No more typing reviews! Try our Samantha, our new voice AI agent.
Thanos Constantopoulos - PeerSpot reviewer
Manager, Managed Security Services at a tech vendor with 51-200 employees
Real User
Top 5
Feb 13, 2025
Real-time attack recognition and integration provide peace of mind while safeguarding websites
Pros and Cons
  • "Support is the same with on-premise devices, and it is very good. Since it is cloud-based, I do not need them as much."
  • "It helps me sleep at night, providing peace of mind."
  • "If the price could come down, I would be very happy with the product."
  • "Pricing is high, although possibly justified by the service received."

What is our primary use case?

Protecting our websites or our customers' websites is our top priority. We transitioned to Check Point WAF from on-premises WAF to safeguard our external perimeter. Essentially, I am focused on protecting our external infrastructure and web services.

How has it helped my organization?

It helps me sleep at night, providing peace of mind. It saves time, money, troubleshooting, and maintenance and reduces the need to hire people to manage the technology because it is so easy to use.

What is most valuable?

The WAF is the best feature. The application firewall's ability to block and recognize all attacks in real-time, such as DDoS, is invaluable. Identifying attacks and integrating with the rest of the ecosystem are features I am very fond of.

It's a pretty robust product.

CloudGuard protects against threats without relying on signatures. This is one of the best features. As an engineer, I don't have to review signatures one by one by one. 90% of the other players use signatures. So you have to review the attack, the signature, and how to mitigate it, etcetera. Removing the signatures from the equation removes a lot of time required for an engineer to review signatures, apply signatures, verify that these are applied to the infrastructure, etcetera. So removing that from the equation and protecting the infrastructure at all times is very cost-effective. 

Signature-based also causes a lot of false positives. So having no signature also helps remove a lot of the false positives. 

What needs improvement?

I cannot think of any needed features.

Pricing is high, although possibly justified by the service received. Reducing prices would be welcome. 

Integration with more technologies or Check Point products, or on-prem products, could improve robustness. Many organizations are moving to the cloud. Some cannot fully transition and require solutions similar to on-prem devices. 

Buyer's Guide
Check Point WAF (formerly CloudGuard WAF)
July 2026
Learn what your peers think about Check Point WAF (formerly CloudGuard WAF). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,748 professionals have used our research since 2012.

For how long have I used the solution?

I have used the solution for the past two years.

How are customer service and support?

Support is the same with on-premise devices, and it is very good. Since it is cloud-based, I do not need them as much. 

Which solution did I use previously and why did I switch?

I have used CloudGuard, Imperva Cloud WAF, and Barracuda Cloud WAF. I have experience with all of the major players.

What was our ROI?

I have seen what we were used to before and how much time we spent. We used to manage on-prem devices for other partners that could run from other vendors. When you migrate to the cloud, it feels like saving 90% of your time.

What's my experience with pricing, setup cost, and licensing?

If the price could come down, I would be very happy with the product.

Which other solutions did I evaluate?

I will not disclose which vendor is the best. In specific cases, some vendors perform well, while others are competitive at the high end. Check Point is one vendor that I really appreciate, and I will not mention the other, however the competition is very close.

What other advice do I have?

I would rate the solution nine out of ten. Nobody is perfect. 

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner Reseller
PeerSpot user
reviewer2647476 - PeerSpot reviewer
Senior Manager Head of Security Operations at a educational organization with 201-500 employees
Real User
Top 20
Feb 23, 2025
We get a consolidated view, good security, and excellent scalability
Pros and Cons
  • "From a security perspective, it is quite good."
  • "Check Point CloudGuard WAF works well for preemptively blocking Zero Day attacks and detecting hidden anomalies."
  • "I am pretty happy with the current version. I have not yet used it to its full potential, but there could be improvements as I explore it further."

What is our primary use case?

I have a team that manages CloudGuard for me. We have different research centers using various cloud accounts and are trying to consolidate everything into a single landing zone to protect those areas. From a use-case perspective, I have different laboratories or research centers utilizing it for various purposes. We are mostly focused on AI, and some of those requirements cater to the AI segment as well.

How has it helped my organization?

From a protection perspective, Check Point is a well-renowned name. We are also using other products from Check Point, such as Harmony, Infinity, and XDR. We have a consolidated view of the overall security posture, which I find quite interesting.

