No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer1853898 - PeerSpot reviewer
Engineer at Harbers ICT
User
May 10, 2022
Powerful with a great browser plugin and responsive technical support
Pros and Cons
  • "It is very powerful tooling that can be tuned a lot."
  • "It would be useful if you could also mark blocks as safe from a client. Now users always have to ask an admin to make exclusions."

What is our primary use case?

We resell Harmony Endpoint to many of our SMB customers and also use the product ourselves. It concerns environments of endpoints only, as well as (terminal) servers and a mix of these.

Our customers range from one to two endpoints to 100+ endpoints. In addition, as mentioned above, there are also customers where we deploy the Harmony Endpoint tooling on the servers. This also varies from customers with one or two servers to ten or more servers.

Both we and the customers are very satisfied with the use and functioning of the antivirus.

How has it helped my organization?

It is very powerful tooling that can be tuned a lot. It gives a lot of insight via Threat Hunting and stops things that other antivirus packages just let through.

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. Since users themselves see this added value, they also understand that they sometimes have to wait a little longer (for example, when downloading files, these are also scanned first).

What is most valuable?

The Harmony Endpoint browser plugin is powerful tooling that is visibly present and doing its job. 

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. 

What needs improvement?

It would be useful if you could also mark blocks as safe from a client. Now users always have to ask an admin to make exclusions.

In addition, it is also very desirable that there is support for Windows Server core machines.

In addition, it would also be useful if administrators could create exclusions directly from logging into the admin portal, instead of only being told where and how to add the exclusion. This will save work.

It would also perhaps be useful if you could connect from one endpoint directly to another tenant. Instead of having to roll out the endpoint again.

Buyer's Guide
Check Point Harmony Endpoint
July 2026
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,147 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for one year.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The management portal could be a bit faster. Sometimes we are waiting for pages.

How are customer service and support?

It's very easy to create a support ticket and they always provide quick answers.

Which solution did I use previously and why did I switch?

We previously used Trend Micro and ESET. We couldn't manage the endpoints of multiple customers centrally.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

We handled the implementation in-house.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to buy a bundle with more Check Point products in it to better secure their organization and save money.

Which other solutions did I evaluate?

We did not evaluate other options. We use more Check Point products and are very happy about it.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1850805 - PeerSpot reviewer
Lead Security Analyst at a tech vendor with 10,001+ employees
MSP
Top 10
May 5, 2022
Great provisioning, helps secure endpoints, and good client-based access
Pros and Cons
  • "I found the fact of working across multiple attack vectors easy and more beneficial."
  • "Our organization was able to use the analytics and report information to figure out any risk exposure in a remote workspace of mobile and VPN access and email and endpoint security."
  • "I would like to see more automation."
  • "The product may take some time to navigate at first but apart from that the log ingesting and working on getting a client installed may take some time."

What is our primary use case?

Harmony Endpoint is able to focus on the ZTNA for applications and in penetration testing for any type of ransomware or man-in-the-middle attacks. 

It helps to protect and secure endpoints, helps to focus on incidents, and prioritizes vulnerabilities. The solution also helps with endpoint protection and recovery from an autonomous response and in conforming to the organization's policy. It helps to do SSL traffic encryption and packet sniffing and has a good way for mobile threat management and defense as well. 

Security across the workspace has been the primary use case. 

How has it helped my organization?

Our organization was able to use the analytics and report information to figure out any risk exposure in a remote workspace of mobile and VPN access and email and endpoint security. 

Endpoint analytics helps to showcase any of the gaps that are there with the downloads, attacks on malware, and how to triage incidents. 

It helped to improve upon sensitivity of the data with the data loss prevention technique as well. And stopping any vicious attacks is the priority by making sure any advanced ways of detection come about.

What is most valuable?

I found the fact of working across multiple attack vectors easy and more beneficial. 

It has helped with USB to human errors to website issues to all types of threats and bot attacks. 

I also found the features of provisioning a VM for some security requirements and the fact of access across SSH and remote terminals also beneficial. 

