Check Point Harmony SASE (formerly Perimeter 81) Reviews

I'm using it for the VPN, I work from a home office and need to access data from different websites. I'm a front-end web developer for a famous brand, working remotely from another country, and the content I have to access must be from different countries. There are some internal tools we must use too, and we must access them with a VPN. Some of these tools are on mobile too, so we also have to install VPN solutions on mobile phones. I have to use a tool that we can access multiple VPNs and switch regions with ease.

We use some VPN solutions, and Perimeter 81 has the best user experience for desktop or mobile. The other solutions have more steps to set up, are more complicated and it was not a good experience. Unfortunately, I can't use Perimeter 81 for all VPN use cases, due to the company's policy, however, when I can, I always choose it. 

I have to use it on my phone too, and my smartphone was not compatible with the other VPN solutions (old Android version), but Perimeter 81 works on old mobile phones and is very light. 

The best points of Perimeter 81 are the:

- User experience
- Design
- Ease of use
- Support for mobile and desktop
- Very light mobile app

The other VPN tools have some old interface with a not great user experience. I use a Mac and the interface looks like an old Windows App. Perimeter 81 is very pretty. My phone is an old Android version (I cannot upgrade right now) and I could not use the other tools to access the VPN because their two-step authentication app could not run on my phone. Perimeter 81 app works on old phones and is very lightweight. The battery consumption is very low. 

I am very satisfied with the product right now. I don't know if it is technically feasible, however, if the Desktop App could be used as a Web App or a Chrome Extension it would be very nice. It would help a lot if I could click a link with the right-click and select from a range of options like: "Open a with VPN: Network main" and that tab would open with VPN activated only on that. And then I could refresh the tab with the VPN on or off. When I access a URL, the Extension could have an option like: "Reload current tab with VPN".

I've used the solution for two months.

I didn't have to deal with any bugs so far.

Our team is big, from people all around the world. Everybody is using a VPN. It scales well.

Until now, I have not needed to reach out for service support.

Yes, I did use a different solution, however, I didn't make a full switch as some tools we use can only be accessed with specific VPN tools. That said, when I can choose, I prefer Perimeter 81 due to its ease of use.

It was very easy to set up.

Our IT team provided a step-by-step to setup the solution.

I don't deal with the billing.

I don't deal with billing, however, it would be nice to have a time trial.

IT selects the tools we use. I did not evaluate others.

I'd advise others to use it if you need to access VPN for both desktop and mobile.

We are using Check Point Endpoint Security as an application for all corporate users. 

The main features are antivirus (antimalware, antiphishing), disk preboot encryption, and VPN connection. We also use SSL VPN (a VPN connection using a browser) for our external partners. 

We have about 250 active machines (both desktops and laptops), running Windows 10 Pro 64bit, an i5 or i7 processor with 8GB RAM or more, and SSD drives (all Dell hardware). The Check Point client we use is version E86.10.0036. 

We also have Check Point firewalls.

The disk encryption made our computers more secure for data leaks in the case of a stolen machine. 

The Check Point VPN connection is way more stable than our previous software. Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point's VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

Anti-malware scans are also very helpful.

The preboot VPN connection, in the case where users are locked remotely. is very useful 

The disk encryption feature is important. The Check Point VPN connection process is quite simple when using the Microsoft MFA method. 

Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

The anti-malware scan is very helpful. 

The SSL VPN is great where we can use a browser for external partners.

There is an issue when installing the Check Point client. If the machine has RAID on mode for storage rather than AHCI, the disk encryption never begins and stays in the "setup protection" warning message. Changing mode from RAID to AHCI means a Windows format is required, which takes more time. On top of that, in the preboot screen, sometimes caps lock is on, and yet when someone types it's not in capitals. When that happens, many users get locked. 

In addition to this, number lock should be automatically on as users think it is, and when they type they get locked again.

The solution is quite stable. There are minor bugs.

The solution is pretty flexible.

We did use a different solution. It was not our decision to switch (as it's managed by a group IT).

I was not included in initial setup. The client setup on machines is easy.

We do not have any ROI details. 

Data is not available in terms of pricing. 

Evaluations were not included in the process.

Our primary use case is as a Security Web Gateway for off-premises users. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed. 