CloudGuard WAF protects our applications against threats without relying on signatures. This is crucial for us to maintain application security and stop the threats coming into our environment, keeping our production part secure.

Check Point CloudGuard WAF works well for preemptively blocking Zero Day attacks and detecting hidden anomalies. It is the best. That is why I am paying for it.

Check Point CloudGuard WAF helps us with overall application and cloud API security. The consolidated view of the security posture that Check Point provides is very useful from an upper management perspective.

CloudGuard WAF has helped reduce our false positive rate by 30%.

What is most valuable?

From a security perspective, it is quite good. I am not very familiar with the detailed features of it because I have a team that manages it. 

What needs improvement?

I am pretty happy with the current version. I have not yet used it to its full potential, but there could be improvements as I explore it further. I am content with what I have in terms of features and support, but if I start expanding the usage, I might need more help from them. I already have the best consultants from Check Point. 

For how long have I used the solution?

I have been using this solution for around seven or eight months now.

What do I think about the stability of the solution?

I have not observed any stability issues yet. It has been pretty reliable.

What do I think about the scalability of the solution?

The scalability is excellent and is one of its best features.

How are customer service and support?

Customer service is one of the best in the market right now.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use a similar solution previously. 

How was the initial setup?

We have a hybrid deployment model with AWS as the cloud provider. 

Its deployment was smooth. We did not have any issues. 

What about the implementation team?

We used Check Point for the implementation.

What was our ROI?

It has been only six or seven months now. I am hoping that by the time I complete one year, I will see the return on investment.

It has reduced the total cost of ownership for our web application firewall to a certain extent, but I do not have the numbers.

What's my experience with pricing, setup cost, and licensing?

The sales team or account managers from Check Point are top-notch. As I am using other products as well, my pricing was competitive compared to others.

Which other solutions did I evaluate?

I considered other solutions. I decided on Check Point because of its comprehensive suite of applications and the integration with my tools, providing a consolidated view of my security posture.

What other advice do I have?

I would rate Check Point CloudGuard WAF a nine out of ten. I believe there is always room for improvement, but there are use cases I have not yet explored. 

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Check Point WAF (formerly CloudGuard WAF)
July 2026
Learn what your peers think about Check Point WAF (formerly CloudGuard WAF). Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,748 professionals have used our research since 2012.
Piyush Mishra - PeerSpot reviewer
Project Manager-Cyber/Information Security at Lauren information technologies
Real User
Top 5
Oct 22, 2024
Enhancing web application security with advanced threat protection and a straightforward setup
Pros and Cons
  • "One of the best features of CloudGuard WAF is its user-friendly GUI dashboard."
  • "Support could be improved, particularly in terms of availability."

What is our primary use case?

We primarily use Check Point CloudGuard WAF for web application security. It protects applications from various threats and vulnerabilities like SQL injections, cross-site scripting issues, and cross-site request forgery. We ensure proper security policies and logs are maintained.

How has it helped my organization?

CloudGuard WAF helps by providing advanced protection for web applications and APIs, defending against the OWASP top ten scenarios, and offering comprehensive AI-driven behavior analysis. This assistance in data protection is vital for financial domains such as banks.

What is most valuable?

One of the best features of CloudGuard WAF is its user-friendly GUI dashboard. It's easy for beginners in security to understand and set policies. The solution's easy access and AI-driven behavior analysis for real-time threat detection are also highly valuable.

What needs improvement?

Support could be improved, particularly in terms of availability. Although they provide 24/7 support, there are sometimes delays in delivering solutions. Advanced bot protection has recently been improved, which has helped a lot.

For how long have I used the solution?

I have been using the solution for over four to five years, working as a project manager and handling implementation projects. We are primarily focused on Check Point CloudGuard implementations.

What do I think about the stability of the solution?

I would rate the stability of the solution as a nine out of ten. The solution is quite stable.

What do I think about the scalability of the solution?

In terms of scalability, I would rate it a nine out of ten. The solution is highly scalable.

How are customer service and support?

Customer service is satisfactory yet requires some improvement. I would rate support as an eight out of ten, as there is room for enhancement.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have experience with other WAF vendors such as Imperva and Imperva WAF, which are leading products in India and have a significant presence in the US and UK.

How was the initial setup?

The initial setup is generally straightforward, yet it can vary depending on the client's platform and whether deployment occurs on-site or remotely.

