A Guide to CloudGuard IaaS Offerings in the AWS Marketplace
By Jonathan Maresky, Product Marketing Manager, Cloudguard IaaS, published August 14, 2019
Check Point CloudGuard IaaS for AWS delivers advanced, multi-layered cloud network security and protects cloud assets in Amazon Web Services (AWS) and hybrid environments.
This blog explains the CloudGuard IaaS offerings that are available in the AWS Marketplace
What is the AWS Marketplace?
According to AWS, the AWS Marketplace “enables qualified partners to market and sell their software to AWS Customers. AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.”
There are currently over 4700 different offerings in the AWS Marketplace by different vendors, in different categories and with various pricing plans and delivery methods.
AWS Marketplace is particularly useful as a self-service portal, where AWS customers can choose, trial and purchase solutions from AWS partners, but without the additional overhead which is often associated with lengthy contract and pricing negotiations. Customers who purchase third-party solutions in the Marketplace pay AWS for these purchases as part of their regular monthly bills; AWS then pays the partners.
What CloudGuard IaaS offerings are available in the AWS Marketplace?
There are currently 6 different CloudGuard IaaS offerings that are available in the AWS Marketplace.
The differences between these offerings are due to:
- Functionality:
- Next Generation Firewall with Threat Prevention (also known as NGTP): This security gateway includes Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot, and Data Loss Prevention
- Next Generation Firewall with Threat Prevention with Sandblast (also known as NGTX): This security gateway includes all features of the previous security gateway and adds Threat Extraction (which removes exploitable content & promptly delivers sanitized content to users) and Threat Emulation (which prevents infections from new malware & targeted attacks using threat sandboxing with the best possible catch rate, and is virtually immune to evasion techniques).
- Management: Security Gateways are managed from a central Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass.
- (Note that certain offerings in the AWS Marketplace include only the security gateway, others include only the management server, and one offering –CloudGuard IaaS All-In-One – includes both)
- Pricing models:
- PAYG: Pay-as-you-go pricing allows you to pay only for what you use. The AWS Marketplace pricing reflects the complete price of using Check Point’s offering: payment to Check Point for the software license and payment to AWS for the AWS infrastructure resources consumed.
- BYOL: Customers who have already obtained a software license from Check Point can use these licenses; the AWS Marketplace BYOL pricing is paid to AWS for the AWS infrastructure resources consumed.
Note also that different offerings also support different sets of AWS instances.
The table below shows the differences between the six CloudGuard IaaS offerings in the AWS Marketplace, as well as the instances supported by each offering.
CloudGuard IaaS Next-Gen Firewall with Threat Prevention | CloudGuard IaaS Next-Gen Firewall with Threat Prevention and SandBlast (BYOL) | CloudGuard IaaS Next-Gen Firewall with Threat Prevention and SandBlast | CloudGuard IaaS All-In-One | CloudGuard IaaS Security Management | CloudGuard IaaS Security Management (BYOL) | |
PAYG/BYOL | PAYG | BYOL | PAYG | PAYG | PAYG | BYOL |
Gateway Functionality | Threat Prevention | Threat Prevention OR
Threat Prevention and Sandblast (depends on customer’s existing license) |
Threat Prevention and Sandblast | Threat Prevention and Sandblast | Not included | Not included |
Security Management Functionality | Not included.
Choose one of the CloudGuard IaaS Security Management offerings |
Not included.
Choose one of the CloudGuard IaaS Security Management offerings |
Not included.
Choose one of the CloudGuard IaaS Security Management offerings |
Included | Included | Included |
Supported instances | c5.large c5.xlarge c5.2xlarge c5.4xlarge c5.9xlarge c5.18xlarge |
c5.large c5.xlarge c5.2xlarge c5.4xlarge c5.9xlarge c5.18xlarge |
c5.large c5.xlarge c5.2xlarge c5.4xlarge c5.9xlarge c5.18xlarge |
t2.xlarge t2.2xlarge m3.medium m4.large m4.xlarge m4.2xlarge m4.4xlarge m4.10xlarge c4.large c4.xlarge c4.2xlarge c4.4xlarge c4.8xlarge |
m5.large m5.xlarge m5.2xlarge m5.4xlarge m5.12xlarge m5.24xlarge |
m5.large m5.xlarge m5.2xlarge m5.4xlarge m5.12xlarge m5.24xlarge |
The AWS Marketplace offerings allow you to deploy a single gateway each time.
For AWS Cloudformation templates or more comprehensive deployments (including Auto-Scaling, High Availability, etc.), please refer to sk111013.
For more information on:
- AWS Marketplace: The main page is here
- CloudGuard IaaS: See the product page here
- AWS Cloudformation templates and more comprehensive deployments: see here
- The Check Point Secure Cloud Blueprint, which outlines the five main principles for building a secure cloud environment: see here
- CloudGuard Dome9 provides cloud visibility, continuous compliance and protects against identity theft and data loss in the cloud: see the product page here
For a free trial of CloudGuard IaaS, visit one of the links above or go to the Check Point page in the AWS Marketplace.