Client-based access and the suite of products from SaaS API and Browser Protection are also very beneficial. It follows the ZTNA which tells that the VPN model of security would come to be obsolete in a few years with the Harmony benefit of Check Point.

What needs improvement?

More development in Linux may help, however, the fact that the product could also have some more documentation as suggestions on what to do may also help.

The product may take some time to navigate at first but apart from that the log ingesting and working on getting a client installed may take some time. 

I would like to see more automation. 

Also, encryption management is not made available in all versions but if it could be extended that would be great. Sometimes it may take some slight delay, however, it's nothing too bad. 

For how long have I used the solution?

I have been using this solution for three years.

Which solution did I use previously and why did I switch?

We did not use a different solution previously.

What's my experience with pricing, setup cost, and licensing?

I'd advise new users to work with a technical account manager and follow the steps in the documentation.

Which other solutions did I evaluate?

We evaluated ZScaler.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Check Point Harmony Endpoint
July 2026
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,147 professionals have used our research since 2012.
JamesYa - PeerSpot reviewer
Senior Solutions Architect at Cloud4C Services
Real User
Apr 15, 2022
Easy to set up with good performance but needs a better user interface
Pros and Cons
  • "The initial setup is easy."
  • "The stability is decent and the performance is good, there are no bugs or glitches and it doesn't crash or freeze, and it's reliable."
  • "We'd like to see a friendlier user interface."
  • "There is no real scalability."

What is our primary use case?

We primarily use the solution as antivirus, antimalware, et cetera. It's standard antivirus software. Every PC must have an antivirus on it in our organization.

What is most valuable?

It just has standard antivirus. It does what it needs to.

The solution offers good performance. 

Its stability has been good.

The initial setup is easy.

What needs improvement?

There is no real scalability.

We'd like to see a friendlier user interface.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the stability of the solution?

The stability is decent and the performance is good. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

This solution does not scale. It's only installed on your PC and it has nothing to do with scale.

We have 2,000 users right now. We do plan to increase usage within a year.

How are customer service and support?

We have never reached out to technical support. I can't speak to how helpful or responsive they are. 

Which solution did I use previously and why did I switch?

I've also used Microsoft Defender.

I'm not sure if the company used a different solution previously. I just joined this company one year and they had already started using Check Point.

How was the initial setup?

The installation process is very simple and straightforward. The deployment is quick. It only takes a few minutes. 

We have individuals in our department that can handle deployment and maintenance tasks. It only takes about 3% of our personnel.

What about the implementation team?

I handled the initial setup myself. I did not need the assistance of any consultants or integrators. 

What's my experience with pricing, setup cost, and licensing?

Users need to pay a yearly licensing fee.

What other advice do I have?

We are using the latest version of the solution. 

I'm much more likely to suggest Microsoft Defender to other users. 

I'd rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Senior Security Specialist at Tech Mahindra Limited
Real User
Apr 12, 2022
Good ransomware protection and URL filtering but support needs to be more knowledgable
Pros and Cons
  • "Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape, preventing the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware while quickly minimizing breach impact with autonomous detection and response."
  • "The solution has limitations if it's hosted on-premise or as a SaaS."

What is our primary use case?

The solution is primarily used for protecting endpoints.

Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape. 

It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response. This way, your organization gets all the endpoint protection it needs, at the quality it deserves, in a single, efficient, and cost-effective solution and able to detect/block/monitor and response to any malicious activity happening on the endpoint. With the single agent deployed on the endpoint, it's able to provide complete EDPR functionality with help of multiple security features/modules.

How has it helped my organization?

Harmony Endpoint provides complete EDPR functionality using multiple modules/features which are available with the solution such as Compliance, Anti-Malware, Media Encryption and Port Protection, Firewall and Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering. Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensic, Threat Emulation, and Anit-Exploit.