What about the implementation team?

We have a team of around 25 engineers; 50% handle project implementation, while the other 50% provide post-deployment support.

What was our ROI?

Return on investment is seen when data is properly organized, and the ability to show reports to top management ensures that their expectations are met.

What's my experience with pricing, setup cost, and licensing?

Pricing is average—not too expensive, yet not cheap either. CloudGuard offers bundled packages, which may reduce costs compared to paying for individual features as opposed to other providers.

Which other solutions did I evaluate?

I have evaluated solutions like Empower and EmpowerVac, which are leading WAF products in India and other countries.

What other advice do I have?

I would definitely recommend Check Point CloudGuard WAF to other users due to its availability, scalability, and support. These aspects contribute significantly to receiving new contracts and maintaining client referrals.

I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Amministratore Della Sicurezza Di Rete at a government with 1,001-5,000 employees
Real User
Top 20
Feb 13, 2025
web servers remain secure and defacement is eliminated
Pros and Cons
  • "Before CloudGuard, we periodically had some website issues. Since we've had CloudGuard, we've never had these issues happen again."
  • "The web user interface needs some improvement, even though the functionality is good."

What is our primary use case?

I use the solution for almost all of our web servers.

How has it helped my organization?

Before CloudGuard, we periodically had some website issues. Since we've had CloudGuard, we've never had these issues happen again. 

What is most valuable?

The rate limit feature is the most useful feature of the product.

We don't need to rely on signatures. We are protected when the signature doesn't exist. 

It can protect against zero-day attacks and hidden anomalies. It blocks items that would affect the company.

We've been able to reduce our false positive rate. It took a bit of time, however, not long. We're near zero false positives. 

What needs improvement?

The web user interface needs some improvement, even though the functionality is good. More user-friendly features could be added. Perhaps something between CloudGuard management and the virtual appliance on-site could be faster. 

It could be interesting to have an app for smartphones to manage all the cloud environments.

For how long have I used the solution?

I have been using the solution for three years. 

What do I think about the stability of the solution?

The stability is always good. 

What do I think about the scalability of the solution?

The scalability is always good.

What other advice do I have?

I rate the solution nine out of ten. I am satisfied. It is always good. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Fernando Ortega - PeerSpot reviewer
CISO at Paschoalotto
Real User
Top 5
May 5, 2026
Simplifies our security posture management and enhances, in a Strong way our ability to monitor, analyze logs effectively, and making the real difference during the Incident Response;
Pros and Cons
  • "The most valuable feature we have found in Check Point CloudGuard WAF is its rich logging capabilities."
  • "I feel like I need more clarity in understanding pricing for DDoS protection."

What is our primary use case?

Our primary use cases include enhancing security for web applications and APIs, optimizing resource utilization to reduce costs, and maximizing efficiency in log management for better insights and savings, and was an great success case. The API protector could filter the real necessity of methods, making stronger connections. One last great point, that you could user more services in a in-line way and by an Server Agent, its an impressive service.

How has it helped my organization?

CloudGuard WAF has improved our organization by simplifying security management and enhancing our ability to monitor and analyze logs effectively and also, giving visibility, and this last one makes the real difference;

What is most valuable?

The most valuable feature we have found in Check Point CloudGuard WAF are the Anti-BOT context, that one is amazing! Also the API Protector Methods Filter, that could expose only real needed ones, The rich logging capabilities to giving a great visibility and Anti DDOS Working, its also impressive, because, improving your application in a non-stop way.

What needs improvement?

I do not have appoints here, its pretty easy to use, and my opnion, It's the Best WAF for a CISO;

For how long have I used the solution?

I have been working with CloudGuard WAF and the Anti-BOT, Anti-DDOS, Great Policy Method (Granular)!

What do I think about the stability of the solution?

CloudGuard WAF impressed us with its stability; it is a powerful tool providing great visibility.

What do I think about the scalability of the solution?

CloudGuard WAF's scalability is excellent, especially as a SaaS, offering significant improvements over on-premises environments and providing consolidated scalability.

How are customer service and support?

The technical deploy and support were amazing!

Which solution did I use previously and why did I switch?

We previously used Cloudflare. Now, we are full deployed Checkpoint WAF to enhance our log insights, and visibility! Amazing experience!

How was the initial setup?