We wanted to be able to have one single policy, managed in one place, and for our users to have the same browsing experience whether off-prem or on-prem. It was also a primary requirement to be able to have the logs generated from Harmony merged into the same locations (SmartConsole and our SIEM) as our on-prem gateway logs go.

It has not improved our organization due to being unable to fully implement in the manner it was sold to us as being able to. 

After attempting to use the same policy for Harmony that we use for on-prem users (managed by on-prem smartConsole), and after much time going through Check Point account reps and support, we were informed it is not possible to manage Harmony Connect policy from SmartConsole if layers or source objects (such as AD users, machines) were used. 

We then were told by Check Point it would be possible to manage both policies from the same platform if we used the Management-as-a-Service Smart1Cloud smartconsole, but after further investigation, we were then later told by Check Point account executives and support that we are unable to manage Harmony policies from Smart1 Cloud, even though they are both housed in the Check Point Infinity Portal. 

It is also not even possible to send our Harmony Connect logs to the Smart1Cloud portal, again - even though they are both within the Infinity portal.

HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways. With as much traffic being HTTPS as opposed to HTTP these days it is very important to be able to run that traffic through all the security modules such as IPS and Application Control. 

We also found the SAML integration to be useful. It is handy to be able to access the portal from anywhere in the world, though as mentioned above we are not fully implementing the product at this time due to other issues.

We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). 

Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs

I've used the solution for about six months.

I have not had any issues with stability, although we have not fully used the solution in the manner intended.

I have not had any issues with cloud-based resources, so I assume it would be easily scalable.

We have had many issues with customer support on this product. 

One example: I created a support ticket for a simple issue on the product not being able to be installed on our client machines. 

It took over a month to resolve with my team having to repeatedly follow up with support in order to get a result. My team eventually had to dig into the issue at a great depth ourselves and discovered the problem - it was that Check Point developers did not properly sign multiple scripts associated with installation, which would not allow it to install in our secure environment. 

My team had to unpack the installer and dig around to examine the files and find the mistake in signing. The issue was then finally solved by Check Point developers in Tel Aviv.

Negative

We previously used Check Point Cloud Capsule, which is a similar product. However, we were never happy with its performance and its Application Control objects were very out of date. Support was always hard to get on it from Check Point as well. It was also unable to be used alongside our VPN solution (Microsoft Always-On VPN).

The initial portal setup was straightforward in that the portal is automatically provisioned. 

Getting users integrated through SAML was not straightforward in that the instructions from Check Point on linking it with Azure AD were not accurate. The pre-built Enterprise Application object within Azure AD that is provided for Harmony did not work either. We had to adjust several of the settings to make it work (which were not covered by any support article).

We handled the implementation in-house.

We have seen a negative return on investment

Pricing and licensing seemed acceptable; we have no complaints there. 

We also evaluated solutions from Cisco and Palo Alto.

Users should just make sure the solution will actually do what is expected, regardless of what the company says it can do.

It was implemented at work to be able to monitor collaborators and know what pages they are using and thus be able to take the necessary actions to block pages that are not authorized in the company and also know in which pages collaborators spend more time and be able to measure their work performance and thus be more effective in our company, on the other hand it helps a lot to improve the traffic and performance of the network, which is one of the points where it helps a lot.

Once all the security breaches of our collaborators have been detected, we can determine which options to mitigate in the company and improve security.

Harmony has improved the organization in being able to better monitor the use of internet bandwidth, accesses, pages, restrict pages, and allow sites, however, it has also been found that it makes machines a bit inefficient, this is because the program consumes many resources of the device where it is connected, sometimes causing slowness and starting to see many jams in the programs or processes that are being executed.

It has also been possible to determine that, for use on a Mac PC it is not very complicated to do the installation. You must have very robust equipment.

One of the most valuable features found using Harmony is being able to monitor in a simple and orderly way.

The panel configuration and agent installation on each of the machines is very practical and quickly distributed. Furthermore, all the equipment that does not have an agent installed can be viewed in the administration panel and have better control of each of the devices.

Another valuable characteristic is the configuration of reporting and information of each of the users. This report is quite complete, and it is possible to determine what actions to take in the organization and be able to present a report to high command.

