Cloud Firewall (formerly CloudGuard Network Security) enhances our organization with clearer and more intuitive logging, making decisions easier to understand without deep investigation. In the CloudGuard UI, I can see which threats have triggered alerts, and this information is available on the unified dashboard that provides details of the threat analysis upon alert. As a small team, we log into the console to check specific alerts for high or low network usage or machine shutdowns. If needed, I tune the configuration policy, and the visualizing tools with reporting functionality simplify tracking changes made on the firewall, including the relevant source IP or device names. We ingest logs into our SIEM for detailed oversight, which allows us to monitor any administrative changes.
Check Point Cloud Firewall (formerly CloudGuard Network Security) has significantly reduced our organizational risk. We clearly understand our threat landscape and the associated risks. Onboarding the CloudGuard solution directly into our cloud environment has significantly lowered the risks throughout the network and it is easy to launch. When we assess our security posture with third-party assessments, we gain granular visibility into our network pre- and post-CloudGuard installation, showing how we have addressed significant risks and secured vulnerabilities.
What needs improvement?
I find troubleshooting a bit challenging with Check Point Cloud Firewall (formerly CloudGuard Network Security); one area needing improvement is log clarity, as sometimes policy installation takes longer than expected, and resolving cloud-native routing conflicts requires advanced knowledge due to the differences in how AWS and GCP operate.
The UI is significantly good and user-friendly, but adding more advanced features to the reporting perspective, especially concerning administrative changes, would be beneficial. However, these points are not deal-breaking feedback; they would just be beneficial for future releases.
For how long have I used the solution?
I have been experienced with Check Point Cloud Firewall (formerly CloudGuard Network Security) for five to seven years throughout my career because I need to check the logs for what is coming in, setting up the policy, and I have been experienced with the firewall on my current job as well. Any traffic that needs to be allowed or any application that needs to be allowed is configured through the firewall. The inbound and outbound traffic to the network is configured through the firewall.
Specifically, I have been working with Check Point Cloud Firewall (formerly CloudGuard Network Security) for four to five years.
What do I think about the stability of the solution?
For reliability, I note that Check Point Cloud Firewall (formerly CloudGuard Network Security) maintains ninety-nine point nine percent uptime and availability, providing us nearly a hundred percent uptime with constant traffic monitoring. Although it may occasionally experience downtime, it remains strong in both reliability and scalability.
Regarding improvements in reliability and stability, I do not see any need as everything performs well. No improvements are necessary in the areas of reliability and stability; they have been consistently good.
What do I think about the scalability of the solution?
Regarding scalability, Check Point Cloud Firewall (formerly CloudGuard Network Security) proves efficient; I find no issues scaling up as our growing company sees increased traffic. It is capable of managing the increased load and performs well as our needs expand.
How are customer service and support?
I have opened a troubleshooting ticket for Check Point Cloud Firewall (formerly CloudGuard Network Security), and so far, I have had a positive experience; the support team usually responds within twenty-four hours, and they escalate cases, providing instant feedback for priority issues. In urgent situations, I can call and receive support promptly, receiving recommendations or guidance for the issues we encounter.
I would rate the technical support of Check Point Cloud Firewall (formerly CloudGuard Network Security) as eight out of ten.
Which solution did I use previously and why did I switch?
On the POC, I looked at SonicWall and Palo Alto firewalls as competitors. We found Check Point Cloud Firewall (formerly CloudGuard Network Security) to be better because it has a robust threat prevention system, and onboarding is straightforward compared to SonicWall. We are a small security team, and we prefer not to rely on a security operation center that would help narrow down issues. It takes just a few clicks to bring the firewall up and running, allowing us to set up policies without requiring complicated knowledge or extensive training. In contrast, using Palo Alto and SonicWall requires specific training for policy creation.
I have worked with Palo Alto and SonicWall firewalls but we found that Check Point Cloud Firewall (formerly CloudGuard Network Security) offers a better pricing standpoint and security solution overall.
How was the initial setup?
I participated in the initial setup of Check Point Cloud Firewall (formerly CloudGuard Network Security). The initial setup of Check Point Cloud Firewall (formerly CloudGuard Network Security), from an integration standpoint, is straightforward. We began with vendor searches, narrowing down to three candidates, including SonicWall and Check Point.
After moving forward with Check Point Cloud Firewall (formerly CloudGuard Network Security), we contacted them to set up a cloud VM installation, which is quite straightforward. Coordination with their representative involves scheduling calls for setting up policies and traffic management, and we test it in the QA environment before moving to production with all necessary policy modifications.
What about the implementation team?
I continue to collaborate with the Check Point Cloud Firewall (formerly CloudGuard Network Security) team to ensure everything runs smoothly, and there is always room for improvement, especially as we reach out to them for support or new features.
What's my experience with pricing, setup cost, and licensing?