The initial deployment was straightforward. We transitioned from an on-premises solution to a SaaS model, which was simpler and more useful. Our implementation strategy involved redirecting the site to the new solution and creating policies to ensure smooth operation.

What about the implementation team?

We deployed the service with the Technical Supoort as a Professional Services from Grupo Facimus - NetSite, a Brazilian company and was an amazing experience! Great cost, one of our Best Partnerships! Thank you Grupo Facimus

What was our ROI?

We haven't seen ROI metrics yet, but we expect long-term benefits, especially in budget management and risk reduction.

What's my experience with pricing, setup cost, and licensing?

Great and a fair cost provided between the Checkpoint and the Partner Grupo Facimus NetSite;

Which other solutions did I evaluate?

Before choosing CloudGuard, we evaluated options like Cloudflare, Azure and AWS. The main differences lie in policy customization, market size, and preset features. Each has its pros and cons, but CloudGuard stood out for its robust policy options and wide market presence.

What other advice do I have?

I would rate Check Point CloudGuard WAF Score as 10!

By implementing Check Point CloudGuard WAF we aimed to address challenges related to enhancing security for web applications while leveraging powerful logging capabilities.

We check false positives in CloudGuard WAF using logs and the interface, and we have had very few issues, which helps our business.

Using preset policies, the solution preemptively blocks zero-day attacks and detects hidden anomalies without requiring full data.

The solution has cut our web application firewall costs because it is adaptable to our environment.

My advice to new users would be to focus on the benefits of software as a service and ensure clarity in understanding pricing, particularly for DDoS protection.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 5, 2026
Flag as inappropriate
PeerSpot user
reviewer2244411 - PeerSpot reviewer
Security Architect/Staff Engineer at a consultancy with 10,001+ employees
Real User
Top 5Leaderboard
Sep 16, 2024
Addresses the security of APIs and define objectives like throttling to control API usage
Pros and Cons
    • "When I was working with the WAF platform, there were limitations, particularly concerning compliance and reporting."

    What is our primary use case?

    We were focused on mitigating malicious activity at the application level. We were searching for technology to help manage frequent traffic issues, which is why we decided to implement a WAF. Our main use case was to also address the security of APIs. Since we were using many APIs in our environment, we wanted a solution that could manage restrictions and throttling for these APIs effectively.

    The WAF allowed us to define objectives like throttling to control API usage. Additionally, we utilized the WAF to handle OWASP Top Ten vulnerabilities by creating rules to inspect incoming traffic from the internet to our internal infrastructure. Suspicious activities would be flagged and alerted as necessary. These features were key to our decision to implement the WAF in our last organization.

    How has it helped my organization?

    Check Point CloudGuard WAF provides a range of built-in features. It includes default policies based on the OWASP Top Ten vulnerabilities, which help detect and mitigate common threats. However, for vulnerabilities beyond the OWASP Top Ten, the WAF also offers the flexibility to create custom rules.

    You can create and implement custom rules if you need to address other common vulnerabilities in the external environment. There are various options for implementing these custom rules, including using Terraform. For organizations that prefer to use only default policies, those are also effective at handling traffic and identifying application-specific vulnerabilities.

    What is most valuable?

    WAF solutions offer a wide range of features, and many cloud vendors integrate WAF capabilities directly into their platforms. For instance, Azure CloudGuard includes built-in WAF features fully integrated with the Azure environment.

    Within this platform, you can easily define API restrictions, set web application vulnerability policies, and manage security headers like content security policies and HSTS policies. This integration streamlines the process of configuring and managing these security features, making it more efficient than using separate tools for each task.

    What needs improvement?

    When I was working with the WAF platform, there were limitations, particularly concerning compliance and reporting. Managing multiple tools for different functions like WAF, firewall, CDN solutions, and antivirus—could be cumbersome for organizations. They often prefer a more centralized platform to manage various features efficiently.

    While having separate tools can enhance visibility and support a defense-in-depth strategy, the WAF platform's reporting capabilities could have been improved. 

    What other advice do I have?

    Security headers, such as content security policies and HSTS policies, protect applications from web vulnerabilities like cross-site scripting attacks and cookie theft. These parameters can be defined at the CloudFront level or within a WAF.

