Check Point's primary competitor, Palo Alto Networks, offers a SaaS firewall solution that can be deployed in both traditional virtual networks (VNETs) and virtual wide area networks (VWANs). This firewall solution features auto-scaling and consumption-based pricing, allowing users to scale according to their needs seamlessly. While Check Point does offer some VWAN offerings, they appear to be more static and less tailored to cloud-native environments compared to Palo Alto's dynamic and flexible approach.

The solution’s technical support, DNS security and training could be improved. Check Point CloudGuard Network Security's training and reachability to the customer can be done a bit better. One recommendation from my side is that the handover of the tasks can be a bit better. If an engineer is on a ticket and their shift gets over, the smooth handshake between the two engineers can be a bit better.

Software bugs and OS releases can be very fast to keep up with. Check Point has a history of moving fast with software release and upgrade cycles which are difficult to keep up with at times.

New features should have a single-pane-of-glass view for on-prem DC and cloud environments. 

Licensing costs are very high compared to other vendors. Check Point needs to be competitive to keep the cost down for the customers and partners. 

The previous Check Point OS model had to support multiple OSs which was difficult and cumbersome (i.e. SPLAT, IPSO, GAIA).

With the incorporation of a lot of AI and machine learning, they can build some sort of a matrix for low-level threats or low-level things that require attention. There can be automation of those tasks so that we don't have to take more time and effort. There should be machine learning to eliminate level-one types of tasks.

Some more built-in marketplace templates would be nice. It would be nice to see more vendor assistance in deployments and backup of recoveries versus having customers rely upon that themselves. That would make it a lot more seamless and aligned with the standard on-premise model that is there. Check Point can extend the same posture that they have to CloudGuard and make that transition very seamless.

Check Point does not have as big a footprint in engineering teams as Cisco or Palo Alto has, especially in the US market. Therefore, finding someone who understands Check Point is a lot harder. If Check Point can make it easier for seamless transitions, it will build the confidence of engineers and help with the adoption of a new vendor for those engineers. Anything they can do to help with that is a competitive advantage, and it works for any company looking into it.

The only pain points we have had with it were when we did major version upgrades. Rather than being able to do incremental upgrades on those, we had to completely redeploy. I know that has changed recently, but we had some hiccups when we did the upgrades. This is the only issue we have had.

I want the upgrades of their CloudGuard solution to major versions to be easier. We have had a few small hiccups. They have different types of cloud clusters called Geo Clusters, and those just cannot be upgraded past a certain point, which is a hurdle that we are currently experiencing.

The product needs to improve technical support.

Its price is fair, but it can be more favorable.

From the policy optimization point of view, they can do better. This is not just for CloudGuard. CloudGuard is one little piece managed by Check Point. They can also integrate a third-party policy management solution to improve that. For example, Tufin is focused on policy optimization and management.

They can also offer solutions faster to address customer concerns.

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

We use the tool as a basic firewall. It's a technical firewall. As a technical firewall, we use SmartConsole or Check Point Firewall.

The deployment phase takes too much time. I would like the deployment to be faster.

Currently, we are struggling with licensing just because of the pace and growth of our cloud. Keeping up with licensing for new regions and new gateway usage is certainly something we are looking into. We are working with our accounting to figure out how we can improve. The licensing piece is big for us.

We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1.

I don't see much need for improvement. 

In Czech, we are a little behind the USA and Germany so we have matured in our mentality to move towards the cloud. 

Check Point could show us use cases that would help us in Czech and could help us with security threats in our specific country.

The level of confidence our clients have in their cloud network security using CloudGuard Network Security depends. Some are very confident but some are worried about information being exploited. When compared to other vendors, CloudGuard is the best when it comes to threat protection.

New features have been introduced recently, but they have not yet been integrated into CloudGuard Vsec. It would be advantageous to have them implemented as they would improve the performance.

I have not dealt with it enough to find any pitfalls.

Check Point CloudGuard is not a feature-centric product because Check Point concentrates on security. For example, if a customer asks for reporting, it might not be available, like a bandwidth report. At most, the reports are given with respect to security, not infrastructure.

