Check Point CloudGuard IaaS Review

Auto-scaling and zero touch are major security features


What is our primary use case?

My experience with the solution has mainly been implementing it with an auto-scaling on behalf of my clients. My job was to migrate an on-prem firewall to AWS cloud. I'm a senior security architect. 

What is most valuable?

I think one of the valuable features is the auto-scaling, which is based on traffic and  automatically spins one more firewall and adds it to the management server. The zero touch is also a valuable feature. After re-tagging the next internal load balancer within Check Point, it automatically writes up a mac rule and an access rule. As long as you're adding a server into the internal load balancer, you won't need to touch anything. In a Check Point firewall, the mac rules and access rules are automatically written up. Zero touch means there is no need to insert rules again when you're adding servers internally. 

What needs improvement?

There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. 

An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall.

What do I think about the stability of the solution?

The solution is generally stable although it crashed one time while I was implementing. 

What do I think about the scalability of the solution?

The solution is absolutely scalable. 

How are customer service and technical support?

The technical support is excellent.

What other advice do I have?

My advice to anyone wanting to implement this solution would be to religiously follow the guidelines. 

I would rate this solution an eight out of 10. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Check Point CloudGuard IaaS reviews from users
...who work at a Energy/Utilities Company
...who compared it with Cisco Tetration
Add a Comment
Guest