    WAFs operate in two main modes. Initially, they may be set to detection mode, monitoring activity without blocking traffic. This is useful for assessing the impact and tuning the rules. Once your implementation and team are ready, you can switch to the blocking mode, where the WAF actively blocks suspicious traffic. It’s important to carefully configure this mode to avoid blocking legitimate traffic, which can cause disruptions.

    Additionally, you might see cost savings if you don’t use an API management platform and instead rely on WAF to manage API-related features. However, the decision depends on your specific architecture and implementation needs.

    Overall, I rate the solution an eight out of ten.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    reviewer2379006 - PeerSpot reviewer
    Network Enigner at a transportation company with 1-10 employees
    Real User
    Mar 26, 2024
    Robust protection against web application threats with easy deployment, comprehensive feature set and excellent catch rate compared to competitors
    Pros and Cons
    • "On the endpoint side, the most valuable feature is undoubtedly the cloud-based management capability, along with the ransomware protection, despite not encountering any instances so far."
    • "Improving the process for handling licensing renewals would be a welcome enhancement."

    What is our primary use case?

    We utilize Check Point CloudGuard to protect our Office 365 email system from phishing attempts, which were becoming increasingly common. Additionally, we rely on it to secure our usage of Microsoft Teams for collaboration, as well as for our SharePoint platform. Furthermore, we leverage CloudGuard Endpoint to safeguard our machines, particularly because many of our end users frequently travel abroad. This ensures that we have visibility into their activities and locations, allowing us to restrict access if necessary or provide remote assistance when needed.

    How has it helped my organization?

    We were facing several challenges that prompted us to implement CloudGuard Application Security. Previously, we used another vendor for email security, but we found that many emails were slipping through, requiring us to manually review each one. This became a significant overhead, as we had to ensure that every email was properly tagged. With Check Point's email security solution, this overhead was practically eliminated. 

    Now, the number of emails slipping through is minimal, perhaps only once or twice a month. Additionally, Check Point's solution streamlines the process by notifying users of potentially legitimate emails that were flagged as suspicious. This feature has been particularly helpful since our company relies heavily on email for contract-related communications. On the endpoint security front, we were impressed by Check Point's ransomware protection feature, including its anti-ransomware rollback capability. Having experienced the importance of such features in previous roles, it was a straightforward decision for us to switch from our previous vendor to Check Point.

    The benefits we've observed are significant. On the email front, my workload has been drastically reduced, practically eliminating overhead. As for Check Point, it provides peace of mind knowing that in the event of a ransomware attack, the system has a rollback feature. This reassures me that I'll have the opportunity to investigate and diagnose any issues that may arise.

    In terms of email, Check Point's solution effectively blocked numerous phishing emails that were previously slipping through, which is a significant advantage. Regarding Check Point in general, the cloud-based management capability is highly beneficial as it eliminates the need for on-premise appliances or servers. Additionally, it ensures that I can still manage the security of devices even when they're outside the corporate network.

    It's very important that CloudGuard Application Security defends our applications against threats without solely relying on signatures. Relying solely on signature-based detection is limited, as it's only as effective as the signatures themselves. With the ever-evolving nature of threats, especially in environments like conferences where new threats emerge frequently, relying solely on signatures may not be sufficient. I've taken the initiative to test various security solutions by experimenting with different malware downloads and observing how they perform. This hands-on approach underscores the importance of having a robust behavioral engine, like the one provided by Check Point, which adds an additional layer of security beyond traditional signature-based detection.

    Regarding false positives with CloudGuard Application Security, particularly in emails, I've encountered very few instances.

    The solution has effectively lowered our total cost of ownership for our web application firewall, particularly in the context of email security.

    We opted not to go with our CloudGuard vendor's web application firewall because, in the case of Microsoft, we decided to try their email security system. However, it didn't perform as expected, with many threats slipping through. Consequently, Check Point's solution proved to be more effective in this scenario.

    What is most valuable?

    On the endpoint side, the most valuable feature is undoubtedly the cloud-based management capability, along with the ransomware protection, despite not encountering any instances so far. Regarding email security, the standout feature is the minimal overhead, essentially reducing the task to routine maintenance.

    What needs improvement?

    One area for potential improvement is the management interface. Occasionally, when there are major updates, the layout of the menus changes, which can be somewhat disruptive as I need to search for familiar options. Consistency in menu structure would be beneficial, as it allows users to develop muscle memory and navigate the interface more efficiently over time. Improving the process for handling licensing renewals would be a welcome enhancement.

