Sold by: Check Point Software Technologies
Deployed on AWS
AWS Free Tier
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation.
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
4.5
Overview
Video
Video 1
Video
Product video
Check Point Cloud Firewal for AWS delivers advanced, multi-layered network security for the AWS cloud environment and protects cloud assets. Security features include Firewall, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot.
Check Point Cloud Firewall enables secure VPN connectivity between AWS and enterprise networks, data centers and secure clients with simplified setup, deployment and management. Check Point Cloud Firewall includes SSL/TLS traffic inspection with traffic forwarding and SNI support for advanced threat prevention inside secure SSL traffic.
The Check Point CloudGuard for AWS Security Blueprint provides best practices for designing a secure cloud-based deployment allowing agility, scalability and efficiency. The blueprint promotes automation of processes using APIs and supports Infrastructure As Code practices.
This Check Point Cloud Firewall gateway will be deployed as a single gateway, as a high availability cluster, or as an Auto Scaling group via Check Point CloudFormation templates (sk111013) or via automation tools such as Ansible, Terraform, etc.
This BYOL distributed security gateway is managed from a central Security Management Server, which provides consistent security policy management, enforcement, and reporting across AWS and hybrid deployments within a single pane of glass.
The Security Management Server is not included in this offering. To manage Check Point Cloud Firewall Gateway it is recommended using Check Point Smart-1 Cloud (https://www.checkpoint.com/quantum/unified-cyber-security-platform/smart-1-cloud/ ).
Highlights
- Fully integrated and industry-leading advanced threat prevention security features include: Firewall, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot. Depending on your existing license, SandBlast adds Threat Extraction (removes exploitable content & promptly delivers sanitized content to users) and Threat Emulation (prevents infections from new malware & targeted attacks using threat sandboxing with the best possible catch rate, and is virtually immune to evasion techniques).
- Provides advanced threat prevention to inspect traffic entering and leaving private subnets in the VPC ("North-South") as well as between VPCs ("East-West"). Designed to meet dynamic security requirements, Check Point Cloud Firewall is cloud-native: it seamlessly integrates with native AWS controls to enable rapid deployment (e.g. using AWS CloudFormation), while supporting network segmentation, AWS Transit Gateway, auto-scaling and high availability across multiple Availability Zones.
- Check Point is an APN Advanced Technology Partner with Networking and Security Competencies. Check Point Cloud Firewall is integrated with a broad range of AWS services, including AWS GWLB, AWS Cloud WAN, AWS Outposts, Amazon GuardDuty, Amazon CloudWatch, AWS Security Hub, AWS Transit Gateway, AWS CloudTrail and VPC Flow Logs. Check Point Cloud Firewall also provides a library of CloudGuard CloudFormation templates (CFTs) to simplify deployment.
Details
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux Gaia 3.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Please see seller website for refund details.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
Once the instance is running, connect to it using SSH, set an admin password using: 'set user admin password' followed by 'save config'. Then connect to https://[instance] using Internet Explorer (IE) to finalize the configuration. Notes:
- SSH password authentication is disabled in /etc/ssh/sshd_config
- For information regarding Firefox and Chrome refer to sk121373.
Resources
Support
Vendor support
This offer includes Premium Support. For the full list of included support services visit: https://www.checkpoint.com/support-services/support-plans/ To open a support ticket, you would need to have a Check Point user center account. If you do not have a user center account, you can sign up for one here: https://accounts.checkpoint.com . Need support? Contact us at https://www.checkpoint.com/support-services/contact-support/
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
A single pane-of-glass security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Check Point Check Point Cloud Firewall is a cloud-native security gateway that delivers automated, advanced threat prevention and multi-layered network security for assets that customers migrate to or store on AWS. Try it free for 30 days.
Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20)
**Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.
A single security management console delivers consistent visibility, policy management, logging, reporting and control across all cloud environments and networks
Customer reviews
ANKIT S.
Effective Threat Prevention and Unified Cloud Security Management
Reviewed on Apr 08, 2026
Review provided by G2
What do you like best about the product?
It provides deep visibility and control, helping teams quickly detect, respond, and remediate threats across distributed environments.it stands out for combining scalability, automation, and high detection accuracy.
What do you dislike about the product?
The UI sometimes feel outdated or slow at times, with occasional lag while loading dashboards or navigating settings.Logs can be detailed but not always easy to analyze, making issue resolution time-consuming.
What problems is the product solving and how is that benefiting you?
Security gaps during vulnerability remediation
Fixing vulnerabilities takes time, leaving systems exposed.
Solution & Benefit: CloudGuard can apply real-time protection and “virtual patching” while fixes are in progress, minimizing exposure windows.
Fixing vulnerabilities takes time, leaving systems exposed.
Solution & Benefit: CloudGuard can apply real-time protection and “virtual patching” while fixes are in progress, minimizing exposure windows.
Rakesh R.
Industry-Leading Threat Prevention with Seamless Unified Management
Reviewed on Apr 07, 2026
Review provided by G2
What do you like best about the product?
I like its industry-leading threat prevention best, blocking 100% of malware and exploits with zero false positives per recent CyberRatings tests. The unified management console also stands out, offering consistent policies and visibility across multi-cloud and on-premises setups for seamless operations
What do you dislike about the product?
The main drawbacks of Check Point CloudGuard Network Security are its steep learning curve and complex initial setup, often requiring deep familiarity with Check Point ecosystems or cloud architectures. Users also criticize the high pricing, dated user interface with occasional lags, and limited support for some features like IPv6, serverless, or certain VPN modes
What problems is the product solving and how is that benefiting you?
Main Problems Solved
Multi-Cloud Complexity: Provides single-pane visibility and consistent policies for AWS, Azure, GCP, and hybrid setups, easing migrations without policy rework.
Threat Prevention Gaps: Delivers real-time blocking of exploits/malware (100% efficacy in tests), plus IaC integration for DevSecOps.
Misconfigurations & Drift: Continuous posture analysis, auto-remediation, and context-aware alerts fix vulnerabilities from code to runtime.
Multi-Cloud Complexity: Provides single-pane visibility and consistent policies for AWS, Azure, GCP, and hybrid setups, easing migrations without policy rework.
Threat Prevention Gaps: Delivers real-time blocking of exploits/malware (100% efficacy in tests), plus IaC integration for DevSecOps.
Misconfigurations & Drift: Continuous posture analysis, auto-remediation, and context-aware alerts fix vulnerabilities from code to runtime.
Banking
Strong Hybrid Cloud Security, but Setup Is Complex and Pricey
Reviewed on Apr 02, 2026
Review provided by G2
What do you like best about the product?
It’s well known for offering consistent security rules across intricate hybrid and modern cloud options. It has defence mechanism against threats, malware & ransomeware
What do you dislike about the product?
Expensive prices and difficult initial setup and need high level tech knowledge to setup and it’s take long time into investigate, troubleshoot and finding root cause on issues found into setup
What problems is the product solving and how is that benefiting you?
Securing fragmented verticals, dynamic and modern cloud environments providing utility, preventive & detective functionalities, that eliminate security gaps and build shield to avoid attacks and helping zero-day attacks achievements
Oil & Energy
Clean UI, Seamless Multi-Cloud Security, and Strong AI-Driven Threat Prevention
Reviewed on Mar 20, 2026
Review provided by G2
What do you like best about the product?
What I like best about Check Point CloudGuard Network Security is how it brings together strong security with a well-rounded user experience across multiple areas. Its UI/UX is clean and intuitive, making it easier to manage complex policies without a steep learning curve, while its integrations with major cloud platforms like AWS, Azure, and GCP ensure seamless deployment in multi-cloud environments. Performance is reliable and scalable, adapting to changing workloads without creating bottlenecks. From a pricing and ROI perspective, it delivers solid value by consolidating multiple security functions into a single platform, reducing overall operational costs. The support and onboarding experience is also strong, with helpful documentation and guidance that make implementation smoother. Finally, its AI-driven intelligence and threat prevention capabilities stand out, leveraging advanced analytics and real-time threat intelligence to proactively identify and stop sophisticated attacks.
What do you dislike about the product?
What I dislike about Check Point CloudGuard Network Security is that, while powerful, it can feel complex in certain areas. The UI/UX, although functional, can sometimes be overwhelming for new users due to the number of features and configuration options. Integrations are strong overall, but initial setup in multi-cloud environments can be time-consuming and may require specialized knowledge. In terms of performance, there can be occasional latency or overhead depending on how it’s configured, especially in high-throughput environments. From a pricing and ROI perspective, it can be on the expensive side compared to some competitors, particularly for smaller organizations. Support and onboarding are generally good, but response times and the depth of assistance can vary depending on the support tier. Lastly, while its AI and intelligence capabilities are robust, they can sometimes generate false positives, requiring additional tuning to avoid unnecessary alerts.
What problems is the product solving and how is that benefiting you?
Before using Check Point CloudGuard Network Security, we struggled with managing security consistently across multiple cloud environments, which led to fragmented policies, limited visibility, and increased risk of misconfigurations. It was difficult to keep up with evolving threats while also ensuring performance and compliance, and a lot of time was spent manually monitoring and adjusting security rules.
After implementing CloudGuard, we were able to centralize security management across all our cloud platforms, automate policy enforcement, and gain much deeper visibility into network traffic and potential threats. We struggled with inconsistent security and slow response times, but now we can detect and respond to threats in real time, which has significantly improved our overall security posture and reduced risk exposure.
As a result, we’ve seen clear benefits: security management time has been reduced by around 30–40%, incident response times have improved by up to 50%, and the consolidation of tools has helped lower overall operational costs. Additionally, automated scaling and smarter threat prevention have reduced downtime and minimized the impact of potential attacks, allowing the team to focus more on strategic work rather than constant firefighting.
After implementing CloudGuard, we were able to centralize security management across all our cloud platforms, automate policy enforcement, and gain much deeper visibility into network traffic and potential threats. We struggled with inconsistent security and slow response times, but now we can detect and respond to threats in real time, which has significantly improved our overall security posture and reduced risk exposure.
As a result, we’ve seen clear benefits: security management time has been reduced by around 30–40%, incident response times have improved by up to 50%, and the consolidation of tools has helped lower overall operational costs. Additionally, automated scaling and smarter threat prevention have reduced downtime and minimized the impact of potential attacks, allowing the team to focus more on strategic work rather than constant firefighting.
Sachin C.
Feature CloudGuard: Strong Protection with UI Learning
Reviewed on Mar 20, 2026
Review provided by G2
What do you like best about the product?
There are a lot of features that help protect the infrastructure, but most of them focus on prevention-first security, multi-cloud automation, and centralised management, among other things.
What do you dislike about the product?
Check Point CloudGuard doesn’t fall short from a security perspective, but I would suggest making it more user-friendly. In particular, simpler and more streamlined user reporting would help new admins adapt to the technology more efficiently.
What problems is the product solving and how is that benefiting you?
Adds a full NGFW stack (IPS, sandboxing, AV, DLP, and URL filtering) with single-pane management across cloud and on-prem environments. It also provides stronger runtime blocking through checkpoints and a proven engine.