Check Point Harmony SASE (formerly Perimeter 81) Reviews

We use the solution for security.

The tool is easy to use and set up.

Harmony Connect has two components: one for accessing the internet and the other for accessing the corporate network. The Access intelligence lab is particularly useful because it eliminates the need to purchase a separate firewall for the branch office. Instead, you can connect the Check Point VPN, providing you with Check Point Harmony Connect firewall functionality for monitoring traffic.

The setup is easy, but it depends on the router configuration. The router configuration, in turn, will depend on the specific releases. The configuration could be improved.

I have been using Check Point Harmony Connect for two to three years.

The product is stable.

What are your impressions of the scalability of this solution?

The solution is scalable.

Since I trust the Check Point security, I trust Harmony Connect.

The initial setup is easy and may take a half hour to complete if you’ve experience.

I rate the initial setup a ten out of ten, where one is difficult and ten is easy.

The product has a reasonably high pricing.

Overall, I rate the solution an eight out of ten.

I use Perimeter 81 primarily for VPN connections and work and home banking. Additionally, I use it for some oil and gas applications. You should also consider using it for SD-WAN solutions. In fact, SD-WAN is one of the primary solutions offered by Perimeter 81.

In order to minimize costs, you can use a zero-trust security model. We also use VPN to interconnect many branches, for example, here in Nigeria, for an operator in the oil and gas industry. We have a high frequency in our network.

For us, SD-WAN is the most valuable feature. They provide a unique advantage for banking purposes and are also different from other solutions. VPN is good for security.

One of our challenges is ensuring the security of our cloud-based operations. We place a high priority on security and take measures to protect our data. We avoid using public cloud services and instead rely on data centers to collect data for both small and large branches.

In the next release, I would like to see more improvement in security capabilities.

I have been using Perimeter 81 for ten years. I am working with the latest version.

It is a very stable solution. It efficiently ensures security. We also use VPN to touch cloud and ensure secure information. However, for a specific company, we may need to improve security. The code is updated biweekly.

The scalability of Perimeter 81 depends on your equipment and routers. Different solutions may require different approaches. It is also a PLS to control.

The customer service was good. We needed to make some configurations, and it was the same as with other providers because it's a solution we use.

The initial setup is easy. The deployment process is different for each project, and it depends on the project's scope, such as the type of network and the kind of project. If you use IP and POS, it's different from if you don't use them.

It's possible to implement it in-house, or we can get some help. As for the technical aspects, we have six people who are required for the deployment and maintenance. We plan to increase the number of users for Permieter 81 in our company.

The system should think about how to maximize the ROI and minimize the OpEx cost for the customer. When you use a good solution, you can decrease your supply costs, increase engineering, reduce repair costs, and increase product stability. It's a win-win solution where the customer wins, and you win.

I would definitely recommend using Perimeter 81. Overall, I would rate the product a nine out of ten, but I would like to improve its security.

Our company installed the solution locally to test it and gain user experience. In the future, we plan to sell the solution to customers. 

The solution provides internet access, network access, and security. Both on-premises and cloud versions are available. 

Initially, we installed the on-premises version but are now testing the cloud version. 

The solution offers both client and clientless versions for good remote access. We don't like to give our credentials to BYOD devices, non-permanent cadres, or contractors so having two remote access options is a huge benefit. 

There is a granular level of control over users with regard to internet or network access. The virtual firewalls for remote connectivity are almost like having a firewall in-house. 

The solution is an agile product with very good technology. 

The solution requires you to buy a minimum of 50 licenses and that is not practical. 

I have been using the solution for five months. 

The solution is stable so I rate stability a ten out of ten. 

The solution is scalable so I rate scalability a ten out of ten. 

I have been selling Check Point firewalls for four years. Previously, I sold Fortinet.

I am happier with the solution because my customers are giving me very good feedback. 

The setup is easy so I rate it a ten out of ten. 

We implemented the solution in-house. We set up our Active Directory and our admin sent the docker through email. We clicked the docker, installed it, and received connection to the solution. 