    For how long have I used the solution?

    I have been using it for five years.

    What do I think about the stability of the solution?

    In terms of stability, I find it generally reliable. However, there have been a few issues, particularly with license renewal, where the system would unexpectedly go offline without notifying me. This would sometimes take a couple of days to resolve, requiring support intervention to address licensing issues.

    How are customer service and support?

    Tech support is prompt, knowledgeable, and efficient. On a scale from zero to ten, I would rate them a solid ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously, our email security solution was provided by Barracuda, and our endpoint security was handled by ESET.

    How was the initial setup?

    The initial setup was straightforward, primarily because it involved mainly APIs, which simplified the process.

    What about the implementation team?

    I was in charge for the deployment.

    What was our ROI?

    We've observed ROI primarily in terms of cost reduction. This is mainly because there are fewer servers to manage now compared to other solutions, where on-premise servers were necessary.

    What's my experience with pricing, setup cost, and licensing?

    I find the pricing to be reasonable.

    Which other solutions did I evaluate?

    I also evaluated SentinelOne, CrowdStrike, Mimecast, and CheckPoint. Ultimately, I chose Check Point because of its comprehensive IT toolset, which allows me to manage all aspects from a single dashboard. I appreciated the convenience of not having to switch between different units for different functionalities, thus avoiding the creation of multiple interfaces.

    What other advice do I have?

    The advice I would offer to others regarding Check Point products revolves around their robust features, particularly the rollback feature. I appreciate how Check Point handles this compared to some competitors who use their own driver on the DriveSpace, whereas others leverage Microsoft VSS. Regarding email security, it's straightforward to deploy and has a high catch rate compared to competitors. Overall, I would rate it ten out of ten.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    ISO at Bank-Fund Staff Federal Credit Union
    Real User
    Mar 26, 2024
    Protects our applications against threats without relying on signatures
    Pros and Cons
    • "We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results."
    • "In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better."

    What is our primary use case?

    We have multiple cloud tenants, such as AWS and Azure, and we wanted to make sure we are secure.

    By implementing CloudGuard WAF, we wanted to avoid using the built-in WAF. We wanted to avoid using the WAFs built into our Azure or AWS products. We wanted to make sure that we were using something proven and secure.

    How has it helped my organization?

    It is extremely important to us that CloudGuard WAF protects our applications against threats without relying on signatures. We are a financial institution, and we want to make sure that we do not have any type of traffic that infiltrates our cloud environment. We have 90,000 members around the world.

    CloudGuard WAF is very good in terms of false positives. I do not see a lot of static noise, which we used to see with other apps that were in place. It is fantastic.

    CloudGuard WAF has been fantastic for preemptively blocking Zero Day attacks and detecting hidden anomalies. I would rate it a ten out of ten for that. As soon as we see a Zero Day, we get the alerts right away, and we are able to do the patching. This guarantees the use of our services. It is immediate and in real-time.

    CloudGuard WAF has reduced the total cost of ownership for our web application firewall. It has reduced the overhead of not having people manually look at or review the alerts. It has been more automated.

    What is most valuable?

    It is mainly for egress and ingress, just making sure that we are keeping the proper traffic. The integration with Azure ExpressRoute was also key for us.

    We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results.

    What needs improvement?

    In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better. 

    For how long have I used the solution?

    I have been using CloudGuard WAF for two years.

    What do I think about the stability of the solution?

    We have had zero issues. Being a financial organization, just like others, our big issue is having any kind of downtime. Any downtime affects our members, and if our members are affected, they will withdraw the money. It has been fantastic. We have had zero events.

    What do I think about the scalability of the solution?

    There are no real ends. We are a smaller environment compared to what they are used to working with. I have no concerns with being able to scale with them.

    It is being used across cross-functional teams for different applications that are involved. We have 335 employees, and at least 300 employees touch this environment at any given time.

    We definitely have plans to increase its usage. There are some plans in-house to expand the cloud environment.

    How are customer service and support?

    They are fantastic. We never had an issue. Whenever we need something, we get a response. 

    We also have a managed service provider. We have engineers from the Teneo group, and they are always great if we need any help. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were using the built-in WAF, but that was before my time, and I knew better. 