We really believe in ongoing improvements for emerging business needs. The business and product development team should introduce a high-end feedback collection mechanism and analyze the customer requirements constructively.

The feedback mechanism is best to understand the user and market needs. All kinds and sizes of businesses should be approached to provide feedback so that unanimous decisions and unbiased reviews/feedback can be collected.

Also, more customized strategic pricing can be involved and introduced so that more and more businesses can be attracted for trial and usage of the software. 

Based on my previous experience, there were improvements, especially in in-place upgrades. Regarding cost, it might be potentially cheaper considering resource utilization in Azure and VM costs, but licensing could be improved, possibly moving towards a simpler model.

CloudGuard Network Security needs to include new features. One specific feature I would like to see is the ability to protect external resources using single sign-on integration with various identity providers, including custom identity providers. Its pricing could also be cheaper. 

The licensing structure is unclear, so a transparent and flexible licensing structure would be preferable.

The set security features have stable performance and have provided reliable services since we first deployed this product. 

The cost is relatively high compared to the cost of other products in the market. 

The customization features can be developed further to enable an organization to design the best tools for serving various demands. 

The security infrastructure has developed positively and contributed to increased return on investment. We have achieved the set goals and increased profit gains from a stable security environment.

The operations require skilled manpower with extended experience of working with networking systems for better results. 

The cost depends on company size, and licensing terms are not favorable to small-scale businesses. 

The good sides are many from my experience, and I could recommend it to any growing company that requires the best-performing network security. From the first deployment, we have experienced improved and secure network infrastructure. We have been working closely with the customer service team, and there is no situation that has led to negative objections. 

A combination of on-premises and cloud computing services under one interface could enhance simple and comprehensive monitoring. 

They can integrate tools with policy recommendations and notification alerts on when to remove specific objects of the user's choice.

The price of the solution could be reduced, it is expensive.

CloudGuard Network Security could be improved in the area of upgrading in place.

At this point, we are very happy with what is happening with their horizon. At CPX, we heard that we can see all the things on the same platform. That is what we have been asking for, and hopefully, we are going to start seeing it this year.

There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful. A more cloud-native approach is needed because even it is PaaS services require public cloud resources, even if the traffic load is low. These resources are still required for high availability and resiliency.

So, a full PaaS solution with improvements on that end, basically.

Improvements needed include better integration with Azure features to match on-premises capabilities, particularly in areas like identity awareness, to ensure seamless functionality across both environments.

We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations.

They can improve their security features to the next advanced level so that their efficiency in catching the malware can become 100%, and there is no scope for any data loss or leakage from the system due to any issue. 

The compatibility factor often poses some integration issues and consumes a lot of time for APIs. The business and tech team should be more responsive to our clientele and tech requirements, as it is critical in today's era.

The auto-remediation and risk management segment can be further researched and made more flexible and customizable.

The biggest room for improvement is that, for a long time now, they've moved everything over to R80 but they still maintain some of the stuff in the old dashboard. They need to "buy in" and move everything to the modern dashboard so that you don't have to go to one place and to another place, at times, to configure the environment. It's time they just finish what they started and put everything in the new, modern dashboard. I thought they would have done that by now. It has been years. It's always a little disappointing when you get a new version and you see that it's still using the old dashboard for some of the configuration and some of the stuff that you look at.

They just need to make sure they get all their tools into this one place. It would make it a lot easier for the managers.

The solution's integration with cloud providers has seen significant development in the past months, but there is room for improvement for better integration.

The SD-WAN could be better.

In the past year, I noticed that the challenging part, especially in the cloud, is upgrading to the next release of the firewall. Unlike on-premise upgrades, it's not as simple in the cloud. You need to recreate the machine, which makes the process more complex.

The product needs to improve support. They don't consider my case the number one priority even though I want a quick resolution. 

