Check Point Harmony SASE (formerly Perimeter 81) Reviews

I am a remote developer and I use Perimeter81 as a VPN to access development and UAT servers for booking systems that service tier1 airlines. Those servers are mostly on the cloud, however, some are physical. We use AWS servers and physical servers in Dublin, Manchester, Amsterdam, Bejing, and Altlanta. We have individual team members spread out possibly 15-20 countries that need to be managed so it's important that we can be grouped and organized in a manner that allows us to authorize not just depending on our location but also our roles.

Our organization is made up of permanent and contract employees both onsite in our office worldwide and in remote individual locations across the globe. Perimeter81 allows us to develop software as a service (SaaS) collaboratively in a safe and efficient manner. We can authorize our web services not just by our team members' roles but also by our team members' locations based on the IP addresses on an individual level but also based on the group role for that member. The benefits are really built into the underlying protocol, however, Perimeter81 makes these available in a user-friendly way.

As a virtual private network, it enables us to communicate through development groups that segment our organization through the correct allocation of bandwidth and easily configured groups. 

Being able to add individuals to groups is the single most valuable feature, simple as it may seem. This combined with the underlying protocol makes for a powerful and easy-to-use feature for our organization. Adding and removing individuals is simple and easy to do which adds to the overall convenience and usability.

There is a very small amount of downtime. As a general user of the network, I'm not sure if this is down to maintenance time needed by our own network engineers who support our organization or indeed if it is up to Perimeter81 and its maintenance. What would be helpful is if this downtime was reduced. This may or may not involve some collaboration with Perimeter81 engineers and our own organization's engineers to ensure more up time, although I'm not complaining as this is very infrequent.

I've used the solution for over one year now.

The solution is highly scalable.

I don't directly deal with technical support.

Positive

Openpath was our old solution. We switched simply for better service and more uptime.

I did not handle the initial setup.

I did not handle the initial setup.

I don't know anything about the ROI - it's not my area.

Licensing is not my area.

I don't what other solutions were considered.

We use Harmony SASE to manage remote users across multiple countries, including India, Poland, and the US. The customer required a setup to control access for different groups and users, protecting them from threats and securing their systems.

Harmony SASE helps us to manage compliance by regulating the amount of access to each department and user. We control the relevant apps and websites, which can be accessed from company-owned devices. Harmony SASE uses its own threat intelligence data from the cloud for threat prevention, and detect and manage threats with their own threat intelligence data and SASE firewall features.

The Point locations need to improve the latency and speed. 

I have been using Harmony SASE for six months.

I would rate the stability as a seven out of ten. 

Harmony SASE is a scalable solution and I would rate it an eight out of ten.

The support from Harmony SASE is really good.

Positive

I've worked with Fortinet. In comparison to Harmony SASE with Fortinet, Fortinet is easier to manage because all FortiGate devices use the same FortiOS, making management straightforward.

The installation and deployment of Harmony SASE are easy. It usually takes fifteen to twenty minutes to install and configure on a single device

For deployment and maintenance, a single engineer is sufficient for MDM solutions. However, in multiple tasks, two or more people are required to sort out the glitches in the solution.

The remote users, who have been using Harmony SASE has shown cost savings. With SASE, we don't have to manage VPNs, which leads to long-term cost benefits. We don't need dedicated leased lines or bandwidth in the office, making it a good approach.

There are no such AI features as of now on Harmony SASE. I would recommend it and would rate it eight out of ten.

We use the solution since it is required by our client in Singapore. They needed to use a VPN solution, like Perimeter 81, because they wanted to connect it from an overseas place where their workers travel.

The best feature of Perimeter 81 is that it provides a secure feature while connecting, such as the IPsec tunneling or Perimeter 81's connector called Wireguard Connector.

The solution's speed of upload and download is an area where it lacks. If Perimeter 81 enhances the speed of upload and download, then it could be an improvement.

I have been using Perimeter 81 with Azure Active Directory. I started using it when my company got our license from Perimeter 81 in December last year. So, have six months of experience with the solution. My company has a partnership with the solution.

