Agent Mode
English
    Check Point WAF as a Service (Premium, PAYG, Free 7 Days or 1M Requests) logo

    Check Point WAF as a Service (Premium, PAYG, Free 7 Days or 1M Requests)

    Sold by
    Check Point Software Technologies 
    Check Point WAF as a Service (WAFaaS) is an AI-based web application, generative and agentic AI, and API security solution, delivering the highest protection against known and zero-day threats using advanced AI and IPS. WAFaaS provides multiple layers of protection: rate limiting, AI engines, IPS signatures, zero-day file security, bot protection, and comprehensive API discovery and schema validation. WAFaaS delivers a non-agent WAF, deployable within minutes, and adds advanced DDoS mitigation. Traffic is seamlessly routed through Check Point servers, which automatically issue SSL certificates.
    Leave a review

    Ratings and reviews

    4.4
    127 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    59%
    39%
    2%
    0%
    0%
    13 AWS reviews
    |
    114 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (127)
    Computer Software

    Strong Security and Easy Management for Multi-Cloud App Protection

    Reviewed on Jun 09, 2026
    Review provided by G2
    What do you like best about the product?
    It’s a solid combination of strong security and easy management. I also appreciate its cloud-native approach, especially the ability to protect applications across different cloud environments.
    What do you dislike about the product?
    Compared with some competing WAF solutions, the initial setup and policy-tuning process can feel complicated, particularly for teams that are new to web application security. I’ve also seen users note that troubleshooting false positives may take a significant amount of manual effort, and that the user interface can come across as less intuitive than some cloud-native alternatives.
    What problems is the product solving and how is that benefiting you?
    It protects web applications and APIs from cyber threats that traditional network firewalls can’t effectively stop. It also helps mitigate attacks such as SQL injection, cross-site scripting (XSS), remote code execution, bot attacks, API abuse, and denial-of-service attempts.
    Anonymous

    Efficient Threat Management, Tough Learning Curve

    Reviewed on Jun 09, 2026
    Review provided by G2
    What do you like best about the product?
    I really like the AI engine in Check Point WAF; it's cool how it automatically handles threats, saving us a lot of time by reducing the false positive rate. This automation allows us to block threats efficiently without impacting the user experience, which is great because the team doesn't waste hours chasing down false alarms.
    What do you dislike about the product?
    It has a pretty steep learning curve, and the initial config is pretty tough as well, and also the price can sting quite a bit. The documentation needs some work.
    What problems is the product solving and how is that benefiting you?
    I use Check Point WAF to protect web apps and APIs automatically, reducing manual rule tuning and false positives. The AI engine saves us time by handling threats and automating blocking without impacting user experience.
    Otniel V.

    Check Point WAF Delivers Strong Protection Against Common Web Attacks

    Reviewed on Jun 09, 2026
    Review provided by G2
    What do you like best about the product?
    I believe the best advantage of the Check Point WAF solution is that it offers a strong protection against common web attacks (OWASP Top 10, bots, API threats), which are the most common threats I met.
    What do you dislike about the product?
    There are no many things to say here, but let’s say that the complex initial setup can be challenging, especially for teams without prior Check Point experience. However, there are a lot of tutorials that will help with this, so I wouldn’t say that it is really a thing I don’t like, just that it’s challenging.
    What problems is the product solving and how is that benefiting you?
    In my team case, Check Point WAF protects our web applications and APIs from common cyber threats while providing centralized visibility and control. This reduces security risks, improves compliance, and saves time on manual security management.
    Computer Software

    Easy to Use, Affordable, and Accessible for New Users

    Reviewed on Jun 04, 2026
    Review provided by G2
    What do you like best about the product?
    It's ease of use and accessibility for new users. Genuinely helpful products with affordable price. Makes sense for enthusiasts and companies. Not much else to say.
    What do you dislike about the product?
    Nothing in particular, I would continue to use the service if I was doing anything at the moment that required it. It's a good product, nothing comes to mind as a dislike
    What problems is the product solving and how is that benefiting you?
    It was handling security of my endpoints that i created personally as enthusiast. Benefits me by keeping me assured that my data is safe from attacks.
    Syed M.