One of the areas that must be improved is the ability to make the software less burdensome for the devices since they consume a lot of resources which makes it necessary to make an economic investment in the device itself such as servers, desktop laptops. that handle a relatively normal performance according to the functions it performs since, if used with a high-performance computer, Harmony behaves well and does not cause slowness.

This made us uninstall the product on several collaborating machines since the PC's performance dropped a lot. Some programs, like Teams, do not work and this causes us problems where we cannot monitor those machines.

He used the product for 5 years..

The stability is very good, however, it harms a little of the performance of the PC.

The scalability has been very good, it has helped us a lot to be able to improve our company.

The support needs to improve lately it is very average they do not respond quickly they do not always comply with the SLA

Positive

We did not previously use a different solution.

Implementation is now easier since we have considerable experience using the tool.

The installation was carried out with the tool vendor since we did not have much knowledge, today we have managed to have that learning curve and we have been able to do our own installations.

The investment in a security product will always have a return, not directly economical, but indirectly since all our information is secured.

The cost is very accessible and the installation is very easy to implement.

We did not evaluate other options.

It is very user-friendly. The panel is easy to use.

The platform manages remote access by allowing employees to log into a secure portal, where they are only given access to the specific applications they are authorized to use. This access is based on an HTTPS connection, ensuring security.

All product features are valuable, but multi-factor authentication (MFA) is especially critical for securing remote work environments. Without two-factor authentication, there is a heightened risk of security breaches. 

Another key feature is the ability to control the time frame for employee access to applications, allowing for greater security and control.

The platform's pricing can be an issue for smaller companies, as the cost may be higher than for larger organizations.

I have been working with Check Point Quantum SASE for three years. Currently, I am providing it to three customers and implementing it for a fourth. My clients have used it for varying periods, from six months to two years.

The solution is very stable and requires minimal maintenance. Once configured and exposed through the portal, it generally does not present issues related to the security service itself.

The product is designed to be scalable, particularly as a SASE (Secure Access Service Edge) product. Its architecture supports easy scaling and can handle increasing users without issues.

The support is comprehensive, and the channel ecosystem effectively assists with resolving complex issues. I can escalate problems to Check Point's research and development teams for further assistance.

Positive

The return on investment typically depends on the size of the customer. Most customers find the solution's benefits outweigh the costs, and the return is usually balanced.

The solution's pricing model may not be suitable for smaller companies, as they might find it expensive. Larger companies tend to receive more value due to many users.

The solution's cost-effectiveness depends on the size of the business and the specific problems it needs to address.

Its most effective feature is controlling employee access to specific applications. I can manage and monitor every step of the access process.

It already comes with all the necessary features. When you purchase it, you get the full package. However, different levels of coverage are offered for endpoint solutions.

I rate it a nine out of ten. 

We use the solution for security.

The tool is easy to use and set up.

Harmony Connect has two components: one for accessing the internet and the other for accessing the corporate network. The Access intelligence lab is particularly useful because it eliminates the need to purchase a separate firewall for the branch office. Instead, you can connect the Check Point VPN, providing you with Check Point Harmony Connect firewall functionality for monitoring traffic.

The setup is easy, but it depends on the router configuration. The router configuration, in turn, will depend on the specific releases. The configuration could be improved.

I have been using Check Point Harmony Connect for two to three years.

The product is stable.

What are your impressions of the scalability of this solution?

The solution is scalable.

Since I trust the Check Point security, I trust Harmony Connect.

The initial setup is easy and may take a half hour to complete if you’ve experience.

I rate the initial setup a ten out of ten, where one is difficult and ten is easy.

The product has a reasonably high pricing.

Overall, I rate the solution an eight out of ten.

Our company installed the solution locally to test it and gain user experience. In the future, we plan to sell the solution to customers. 

The solution provides internet access, network access, and security. Both on-premises and cloud versions are available. 

Initially, we installed the on-premises version but are now testing the cloud version. 

The solution offers both client and clientless versions for good remote access. We don't like to give our credentials to BYOD devices, non-permanent cadres, or contractors so having two remote access options is a huge benefit. 

There is a granular level of control over users with regard to internet or network access. The virtual firewalls for remote connectivity are almost like having a firewall in-house. 