In my company, along with my coworker, two engineers use the solution for testing.

I rate the support team a ten out of ten.

Positive

The setup is really easy. The setup is very user-friendly.

The solution is priced appropriately considering its uses. For an essential license, a user pays only 30 USD per month. For an enterprise version, the prices can be negotiated with the company.

We use Perimeter 81 integrated with Azure Active Directory single sign-on (SSO). Not only in Azure but also Okta, an identity provider, we can guarantee the convenience of login, and also, it secures the connection.

I rate the overall solution an eight and a half out of ten.

The primary use is for secure site protection. 

I work at a worker's compensation company that deals with sensitive information, such as SSN, home addresses, phone numbers, and doctor notes that contain medical history and conditions. 

This product helps us keep the information on websites that are solely accessible through Perimeter 81 so we do not leak the patients, doctors, or adjusters' information to the public. Everything is in a safe space while at the same time, Perimeter 81 makes working from home accessible. 

It helps improve our organization by allowing employees work all over the globe providing colleagues with safe internet no matter what part of the globe they find themselves. 

Providing access and security allows our company employees to work from home and remotely. They are not confined to one space or location if they need to travel. The Perimeter 81 VPN provides the luxury to travel and work while maintaining security to create the work-life balance everyone needs. 

It improved our organization more than can be explained. We plan to continue to further use of this technology. 

The VPN is the main function used. It's valuable to us since it's the only way to access most company websites. All company websites can only be used if users are connected to Perimeter 81. It does not matter what location you are in. 

If Perimeter 81 is not connecting, it slows down company productivity. This is why we appreciate the live updates and minimal issues we have when dealing with this product. The faster we work, the more patients are taken care of, and the higher client success rate we can achieve. Perimeter 81's VPN feature helps our company be as efficient as possible. 

A Google Chrome extension would be handy instead of logging into the app. That way, it's pre-signed in and ready to go while browsing. 

While the app connects as we log in, it would be helpful to be able to stay signed in and have an automatic connection while browsing. The connection may be faster and stronger that way as well. 

A VPN Extention through the web browser would be a great asset to web users and companies. With a one-time login, we can have access and not worry about reconnecting to the VPN. I'm looking forward to seeing this feature. 

I've been using Perimeter 81 for one year. 

We did not previously use a different solution. 

Currently, I do not have access to this information. 

I'm an employee. I do not make decisions on organizational software. 

The solution is predominantly used for Internet access when mobile. In the office, we have already deployed a Quantum Spark appliance, and this was focused on mobile users. 

We don't have on-premise applications or servers, so there is no use case for Remote access. However, we were keen to try it out from an evaluation perspective by bridging to the existing Check Point gateway at the site. 

Simplicity was needed, and importantly, we wanted something to not be too intrusive to mobile users. The interface has a few simple options, and it makes it easier.

We believe in defense in depth, and Harmony connect SASE adds another layer of protection for internet access. 

We have already deployed the entire Harmony suite, from Email & Collab protection to Harmony Endpoint. This adds a layer on top. Being a mobile user, securing Internet access was very important, and the product's pricing was simple enough and unlike other multiple add-ons on top of the base products from other vendors.

The reports give a simple overview of the traffic pattern within the organization. Though we don't use it to track user productivity, we can if necessary. There are reports specific to SaaS applications as well, which do come in handy.

The simplicity is good. It's good for consolidating security and being manageable from the Infinity portal with other Harmony solutions and makes management easy. We can use this instead of managing multiple-point solutions. It has a unified policy for private and internet access, making it easier to manage policies. 

The weekly reports have been informative as well. We are also keen on trying clientless access to provide restricted access to applications for third-party users.

Deployment was a breeze. We just key in the target users' email, and the rest is easy.

Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options.

Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap.

Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.

I've been using Harmony Connect for more than three months now. 

We haven't had any glitches or issues with it at all. It's very transparent to the user.