    We did not go with our cloud vendor's web application firewall because it is against the best practices. From everything I have read and studied, I would rather go with something that is proven. There are a lot more vulnerabilities that have been exploited with native WAFs.

    How was the initial setup?

    It is a public cloud. We have AWS and Azure.

    I was involved in the initial deployment only from a high level. I was able to support the team to grab the necessary resources. Outside of that, it was just more of approvals.

    Its deployment was straightforward. The deployment was outlined very well. We use one of the resellers and managed service providers for Check Point called Teneo. They explained everything. They told us exactly how it was going to go. They had their folks in place, and it was just very straightforward. It was very easy.

    What about the implementation team?

    We had the help of Teneo. They were brilliant, and then I was able to help the team with the right pieces to get it accomplished.

    We recently did an integration with Azure ExpressRoute. We are bringing it in so that we have a safer way for the egress and ingress with our vendors. I wanted to make sure that we involved the infrastructure team. We had a cloud architect and our cybersecurity team involved. We also ran it through our change advisory board and the architectural review board. We wanted to cover all bases to make sure that all aspects are covered.

    What was our ROI?

    We have definitely seen an ROI. There has been a consolidation with not just the cloud stack, but Check Point in general. It has been nice to eliminate products. We have already eliminated close to $250,000 annually in different tools by consolidation.

    What's my experience with pricing, setup cost, and licensing?

    This is where I have a different opinion. If the pricing for the Infinity platform covers everything, it would be more straightforward. I had a hard time selling it to our CEO as a former CFO because of the differentials. There are different deltas year to year over a five-year period. It is very difficult to explain. It would be easier to digest for our executives if there was a flatter scale.

    Which other solutions did I evaluate?

    We did not evaluate other solutions only because we have Check Point in-house, and I was able to talk to our rep. We were able to get a nice solution from them, so we did not have to evaluate any other solution.

    What other advice do I have?

    To those evaluating CloudGuard WAF, I would advise that for integration, make sure they have a trusted partner that is going to help them with the integration plan or they have the in-house skills to develop that plan. 

    I would rate CloudGuard WAF a ten out of ten.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Anil Redekar - PeerSpot reviewer
    Network and Security Engineer at a consultancy with 10,001+ employees
    MSP
    Top 5
    Sep 23, 2024
    Enhanced security with flexible connectivity and useful features
    Pros and Cons
    • "The most valuable features are its ease of use and multiple functionalities."
    • "The user interface, SmartConsole, sometimes malfunctions and requires a restart."

    What is our primary use case?

    Currently, I am working in a DNB environment. Since we have on-premises to Azure traffic, we utilize the Azure subnet. From the Azure subnet, we have different tags and servers hosted over the Azure side. When our internal traffic moves from the DNB to the Azure site, we use the CloudGuard firewall. Multiple tags are created in that firewall, each containing multiple servers. Users connect through the Azure site, utilizing an ExpressRoute link from on-premises to Azure. The CloudGuard firewall at our premises helps secure traffic to the Azure site.

    How has it helped my organization?

    The CloudGuard firewall's multiple features like web access filter, HTTPS inspection, and authentication are very useful in our environment. It provides secure and flexible connectivity between the user and the Azure subnet.

    What is most valuable?

    The most valuable features are its ease of use and multiple functionalities. In CloudGuard, we create tags with servers, which makes connections secure and flexible. Features like web access filters, HTTPS inspection, and authentication are very important for our environment.

    What needs improvement?

    The user interface, SmartConsole, sometimes malfunctions and requires a restart. This part of the interface needs improvement.

    What do I think about the stability of the solution?

    I rate the stability as seven or eight out of ten. We sometimes experience lagging, crashing, and downtime.

    What do I think about the scalability of the solution?

    The scalability of CloudGuard is very good. I would rate it as nine.

    How are customer service and support?

    Whenever we observe any issues at the firewall level or require assistance, we contact tech support. We open cases, especially during upgrades, and they provide standby support. I would rate their support as eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    When I joined the project, most of the deployment had started, so I was not aware of previous solutions used by the company. Personally, I have worked with Check Point on-premises firewalls but not on the Azure site before joining this company.

    How was the initial setup?

    Some deployments were already in progress when I joined, and I participated in about half of the deployment process. It was easy with third-party vendor assistance, if required.

    What about the implementation team?

    The deployment was handled in-house with occasional vendor support related to specific components such as blades.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is a bit high, but it is justified considering the features and support provided by Check Point.