We have encountered a few subscription-based licensing models for the virtual gateway and security enablement. We have opted for a three-year contract with fixed pricing for the CloudGuard cost structure, which has enterprise-grade capabilities. Although the pricing is slightly high for smaller organizations, it offers enterprise-level security, indicating a need for improvement in the pricing model.
Which other solutions did I evaluate?
In making the choice between the three products, we prioritize managing risk and the threat landscape, along with compliance and reporting capabilities. Pricing is the first consideration, followed by how well each solution meets our compliance needs, and finally , the reporting capabilities to match enterprise-level requirements.
What other advice do I have?
I have given Check Point Cloud Firewall (formerly CloudGuard Network Security) an overall review rating of ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
vinit s.
Unified Management and Strong Threat Protection in a User-Friendly Experience
Reviewed on Apr 26, 2026
Review provided by G2
What do you like best about the product?
Enhanced unified management, strong security, and high-level threat protection help administrators manage the entire network more effectively. Overall, it feels more user-friendly.
What do you dislike about the product?
As a first-time user, I’ve found Checkpoint Security Guard can be difficult to manage at times. The console feels complex, mainly because there are so many features available within the management console.
What problems is the product solving and how is that benefiting you?
Check Point network security feels like a strong safeguard against fragmentation because it offers a unified security management console. It has also helped me mitigate zero-day vulnerabilities, which makes day-to-day security management feel more consistent and controlled.
Vishnukumar M.
Well-Designed Posture Management and Upgraded IAM in Check Point Next Guard
Reviewed on Apr 26, 2026
Review provided by G2
What do you like best about the product?
Check Point Next Guard’s posture management settings are well designed and useful for effective administration. The identity and access management features have also been upgraded in the required way.
What do you dislike about the product?
Checkpoint Security Guard can be difficult to manage at times for a first-time user, since the console feels more complex due to the many features available in the management console.
What problems is the product solving and how is that benefiting you?
Checkpoint network security feels more like a guard against fragmentation because it provides a unified security management console. It has also helped mitigate zero-day vulnerabilities.
GeraldChege
Cloud security has protected our emails and backups and now simplifies hybrid protection
Reviewed on Apr 24, 2026
Review from a verified AWS customer
What is our primary use case?
We use Check Point Cloud Firewall (formerly CloudGuard Network Security) for most of the things in the cloud. We protect our things, especially Microsoft emails. We also have things that are actually put in the clouds like our institution's backups which are in the cloud.
How has it helped my organization?
We integrated Check Point Cloud Firewall (formerly CloudGuard Network Security) with the on-premises solutions, the normal ones, the URL filtering, such products, and the normal Check Point to other Check Point blades.
Check Point Cloud Firewall (formerly CloudGuard Network Security) streamlines our security.
Some of the risks that we used to worry about are now taken care of, and we no longer have to worry about those risks.
In the process of migrating from cloud to on-premises and from on-premises to cloud, there are threats because we are still online and there are so many threats. With Check Point Cloud Firewall (formerly CloudGuard Network Security), we are guaranteed protection from end to end, from user to cloud and cloud to user.
What is most valuable?
First and foremost, I like the security of Check Point Cloud Firewall (formerly CloudGuard Network Security). The security is good, and the cloud security is very good, especially when nowadays you don't know what's happening in the cloud. The cloud has become a bit complex, and there are so many people offering cloud services.
When you use Check Point Cloud Firewall (formerly CloudGuard Network Security), they guarantee you protection. That's why now you don't need to lose your sleep because your data is in somebody's cloud solution.
Check Point Cloud Firewall (formerly CloudGuard Network Security) is very useful.
What needs improvement?
The pricing is a bit very high.
Especially when it comes to pricing, Palo Alto is cheaper. We have to compare pricing between the two solutions.
For how long have I used the solution?
When they started with the cloud firewall, it has been about two to three years.
What do I think about the scalability of the solution?
The ability to expand showed good progress. I can give it a 10.
How are customer service and support?
The technical support is wonderful and perfect.
How was the initial setup?
The setup is not very complex. It is a bit moderate.
What about the implementation team?
We did the implementation in conjunction with Check Point technicians.
What's my experience with pricing, setup cost, and licensing?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is a good product. The only issue is that the costing is too high.
Which other solutions did I evaluate?
We are in the process of doing a proof of concept of Palo Alto.
What other advice do I have?
I have worked with Check Point as a product for the last 15 to 16 years, not on cloud.
We buy through partners.
We are the end-user and not a partner.
I would rate this review an 8 overall.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Oil & Energy
Check Point CloudGuard provides resilient cloud security with easy administration
Reviewed on Apr 21, 2026
Review provided by G2
What do you like best about the product?
Cloud environments require even more resilient network security protection than on-prem datacenters. Check Point CloudGuard offers prevention from advanced threats and easiness in administration
What do you dislike about the product?
Additional cost is incurred when running third party firewall in the cloud, but Check Point CloudGuard offers reliable protection from the Internet based threats
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard adds additional layer of protection to existing cloud security features, provides constant updates and wonderful single pane administrative interface