Check Point announces its Azure Virtual WAN security solution

By Hezi Bahry, Cloud Network Security Product Manager, published August 1, 2022

Azure Virtual WAN, a Microsoft Network-as-a-Service, is already generating significant interest because of its operational improvements and advanced feature sets. Organizations using Azure Virtual WAN’s capabilities need to ensure that deployments are protected, which is where Check Point CloudGuard Network Security can enable multiple scenarios.

Check Point is excited to announce its Azure Virtual WAN security solution, with CloudGuard providing industry-leading threat prevention, zero trust segmentation and North-South and East-West cloud network security.

If you are:

  • Migrating to Azure and need to secure your new cloud infrastructure,
  • Implementing a new Azure Virtual WAN architecture and want the best threat prevention,
  • Interested in unified and consistent security management of Azure, multi-cloud, and/or hybrid-cloud deployments together with your on-prem security,
  • Improving the operational efficiency and automation of your cloud network security,

then CloudGuard can help you and your team.

“Protecting your cloud infrastructure must be automated and operationally efficient to meet today’s business needs”, said TJ Gonen, Check Point’s VP of Cloud Security, “The focus on improving the cloud team’s daily operations is at the center of Azure Virtual WAN, and Check Point is excited to partner with Microsoft to make cloud network security quick, easy and intuitive.”

“The partnership between Check Point and Microsoft Azure provides a best-in-class solution that can secure network traffic for cloud deployment. Check Point CloudGuard for Azure Virtual WAN delivers a fully integrated and automated solution allowing customers to seamlessly protect their applications and workloads,” said Reshmi Yandapalli, Principal Product Manager, Azure Core-Networking.

Click here to watch a demo video of CloudGuard for Azure Virtual WAN.


To best serve today’s modernized IT requirements, many organizations choose a distributed environment strategy, which includes the use of different infrastructures serving different business needs. Global organizations may have a large on-premises data center, with tens or hundreds of branch offices around the world, and utilize Azure’s global presence to serve different business needs. Such a decentralized IT environment requires organizations to manage and maintain complex connectivity, and their security needs may vary between these different parts of its global IT environment.

Figure 1: Multiple physical and cloud-based data centers (source: Microsoft)

Maintaining and securing the peering configurations of multiple physical and cloud-based data centers creates operational and security challenges, especially when the different data centers have different requirements and use different security solutions. This complex connectivity and security posture may cause complex security issues and a resulting slowdown in business growth. Because of this added complexity, security teams often need to invest a significant part of their attention and effort on security operations rather than the actual security.

To address these operational and security challenges, Azure developed Azure Virtual WAN, which can be understood as a cloud-native version of the hub and spoke model, see figure 2 below. Connecting decentralized data centers, branch offices, and remote users to Azure’s Virtual WAN simplifies networking connectivity, while providing low latency streaming of traffic.

Figure 2: Azure Virtual WAN architecture (source: Microsoft)

Check Point’s solution for Azure Virtual WAN security

Check Point and Microsoft partnered to integrate CloudGuard Network Security with Azure Virtual WAN, in order to centralize and simplify the security and security operations for Azure and Check Point customers, see figure 3 below.

Figure 3: CloudGuard provides Azure Virtual WAN security

The tight integration of CloudGuard with Azure Virtual WAN has already generated high interest from a number of leading organizations in different industry verticals. The solution has been tested in numerous proof-of-concepts with early design partners, with feedback that the cloud-native security solution is able to meet the enterprise security requirements of highly-regulated, top-tier organizations.