    What other advice do I have?

    I recommend CloudGuard for its extensive security features. It not only provides security but also detects threats and inspects traffic thoroughly. It is especially useful for securing connections between users and Azure subnets.

    I'd rate the solution eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    PeerSpot user
    Sujay Kurup - PeerSpot reviewer
    Cyber Security Engineer at a tech vendor with 10,001+ employees
    Real User
    May 16, 2024
    Reliable, feature-rich, and value for money
    Pros and Cons
    • "Whenever there was a new CVE, Check Point CloudGuard WAF used to block them."
    • "It was costlier than other solutions."

    What is our primary use case?

    We did a PoC with Check Point CloudGuard WAF for a month. We had acquired it for a month for testing purposes to see how it would help us with our setup.

    It was placed at the starting point of our network infrastructure wherein all the traffic was monitored. We created security policies on Check Point CloudGuard WAF. Whenever an IP used to come to us, it would basically go through a set of policies, and then Check Point CloudGuard WAF would search for malware and other things in the traffic.

    How has it helped my organization?

    During the PoC, we did not face any issues related to false positives. I am in the network security team, and we have a security operations team as well. The security operations team has an SIEM tool. Whenever an alert got updated in the SIEM tool, they used to pass it on to us. We could easily find the logs for a particular alert generated on Check Point CloudGuard WAF. It was always correct. We did not observe any false positives with them.

    Check Point CloudGuard WAF protects your applications against threats without relying on signatures. It works fine without signatures, but it cannot detect all the malicious traffic that might enter the setup.

    What is most valuable?

    Check Point has its own threat intelligence database. It is global. All the malicious samples are added to that. Whenever there was a new CVE, Check Point CloudGuard WAF used to block them. That was a good feature of Check Point CloudGuard WAF.

    We had scheduled a time for the database update, so every day at 3 pm, the CVE database used to get updated.

    What needs improvement?

    It was costlier than other solutions. We brought it into our setup for PoC purposes. It was there for one month. We liked all the features, but compared to its competitors, such as Fortinet and Palo Alto, it was a little bit costly. However, considering the cost, it was good and efficient. Other than the price, I did not see any room for improvement.

    For how long have I used the solution?

    I used Check Point CloudGuard WAF for a month. It was in the month of January 2024.

    What do I think about the stability of the solution?

    We never faced any issues with Check Point CloudGuard WAF. However, in the case of Check Point Firewall, we experienced crashing issues with the SmartConsole application.

    How are customer service and support?

    I have not contacted Check Point support for Check Point CloudGuard WAF. It was with us only during the PoC. During the one-month period, we did not face any issues, but for other products, we generally raise a TAC case with the Check Point team. We have a Check Point Firewall in our setup, and whenever we face issues with it, we raise a case with Check Point TAC. Technical support of Check Point is good. They respond on time. They analyze the logs properly and give a proper workaround.

    How was the initial setup?

    I was not involved in its deployment. We have a company named Softcell in India. They are the first point of contact, and Check Point is the second point of contact in our setup. Whenever we have to implement any new Check Point devices in our setup, we raise a service request with the Softcell team, and they provide an engineer for the implementation. However, I was a part of the deployment team of the Check Point Firewall 16000 series, and we did not face any issues.

    What's my experience with pricing, setup cost, and licensing?

    I work for an Indian banking client. In India, companies are on a budget. The company liked Check Point very much, but it was a little bit costly compared to FortiWeb. However, it had more features compared to FortiWeb. 

    Which other solutions did I evaluate?

    Check Point CloudGuard WAF was quite good compared to FortiWeb. We have FortiWeb now due to budget constraints, but feature-wise, Check Point CloudGuard WAF was quite durable and reliable.

    What other advice do I have?

    I am not very aware of how Check Point CloudGuard WAF works at preemptively blocking Zero Day attacks and detecting hidden anomalies. If it is updated in the global database, Check Point CloudGuard WAF could prevent Zero Day attacks from getting triggered.

    Overall, I would rate Check Point CloudGuard WAF a nine out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Download our free Check Point WAF (formerly CloudGuard WAF) Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2026
    Buyer's Guide
    Download our free Check Point WAF (formerly CloudGuard WAF) Report and get advice and tips from experienced pros sharing their opinions.