We are using it for network security.

The whole reason we got it was to expand and make an extension to the Azure Cloud so that we could establish services that would make a link between the on-prem and the cloud. That was the goal.

We have unified management. It is one of the advantages of this product.

In terms of protection, we have not yet done any kind of penetration tests. We will check them later. In the future, we would also want to use all kinds of features such as IPS, IPSec, etc.

Its advantage is its layout. You do not need to get any unique devices and install them. The installation is easy. The assimilation is less easy because you have to work with a manager in Azure and upload and define all kinds of addresses.

In essence, you do exactly what you do with on-prem. It is the same operation. You can manage it in the same way as on-prem, which is an advantage. You can manage the firewall in the cloud from on-prem, and you do not need any more interventions.

There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true. I am trying to figure it out. If I want to upgrade to a newer version, I have to make new machines. If this is true, it will negatively impact my thoughts regarding the solution.

It is always running. Its availability is high because it is located in two different data centers. This is the purpose of the cloud. It is located in two data centers in two different countries. We have placed one in Frankfurt, and the other one is in Amsterdam or London. That is the advantage. Because it is not the same country or city, the availability is great.

I mainly receive support from an integrator. Check Point did not accompany me as a vendor from the beginning. I am satisfied with the integrator at the moment. He gives me the answers.

We had a few inquiries recently, and he gave me the answers. They were also very helpful during the installation. So, I have had less communication with the manufacturer. For more complex issues, I can communicate with Check Point's support.

I would rate the integrator's support a nine out of ten because sometimes, it takes a long time for the integrator to find the solution to the malfunctions. The glitch related to the deleted machines was very critical for our organization. Things were working normally on the network, but the entire project was simply blocked for a few days. I expected the integrator to open a ticket in a faster way, but he did not open any ticket at all. He resolved it all by himself, but he did not share with us what the solution was. Deleting things and opening them again is not good enough because there is no reassurance that the glitch will not happen again.

We did not use any other solution before this.

The installation is simple. We just had to put it in two centers and deploy it. It was easy.

During the process, we had to wipe a machine. Microsoft gave us some addresses to work with. We used those addresses because we needed public addresses to work with. At first, we were not able to do something properly, so we deleted the machine. When we came back to set up the machine, we had to take new addresses from Microsoft all over again. I do not know whether it was because of Azure or whether it was Check Point´s fault.

I do not know if I have seen a return on investment because we are at the beginning of establishing the cloud. It is not entirely working yet. At the moment, it is not in production, but I assume that there will be an ROI.

It is not expensive.

I wanted to try Palo Alto at first, but because my entire setup was already in Check Point, I did not go in that direction. I wanted unified management. I also consulted my team, and they said that they do not want to come and manage another firewall because of the management and knowledge it requires. The advantage of this solution was unified management.

My recommendation for those who are thinking of installing the product is to check its survivability at the level of downloading a machine and uploading it. Do not upload all the applications straight away to run tests. Research first.

Based on my experience, I would rate it a seven out of ten. There were some malfunctions. There were also issues at the beginning due to the lack of a dependency needed for it to function. The experience is not yet perfect, but like any product, it will improve over time. In the end, I need stability in the cloud, but right now, that feeling is not there. I do not have the feeling of stability where I can say that the production and the service will not drop again. That is the concern. I want to start uploading some kind of application to production soon.

Foreign Language:(Hebrew)

המוצר מספק ניהול מאוחד, אבל נראה שלשדרוג הגרסה יש מגבלה

מהו השימוש העיקרי שלנו במוצר?

אנחנו משתמשים בו לאבטחת רשת.

בחרנו אותו כדי להתרחב ולעשות הרחבה ל-Azure Cloud כדי שנוכל להקים שירותים שיעשו קישור בין On-Prem לענן. זו הייתה המטרה.

איך זה עזר לארגון שלי?

יש לנו ניהול מאוחד. זה אחד היתרונות של המוצר הזה.

