My company uses the solution as an Edge firewall and East-West firewall. 

The tool's most valuable feature is its management console. 

Check Point CloudGuard Network Security needs to improve the management of the actual firewalls. Improvement is also needed for the consolidated UI of different security aspects. 

I have been using the product for a year and a half. My company has been using it for eight years. 

We recently had some issues with stability, so it's hit or miss. It seems to have more minor bugs than other platforms, but overall stability is the same.

The speed of the support's response varies. Sometimes, you can get a good engineer who can give you the right answers. 

Neutral

I have used Cisco, Fortinet, Palo Alto, and SonicWall. The worst ones on the list are Cisco, Fortinet, and SonicWall. Palo Alto is better in some areas. Check PointCloudGuard Network Security is top in terms of actual security. But in terms of managing the whole platform, I would put it below Palo Alto.

Check Point CloudGuard Network Security's deployment is easy and takes two hours to complete. 

I did the solution's deployment myself. However, I connected with the consultants whenever needed. 

We've been secure and haven't had any security breaches.

The tool's pricing is been higher than other solutions, but it seems like it's turning downwards.

I rate the overall product a seven out of ten. 

Basically, we are using Check Point CloudGuard firewalls everywhere. We are using them at the perimeter and internally.

By implementing this solution, we wanted to protect our perimeter. We are using Check Point along with other solutions to protect our perimeter. We also have many application-level use cases that can be solved with Check Point. 

Most of the things that we have are on the cloud. Its main benefit is reliability. We have tested so many firewalls on the cloud, but when it comes to reliability, other firewalls fail miserably. Check Point is very good. It is a very reliable solution. With other vendors, when you move something to the cloud, the features that they are offering might only work partially. We never faced any such issue with Check Point. They offer features that will work completely. Apart from that, they have solutions for almost every cloud use case. That is another thing we love.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. They have a centralized management server. There is a process called CME. If you have multiple clouds, such as AWS, GCP, and Oracle, and you are deploying CloudGuard across all the clouds, you have single management to take care of everything. This is why they provided a unified management solution. CME takes care of scaling and integration. It has a zero-touch approach. It takes care of everything. You just need to deploy it, and the connectivity should be there. It then takes care of everything. It drastically reduces the deployment time and administration overhead.

When any incident happened, it was able to tell us the particular packet associated with that. Based on its internal intelligence, it identifies everything. We were not even aware that there was an attack like that, but it gave us complete clarity about what happened and what was the attack journey. Visibility-wise, it has been very good.

It makes us confident in our security. We have proper visibility into the network. We can see exactly what is happening. We get this level of clarity. Especially when we offload the SSL capability on the firewall, we have unparalleled visibility on even the SSL traffic.

The number of options it gives for deployment or security is valuable. When it comes to security, it has a feature that is super awesome for zero-day-based attacks. Their IPS is also very capable. We tested other firewalls, and we understood that it is the best one in the market. 

When it comes to the firewall capabilities, the level of information that it offers for any security incident is very good. It gives a very good clarity about what happened and at what time. It is very good.

There is centralization. You can manage everything in a single pane, and you have support for all the software. If it is a Kubernetes, you have a solution for it. If it is IOT, you can cover that. You have gateways as well for network security.

The main issue that I have noticed is that for deployment, it still requires a dedicated management server, and the gateway is completely different. That sometimes can cause issues. If it loses communication with the management server and you want to push any sort of critical policy, that would be affected. Apart from that, I do not see any issues. Everything else is going well.

We have been working with Check Point firewalls for more than ten years. We are currently using Check Point CloudGuard firewalls.

Check Point also has NGFW firewalls. They are hardware-based firewalls. All the features are identical. The only difference is that one is on a virtual platform, and the other one is on a physical platform.

It is reliable.

We are only using auto-scaling firewalls. The good thing is that it scales well. Within seven to ten minutes, it gets integrated with the management server. If there is a failure, the firewall will be ready within ten minutes.

We have a team of around seven people who take care of the network security part. Our environment can go up to 3,000. If you combine the server users and the end users, there are more than 10,000 users.

We work closely with Check Point support when there is any issue or limitation. When we face any issues related to processing, scale-out, or delay, we definitely connect with the Check Point support. They usually provide the solution quickly.

I would rate their support an eight out of ten. The reason why I am not giving them a ten is that we are connected through a third party. We cannot directly engage with Check Point. We usually contact this third party, and they engage Check Point support. We have a technical person assigned directly, which is a good thing, but this is how we initiate the process.

Positive

We are mostly relying on TerraForm. For us, the deployment is very straightforward. When you deploy, it will automatically integrate with its management server, so you do not need to put in any effort. The only thing is that you should have the connectivity between the gateway and the management server. Once you deploy, it automatically gets added to the management. The policy push is automatic. That is very good. So, when it comes to deployment, after pushing the code, you do not need to do anything. Everything will come online. That is the best part.

We do have a couple of gateways in management, but I do not take care of that part. I am mostly on the cloud side.

It takes five to ten minutes for initialization and then there is the management part. At the maximum, it will go up to 30 minutes. I usually see everything happening within 15 to 20 minutes and not more than that, but if there is any connectivity issue or any other error, then the duration will get affected. If it is straightforward, it will take a maximum of 30 minutes and not more than that. Because the integration is automatic, I do not need to onboard the gateway to the management server. There is a functionality called CME that takes care of the entire thing.

In terms of maintenance, it does not require any maintenance. The only catch here is that because it is a cloud version, when it comes to upgrades, you cannot upgrade the existing versions to newer versions. We simply deploy the new one. It is not a complicated task. This is the only thing when it comes to maintenance.

I was the main person who took care of the deployment engineering part. 

I do not have visibility on the ROI, but we are completely satisfied with the performance. We will continue with Check Point in the future. We have been renewing their licenses without thinking about any other firewalls. I consider it as a good investment, but this aspect is managed by a different team.

We have an enterprise licensing team that works closely with Check Point. I know that we have an enterprise agreement with Check Point. That gives us some benefits, but I do not have more information about that.

We tried the Azure Firewall. It was good, but zero-day, URL filtering, and NAC capabilities were not there. It was a native firewall, but it was not able to fulfill our use cases. The main competition was against Palo Alto. When we did the comparison, we found Check Point to be more reliable. With the Palo Alto firewall, we had issues with autoscaling. It was not working as expected. These were the two that we tested. Being a bank, we cannot test everything. There was a discussion with Cisco as well, but we did not go with Cisco.

The advantage that Palo Alto has over Check Point is the GUI. They do not require a dedicated management appliance to be deployed to access the firewall capability. They do have that platform, but the individual gateway can be also accessed via a dedicated GUI. With Check Point, you have to have the software called SmartConsole. It is very good, but a company like ours has too many gateways. When you have so many gateways onboarded to the management, it will be slightly slow, but it is not a show-stopper. The GUI is good, but you require the client applications to be installed on your laptop. From the GUI itself, you would not be able to access them. That is one advantage of Palo Alto. You can straightaway access them through the GUI. The software that you need to install for Check Point is a huge one, so the performance depends on the machine. If you have many gateways associated, it can be a bit slow at times.

Check Point is a number one vendor based on the NSS labs and other regulators. In terms of performance and security, Check Point is always number one. Irrespective of how many firewall vendors are there, Check Point will always be number one. Check Point's capability to identify an incident is also very good. Its performance is also good. We were worried that if we moved to the cloud, unlike on-prem, we would not have any dedicated hardware to accelerate something. However, when we migrated to CloudGuard, we did not face any issues. 

When it comes to the cloud, I would definitely recommend the solution. One main thing is reliability. I appreciate Check Point for that. For an organization like ours, security is the main thing. Check Point has been able to protect us from various attacks. Autoscaling and other things are also working perfectly. We were able to achieve all of our use cases with the Check Point CloudGuard firewall. I do recommend this solution.

For zero-day attacks, I know there is technically no single solution, but our observation is that for most of the sophisticated attacks, if it is not already there, Check Point will have a solution within a day. When it comes to DDoS and bot-level attacks, Check Point has a sophisticated approach to prevent them in most cases.

Overall, I would rate this solution a nine out of ten. 

We had the firewalls set up in the cloud systems. We were using them for VPN as well as the encryption of traffic coming in and leaving the cloud.

When COVID-19 hit and everybody started to work from home, we did not have a scalable VPN technology. Also, with more people working from home, security was a bigger concern. CloudGuard Network Security addressed both needs in one single product.

After implementing CloudGuard Network Security, overnight, 500 people could work from home on a secure and encrypted tunnel. What more could we ask for? When COVID-19 hit and everything closed down, we were able to spin this up within 2 weeks.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. There is a single admin client that you can use. You can have a firewall deployed on-prem. You can have a firewall deployed in GCP. You can have a firewall deployed in AWS or Microsoft Azure, but you can manage it all with a single pane of glass. You can have a single management station managing all of these.

We are very confident about it and our security. It is a very robust solution.

The endpoint VPN is super stable. The routing is also very good. We tried a competing product first, but we could not make it work. We came across CloudGuard. The network routing across different virtual networks in Azure and AWS was way ahead of any of the other technologies. That helped us be able to cover the whole network using one single cluster.

They have come such a long way. There may be other areas that other people use, but as far as I am concerned, I have been very happy with it. There are always newer features getting added and new encryption protocols coming. I can see where they are going and how far they have come. I have been using the Check Point firewall since 2010. It has been 14 years, and I have seen how they have improved.

They are coming out with more SD-WAN express route support from a firewall perspective. That would be great. They keep on launching new features. That is how they work.

I was one of the first sites to use it as a PoC before they even introduced it to the world. It has been 4 or 5 years.

I would rate it a ten out of ten for stability. It has been running since we put it up.

I would rate it a ten out of ten for scalability. It depends on your design. You can either have a static deployment where there is only one firewall, two firewalls, and four firewalls, or you can put it in the elastic mode where it will spin up as the load goes up. It will auto-scale up and auto-scale down. It is fantastic.