One of the areas that should be improved is the updates of the products. It is somewhat problematic in the area of the cloud. In the case of migration from on-premise to the cloud, it is difficult to replace the licenses. It should be something very transparent and thus save us the time to go to support but in general, the tool is shared very well in security and protection of privacy and if they are lucky they can add more features that help us our security would be great they should always be one step ahead of cyberattacks.

I am satisfied with the performance of this platform. 

The network security situation in the company has improved since we deployed this application. The next release should be flexible and easier to integrate with other applications. 

The overall performance of this application has been efficient, and I totally recommend it to other companies. 

The networking process has to be simplified further to enable users to better understand how the system works. 

The threat scanning system should categorize the level of threats to enhance reliable data interpretation. 

The customer service team sometimes delays their response when there are emergencies that require immediate solutions. 

There is a need for timely updates to meet the current technological changes in data security management.

The solution from my experience is very good. What I would like for future updates would be faster updates to apply, and perhaps a greater presence in the local language for the regions of Latin America. These are markets that have been growing, however, the teams need a lot of time and training and in that period a specialized technician in the local language is required to support the constant requests. After that, I accept that Check Point surprises me as it has always done with its excellent work in innovation.

There is a limitation with the version upgrade. We are using version 81.10 and from what I understand, it is problematic to upgrade this version. I do not know if that is true. I am trying to figure it out. If I want to upgrade to a newer version, I have to make new machines. If this is true, it will negatively impact my thoughts regarding the solution.

We have the product deployed on Azure China. One crucial concern is the version limitation; unfortunately, in Azure China, we are restricted to running version R80. Our architecture has a Load Balancer, VMSS CloudGuard, etc. The duplication in this setup prevents the application from seeing the original client IP. This poses a problem for certain applications that require the original IP for login purposes. Although we managed a workaround with a different architecture involving a WAF, it is not as straightforward as the standard Azure setup.

We utilize logging systems, and geolocation is crucial for us as some applications must only be accessible from our country. However, there have been occasional issues with this feature. It drops requests. It's not always precise. 

We would like to be able to scale out such that we can increase performance within a cluster with more active nodes.

Our biggest complaint concerns the high resource usage for IDS/IPS, as we cannot turn on all of the features even with a recent hardware upgrade.

A great enhancement for this solution would be an active-active or multi-active scalability.

As we need to fulfill higher bandwidth demands due to increased cloud usage and research-driven data exchange, we might need to look for other vendors with more competitive pricing.

There is room for improvement regarding the technical support provided. Having a more refined and advanced feature would offer significant benefits.

Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).

There are lots of limitations and discrepancies across different Cloud provider deployments.

Documentation might become too complex or too spread out, especially for newcomers.

As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.

The networking system updates, when delayed, can lead to misconfigurations and data loss. The cost is high, and many businesses may not be able to support the entire package. 

Poor integrations give hackers an opportunity to penetrate and get confidential information access. 

Duties should be well categorized, and the right teams should be given an opportunity of handling specific data. Admins and concerned teams should map data rights in the database efficiently to avoid mishandling. The cybersecurity features have to be upgraded on time to meet the modern industrial data protection demands.

In general, some areas where security solutions could be improved include:

More advanced threat intelligence, including the ability to detect and protect against emerging threats in real time.

Improved scalability to allow the solution to handle larger numbers of users and devices without a significant impact on performance.

Greater automation to reduce the need for manual configuration and management.

Integration with other security tools and services to provide a more comprehensive security solution.

Better reporting and analytics capabilities to provide more detailed visibility into security incidents and events. 

The current features have ensured that there are no cloud threats that can affect data in any way. 

We have experienced the most advanced data security since we deployed CloudGuard Network Security in the organization. 

A threat categorization system can be added to give users the authority to define vulnerable attacks and classify areas that can threaten the workflow system. 

Working with this platform is complicated for new users. The cost of management is relatively high for small-scale businesses affecting overall performance.

System hardening could be improved, as password complexity is not enforced by default on root / command-line passwords.

The documentation provided by Check Point can be rough and needs to have a lot more detail incorporated in order to help the implementor and administrator.