מבחינת הגנה, עדיין לא עשינו שום סוג של בדיקות חדירה. נבדוק זאת בהמשך. בעתיד, נרצה גם להשתמש בכל מיני תכונות כמו IPS, IPSec וכו'.

מה התכונה הכי משמעותית של המוצר?

היתרון שלו הוא הפריסה שלו. אתה לא צריך להשיג מכשירים ייחודיים ולהתקין אותם. ההתקנה קלה. ההטמעה פחות קלה כי צריך לעבוד עם מנהל ב-Azure ולהעלות ולהגדיר כל מיני כתובות.

בעצם, אתה עושה בדיוק את מה שאתה עושה מ- On Prem. זו אותה פעולה. אתה יכול לנהל אותו באותו אופן כמו ב-On-Prem, וזה יתרון. אתה יכול לנהל את הפיירוול בענן מ-on-prem, ולא צריך יותר התערבויות.

מה טעון שיפור?

ישנה מגבלה בשדרוג הגרסה. אנחנו משתמשים בגרסה 81.10 ולפי מה שהבנתי זה בעייתי לשדרג את הגרסה הזו. אני לא יודע אם זה נכון. אני מנסה להבין את זה. אם אני רוצה לשדרג לגרסה חדשה יותר, אני צריך ליצור מכונות חדשות. אם זה נכון, זה ישפיע לרעה על המחשבות שלי לגבי המוצר.

מה אני חושב על יציבות המוצר?

המוצר פועל תמיד. הזמינות שלו גבוהה מכיוון שהוא ממוקם בשני מרכזי נתונים שונים. זו מטרת הענן. הוא ממוקם בשני מרכזי נתונים בשתי מדינות שונות. הקמנו אחד בפרנקפורט והשני באמסטרדם או בלונדון. זה היתרון. מכיוון שלא מדובר באותה מדינה או עיר, הזמינות גדולה.

איך שירות הלקוחות והתמיכה?

אני מקבל בעיקר תמיכה מאינטגרטור. צ'ק פוינט לא ליוותה אותי כספק מההתחלה. אני מרוצה מהאינטגרטור כרגע. הוא נותן לי את התשובות.

היו לנו כמה תקלות לאחרונה והוא סיפק לי את כל התשובות. הוא גם עזר מאוד במהלך ההתקנה. עם היצרן הייתה לי פחות תקשורת. לבעיות מורכבות יותר, אני יכול לתקשר עם התמיכה של צ'ק פוינט.

הייתי מדרג את תמיכת האינטגרטור תשע מתוך עשר, כי לפעמים לוקח הרבה זמן עד שהאינטגרטור מוצא את הפתרון לתקלות. התקלה הקשורה למכונות שנמחקו הייתה קריטית מאוד עבור הארגון שלנו. דברים עבדו כרגיל ברשת ופתאום כל הפרויקט פשוט נחסם לכמה ימים. ציפיתי שהאינטגרטור יפתח טיקט בצורה מהירה יותר, אבל הוא לא פתח טיקט בכלל. הוא פתר את הכל לבד, הוא גם לא שיתף אותנו לגבי מה היה הפתרון לתקלה. למחוק דברים ולפתוח אותם שוב זה לא מספיק טוב כי זה לא מבטיח לנו שהתקלה לא תחזור על עצמה.

באיזה מוצר השתמשתי בעבר ומדוע החלפתי אותו?

לא השתמשנו בשום מוצר אחר לפניו.

איך הייתה ההתקנה הראשונית?

ההתקנה הייתה פשוטה. היינו צריכים לשים אותו בשני מרכזים ולפרוס אותו. זה היה קל.

במהלך התהליך, היינו צריכים למחוק מכונה. מיקרוסופט נתנה לנו כמה כתובות לעבוד איתן. השתמשנו בכתובות האלה כי היינו צריכים כתובות ציבוריות לעבוד איתן. בהתחלה לא הצלחנו לעשות משהו כמו שצריך, אז מחקנו את המכונה. כשחזרנו להגדיר את המכונה, היינו צריכים לקחת מחדש כתובות חדשות ממיקרוסופט. אני לא יודע אם זה היה בגלל Azure או אם זו הייתה אשמתו של צ'ק פוינט.