We are able to protect endpoints from any next generation of attack and modules can be enabled/disabled based on organization requirements. Harmony Endpoint is able to detect/block/monitor and mitigate attacks at an endpoint using logs which is been captured by an agent installed on the endpoint. 

Agents send telemetry/metadata to a centralized console for forensic purposes. Policies for the endpoints can be created based on the user name or endpoint. 

Integration with a threat intel platform for blocking any attack at an early stage is great. The complete solution can be hosted on-prem or via SaaS - a cloud remote access VPN is provided as default in base licence. 

Different policy servers can be configured and hosted at each location so the agent does not have to reach a central location to take policy updates. Policy servers are created using OVF file which can be installed on any virtual platform such as VMware. This offers a more secure way of communication between the policy server and the management console (using certificate/SIC communication). 

Agent footprints are low on endpoints and integration with other security solutions is great for sharing threat intel within an organizational network or over the cloud. Anti-ransomware modules are very strong and are able to detect any ransomware attacks at a very early stage. 

The host-based firewall policy configuration is simple. 

What is most valuable?

    The solution allows us to reduce the attack surface via:

    • Host Firewall
    • Application Control
    • Compliance
    • NGAV: Prevent Attacks Before They Run
      • Anti-Malware
      • ML based NGAV
        GAV: Runtime Detection and Protection
        • Anti-Ransomware
        • Behavioral Guard
        • Anti-Bot
        • Anti-Exploit
          Web Protection
          • Zero-day Phishing site protection
          • Corporate Password Reuse Protection
          • URL Filtering
          • Malicious site protection
            Attack Investigation and Response
            • Forensics collection and detection
            • Forensics report – incident visibility, MITRE mapping
            • Automated attack chain full sterilization
            • Ransomware encrypted files restoration
            • Threat Hunting
              Data Protection
              • Host Encryption
              • Media encryption and port protection
                Mobile Protection
                • iOS Protection
                • Android Protection
                  Centralized Management

What needs improvement?

The solution has limitations if it's hosted on-premise or as a SaaS. You need to plan accordingly on the model that suits the organization. On-Premise, for example, does not support threat hunting. Hosting on the cloud will have an impact on the user who is connecting to a central location for internet access as it will add infra cost. 

We also need to look over the expertise of the support executives who require more training and focus as well in this service area and if we can think over the cost of the product.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Project Manager at Junta de Andalucia
Real User
Feb 17, 2022
Enables us to centralize all the security software used in a console and avoid ransomware
Pros and Cons
  • "The graphical interface is very easy to use and intuitive, which greatly facilitates the work and greatly facilitates the work and the location of threats on the users' computers."
  • "Check Point SandBlast Agent allows us to centralize all the security software used in a console and avoid, mainly, ransomware in the company."
  • "SandBlast Agent had moments in which it had a high load, we escalated it to the CheckPoint support that helped us to stabilize it. We had a problem with the parameterization of the solution. Once corrected by following the CheckPoint instructions, everything worked normally again."

What is our primary use case?

We were looking for a solution as complete as possible to replace the existing antivirus and, if possible, integrate it with other products that we have, such as the CheckPoint firewall.

We decided to use the Check Point SandBlast agent to prevent ransomware on users' computers.

We subsequently expanded the scope of the solution to detect malicious activity on our network.

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

It is also missed that it does not have a client for Linux.

How has it helped my organization?

Check Point SandBlast Agent allows us to centralize all the security software used in a console and avoid, mainly, ransomware in the company.

Many of our users have laptops to carry out teleworking, with this tool we can secure their web browsing, and in the event of suffering some type of attack, the computer is notified by SandBlast Agent and provides information about it and the security actions carried out. It even allows you to restore files modified during the attack.

You also have the option of performing a forensic analysis of the infected computer by providing a lot of information.

What is most valuable?

What we liked the most about the product, apart from detecting any attempted attack, is the graphical interface.

The graphical interface is very easy to use and intuitive, which greatly facilitates the work and greatly facilitates the work and the location of threats on the users' computers.