The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect. Consequently, there may be an issue in migrating the mission-critical business applications. 

Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM.

Clustering has not been perfect from the very beginning. There weren't too many options for redundancy. It was improved in later versions, but that's something which should be available from the very beginning, because the cloud itself offers you a very redundant model with different availability zones, different regions, etc. But the Check Point product was a little bit behind in the past. 

The convergence time between cluster members is still not perfect. It's far away from what we get in traditional appliances. If a company wants to move mission-critical applications for an environment to the cloud, it somehow has to accept that it could have downtime of up to 40 seconds, until cluster members switch virtual IP addresses between themselves and start accepting the traffic. That is a little bit too high in my opinion. It's not fully Check Point's fault, because it's a hybrid mechanism with AWS. The blame is 50/50.

In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets.

People don't know about the tool's features. There's a lack of skill. Users require more knowledge on how to integrate it into the cloud environment and orchestrate routing. So, it's not necessarily a CloudGuard Network Security or Check Point issue but more about integration, knowledge, and understanding.

The product needs to offer multi-tenancy. 

There is room for improvement in addressing bugs and support issues. Communication with support, particularly with certain teams, can sometimes be challenging and slow, impacting problem resolution. 

Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version. 

Points of improvement for checkpoint cloudguard network security would be partly the cost, which is currently quite expensive.

The documentation to be able to implement the multicloud or link it with Azure is difficult to do or it is not always as indicated, for this you must ask support or the partner for help.

The support for all the checkpoint functions is not the best, since it provides too slow a response to inconveniences, or the support service hours are not the same as in Latin America, which generates latency in the contact between the client and support.

In the next release, including VRF support would be highly beneficial. Many customers have been requesting this feature, as it is currently lacking in Check Point's offerings, which can make architectural designs more cumbersome compared to competitors.

The solution needs to support more hypervisors. 

Check Point CloudGuard Network Security should give productive reports as per business requirements. It needs to improve support since the time-limit extended beyond a day. It should include more seamless API integrations. 

The room for improvement wouldn't necessarily be with CloudGuard as much as it would be with the services supported by Check Point. A lot of the documentation that Check Point has in place is largely because of the nature of the cloud. However, it is frequently outdated and riddled with bad links. It has been kind of hard to rely on the documentation. You end up having to work with support engineers on it. Something is either not there or wrong. Some of it is good, but frequently it's a rabbit hole of trying to figure out the good information from the bad.

We use the solution’s native support for AWS Transit Gateway and are integrating it with the Auto Scaling piece now, which is a big portion of it. One of the issues with using the AWS Transit Gateway functionality is that setting up the ingress firewall can be more of a logging type function, as opposed to doing pure, classic firewall functionality. This is with the design that we are using with the Auto Scaling. However, AWS announced about two weeks ago that they have a new feature coming out that will effectively enable us to start blocking on the Check Point side, and with our previous deployment before, we weren't able to do that. While the Check Point side is fine, the functionality that AWS allowed us to use was more of the issue. But now that changes are occurring on the AWS side, those will enable us to get the full use out of the things that we have.

It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance. 

We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system.

Clustering in Azure is a bit different, not using the Check Point cluster but relying on load balancing. It's not as instant as I'm used to; in Azure, it might take around half a minute to a minute, and during this time, services could be down. The delay is attributed to Azure using its load balancing mechanisms instead of the Check Point cluster.

There are a few features or improvements that can be mentioned. One of them may be that the Infinity Portal is sometimes slow. A performance improvement could improve the administrator's perspective.

At the cost level, the solution is somewhat expensive. They could have an improvement to be a more feasible solution for everyone.

The support must improve. It is the biggest issue that Check Point currently has. Sometimes it is better to investigate oneself than to wait for a solution from the support department.

Check Point CloudGuard Network Security could improve by making it easier to configure.

In a feature release, the application should be more drag and drop. If I could search it and drag and drop it to the specific rule it would be helpful.

