reference deployment

Check Point CloudGuard Auto Scaling on AWS

Scaled and dynamically secured web services

This Partner Solution deploys Check Point CloudGaurd to the Amazon Web Services (AWS) Cloud. Check Point CloudGuard for AWS extends enterprise-grade security, such as zero-day threat protection, deep packet HTTPS inspection, intrusion prevention systems (IPSs), and application and identity awareness.

When you deploy this Partner Solution, you can choose to include load balancers, web servers, and a preconfigured Security Management Server to manage gateways. 


This Partner Solution was developed by Check Point Software Technologies in collaboration with AWS. Check Point Software Technologies is an AWS Partner.

AWS Service Catalog administrators can add this architecture to their own catalog.  

  •  What you'll build
  • Use this Partner Solution to automatically set up the following Check Point CloudGuard Auto Scaling environment on AWS:

    • A highly available architecture that spans at least two Availability Zones.*
    • A virtual private cloud (VPC) configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.*
    • An internet gateway to allow access to the internet. This gateway is used by the CloudGuard Security Gateways to send and receive traffic.*
    • In the public subnets, CloudGuard Security Gateways in an Auto Scaling group.
    • Either an external Application Load Balancer that operates at the application layer or a Network Load Balancer that operates at the transport level, to route traffic from the internet to the CloudGuard Security Gateways.
    • (Optional) In a public subnet, a preconfigured CloudGuard Security Management Server, to manage the Security Gateways.
    • (Optional) In the private subnets, an Auto Scaling group of web servers.
    • If you choose to deploy your workload of web servers, an internal Application Load Balancer, to route traffic from the Security Gateways to your workload.

    * The template that deploys the Partner Solution into an existing VPC skips the tasks marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To build your Check Point CloudGuard Auto Scaling environment on AWS, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at
    2. Subscribe to the Amazon Machine Image (AMI) for Check Point CloudGuard Security Gateway and (optionally) CloudGuard Security Management Server in AWS Marketplace. You can choose from several licensing options that are detailed in the deployment guide.
    3. Launch the Partner Solution. Each deployment takes about 30 minutes. You can choose from two options:
    4. Review and test the deployment by verifying that your web service is accessible via the external Application or Network Load Balancer DNS address.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • This Partner Solution requires subscriptions to the Amazon Machine Images (AMIs) for Check Point CloudGuard Security Gateway and (optionally) Security Management Server. These subscriptions are available from AWS Marketplace, and additional pricing, terms, and conditions may apply.

    You can choose one of the following licensing options for CloudGuard Security Gateway:

    You can choose one of the following licensing options for CloudGuard Security Management Server:

    To manage more than 25 Security Gateways, you must purchase a BYOL license by contacting Check Point Sales. If you already have a license and you want to use it for this deployment, refer to the Licensing section of the deployment guide.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?