It took about four months for rollout to all of our our engineers and salespeople.

I am not very happy about the pricing because the solution requires you to buy a minimum of 50 licenses. Annual licenses cost $30 to $40 each. 

The pricing is not practical in Sri Lanka because we have small customers who need only 10 to 20 licenses. There should be packages for 10, 20, and even 30 licenses. 

In Sri Lanka, there is a lot of competition with endpoint or process solutions. I think the solution is going to be a very good brand in the near future because we have been promoting it and most of our customers want to buy it. 

The solution provides a secure tunnel for controlling users while maintaining stability. Security is an important component because you need to prevent hacks and issues with data accessibility. Without a secure tunnel, someone might get into your networks, take credentials or databases, and destroy your data centers. 

The solution is fast and provides 100% security, especially for remote users. 

I rate the solution a ten out of ten. 

The solution is predominantly used for Internet access when mobile. In the office, we have already deployed a Quantum Spark appliance, and this was focused on mobile users. 

We don't have on-premise applications or servers, so there is no use case for Remote access. However, we were keen to try it out from an evaluation perspective by bridging to the existing Check Point gateway at the site. 

Simplicity was needed, and importantly, we wanted something to not be too intrusive to mobile users. The interface has a few simple options, and it makes it easier.

We believe in defense in depth, and Harmony connect SASE adds another layer of protection for internet access. 

We have already deployed the entire Harmony suite, from Email & Collab protection to Harmony Endpoint. This adds a layer on top. Being a mobile user, securing Internet access was very important, and the product's pricing was simple enough and unlike other multiple add-ons on top of the base products from other vendors.

The reports give a simple overview of the traffic pattern within the organization. Though we don't use it to track user productivity, we can if necessary. There are reports specific to SaaS applications as well, which do come in handy.

The simplicity is good. It's good for consolidating security and being manageable from the Infinity portal with other Harmony solutions and makes management easy. We can use this instead of managing multiple-point solutions. It has a unified policy for private and internet access, making it easier to manage policies. 

The weekly reports have been informative as well. We are also keen on trying clientless access to provide restricted access to applications for third-party users.

Deployment was a breeze. We just key in the target users' email, and the rest is easy.

Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options.

Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap.

Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.

I've been using Harmony Connect for more than three months now. 

We haven't had any glitches or issues with it at all. It's very transparent to the user.

It's very scalable and easy to deploy. It's scalable with users and it's scalable with the existing CP gateway deployments as well. There isn't much information on how it integrates with other end-point solutions. We had a full Check Point environment and it was clean.

We haven't run into any issues so far. We did need some assistance during the initial policy configuration, and the Check Point solutions team was there to assist.

Positive

We did not use any other SASE offering before. 

It's a simple setup; we just key in the end user's email address and it sends an invite to download the client. 

We implemented it in-house with the assistance of Check Point's solutions team.

The ROI is better than using a traditional VPN to connect back to the office gateway. We needed something that was light and transparent without the hassle of having to connect manually. We aren't planning to remove the gateway yet, however, in the long run, we will consider it, and that should negate the gateway costs.

Setup is a breeze. You key in the target user's email, and the rest is a click away. Pricing is competitive compared to the top players in the SASE market. 

Also, there is no concept of add-ons which makes it easier. 

Licensing with a minimum of 50 users could be a show-stopper for smaller organizations. However, a small company has probably got to do it with the infra in the backend to make it worthwhile.

Since we were keen on consolidating, we did not focus on multiple options.

The product seems to be transparent to the users. It lacks application segmentation options which some competitors offer.

I needed the solution to attach it to the vendor's file in our accounting software. The customer service team provided such an efficient and fast service. We have an account manager, which is great as we get personalized attention. I asked for the W-9 form once, and it was provided to me. I was not able to download it and then forgot about it. I asked for it again, and without any hesitation, the team provided it again. They were not rude about it. I later realized and apologized for asking for it twice.