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

We did not use the AWS Transit Gateway, and that's one of the things that we're currently using. I believe we will be working with Check Point again, in the near future, to implement it, once they start having proper support for a single customer with multiple accounts. When we were using them, we had to install Check Point on each and every single account.

I believe they're working on a solution for that. I know they're utilizing Transit Gateway for it, and that is exactly what we're using right now. I'm excited for them to have that ready, and for us to put it in our system.

In general, cloud infrastructure or a cloud-based environment, is very fast when it comes to technology. Things get developed right away. Check Point just needs to adapt to those changes quicker.

The stability of the solution could be improved, but this is the problem of all the solutions in the market. This isn't just a problem specific to Check Point.

Check Point solutions are not easy to use if you don't have experience. We have some Check Point specialists, so it's not difficult for us. The user experience might suffer if we don't have the time to follow up with our clients and ensure they are using the right options. Clients also want more local support in Portuguese and Spanish during their normal business hours. That's something I hear from my customers and my team, too. 

It would be very good if the company could expand the current public documentation in order to improve the implementation of the solution, and initial configurations, among other items. It would help us be able to implement it in the fastest and safest way possible.

The costs are high. They could revalue them by lowering them a bit and making them more attractive to many customers, and likely they would be able to sell more.

It would also be good to validate the Check Point Infinity Portal. Sometimes it sticks a bit or responds a little slowly.

The solution needs to improve the interruptions that happen during gateway upgrades. 

CloudGuard Network Security's pricing is expensive. We have encountered issues with its licensing. 

The product's support team, the UI, and the user interface can be improved.

I think they have pretty much mastered what can be done. There are some nuances like when you fail over from one cluster member to the other, the external IP address takes about two minutes to fail over. During this time there is an outage of service. On digging into this further I found that this is more on the cloud fabric and provider side than the actual Checkpoint CloudGuard side. The Cloud provider is taking that long to actually detach the Virtual IP Address (VIP) from one machine and fail it over to the other

The connection to the on-premises management requires using the CLI. It's not just a click, and you cannot edit in the management to prepare everything. You need to do it online and in real time. After that, you must execute a script, and then you should be happy that it appears in the management.

There is room for improvement, especially concerning the integration with the management center. It would be beneficial if tasks that currently require scripts could be performed directly from the GUI. 

There are some usability issues we'd like to see improved. 

We're going to be switching to XDR and would like integration with XDR. 

In the first phase, Cloud Guard Firewalls didn't allow minor and major upgrades. Fortunately, now you can install normal hotfixes and minor upgrades (JHF) on the Cloud firewalls. For major upgrades, it's still necessary to destroy the VMs and re-create them again. Doing that would mean new public IPs as well. We created a script for that. I still hope that major upgrades will be possible in the near future too, otherwise, you still have to script a lot for basic maintenance, instead of using tools like CDT.

Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software.

While there is a lot of documentation available on Support Center to understand how the solution works, it can become quite confusing. Some free training videos by Check Point would really help the engineers who don't have full access due to restrictions/unseen reasons.

A step-by-step guide for leading CSPs would really help.

Auto Scaling should be given as an option during a first-time installation, as it would be really beneficial and some users might not be aware of it.

As with other solutions of this kind, you still have to manage basic cloud firewalls and routes for VPC outside of CloudGuard IaaS. There's no 100% integration.

I hope that Check Point continues to improve its technical documentation regarding the Check Point CloudGuard IaaS gateway and management system. For example, the questions on how to scale the instances in the relevant cloud should be covered, and all the High Availability options and switchover scenarios. Without that, users have to open numerous consulting cases to the support team to get it right.

It needs to cover additional kinds of infrastructure, like containers and serverless options. It's somewhat limited in that area.

The complexity to deploy should be decreased. 

Throughput is impacted drastically once the security modules are enabled on the firewall.

As it is a software-based firewall, there is no dedicated throughput available for each module.

In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes.

Throughput on the virtual firewall is an issue in case the organization wants to migrate a workload to the cloud, and it becomes a bottleneck.