It's very scalable and easy to deploy. It's scalable with users and it's scalable with the existing CP gateway deployments as well. There isn't much information on how it integrates with other end-point solutions. We had a full Check Point environment and it was clean.

We haven't run into any issues so far. We did need some assistance during the initial policy configuration, and the Check Point solutions team was there to assist.

Positive

We did not use any other SASE offering before. 

It's a simple setup; we just key in the end user's email address and it sends an invite to download the client. 

We implemented it in-house with the assistance of Check Point's solutions team.

The ROI is better than using a traditional VPN to connect back to the office gateway. We needed something that was light and transparent without the hassle of having to connect manually. We aren't planning to remove the gateway yet, however, in the long run, we will consider it, and that should negate the gateway costs.

Setup is a breeze. You key in the target user's email, and the rest is a click away. Pricing is competitive compared to the top players in the SASE market. 

Also, there is no concept of add-ons which makes it easier. 

Licensing with a minimum of 50 users could be a show-stopper for smaller organizations. However, a small company has probably got to do it with the infra in the backend to make it worthwhile.

Since we were keen on consolidating, we did not focus on multiple options.

The product seems to be transparent to the users. It lacks application segmentation options which some competitors offer.

I'm using it for the VPN, I work from a home office and need to access data from different websites. I'm a front-end web developer for a famous brand, working remotely from another country, and the content I have to access must be from different countries. There are some internal tools we must use too, and we must access them with a VPN. Some of these tools are on mobile too, so we also have to install VPN solutions on mobile phones. I have to use a tool that we can access multiple VPNs and switch regions with ease.

We use some VPN solutions, and Perimeter 81 has the best user experience for desktop or mobile. The other solutions have more steps to set up, are more complicated and it was not a good experience. Unfortunately, I can't use Perimeter 81 for all VPN use cases, due to the company's policy, however, when I can, I always choose it. 

I have to use it on my phone too, and my smartphone was not compatible with the other VPN solutions (old Android version), but Perimeter 81 works on old mobile phones and is very light. 

The best points of Perimeter 81 are the:

- User experience
- Design
- Ease of use
- Support for mobile and desktop
- Very light mobile app

The other VPN tools have some old interface with a not great user experience. I use a Mac and the interface looks like an old Windows App. Perimeter 81 is very pretty. My phone is an old Android version (I cannot upgrade right now) and I could not use the other tools to access the VPN because their two-step authentication app could not run on my phone. Perimeter 81 app works on old phones and is very lightweight. The battery consumption is very low. 

I am very satisfied with the product right now. I don't know if it is technically feasible, however, if the Desktop App could be used as a Web App or a Chrome Extension it would be very nice. It would help a lot if I could click a link with the right-click and select from a range of options like: "Open a with VPN: Network main" and that tab would open with VPN activated only on that. And then I could refresh the tab with the VPN on or off. When I access a URL, the Extension could have an option like: "Reload current tab with VPN".

I've used the solution for two months.

I didn't have to deal with any bugs so far.

Our team is big, from people all around the world. Everybody is using a VPN. It scales well.

Until now, I have not needed to reach out for service support.

Neutral

Yes, I did use a different solution, however, I didn't make a full switch as some tools we use can only be accessed with specific VPN tools. That said, when I can choose, I prefer Perimeter 81 due to its ease of use.

It was very easy to set up.

Our IT team provided a step-by-step to setup the solution.

I don't deal with the billing.

I don't deal with billing, however, it would be nice to have a time trial.

IT selects the tools we use. I did not evaluate others.

I'd advise others to use it if you need to access VPN for both desktop and mobile.

Our primary use case is as a Security Web Gateway for off-premises users. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed. 

We wanted to be able to have one single policy, managed in one place, and for our users to have the same browsing experience whether off-prem or on-prem. It was also a primary requirement to be able to have the logs generated from Harmony merged into the same locations (SmartConsole and our SIEM) as our on-prem gateway logs go.

It has not improved our organization due to being unable to fully implement in the manner it was sold to us as being able to. 