Our organization is more secure with Perimeter81's Virtual Private Network (VPN). We manage sensitive information of clients. In my department, we manage bank and credit card information. It is a lot of responsibility to have access to that kind of data. Now that our company has implemented Perimeter81's services with the VPN, personally, I feel more secure when navigating through these different platforms. It is a great investment for today's workplaces - especially when we handle critical information virtually.

The feature that I have found to be most valuable is the reputation that the company has regarding privacy. Nowadays, this is critical, especially when you do all of your work online. 

Similarly, I find that the work that Perimeter 81's customer service team does is very valuable. I have heard from our IT department that Perimeter 81's team is quite knowledgeable and efficient. These are important traits and they describe not only the company's service but the quality of its product as well. So far, our company is very happy with the product.

Overall the product is very efficient. However, personally, there is something that I dislike. I have found that the log-in/out process takes quite some time. I usually click on the app, and it asks me to login in through the web, and then after I log in it takes me back to the app. It seems to me that I should be able to log out without having to leave the app. I do like that it connects automatically/logs in as soon as I sign on. I am not sure why login in is easier than logout. 

The resolution took a couple of hours to be solved, around six hours.

The stability is good.

The scalability is good.

The experience with technical support was great. The team is professional, polite, and efficient.

Positive

This is the first time that we used a VPN in the company.

I'm not able to say what the setup is like.

I'm not able to say if we had any outside assistance.

I'm not able to say what the ROI would be.

I am not able to advise on the cost/pricing.

This decision was made by the IT department, however, naturally, they did evaluate other vendors

I am a remote developer and I use Perimeter81 as a VPN to access development and UAT servers for booking systems that service tier1 airlines. Those servers are mostly on the cloud, however, some are physical. We use AWS servers and physical servers in Dublin, Manchester, Amsterdam, Bejing, and Altlanta. We have individual team members spread out possibly 15-20 countries that need to be managed so it's important that we can be grouped and organized in a manner that allows us to authorize not just depending on our location but also our roles.

Our organization is made up of permanent and contract employees both onsite in our office worldwide and in remote individual locations across the globe. Perimeter81 allows us to develop software as a service (SaaS) collaboratively in a safe and efficient manner. We can authorize our web services not just by our team members' roles but also by our team members' locations based on the IP addresses on an individual level but also based on the group role for that member. The benefits are really built into the underlying protocol, however, Perimeter81 makes these available in a user-friendly way.

As a virtual private network, it enables us to communicate through development groups that segment our organization through the correct allocation of bandwidth and easily configured groups. 

Being able to add individuals to groups is the single most valuable feature, simple as it may seem. This combined with the underlying protocol makes for a powerful and easy-to-use feature for our organization. Adding and removing individuals is simple and easy to do which adds to the overall convenience and usability.

There is a very small amount of downtime. As a general user of the network, I'm not sure if this is down to maintenance time needed by our own network engineers who support our organization or indeed if it is up to Perimeter81 and its maintenance. What would be helpful is if this downtime was reduced. This may or may not involve some collaboration with Perimeter81 engineers and our own organization's engineers to ensure more up time, although I'm not complaining as this is very infrequent.

I've used the solution for over one year now.

The solution is highly scalable.

I don't directly deal with technical support.

Positive

Openpath was our old solution. We switched simply for better service and more uptime.

I did not handle the initial setup.

I did not handle the initial setup.

I don't know anything about the ROI - it's not my area.

Licensing is not my area.

I don't what other solutions were considered.

Our primary use case is as a Security Web Gateway for off-premises users. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed. 

We wanted to be able to have one single policy, managed in one place, and for our users to have the same browsing experience whether off-prem or on-prem. It was also a primary requirement to be able to have the logs generated from Harmony merged into the same locations (SmartConsole and our SIEM) as our on-prem gateway logs go.

It has not improved our organization due to being unable to fully implement in the manner it was sold to us as being able to. 

After attempting to use the same policy for Harmony that we use for on-prem users (managed by on-prem smartConsole), and after much time going through Check Point account reps and support, we were informed it is not possible to manage Harmony Connect policy from SmartConsole if layers or source objects (such as AD users, machines) were used. 