When upgrading the firewall, the old VPC containing the firewalls needs to be destroyed. After that, a new firewall is redeployed in the setup. Additionally, there's a need to separate the routing, and the routing from the old VPC has to be recreated in the new one.

The cost is a little high, it doesn't suit every budget. I'd like to see the ability to integrate with other security solutions which is not currently possible. If you need to integrate, you have to buy a Check Point product as well so you're paying for features. 

We're able to validate in a logical and physical way across layers and can segment data to allow for greater reach in terms of management. In the future, we'd like characteristics to be further simplified. While today we can manage some scopes, there are still some segments in the OSI layer we cannot manage. We'd like visibility on security and perimeter management qualities in order to reach other layers of the OSI model. Right now, we don't have the scope to reach some physical layers. 

The solution is not that flexible when deploying on-prem.

To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. 

An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall.

If you compare the GUI with the Palo Alto and Cisco, they're very easy. Check Point, due to its design, is a little bit complex. They should make the GUI easy to use so that anyone can understand it, like Fortinet's GUI. Many companies end up using Fortinet because the GUI is very easy, and there's no need for training. They just deploy the box and do the configuration.

Also, we have to inform customers that with Check Point there's no need to purchase any routing device. Check Point can do that routing as well as the Firewall and the IPS. The marketing should be stronger, to show that customers only need one box to handle all the features. It will be cost-effective and enhance the performance and value, but because of their poor marketing, customers don't realize this.

In the future, a color string would be powerful. Sandboxing should also be offered. Many people want the Trend Sandbox but not on the cloud. In the Middle East, there is a policy for Sandboxing that states it should be on Trend as per the government law. They have Sandboxing solutions on the cloud, but they have to bring the solution onto Trend also. Palo Alto has Wildfire, Cisco has Talos, and Forcepoint has one available as well.

In the future, routing protocols should be more supported like OSPF and BGP. There needs to be integration with the SDN. I don't know if SDN is there or not in Check Point, but SDN is one of the major requirements nowadays.

Reporting needs improvement. It's difficult to utilize properly. Currently, I'm in a situation whereby a client of ours is looking for reporting on their organizational unit. Check Point has failed to do that. We've been trying to do it for the past month and we haven't been able to. We've also gotten techs from Check Point to call us to help and we just can't get the solution to do what we need it to do.

Sometimes, if you aren't familiar with the solution, it can be a bit complex, but it does become easier to use with time. However, every time they launch a new version, it becomes more complex and you need to take time to get familiar with all the changes. For every version that they upgrade, you need to upskill yourself. 

I would like to see more focus on east-west traffic inspection and AWS.

Things are changing very quickly in the cloud. There is a lot more maturing that needs to happen as far as CloudGuard goes, specifically more around some cloud native type situations where everything is being shoehorned through one or multiple VMs is not optimal.

The capability and the response, in terms of the time of response of the transactions, is very important for my customers. It's something they need to continuously work on to make it better.

The memory and hard disk capability could be strengthened.

The product should integrate next-generation firewall features such as anti-spam and anti-spoofing.

This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks.

It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.

We're looking forward to the next Check Point with the solution and CloudGuard and everything on the same single cloud. Right now, that's not yet the case.

We're expecting more new features in the next release, however, I'm not sure precisely what is being added.

Check Point support, beyond CloudGuard, does need some improvement.

What could be improved in this product is its architecture. Its user interface also needs improvement.

The user experience, particularly in the implementation, management, and operations of this product, also needs to be improved.

Operations management is difficult in Check Point CloudGuard Cloud Network Security.

In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or four years ago. Because it's an appliance you have to have support. That's a problem for us because I cannot update it at the moment. We have to have another support. We have to subscribe to another support so I can update it. I think it's a good amount of money and our boss does not want to pay that kind of money for firewall solutions. It's not a hardware solution, which by the way, if it would be up to me, I would migrate it to a hardware FortiGate system because all our customers at the moment are migrating their environments to FortiGate hardware solutions. They say it's a really good improvement from their previous firewall solution because it's easy to manage and they're very happy with it.

