Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Check Point Security Gateway for AWS - R77.10

Check Point Software Technologies, Inc. | R77.10 (take-047.02)

Linux/Unix, Other R77.10 - 64-bit Amazon Machine Image (AMI)

Reviews from AWS Marketplace

2 AWS reviews

    Rene Morel

Get a cloud firewall in a matter of seconds

  • March 25, 2014
  • Review verified by AWS Marketplace

Very impressed with how easy this was to install and get operational. If you are looking to deploy a next gen firewall into the cloud look no further.

    Martin Apesteguia

A fear solution with limitations

  • March 12, 2014
  • Review verified by AWS Marketplace

I've been testing this firewall for more than 2 months already. The good things are that it's really easy to test starting an instance (it comes with a 15 days trial license) and it's an enterprise class FW where you can use almost all the features checkpoint has available for its appliances (FW, IPS, Antivirus, Web filtering, etc.).

We have encountered some issues during installation/configuration that forced us to redo the instance several times until we got it right:

In general, documentation is very poor and there are no other secondary sources (blogs, FAQs, etc.) that you can find due it's a brand new product.

Key learnings are:

1- Create the FW manager in a different instance than the FW gateway.

2- Set every network interface not to check source/destination due the FW will be your gateway to internet for those instances behind the FW.

3-Create an special security group with all connections allowed and use it for the FW as well as every new Network Interface you assign to the FW. Let the FW manage the security creating the appropriate rules.

4- Adding a FW will add a single point of failure because all the request will be going thru it, so plan to install more than one (and expend some serious money on licenses).

5- If you have a server farm, let say more than one web server serving the same application, you'll need the FW to act as Load Balancer too. You cannot have the FW sending traffic to an internal AWS ELB. This FW has not good capabilities for load balancing (no health checking path configuration, no monitoring, no alerts, no SSL resolution by the load balancer, etc.) but works and it's the only one you can do, unless you use DNS balancing on the front or a software load balancer behind the FW.

This is not the ideal solution but works. You may achieve a similar level of security (and certainly cheaper) by using AWS security groups/network ACLs plus other products combined in a more reliable way.

This is the only doc that explains some detail about how to configure VPC and the FW.

https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/23994/FILE/CP_R75.40_SecurityGateway_AmazonVPC_GettingStartedGuide.pdf

showing 1 - 2