מה היה החזר ההשקעה שלנו?

אני לא יודע אם ראיתי את ההחזר על ההשקעה, כי אנחנו בתחילת הקמת הענן וזה עדיין לא לגמרי עובד. כרגע הוא לא בייצור, אבל אני מניח שיהיה החזר של ההשקעה.

מה דעתי על התמחור, עלות התקנה ורישוי?

זה לא יקר.

אילו מוצרים נוספים שקלתי?

רציתי לנסות את פאלו אלטו בהתחלה, אבל בגלל שכל ההתקנה שלי כבר הייתה בצ'ק פוינט, לא הלכתי לכיוון הזה. רציתי ניהול מאוחד. התייעצתי גם עם הצוות שלי והם אמרו שהם לא רוצים לנהל פיירוול נוסף בגלל הניהול והידע שזה דורש. היתרון של המוצר הזה הוא הניהול המאוחד.

איזה עוד עצה יש לי?

ההמלצה שלי למי שחושב להתקין את המוצר היא לבדוק את השרידות שלו ברמת הורדת מכונה והעלאתה. לא להעלות את כל האפליקציות מיד, כדאי להריץ בדיקות ולחקור קודם.

בהתבסס על הניסיון שלי, הייתי מדרג את המוצר שבע מתוך עשר. היו כמה תקלות. היו בעיות גם בהתחלה בגלל חוסר העצמאות הדרושה לתפקוד. החוויה עדיין לא מושלמת, אבל כמו כל מוצר, היא תשתפר עם הזמן. בסופו של דבר, אני צריך יציבות בענן, אבל כרגע, התחושה הזו לא שם. אין לי תחושת יציבות שבה אני יכול להגיד שהייצור והשירות לא יירדו שוב. זו הדאגה. אני רוצה להתחיל להעלות איזושהי אפליקציה לייצור בקרוב.

For the Azure platform, especially Azure endpoint protections and other network aspects, we utilize CloudGuard Network Security to secure the egress connection. This includes configuring and maintaining express route connectivity between on-premises and Azure.

The Identity Awareness blade and dynamic tagging in Azure are valuable because they make access management automatic. Instead of manually setting up access for each new resource, it happens automatically based on the same access policy. This dynamic setup is scalable.

The tool is cloud-based and scalable. As our resources scale up or down, the system automatically adapts. This reduces the need for manual work, allowing us to manage the entire cloud infrastructure with a smaller workforce. It helps with automation.

Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version.

I have been using the product for four years.

Stability is generally good, and I don't have many complaints due to its scalability. When there are hardware issues, it automatically sets up a new, healthy instance. Overall, it contributes to a stable environment for us.

The solution's scalability is excellent, but we do encounter some restrictions with the API on the cloud platform. This occasionally causes issues with the frequent pulling up of new resources.

Our deployment model involves VM scale sets. We have set up instances across three environments: production, staging, and development. This structure allows for easy testing in the development environment before moving on to the production environment. We utilize Check Point's professional services to integrate, deploy, and build a cloud platform for CloudGuard Network Security.

We have seen a return on investment from CloudGuard Network Security. As more workloads shift from on-premises to the product, the costs associated with on-premises infrastructure decrease. Additionally, its dynamic and scalable nature in Azure allows us to maintain control.

The solution's licensing is based on the number of users of the VMs. We follow a pay-as-you-go model. Its pricing is competitive.

CloudGuard Network Security can manage security for both our hybrid cloud and on-premises systems. Currently, we have separate solutions for on-premises and the cloud. We also use Smart-1 Cloud from the Infinity portal. We haven't integrated the tool with both Azure and on-prem environments.

I have about an eight out of ten confidence level in our cloud network security with the product. It is because of Azurre's robust and dynamic nature. It is easy to incorporate anything new that comes up. We can integrate any new steps in Azure concerning the blades, CloudGuard Network Security, and Check Point.