We then were told by Check Point it would be possible to manage both policies from the same platform if we used the Management-as-a-Service Smart1Cloud smartconsole, but after further investigation, we were then later told by Check Point account executives and support that we are unable to manage Harmony policies from Smart1 Cloud, even though they are both housed in the Check Point Infinity Portal. 

It is also not even possible to send our Harmony Connect logs to the Smart1Cloud portal, again - even though they are both within the Infinity portal.

HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways. With as much traffic being HTTPS as opposed to HTTP these days it is very important to be able to run that traffic through all the security modules such as IPS and Application Control. 

We also found the SAML integration to be useful. It is handy to be able to access the portal from anywhere in the world, though as mentioned above we are not fully implementing the product at this time due to other issues.

We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). 

Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs

I've used the solution for about six months.

I have not had any issues with stability, although we have not fully used the solution in the manner intended.

I have not had any issues with cloud-based resources, so I assume it would be easily scalable.

We have had many issues with customer support on this product. 

One example: I created a support ticket for a simple issue on the product not being able to be installed on our client machines. 

It took over a month to resolve with my team having to repeatedly follow up with support in order to get a result. My team eventually had to dig into the issue at a great depth ourselves and discovered the problem - it was that Check Point developers did not properly sign multiple scripts associated with installation, which would not allow it to install in our secure environment. 

My team had to unpack the installer and dig around to examine the files and find the mistake in signing. The issue was then finally solved by Check Point developers in Tel Aviv.

Negative

We previously used Check Point Cloud Capsule, which is a similar product. However, we were never happy with its performance and its Application Control objects were very out of date. Support was always hard to get on it from Check Point as well. It was also unable to be used alongside our VPN solution (Microsoft Always-On VPN).

The initial portal setup was straightforward in that the portal is automatically provisioned. 

Getting users integrated through SAML was not straightforward in that the instructions from Check Point on linking it with Azure AD were not accurate. The pre-built Enterprise Application object within Azure AD that is provided for Harmony did not work either. We had to adjust several of the settings to make it work (which were not covered by any support article).

We handled the implementation in-house.

We have seen a negative return on investment

Pricing and licensing seemed acceptable; we have no complaints there. 

We also evaluated solutions from Cisco and Palo Alto.

Users should just make sure the solution will actually do what is expected, regardless of what the company says it can do.

In order to connect to our applications like our own GitLab solution or our logs tracking system, we need to connect using the Perimeter 81 application. Before that, we needed to have installed the Amazon Workspaces solution and joined it to that one, so every developer or person who needed access to Gitlab. With Perimeter81, each user that needs Gitlab or logs access has a user created. 

The maintenance of this solution is easier and we also decrease the problems related to workspace scenarios

In the past, we needed to use Amazon workspaces in order to connect to the 'VPN', and, after that, we were able to have access to our private Gitlab solution and logs. 

This was a mess as each developer or person who needed access to Gitlab needed a Workspace created for that use - even if only you needed to access it just for one day and did not use it anymore. Even in these cases, we needed someone from the infrastructure team to create that particular workspace. With Perimeter 81, we only need to create a user and install the Perimeter81 application on the computer.

The solution provides us with:

- An easy way to configure and join the VPN with Perimeter 81. Previously, we were using Amazon workspaces and it took too much time in order to configure the workspace properly in order to just access our Gitlab repository or our logs for just one or two times of use.

- An easy way to find connection problems. You can easily contact Perimeter 81 or check https://status.perimeter81.com to see if some incidents are related to the issue that you have.

In order to have to bypass the login using the website, a good feature for Perimeter 81 to have is a login instance in the Perimeter 81 application. I'm using a Mac and we don't have that functionality. I'm using a Mac and we don't have that functionality. On the other hand, in order to connect with an application, we could have the opportunity to use a Google Chrome application/extension. That will make it easy to use and we can skip situations related to admin permissions in order to install the application on some laptops and computers. 

I've used the solution for six to seven months.