The solution is an agile product with very good technology. 

The solution requires you to buy a minimum of 50 licenses and that is not practical. 

I have been using the solution for five months. 

The solution is stable so I rate stability a ten out of ten. 

The solution is scalable so I rate scalability a ten out of ten. 

I have been selling Check Point firewalls for four years. Previously, I sold Fortinet.

I am happier with the solution because my customers are giving me very good feedback. 

The setup is easy so I rate it a ten out of ten. 

We implemented the solution in-house. We set up our Active Directory and our admin sent the docker through email. We clicked the docker, installed it, and received connection to the solution. 

It took about four months for rollout to all of our our engineers and salespeople.

I am not very happy about the pricing because the solution requires you to buy a minimum of 50 licenses. Annual licenses cost $30 to $40 each. 

The pricing is not practical in Sri Lanka because we have small customers who need only 10 to 20 licenses. There should be packages for 10, 20, and even 30 licenses. 

In Sri Lanka, there is a lot of competition with endpoint or process solutions. I think the solution is going to be a very good brand in the near future because we have been promoting it and most of our customers want to buy it. 

The solution provides a secure tunnel for controlling users while maintaining stability. Security is an important component because you need to prevent hacks and issues with data accessibility. Without a secure tunnel, someone might get into your networks, take credentials or databases, and destroy your data centers. 

The solution is fast and provides 100% security, especially for remote users. 

I rate the solution a ten out of ten. 

The solution is predominantly used for Internet access when mobile. In the office, we have already deployed a Quantum Spark appliance, and this was focused on mobile users. 

We don't have on-premise applications or servers, so there is no use case for Remote access. However, we were keen to try it out from an evaluation perspective by bridging to the existing Check Point gateway at the site. 

Simplicity was needed, and importantly, we wanted something to not be too intrusive to mobile users. The interface has a few simple options, and it makes it easier.

We believe in defense in depth, and Harmony connect SASE adds another layer of protection for internet access. 

We have already deployed the entire Harmony suite, from Email & Collab protection to Harmony Endpoint. This adds a layer on top. Being a mobile user, securing Internet access was very important, and the product's pricing was simple enough and unlike other multiple add-ons on top of the base products from other vendors.

The reports give a simple overview of the traffic pattern within the organization. Though we don't use it to track user productivity, we can if necessary. There are reports specific to SaaS applications as well, which do come in handy.

The simplicity is good. It's good for consolidating security and being manageable from the Infinity portal with other Harmony solutions and makes management easy. We can use this instead of managing multiple-point solutions. It has a unified policy for private and internet access, making it easier to manage policies. 

The weekly reports have been informative as well. We are also keen on trying clientless access to provide restricted access to applications for third-party users.

Deployment was a breeze. We just key in the target users' email, and the rest is easy.

Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options.

Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap.

Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.

I've been using Harmony Connect for more than three months now. 

We haven't had any glitches or issues with it at all. It's very transparent to the user.

It's very scalable and easy to deploy. It's scalable with users and it's scalable with the existing CP gateway deployments as well. There isn't much information on how it integrates with other end-point solutions. We had a full Check Point environment and it was clean.

We haven't run into any issues so far. We did need some assistance during the initial policy configuration, and the Check Point solutions team was there to assist.

Positive

We did not use any other SASE offering before. 

It's a simple setup; we just key in the end user's email address and it sends an invite to download the client. 

We implemented it in-house with the assistance of Check Point's solutions team.

The ROI is better than using a traditional VPN to connect back to the office gateway. We needed something that was light and transparent without the hassle of having to connect manually. We aren't planning to remove the gateway yet, however, in the long run, we will consider it, and that should negate the gateway costs.

Setup is a breeze. You key in the target user's email, and the rest is a click away. Pricing is competitive compared to the top players in the SASE market. 

Also, there is no concept of add-ons which makes it easier. 

Licensing with a minimum of 50 users could be a show-stopper for smaller organizations. However, a small company has probably got to do it with the infra in the backend to make it worthwhile.

Since we were keen on consolidating, we did not focus on multiple options.

The product seems to be transparent to the users. It lacks application segmentation options which some competitors offer.