But as I said before, my boss does not want to pay a lot of money for a firewall solution since we don't have much data to protect and the data is not very important. It's not a big use for us. So we will just probably try pfSense or OPNsense. I can patch it to an up-to-date version, like the 2021 patch. We have the open source solution because my boss does not want to pay for it. It's my approach to migrate the firewall, actually. If it was up to me, I'd probably migrate it to a FortiGate system.

I'm not very experienced with Check Point. But what I would like to see is a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, if you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.

The clustering and HE from the scaling availability could be improved.

The documentation could be much better as well.

CloudGuard functions just like any other firewall. It functions very well. The only thing that could maybe be improved would be to integrate some tools that are not integrated with the SmartConsole, like the SmartView Monitor that we need to open on a different application to access.

The knowledge base that is available is limited and it is on a closed network where only a customer or certified engineer will know about it. A beginner who wants to learn about the product actually has to enroll in training or get certified and have a valid license or certification to access information. That is something I find strange as most users would like to know about it. The new users would like to be able to see those areas and what type of concerns or any configuration issues they may have before deciding to work with the product. To me, that is a simple open-mindedness. In terms of the availability of the system and functionality of the product, there's no concern. But the problem is that efficient VSX (Virtual System Extension) deployment is complicated. Most of our customers are afraid to deploy any configuration changes because they are afraid something will happen.

It's not the same situation as with other products. I guess the reason behind it is the kind of architecture which they are using. There are more possibilities to crash than other products. That is the feedback I normally get from end-users, but even so, for us, I would say it's one of the best product.

The challenge mainly revolves around the slower functionality of virtual IP switching in Azure Virtual Network compared to on-premise solutions. On-premise, switching between clusters is faster, taking only a few seconds, while in Azure, it can extend up to five minutes. The downtime is a concern for us. 

Each new version does offer a new set of features plus also incorporates bug fixes identified during the life cycle of the previous product. Hence, this product keeps on maturing as newer versions are released.

I would like this product to provide functionality like a web application firewall, where we can fully monitor all traffic passing both to and from the cloud.

The latency should be minimized by having multiple entry points all across the world. Nearby requests will have lower latency access to cloud applications.

It would be useful to have AD integration with an on-premises server.

The API integration is complex, which is an area that should be improved.

Onboarding this product takes some expertise because it is complex compared to other services that Check Point provides.

The management console can be simplified because at the moment, it is a bit of a challenge to use.

I would like to see support for software-defined wirings in the next release of this solution.

We have Microsoft CASB cloud app security and it's one of the least compatible firewalls. They really need to look at this, as both Check Point and Microsoft are major players. Why aren't they compatible? If we had Palo Alto then we wouldn't have this problem.

The solution lacks the capability to scale effectively.

CheckPoint CloudGuard could be better at solving cases. In many cases, the client should be able to request or obtain a sufficient explanation or to obtain an appropriate answer. Check Point should improve the queue clients need to go through to obtain access to direct support chat. This should be for users with privileged access.  

CheckPoint features that should be included in the next release include the possibility to create a cluster on AWS and a Multi-region Cluster. They need to also include the possibility to use a managed web portal. 

The product can still grow.

The solution could improve to have a DLP feature.

I would like for them to develop guides. If you compare it with Cisco, you can just type out any problem you're having regarding Cisco and you will easily get a solution. With Check Point, it's not easy to get a solution.

Having a web UI in the VSX (or something similar) would be nice. However, you can do everything in the CLI.

It is somewhat difficult to upgrade the entire hardware without downtime.

The initial setup is complex and could be made simpler.

The console could use some improvement.

Check Point Virtual Systems is a complete solution, but pricing can be better.

I would like to see an improvement on the zero-day threat detection. It is also not very user-friendly, so it would be great if it could be less complicated and easier to operate. The dashboard needs to be easier to use.

Also, if the solution could be cheaper, it would really help, because it is very expensive. 

I would like to see sand boxing added to the new version.