What is our primary use case?
It secures our assets in the cloud while providing access to applications in our vendor hosted data centers via IPSEC tunnels. We also use it for endpoint vpn for all our users. We have it deployed in our cloud and it forms the gateway for all external connectivity and access to the assets in the cloud. We also have a backup site to site connection with our on premise data center so in case the primary connection to the cloud fails we can quick fail over to this backup connection and business can continue as normal .
How has it helped my organization?
We have it deployed in our cloud and it forms the gateway for all external connectivity and access to the assets in the cloud. CloudGuard IaaS has given us the complete redundancy that we have been designing and planning for over 2 years. CloudGuard provided the Gas South remote users with an alternate and secure connection into our completed IT infrastructure so that our remote users can log into CloudGuard end-user VPN over a secure and encrypted method and work as normal. This has come in very handy during this COVID-19 times.
What is most valuable?
We have found the overall functionality of the product to be exactly similar to the physical product. The one good advantage is that it is cloud-based and can be deployed either as a part of a scale set or one can shut down the virtual machine and adjust the physical parameters of the virtual machine easily and bring it right back up. Also if deployed as a cluster this can be done without any downtime at all since you can take down one virtual machine at a time to upgrade. Overall a very well designed product
What needs improvement?
I think they have pretty much mastered what can be done. There are some nuances like when you fail over from one cluster member to the other, the external IP address takes about two minutes to fail over. During this time there is an outage of service. On digging into this further I found that this is more on the cloud fabric and provider side than the actual Checkpoint CloudGuard side. The Cloud provider is taking that long to actually detach the Virtual IP Address (VIP) from one machine and fail it over to the other
For how long have I used the solution?
Which solution did I use previously and why did I switch?
We have always been a Check Point customer.
What's my experience with pricing, setup cost, and licensing?
If you are a Microsoft Azure customer the setup is very simple. There is already a great template there ready for deployment. Read the deployment guide fully before attempting it. Licensing is built into the deployment but you will get billed separately as a market place deployment and does not get charged to your subscription. This is a bit frustrating but they are working on fixing this
Which other solutions did I evaluate?
We did look at bring in other alternate vendors before settling on CloudGuard. We did a POC of Fortinet.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?