After attempting to use the same policy for Harmony that we use for on-prem users (managed by on-prem smartConsole), and after much time going through Check Point account reps and support, we were informed it is not possible to manage Harmony Connect policy from SmartConsole if layers or source objects (such as AD users, machines) were used. 

We then were told by Check Point it would be possible to manage both policies from the same platform if we used the Management-as-a-Service Smart1Cloud smartconsole, but after further investigation, we were then later told by Check Point account executives and support that we are unable to manage Harmony policies from Smart1 Cloud, even though they are both housed in the Check Point Infinity Portal. 

It is also not even possible to send our Harmony Connect logs to the Smart1Cloud portal, again - even though they are both within the Infinity portal.

HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways. With as much traffic being HTTPS as opposed to HTTP these days it is very important to be able to run that traffic through all the security modules such as IPS and Application Control. 

We also found the SAML integration to be useful. It is handy to be able to access the portal from anywhere in the world, though as mentioned above we are not fully implementing the product at this time due to other issues.

We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). 

Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs

I've used the solution for about six months.

I have not had any issues with stability, although we have not fully used the solution in the manner intended.

I have not had any issues with cloud-based resources, so I assume it would be easily scalable.

We have had many issues with customer support on this product. 

One example: I created a support ticket for a simple issue on the product not being able to be installed on our client machines. 

It took over a month to resolve with my team having to repeatedly follow up with support in order to get a result. My team eventually had to dig into the issue at a great depth ourselves and discovered the problem - it was that Check Point developers did not properly sign multiple scripts associated with installation, which would not allow it to install in our secure environment. 

My team had to unpack the installer and dig around to examine the files and find the mistake in signing. The issue was then finally solved by Check Point developers in Tel Aviv.

Negative

We previously used Check Point Cloud Capsule, which is a similar product. However, we were never happy with its performance and its Application Control objects were very out of date. Support was always hard to get on it from Check Point as well. It was also unable to be used alongside our VPN solution (Microsoft Always-On VPN).

The initial portal setup was straightforward in that the portal is automatically provisioned. 

Getting users integrated through SAML was not straightforward in that the instructions from Check Point on linking it with Azure AD were not accurate. The pre-built Enterprise Application object within Azure AD that is provided for Harmony did not work either. We had to adjust several of the settings to make it work (which were not covered by any support article).

We handled the implementation in-house.

We have seen a negative return on investment

Pricing and licensing seemed acceptable; we have no complaints there. 

We also evaluated solutions from Cisco and Palo Alto.

Users should just make sure the solution will actually do what is expected, regardless of what the company says it can do.

I use Perimeter 81 mostly for remote work. I work in a fast-paced, customer-centric environment overseeing a team of about four or five people who regularly need urgent assistance. I also host group meetings that require me to use other applications that need a VPN. Perimeter 81 has helped me stay connected right around the clock with almost no need for IT app support each day. Dealing with clients online requires good VPN hosting, and Perimeter 81 has provided that

Perimeter 81 has been a game-changer at my company. Service delivery has improved internally and externally. We had lots of dropped VPN signals with our previous provider, so it was refreshing when we started testing Perimeter 81. We are now considering switching all of our remote employees to Perimeter 81 based on the experiences that the initial users shared during our bi-weekly department and company meetings. 

It connects quickly and stays connected. The user interface is pretty neat too. The app has in-house support with user guides that give you step-by-step walkthroughs on navigating the app. In addition, there is a live chat feature that offers prompt assistance on the go. There is also a diagnostic feature that helps you troubleshoot any issue you have, but I've never had to use this because I haven't had any issues. 

If I were to be nitpicky, I would ask that Perimeter 81 offer the option for us to change the color of the graphical user interface, like maybe pink or green or so on. 

I've been using Perimeter 81 for about six months

Perimeter 81 is highly stable.

Perimeter 81 is highly scalable.

Our previous VPN provider dropped the signal too often.

Setting up Perimeter 81 wasn't complex.

We deployed Perimeter 81 in-house.

I rate Perimeter 81 10 out of 10.