CloudGuard Network Security for Virtual and Cloud WAN

Inline security and consistent policy enforcement across your cloud and hybrid WAN

Request a Demo Watch Video

Cloud-Native Security for Cloud-Native WANs

CloudGuard Network Security brings unified threat prevention and policy control to cloud-native and hybrid WAN architectures leveraging native integration into AWS Cloud WAN, Azure Virtual WAN, and GCP Cloud WAN, securing your traffic where it matters most: between regions, across clouds, and at every traffic edge.

Integrated by design

Natively Integrated by Design

Infused With Your Cloud WAN Architecture: CloudGuard integrates directly with each provider’s WAN infrastructure, using service attachments, routing intent, and router appliance models to inspect traffic inline without disrupting native routing or operations.

Infrastructure agnostic policies

Infrastructure-Agnostic Policies

One Policy Across All Segments: Enforce a unified, dynamic security policy across cloud regions, WAN hubs, and hybrid sites, mapped to native routing constructs like segments, route tables, and spoke groups.

Multi-cloud at scale

Multi-Cloud at Scale

Protect Traffic Across Clouds and Sites: Secure east-west, inter-cloud, and hybrid WAN traffic with scalable inspection points, centralized control, and automated policy enforcement, no matter how distributed your architecture becomes.

Multi Cloud and Hybrid Clouds White Paper

Protecting Multi-Cloud and Hybrid-Clouds with CloudGuard Network Security

Learn how Check Point CloudGuard Network Security delivers unified protection across multi-cloud, hybrid, and private cloud environments, along with best practices, architectural guidance, and real-world use cases in AWS, Azure, and Nutanix.
Read the White Paper

Merging Security, Infrastructure, and Cost Savings

Whether you’re charting cloud strategy, building secure infrastructure, or defending against threats, CloudGuard Network Security has you covered. From seamless multi-cloud integration to real-time threat prevention, CloudGuard delivers the outcomes that matter most to every team.

Secops and response teams

For SecOps & Response Teams
  • Gain complete traffic visibility across cloud and hybrid WANs.
  • Detect and block threats in real-time across WAN segments.
  • Streamline investigation and response through centralized logging.
  • Stop advanced attacks and zero-day threats with inline sandboxing.

Infra and cloud operations

For Infra. & Cloud Operations
  • Deploy and scale natively inside cloud WAN architectures.
  • Automate provisioning, routing, and policy updates with IaC.
  • Eliminate manual traffic engineering with integrated path control.
  • Operate consistently across multi-cloud and hybrid WAN environments.

Security leaders and execs

For Security Leaders & Execs
  • Enforce consistent security policy across all clouds and sites.
  • Reduce risk and lateral movement with inline threat prevention.
  • Align security to Zero Trust and multi-cloud transformation goals.
  • Consolidate vendors and reduce overhead with centralized management.

Enterprise-Grade Security at Every Point

CloudGuard Network Security enforces real-time AI-powered threat prevention across your cloud WAN, hybrid connections, and east-west flows. From branch access to inter-cloud traffic, CloudGuard protects every layer with a proactive, inline defense that stops threats before they spread.

  • Zero-Day Threat Prevention
     Block known and unknown threats in transit, including zero-days, malware, and evasive exploits with real-time AI-driven inspection and sandboxing.
  • Lateral Movement Control Enforce adaptive segmentation to contain breaches and stop unauthorized access across cloud regions, VPCs, VNets, and SD-WAN-connected sites.
  • Identity-Aware Access Enforcement Apply dynamic, least-privilege access rules using user identities, cloud roles, and service context instead of static IPs or subnets.
  • Inline Protection at Every Edge Secure public-facing and internal WAN entry points with deep packet inspection, intrusion prevention, and application-aware controls.
  • Autonomous Threat Response Trigger automated policy updates, host isolation, and containment actions across cloud and hybrid networks before manual response is required.

Read the White Paper

Enterprise grade security

Key CloudGuard Network Security Features

  • Seamlessly integrated within each cloud’s WAN service: as a service VPC in AWS Cloud WAN, a Managed NVA in Azure Virtual WAN hubs, or a router appliance spoke in GCP NCC.
  • Integrate with cloud-native routing using dynamic protocols like BGP to steer traffic through CloudGuard automatically, without custom route tables or static paths.
  • Secure all WAN traffic flows, including VPC-to-VPC, inter-region, branch, and internet-bound, with inline inspection that aligns with each platform’s network topology.