They are fantastic. Their technical support is absolutely great. There is ownership right from the top down. They know their product. They stand by their product. If there is a feature that is not working, I have seen them write patches for me in 48 hours. They offered to provide the patch by Sunday evening in Tel Aviv, and by Sunday afternoon, I had an email saying that the patch was available for our download. We could download it and reinstall it. That patch was only written because of something in my deployment. It was not like they had 200 customers who complained about it. I was the only one complaining about it.

Positive

We did a PoC for one week. We had some major issues because of sizing. We sized CloudGuard too small, so we made it bigger. The next week, we did another PoC, and it worked well. By the third week, we were done. We went live, and everybody was working from home. 

I would rate it an eight out of ten in terms of ease of installation.

Their support was good. We set it up when nobody else in the world had seen it. We were probably the third company in the whole world to roll it out. We were that new to it. Nowadays, I would rate their support an eight out of ten, but in those days, it was one out of ten because we were all learning together.

I was the only one involved in its deployment. To deploy this, you need to have a background in IT security and networking put together.

We have seen an ROI. 500 people were able to work from home. That itself is a huge ROI.

It is one of the top solutions in the world. We know that it is protecting our entire cloud infrastructure, so it makes a lot of sense.

I quite like the way they priced it. It is very reasonable.

We did evaluate other solutions. We looked at Fortinet, and they could not do cross-VNet traffic at that time. We spent almost five or six days. We worked 10 to 12 hours a day. Even after 60 to 70 hours, they could not make it work, but it worked out-of-the-box with CloudGuard Network Security. In terms of ease of use, CloudGuard Network Security is any day easier.

We did not just go with our cloud vendor's cloud firewall because the cloud vendor did not have a firewall at that time. Secondly, even if they did, it is always good to have a third-party product protecting the cloud. If we are using AWS, I would not put an AWS firewall there because if there is a compromise somewhere else, it is most likely going to carry over to their firewall too because everything runs on the same fabric, whereas this is separate. It gives a completely independent security front end.

I would definitely recommend it. I have used it. I know how it works.

Check Point has been one of the pioneers of firewall technology. This is the only product that they really do. They are into cybersecurity firewall technology. They are not like other competitors, such as Cisco or Fortinet, who also have network switches, hubs, routers, etc. Check Point is a dedicated company that does cybersecurity. All in all, this is what they do. You can see the investment coming from the top down. They have ownership of the product. I have raised complaints that have gone up to Gil Shwed. He is the CEO and the founder of Check Point. I have got an email from Gil saying that he knows we are frustrated, but they are working on it, and he will make sure that this gets fixed. That is the kind of ownership they have.

Overall, I would rate CloudGuard Network Security a nine out of ten.

We are using CloudGuard Network Security to protect North-South traffic or VPCs. We are using the CloudGuard firewall between the Internet and VPCs. All the traffic needs to pass through the firewall.

CloudGuard Network Security provides features, such as threat emulation, that native cloud solutions do not offer. AWS, Azure, and GCP have a lot of features, but you sometimes need to pay charges for specific features. With Check Point products, you have all these features in one license. You pay once and you can use everything.

CloudGuard Network Security improves our security against advanced threats. Others do not offer features like threat emulation out of the box. CloudGuard Network Security protects very well against advanced threats.

We have a high level of confidence in our cloud network security by using CloudGuard Network Security. The product is similar to what we use in traditional data centers. The infrastructure is almost the same. The way to manage the policies is the same. It is very easy to implement and manage CloudGuard networks. There is some difference when you are using auto-provision, but in the end, it is the same technology. It is easy for a traditional network engineer to work with CloudGuard.

We did not go for the cloud vendor's cloud firewall because we wanted to be able to manage all the firewalls, policies, and other things from a single point. 

The most valuable feature for me is that you have just one license. You can test and implement everything you need with one license. You do not need to pay for separate module licenses when you want IPS or other features. The license includes everything that you need.

The version upgrades need improvement. We faced issues while upgrading our CloudGuard Network Gateway. When we tried to use the template that Check Point offers on their site, it was not available for the second to the latest version, so I was forced to upgrade my management server. That was very challenging for us.

I have been working with Check Point CloudGuard Network Security for 8 years.

I cannot remember the last time I had an issue. It is stable, but every product has a few bugs. If you maintain the configuration and the versions, everything is fine.

We do not have any problems because we can use the auto-provision templates. If I need to scale up or scale down, I can do this. If there is any issue, it is very transparent. For example, if I lose my gateway, the manager will automatically create a gateway and bring everything up.

Their support is very good. Their response is fast. You can contact an engineer in a few minutes, but it depends on the severity of the issue. In the case of a high-severity issue, you can talk to an engineer to assist you with an issue.

Compared to other vendors our company has been working with, Check Point has better support. They have the best technical staff.

Positive

We only use Check Point products. In our data center, we are only using CloudGuard.

It is very easy. With a few clicks, you can implement your firewall. 

It is fair. Its license covers all the features. There is a cost-benefit. The licensing for the cloud is better than on-premises because, with on-premises, you have to pay separately for different things.

Overall, I would rate CloudGuard Network Security a nine out of ten.