CloudGuard Network Security for Azure Virtual WAN provides the following benefits for industry-leading security and improved security operations:

  • Managed Application: CloudGuard is provided as an Azure Managed Application. This simplifies all the operational aspects of IaaS solutions, providing automated deployment and configuration, automated updates & upgrades, as well as health checks and monitoring of the solution. Most important, it moves the operational overhead from the customer to Check Point so the organization can be more efficient and focus more on security and less on operations.
  • Cloud-Native Elasticity: CloudGuard is provided in a scalable active/active configuration, which allows it to share traffic loads and is thus fully adaptable to the dynamic nature of customer traffic elasticity.
  • Cloud-Native Consumption Model: Adopting popular cloud-native business models, the CloudGuard solution is provided using a single dimension consumption model, based on the bandwidth of customer traffic inspected.
  • Consumption through Azure Marketplace: Customers can easily consume and be billed for the managed application by subscribing on the Azure Managed Application Marketplace.
  • Best-of-breed security: CloudGuard is the first pure-security vendor for all traffic flows in Azure Virtual WAN (see figure 4 below), providing industry-leading security.

Figure 4: Traffic flows in Azure Virtual WAN (source: Microsoft)

  • Single-pane-of-glass: Customers using Check Point Security Management can connect the newly deployed Virtual WAN security infrastructure with their existing Security Management server and control their vWAN security, public clouds, private clouds and on-prem security from a single-pane-of-glass (using the same comprehensive security management capabilities including the discovery engine, advanced data center objects, tag-based policy, etc.).
  • Management as a Service: Customers not currently using Check Point Security Management can connect the newly deployed Virtual WAN security infrastructure with Check Point’s web-based Management-as-a-Service, in order to complete a full “as-a-Service” experience.

These benefits will help security engineers and managers to focus on security instead of the overhead of sizing, deployment, configuration and maintenance.

Supported Traffic Flows

The following traffic flows are supported, see also figure 4 above):

  • Single hub
    • East-West Branch to Branch
    • East-West VNET to VNET
    • North-South Branch to VNET
    • North-South VNET to Branch
    • North-South Branch to Internet
    • North-South VNET to Internet
  • Inter-hub (multiple hubs) and Hybrid Scenarios
    • East-West Branch to Branch
    • East-West VNET to VNET
    • North-South Branch to VNET
    • North-South VNET to Branch
    • Azure ExpressRoute to VNET

Figure 5 below shows a single hub reference design.

Figure 5: Single hub reference design

Figure 6 below shows a reference design for an inter-hub in the same region.

Figure 6: Reference design for inter-hub in the same region

Supported Security Use Cases (Security Technologies)

Next steps

For a demo of the new solution, please watch this video.

CloudGuard Network Security for Azure Virtual WAN is currently in Early Availability. The Early availability program provides a wide range of benefits including VIP support from a Check Point Cloud Security Architect. If you’d like to to join the program, please click here.

If you’d like to learn more about best practices for Azure Virtual WAN security, please register for one of the regional webinars:

To receive a personalized demo of CloudGuard for Azure Virtual WAN, please click here.

If you’d like to discuss this in more detail with your Check Point account team or security engineer, or your Check Point channel partner, please click here.

Additional content for learning and reading

If you are migrating to the cloud and evaluating cloud network security solutions, download the Buyer’s Guide to Cloud Network Security to understand:

  • The top 10 considerations when evaluating and choosing a cloud network security solution in more detail
  • An overview of Check Point CloudGuard and how it answers these top 10 considerations
  • The relative benefits of the solutions provided by leading cloud providers and third-party security vendors

Another fascinating document is the Forrester Total Economic Impact of CloudGuard Network Security:

Forrester Research interviewed a $10B+ US-based healthcare company who uses CloudGuard to secure their hybrid-cloud deployment and generated a 169% ROI. To read this document, click here.

Do you want to read more about cloud security?

Download the Check Point cloud security blueprint documents:

  • Introduction to Cloud Security Blueprint introduces the cloud security blueprint and describes key architectural principles and cloud security concepts.
  • Cloud Security Blueprint: Architecture and Solutions explains the blueprint architecture, describes how Check Point’s cloud security solutions enable you implement the blueprint, and how these address the cloud security challenges and architectural principles that were outlined in the first document.
  • This document provides reference architectures for implementing the cloud security blueprint.

Follow and join the conversations about Check Point and CloudGuard on TwitterFacebookLinkedIn and Instagram.