  • One centralized console with unified policy control and visibility across AWS, Azure, GCP, and hybrid WANs.
  • Reference dynamic cloud objects like VNets, VPC tags, subnets, and spoke groups directly in security rules to automatically adjust to infrastructure changes.
  • Align policies with logical WAN constructs, such as AWS Cloud WAN segments, Azure VWAN routing tables, or GCP NCC spoke groupings, for precise and scalable segmentation.

  • Gain enhanced security by inspecting WAN traffic for malware, exploits, bot activity, and zero-day threats using IPS, Antivirus, Anti-Bot, Application Control, and sandboxing.
  • Prevent lateral movement and isolate compromised segments by enforcing security on east-west flows between VPCs, VNets, and spoke networks.
  • Secure cloud-bound sessions and inter-site communication without sacrificing visibility by inspecting encrypted WAN traffic based on granular policy controls.

  • Meet traffic demand without manual intervention by scaling CloudGuard gateways automatically leveraging native orchestration tools (e.g., AWS Auto Scaling Groups, Azure Virtual Machine Scale Sets, and GCP Managed Instance Groups).
  • Automate the full deployment lifecycle, including provisioning, policy updates, health checks, and high availability, using REST APIs and infrastructure-as-code platforms.
  • Get integrated monitoring and alerting by streaming logs and security telemetry to AWS Security Hub, Azure Sentinel, and Google Cloud Security Command Center.

Key cloudguard network security features

Native Integration With Leading Providers

Cloud Providers

  • Amazon Web Services (AWS Marketplace)
    Cloud WAN for global, segment-based traffic inspection.
    Gateway Load Balancer for scalable inline insertion.
    Tunnel-less Connect for BGP-based SD-WAN integration.
    Transit Gateway for centralized routing and enforcement.
    Direct Connect for secured hybrid WAN entry points.
  • Microsoft Azure (Azure Marketplace)
    Virtual WAN for inter-VNet and hybrid traffic inspection.
    Routing Intent for automatic traffic steering through CloudGuard.
    ExpressRoute for secure on-prem connectivity.
    VPN Gateway for inspecting remote user and branch traffic.
    Managed Application for native deployment inside Virtual Hubs.
  • Google Cloud Platform (GCP Marketplace)
    Network Connectivity Center for spoke-based traffic inspection.
    Cloud Router + BGP for dynamic route exchange.
    Managed Instance Groups for auto-scaling CloudGuard nodes.
    Interconnect / VPN for hybrid WAN security enforcement.
    Cloud Security Command Center for integrated threat visibility.

Protect any cloud, on every platform.

  • aws
  • azure
  • Google cloud
  • cisco
  • oracle cloud
  • Nutanix
  • Openstack
  • vmware

Deploying CloudGuard Network Security

Built to meet the needs of cloud infrastructure architects, platform engineers, and security operations teams, CloudGuard Network Security provides inline traffic inspection without disrupting routing, delivering scalable and secure connectivity across cloud and hybrid environments. CloudGuard supports dynamic scaling, deployment automation, and centralized policy enforcement across regions, clouds, and sites, giving teams the flexibility and control they need to standardize security in distributed networks.

Deployment in Azure

Embed CloudGuard Network Security directly into Azure Virtual WAN to secure inter-VNet, branch, and remote user traffic with full NGFW and threat prevention, delivered as a native Virtual Hub service – here’s how you get it:

  • Deploy CloudGuard as a Microsoft-approved Managed Application directly into Virtual WAN hubs, enabling automatic traffic steering through the gateways without custom route tables or UDRs.
  • Auto-scale CloudGuard clusters using Virtual Machine Scale Sets behind an Internal Load Balancer, with Azure-native health checks and seamless high availability.
  • Maintain dynamic policy accuracy with CloudGuard Controller, which continuously syncs Azure resources such as VNets, subnets, tags, and load balancers into the rule base.
  • Automate deployment, policy assignment, and ongoing management with Cloud Management Extension (CME), and forward logs to Microsoft Sentinel and Defender for Cloud for full visibility and response integration.
Deployment

Deployment in AWS

Integrate CloudGuard Network Security into AWS Cloud WAN to inspect and protect traffic across regions, VPCs, and SD-WAN branches without disrupting native routing or scalability – here’s how you get it:

  • Deploy CloudGuard gateways in dedicated VPCs, attach them to the AWS Cloud WAN Core Network, and leverage Service Insertion to automatically route and inspect all traffic between VPCs, SD-WAN branches, and internet gateways.
  • Use Auto Scaling Groups behind Gateway Load Balancers to elastically scale CloudGuard clusters based on traffic demand, with complete visibility and health-check integration.
  • Peer CloudGuard directly with Cloud WAN using Tunnel-less Connect for high-performance, encapsulation-free BGP routing between SD-WAN edge devices and AWS infrastructure.
Deployment

Deployment in GCP

Insert CloudGuard Network Security into GCP’s Network Connectivity Center as a router appliance spoke, enabling centralized inspection across regions, VPCs, and hybrid connections for secure east-west and north-south traffic – here’s how:

  • Deploy CloudGuard gateways as router appliance spokes within NCC hubs, using BGP peering with Cloud Router to dynamically exchange routes and steer traffic through the inspection path.
  • Auto-scale CloudGuard using Managed Instance Groups behind an Internal Load Balancer, ensuring elastic performance and fault tolerance across regions.
  • Changes in cloud infrastructure, such as new VPCs, subnets, instances, and tags, are automatically reflected within security policies to maintain consistent protection without manual updates.
  • Enable full lifecycle automation, including provisioning, policy enforcement, scaling, and log export, to Google Cloud Security Command Center (CSCC) for centralized threat visibility.
Deployment

Deployment in Multi-Cloud

CloudGuard Network Security integrates directly into the native WAN fabrics of AWS, Azure, and GCP to provide unified, inline threat prevention across clouds, regions, and hybrid environments – here’s how you get it:

  • Deploy CloudGuard at the traffic inspection layer within each cloud’s WAN framework using native routing protocols and constructs to steer traffic through CloudGuard for inline inspection without manual route manipulation, connecting environments through physical or virtual WAN edge devices that integrate natively with each provider’s WAN routing domain. CloudGuard peering enables consistent security enforcement across these ingress points, supporting full traffic inspection across east-west, ingress, and egress paths.
     
    In environments where cloud-native WAN services are unavailable or limited, you can deploy CloudGuard in regional hub-and-spoke or transit architectures using standard routing and load-balancing constructs with WAN connectivity extended through interoperable overlays or network edge platforms for consistent policy enforcement and visibility across heterogeneous infrastructures.
Deployment

Learn More About CloudGuard Network Security

Learn more about the intricate features and capabilities that make the Cloud Network Security cloud-adapted next-gen firewall the industry-leading security solution for private clouds, multi-cloud, and hybrid cloud environments, as independently tested and assessed by multiple analysts.

Prevention First White Paper

Merging Network and App Firewalls into the Cloud Prevention Mesh

Learn about CloudGuard Network Security’s policy-driven framework that blocks attacks across clouds and throughout the enterprise.

Download The White Paper

CloudGuard Network Security at a Glance

Discover how CloudGuard Network Security brings unified, zero-day-ready protection to your cloud with automated enforcement and unified control.

Download the Solution Brief

CloudGuard CyberRatings Test Report for Q1, 2025

Check Point’s CloudGuard Network Security achieved 100% security effectiveness and exploit protection in CyberRatings.org tests.

Learn more

Miercom Hybrid Mesh Firewall Report for Q1, 2025

Independent testing by Miercom found that Check Point’s Enterprise and Hybrid Mesh Firewall delivered the highest threat prevention efficacy.

Learn more

GigaOm Radar for Cloud Network Security 2024

Read why GigaOm ranked CloudGuard Network Security as the Leader in their Radar for Cloud Network Security for 2 Years in a Row.

Learn more

AWS Technical Overview: Features, Deployment, and Performance

Key features and capabilities of Check Point CloudGuard Network Security and its native integration with Amazon Web Services (AWS).

Learn more

CloudGuard Network Security Overview & Demo
CloudGuard Network Security Overview & Demo

Watch an overview of CloudGuard Network Security, including a demo video with customer use cases.

Watch Video

Streamlined Cloud Network Security
Streamlined Cloud Network Security

At a glance: How CloudGuard Network Security simplifies cloud firewall management.

Watch Video

CloudGuard Customer Testimonials Reel
CloudGuard Customer Testimonials Reel

Listen to our customers talk about the benefits of using CloudGuard for cloud migration, security, and protection.

Watch Video

Ready to Get Started?

See how CloudGuard Network Security unifies threat prevention and policy enforcement across your cloud and hybrid WAN with the automation and scale to stop attacks before they move.

Request Demo

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK