We are using Check Point CloudGuard as a firewall. Along with the firewall, we have incorporated multiple blades. Initially, the firewall used to be a single security device, and along with that, we required antibot, antivirus, IPS, and IDS devices. Check Point CloudGuard is a combination of all the devices and functionalities in a single device. It is a next-generation firewall. The main use case of this firewall is to protect our entire cloud and provide perimeter cloud security at L3 and L4 levels.

It is a next-generation firewall. Threat prevention and threat detection blades are available with the firewall. As soon as you enable the blades and you have the license for it, you are good in terms of threat prevention. You do not need to do any specific settings. You just need to enable the blade, and the firewall will take care of the rest of the things. That is how it works.

We are using the Check Point CloudGuard firewall with autoscaling in the AWS and Azure cloud. We have a minimum capacity of two firewalls and a maximum capacity of ten firewalls. If the CPU utilization increases or the memory utilization increases, the capacity will be increased to three from two. Till the service comes down to the threshold level, it will keep on adding more firewalls, so we have ease of operations. We do need not to worry about what we will do if a firewall fails.

When I joined my organization, we were using this CloudGuard firewall in the active/standby firewall cluster. In such a setup, the firewall that is active processes your traffic. The other firewall is in the standby mode. It is not processing the traffic, but it is still costing you. Even though it is not being used, it is still cost-consuming at the cloud level. We changed the setting to autoscaling. After adopting the autoscaling mode for this firewall, we need a lower number of CPU and memory. All the firewalls are active, so we need not worry about the standby firewalls and all those things. So, we have transitioned from these conventional active/standby firewalls to autoscaling firewalls. With this, we are able to save costs and improve performance. All the firewalls are active/active but with fewer CPU cores. When we have fewer CPU cores, we need less number of licenses, so we were able to save the cost. The performance has also been great.

The most important feature is that we are able to use Check Point CloudGuard Firewall for our cloud security. We can make the deployment automated. We do not require manual intervention. With the help of automation, we are able to deploy it within minutes, and we are able to discard it within minutes. We can do hardening and create policies. All those things are very advanced.

Secondly, Check Point is one of the big OEMs available in the world from the firewall perspective. It is better than Palo Alto and Juniper firewalls. It is one of the best firewalls available in the industry.

We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features. We are moving to infra as a code, so we are expecting more advancements in this product. Just installing the patches is not going to help us. They need to focus on this area.

I expect Check Point CloudGuard to come up with some AI/ML integration. A firewall is the first L3 security device available to you. It is the single point that manages or processes the traffic for an organization. There is a possibility that the device goes down or gets rebooted for any reason. The integration of artificial intelligence with the devices can help us to know in advance that there might be a surge in traffic. There might be a spike in the traffic, so we can have some additional firewalls integrated. This predictive analysis has to be there. This way, if required, a second, third, or fourth firewall can come into the picture. All the firewalls will process the traffic simultaneously. I am expecting such capability. This sort of feature is available with AWS. We are deploying all the firewalls on AWS, but it would be easy if, in the future, such a feature is available from the OEM or Check Point itself. It will be very helpful for the organization.

We have had a couple of outages because of some misconfiguration. They were human errors but there were no prior indications that if we were making these sorts of changes, this would happen. People making the changes on the firewall were not aware of this, and that is the reason why the outage happened. In a financial organization, an outage of even five minutes can cost a lot.

In our organization, we have been using it for more than four or five years, but I have hands-on experience with it for the last three years. 

I would rate it an eight out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a five out of ten because I never got good support. Whenever I have raised a TAC case, their support has not been great. It is not as good as others.

They need to improve from a knowledge perspective. I had a couple of issues, and they could not understand those issues easily. They should not just take the logs and analyze the logs. They should be providing a solution. Being a financial organization, we cannot afford a long downtime. We expect a faster resolution. If a support engineer is not capable of handling a case, he or she should escalate it to a higher level, but they are not doing that on a regular basis. They make you lose days by dragging the case.

Neutral

In my organization, we have two different Infra teams. We have the Network Security Infrastructure team that manages the on-premises setup, and then we have the Cloud Network Security team that manages the cloud. I am a part of the Cloud Network Security team, and we are using the Check Point firewall. The on-premises team was using Juniper and Palo Alto firewalls, and they are now using the Check Point firewall. It is one of the most effective products we have ever used, and that is the reason why that team has moved from other OEMs to Check Point CloudGuard.

We have deployed it on the cloud. We have AWS, Azure, and GCP clouds.

The deployment was done with the help of AWS CloudFormation templates which are very generalized. I just downloaded the templates and customized them as per our requirements. I faced a few challenges because I was not completely knowledgeable about CloudFormation, etc. It was not very challenging from the Check Point side. It was an easy deployment.

I faced a couple of challenges while integrating it with our existing ecosystem. Even though Check Point is the OEM, we have third-party vendor support here in India. The challenges that I was facing at the time were also new for them, so I sorted out those issues myself by referencing some online articles on Check Point. I was able to overcome those challenges at the time. It was not a big deal. There was no huge challenge.

Initially, we involved people from Check Point and the third-party vendor of Check Point, but at later stages, we were capable enough to develop things in-house, so we did it ourselves.

The Cloud Network Security team has ten people. I am handling the AWS cloud deployment along with a colleague. Other colleagues are involved in Azure and GCP deployment. Overall, there are ten people for deployment and management, but mainly, two or three people are involved in the deployment at a time.

We have deployed it in two regions. It is deployed in the Mumbai and Hyderabad regions of AWS in India.

We have seen 70% to 80% ROI. 

I do not know the exact price, but it is fairly priced. It is neither cheap nor costly.

As compared to other OEM vendors in the market, it is cost-effective for us. There are multiple things we need to consider while selecting a certain product. We have AWS, Azure, and GCP clouds, and we have multiple firewalls. All of our firewalls are Check Point CloudGuard firewalls. The cost can vary based on the licenses that you are using. For IPS, IDS, antivirus, antibot, and other capabilities, additional licensing costs might be there. When it comes to security, it gives us great security. Considering that factor, it is cost-effective for us.

I have not evaluated other solutions. Based on the input from my seniors, this is the best solution available in the market. I have heard that Palo Alto also has a cloud-based product called Prisma Cloud, which has some advanced features integrated by using AI/ML technologies. I would love to evaluate Prisma Cloud.

I feel confident using this product. In fact, I have completed a few certifications related to Check Point CloudGuard. I am a Check Point certified administrator, and I am also a Check Point Certified Cloud Specialist. I have also been working with automation-related things, and sometimes, we do some bash scripting and shell scripting to make things easier for us. Traditionally, you can only access the firewall via a CLI. That is the basic level, and at the next level, you should be able to do a few daily things in an automated way. I am very good at that.

I would recommend this solution, but it also depends on the requirements. It is a cost-effective solution. If you are a small organization or a startup, you do not need to have this solution. If you are a big organization with 5,000 to 10,000 users, you can go ahead with it. The ROI for our organization was up to 80%, but it necessarily would not be the same for other organizations.

Overall, I would rate it a nine out of ten.

My company uses the solution as an Edge firewall and East-West firewall. 

The tool's most valuable feature is its management console. 

Check Point CloudGuard Network Security needs to improve the management of the actual firewalls. Improvement is also needed for the consolidated UI of different security aspects. 

I have been using the product for a year and a half. My company has been using it for eight years. 

We recently had some issues with stability, so it's hit or miss. It seems to have more minor bugs than other platforms, but overall stability is the same.

The speed of the support's response varies. Sometimes, you can get a good engineer who can give you the right answers. 

Neutral

I have used Cisco, Fortinet, Palo Alto, and SonicWall. The worst ones on the list are Cisco, Fortinet, and SonicWall. Palo Alto is better in some areas. Check PointCloudGuard Network Security is top in terms of actual security. But in terms of managing the whole platform, I would put it below Palo Alto.

Check Point CloudGuard Network Security's deployment is easy and takes two hours to complete. 

I did the solution's deployment myself. However, I connected with the consultants whenever needed. 

We've been secure and haven't had any security breaches.

The tool's pricing is been higher than other solutions, but it seems like it's turning downwards.

I rate the overall product a seven out of ten.