    Strong Web Protection with Easy Management

    Reviewed on Jun 02, 2026
    Review provided by G2
    What do you like best about the product?
    I like the strong protection Check Point WAF offers against web application attacks. Its easy-to-manage interface is a big plus for me, as is the real-time threat detection that it provides. I also appreciate the detailed visibility into web traffic and security events, which makes it easier to monitor and respond to potential threats. The documentation was helpful during the initial setup, allowing for a straightforward configuration. Additionally, it integrates well with other security tools, which enhances its effectiveness in our security infrastructure.
    What do you dislike about the product?
    One area that could be improved is reducing false positives and making policy tuning more straightforward. The reporting and dashboard customization options could also be more flexible and user-friendly.
    What problems is the product solving and how is that benefiting you?
    Check Point WAF protects web applications from cyberattacks, detects malicious traffic, reduces security risks, and improves application security without affecting user experience.
    Bala_Krishna

    Security has improved for cloud-native apps and now protects APIs with low latency and minimal tuning

    Reviewed on Jun 01, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Any cloud-native application is where my clients might be using Check Point WAF (formerly CloudGuard WAF) to secure Layer 7 with low latency. It is one of the best in Layer 7 security.

    What is most valuable?

    The biggest advantages of Check Point WAF (formerly CloudGuard WAF) are that it is lightweight and the integration into cloud-native applications is very easy. Check Point WAF (formerly CloudGuard WAF) produces false positives that are minimal. It has a learning process that is unique, adopting an education model approach. Ease of deployment and efficiency, particularly for API security, are phenomenal. The console is key, with Infinity Portal offering access to all kinds of Check Point products and a unique dashboard and reporting system.

    Scaling is easy; once deployed, it takes care of everything without causing any concern for improving hardware or configurations. Check Point WAF (formerly CloudGuard WAF) reduces total cost of ownership, being cheaper compared to any other software.

    What needs improvement?

    As a reseller, the most difficult part is the lack of awareness. Check Point does not provide any kind of awareness programs to the customers, requiring partners to educate customers.

    There are indeed some features missing, particularly connected with integration or with artificial intelligence. Check Point WAF (formerly CloudGuard WAF) faces certain issues with dual ISP tagging on entry-level devices since SD-WAN features were added.

    For how long have I used the solution?

    I have been selling Check Point WAF (formerly CloudGuard WAF) for almost three to four years.

    What do I think about the stability of the solution?

    Regarding stability, I am not finding any issues; it is very stable.

    What do I think about the scalability of the solution?

    Check Point WAF (formerly CloudGuard WAF) is very easy to scale. Once deployed, you forget it; it takes care of everything.

    How are customer service and support?

    My impression of technical support for Check Point WAF (formerly CloudGuard WAF) is that it is adequate. The technical support team is really good.

    If I were to rate support from zero to ten points, I would give them a ten, as they are the best.

    Which solution did I use previously and why did I switch?

    Check Point WAF (formerly CloudGuard WAF) is good; there are no questions asked.

    What was our ROI?

    In terms of pricing, Check Point WAF (formerly CloudGuard WAF) is not expensive; it is worth the investment. If there is no downtime or bottlenecks while accessing your application from the internet, that itself is the return on investment.

    Which other solutions did I evaluate?

    I can tell you specific issues or advantages with products such as FortiGate or Check Point perimeter firewall.

    What other advice do I have?

    From a technical perspective, I do not think Check Point is leading in the web application firewall space. Cloudflare, F5, and Barracuda WAFs are noteworthy. Check Point WAF (formerly CloudGuard WAF) can be configured with no prior training.

    When I compare Check Point WAF (formerly CloudGuard WAF) with traditional WAFs, I find its learning curve to be simple.

    Check Point has an excellent intelligence engine for zero-day attacks, unmatched by Palo Alto. I would rate this review a ten overall.

    Luciano P.

