Check Point CloudGuard IaaS Room for Improvement

Alex Tremblay
Cyber Security Manager at H2O Power
The biggest room for improvement is that, for a long time now, they've moved everything over to R80 but they still maintain some of the stuff in the old dashboard. They need to "buy in" and move everything to the modern dashboard so that you don't have to go to one place and to another place, at times, to configure the environment. It's time they just finish what they started and put everything in the new, modern dashboard. I thought they would have done that by now. It has been years. It's always a little disappointing when you get a new version and you see that it's still using the old dashboard for some of the configuration and some of the stuff that you look at. They just need to make sure they get all their tools into this one place. It would make it a lot easier for the managers. View full review »
M Poczobut
CISO and Senior Director Technical Operations at a insurance company with 201-500 employees
It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance. We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system. View full review »
IT Security Manager at a sports company with 10,001+ employees
Clustering has not been perfect from the very beginning. There weren't too many options for redundancy. It was improved in later versions, but that's something which should be available from the very beginning, because the cloud itself offers you a very redundant model with different availability zones, different regions, etc. But the Check Point product was a little bit behind in the past. The convergence time between cluster members is still not perfect. It's far away from what we get in traditional appliances. If a company wants to move mission-critical applications for an environment to the cloud, it somehow has to accept that it could have downtime of up to 40 seconds, until cluster members switch virtual IP addresses between themselves and start accepting the traffic. That is a little bit too high in my opinion. It's not fully Check Point's fault, because it's a hybrid mechanism with AWS. The blame is 50/50. View full review »
Learn what your peers think about Check Point CloudGuard IaaS. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
442,764 professionals have used our research since 2012.
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
CloudGuard functions just like any other firewall. It functions very well. The only thing that could maybe be improved would be to integrate some tools that are not integrated with the SmartConsole, like the SmartView Monitor that we need to open on a different application to access. View full review »
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
As with other solutions of this kind, you still have to manage basic cloud firewalls and routes for VPC outside of CloudGuard IaaS. There's no 100% integration. I hope that Check Point continues to improve its technical documentation regarding the Check Point CloudGuard IaaS gateway and management system. For example, the questions on how to scale the instances in the relevant cloud should be covered, and all the High Availability options and switchover scenarios. Without that, users have to open numerous consulting cases to the support team to get it right. View full review »
Senior System Engineer at Gas South
I think they have pretty much mastered what can be done. There are some nuances like when you fail over from one cluster member to the other, the external IP address takes about two minutes to fail over. During this time there is an outage of service. On digging into this further I found that this is more on the cloud fabric and provider side than the actual Checkpoint CloudGuard side. The Cloud provider is taking that long to actually detach the Virtual IP Address (VIP) from one machine and fail it over to the other View full review »
Senior Network Engineer at a transportation company with 10,001+ employees
I would like to see more focus on east-west traffic inspection and AWS. Things are changing very quickly in the cloud. There is a lot more maturing that needs to happen as far as CloudGuard goes, specifically more around some cloud native type situations where everything is being shoehorned through one or multiple VMs is not optimal. View full review »
Senior Security Architect at a computer software company with 10,001+ employees
There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall. View full review »
Senior Network Engineer at a marketing services firm with 1,001-5,000 employees
The product can still grow. View full review »
Learn what your peers think about Check Point CloudGuard IaaS. Get advice and tips from experienced pros sharing their opinions. Updated: August 2020.
442,764 professionals have used our research since 2012.