Cloud-native firewalls lack functionalities such as IPS, which are exclusive to products like Check Point or other vendor-specific solutions. This is why we opted for CloudGuard Network Security as an additional layer, complementing the limitations of Azure's native or any cloud-native firewalls.

We are already using Check Point for our on-prem environment. The cloud solution was easy to integrate with our existing infrastructure.

I rate the overall product a six out of ten. Due to certain limitations in the integration between Azure and CloudGuard Network Security, I currently rate the experience as a six. However, I'm hopeful that Check Point is working on its new release.

The architecture proposed is based on Microsoft’s Cloud Adoption Framework enterprise-scale landing zone architecture. Enterprise-scale is an architectural approach and a reference implementation that enables effective construction and operationalization of landing zones on Azure at scale.

We're using CloudGuard solution in a NorthBound - SouthBound design to protect and filter both incoming and outgoing traffic.

Also, we are using a VMSS solution deployed in Azure, with a minimum of two instances

The design is based on a "Hub & Spoke" model in which the environment is set up as a system of connections arranged as a kind of bicycle wheel where the spokes are connected to a central point in the hub, and all traffic to and from the spokes passes through this hub.

The NorthBound/SouthBound design solution allows traffic to be scanned and filtered both when entering (NB) and exiting (SB) the organization.

This design is also extremely suitable for segmenting a network. Network segmentation is usually done to reduce the attack surface of the network and limit the ability of a malicious threat to spread freely across the network.

Also, CloudGuard came with a new benefit in terms of scalability, with the VMSS solution capable of auto-scale in or out, depending on the resource demand.

The most valuable aspects of the solution include:

• Easy to administer and also to deploy, thanks to automated setup with pre-configured templates. On top of that, security comes first.
• The proactive threat detection results in huge risk reduction.
• It has a user-friendly interface; it's best in the market for policy management and log monitoring.
• There are multiple options to deploy (clustering, standalone, VMSS and single management solution, SMS or MDS, and even better: Infinity Portal).
• It has a really strong user community, which seems to compensate for the very poor vendor support.
• The capability to auto-scale in or out, depending on the resource demand is great.

Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).

There are lots of limitations and discrepancies across different Cloud provider deployments.

Documentation might become too complex or too spread out, especially for newcomers.

As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.

I have been using Check Point for more than ten years - and CloudGuard for almost a year.

In my company, we use the solution just to secure my AWS Network Insights and inside production. We use it for security purposes.

With the solution, we just need to filter the traffic coming from the internet and Direct Connect. So it filters the traffic, basically. It permits access. In short, it just filters the traffic and permits the traffic. The aforementioned details are the purposes for which we use the tool.

We use the tool as a basic firewall. It's a technical firewall. As a technical firewall, we use SmartConsole or Check Point Firewall.

The deployment phase takes too much time. I would like the deployment to be faster.

I have been using Check Point CloudGuard Network Security for two and a half years. We are using Check Point R80.10 SmartConsole in our organization.

Stability-wise, I rate the solution a seven out of ten since it takes too much time for deployment. However, it is flexible since we used to push the policy normally. It takes hardly ten seconds to install the policy. It's much easier.

I have been using the solution in my company for the last year. Other than the employees in my company, more than 25,000 users are using the solution hosted on AWS.

Basically, the application, which is hosted, is used internally. It's the same user account because it's not exposed anywhere on the internet. If anyone wants to access the solution from the internet, the traffic comes from Direct Connect, and from Direct Connect, it goes to AWS.

The initial setup was not much complex. The setup phase was good enough to be able to navigate through it.

It took a long time to deploy it. We need to run this on EC2 instances, so it took almost two hours to deploy the solution. After deploying the solution slowly, and gradually, we have to push the policy on the firewall. It takes time to deploy, but it's a stable one.

The solution is deployed on the cloud. It's a software we install in EC2 instances on AWS, which we use as a firewall.

We currently have six to seven resources managing the deployments and maintenance.

During deployment, we took technical help from Check Point.

It is a good-to-use tool that is also flexible.

Overall, I rate the solution a seven out of ten.