    Strong OWASP Protection and AI-Driven Threat Prevention That Scales

    Reviewed on May 29, 2026
    Review provided by G2
    What do you like best about the product?
    Strong protection against OWASP Top 10 attacks
    Easy integration with cloud environments
    Good real-time threat prevention and bot protection
    Centralized management and visibility
    AI-driven threat intelligence from Check Point
    Scalable for enterprise workloads
    Helpful automation and policy tuning feature
    What do you dislike about the product?
    Initial setup can be complex
    Can be expensive for smaller companies
    Some advanced configurations require expertise
    Dashboard/UI can feel overwhelming at first
    Occasional false positives that need tuning
    Support response time may vary depending on the plan
    What problems is the product solving and how is that benefiting you?
    Check Point CloudGuard WAF is solving web application security problems by blocking attacks such as SQL injection, XSS, bots, and API threats. It helps secure cloud applications, reduce security incidents, improve visibility into traffic, and support compliance requirements. The benefits include stronger protection for business applications, reduced downtime, lower risk of data breaches, faster threat response, and improved operational efficiency through centralized management and automation.
    Merin K O.

    Powerful Security with a Complex Setup

    Reviewed on May 29, 2026
    Review provided by G2
    What do you like best about the product?
    I use Check Point WAF to protect our internet-facing web application and APIs from web-based threats like SQL injection and cross-domain issues. The solution provides advanced threat prevention and automated policy cleaning. I appreciate the traffic inspection and reverse migration capabilities that ensure application availability and maintain security compliance. It supports both community and hybrid environments. We also integrate it with our broader security ecosystem, which helps in monitoring and provides better visibility for threat detection. Cloud integration capabilities have simplified development, providing better visibility to application networks and stronger protection against top vulnerabilities.
    What do you dislike about the product?
    While Check Point WAF provides strong application security and configuration capabilities, there are some areas that could be improved. The initial set of policy tuning process can be complex for new administrators, requiring a good understanding of web application traffic patterns. The interface could be more user-friendly, and the reporting and dashboard customization options could be enhanced to provide more actionable insights. Additionally, licensing can be challenging for smaller organizations, I assume. Faster deployment templates for cloud-native applications would further simplify the implementation.
    What problems is the product solving and how is that benefiting you?
    I use Check Point WAF to protect our web application and APIs from threats like SQL injection and ensure security compliance. It offers advanced threat prevention, automated policy cleaning, and supports hybrid environments, though initial setup needs expertise.
    Ivan D.

    Modern WAF that actually reduces tuning, not perfect but solid

    Reviewed on May 28, 2026
    Review provided by G2
    What do you like best about the product?
    I appreciate how quickly you can get it up and running. Compared to older WAFs that take time to tune, this one is much faster to deploy and requires less ongoing maintenance, which makes a real difference in day-to-day operations.
    What do you dislike about the product?
    The platform is also not the most intuitive at first. While the core functionality is strong, getting familiar with some of the advanced features and configuration options takes time, especially if you’re used to simpler WAF solutions.
    What problems is the product solving and how is that benefiting you?
    It helps a lot with handling modern threats like API abuse, OWASP-type attacks, and zero-days without waiting for signatures or manual rule updates. That means you’re not always reacting after the fact — it blocks things much earlier in the cycle.
    Rithin m.

    Catches Zero-Day Attacks with Low False Positives and a Unified Security Dashboard

    Reviewed on May 27, 2026
    Review provided by G2
    What do you like best about the product?
    The AI engine catches zero-day attacks without throwing false positives at us all day. Bot protection killed our scraping problem, and managing cloud plus on-prem from one dashboard saves real time.
    What do you dislike about the product?
    The initial learning curve is steeper than I'd like. Documentation could be clearer for advanced policy tuning, and the console can feel sluggish when pulling reports across larger time ranges.
    What problems is the product solving and how is that benefiting you?
    It solves the problem of constant manual tuning that older WAFs needed. Now our APIs are shielded from injection attacks and credential stuffing automatically, and our team spends way less time triaging noise.