We also highly value the anti-ransomware functionality, which creates a copy of the files on the computers and in case of infection by ransomware is able to restore them to a date when the computer was not infected.

What needs improvement?

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

SandBlast Agent had moments in which it had a high load, we escalated it to the CheckPoint support that helped us to stabilize it. We had a problem with the parameterization of the solution. Once corrected by following the CheckPoint instructions, everything worked normally again.

It is also missed that it does not have a Linux client since some administrators use this type of operating system.

For how long have I used the solution?

I have been using SandBlast for over 1 year now.

What do I think about the stability of the solution?

It is a very mature product that provides great stability in service.

What do I think about the scalability of the solution?

It is a very mature product with good performance. Currently we have not needed to use its scalability.

How are customer service and support?

Our experience with customer service and support is very good, the support is totally professional and responds quickly.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we used third-party antivirus software and switched to Check Point SandBlast Agent for its ease of integration with other Check Point products and to improve protection against ransomware.

How was the initial setup?

Initial setup is easy, policies and user groups are defined and then applied. Then we adjusted the policies until we got what we needed.

What about the implementation team?

We implemented it with an internal team and when we had doubts, we consulted the manufacturer's support with a totally satisfactory result due to their great experience.

What was our ROI?

Currently we have not quantified our ROI but we have avoided the loss of information on user computers due to viruses, ransomware, ...

What's my experience with pricing, setup cost, and licensing?

The cost of the solution is similar to other products on the market.

Which other solutions did I evaluate?

We have been evaluating other products, such as Bitdefender and Broadcom (Symantec Enterprise).

What other advice do I have?

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

It is also missed that it has no client for linux.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1776063 - PeerSpot reviewer
IT Manager at a renewables & environment company with 51-200 employees
User
Feb 11, 2022
Great cloud management and reporting with on easy pane of glass
Pros and Cons
  • "The rollout and management of devices were very simple."
  • "There is one pane of glass to all end points, events, and incidents which is providing our team with a clear picture of the environment."
  • "The web filter service could be improved."

What is our primary use case?

We wanted to consolidate a several-point solution to one endpoint. With so many new cyber threats and having a growing environment, what we had in place had too many gaps or grey areas between solutions and vendors. 

Also, with a rapid transition to hybrid working, we needed to reconsider our end point protection. Having used Check Point NGFW for five years, it seemed like a good fit. Also, the experience and long term position of Check Point in the security market gave us good confidence. This mature position in the market also helped with finding several resellers and experience.

How has it helped my organization?

There is one pane of glass to all end points, events, and incidents which is providing our team with a clear picture of the environment. We have already experienced several items that previously just got lost in the greyness of a multi-solution environment.

The rollout and management of devices were very simple. It allowed for a rollout of 200+ devices - all remote - in just a couple of weeks. Having cloud-based management also really helped get started, as, within the day, we had a POC running and just started to grow from there.

What is most valuable?

Cloud management and reporting are great. The management interface is very simple and easy to navigate. Just getting a logon to start is very helpful. The Check Point support at this stage was great. While it was very simple and intuitive, having someone talk over the defaults provided recommendations that helped us jump forward very easily.

Again, the cloud management service has a several inbuilt default reports which are easy to customize and provide more visibility than we have had previously with several solutions. 

What needs improvement?

The web filter service could be improved. It would be great to have a self-service user request for sites. An administrator would still need to approve, however. 

The block screen could have a nicer screen or allow it to be customized.

The list of exceptions for URLs could be improved with a separate screen for a large list of exceptions. Having the same exception list for mobile and endpoints would be great. 

We are hoping to transition to the SOC based service. Think this is still new; we're looking forward to get more information and test.

For how long have I used the solution?

We just transitioned to Check Point Harmony, and have been running it now for six weeks.

What do I think about the stability of the solution?

Stability seems very strong, however, it's early days.

What do I think about the scalability of the solution?

Scalability seems very strong, however, it is early days.

How are customer service and support?

We don't know yet.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The move to hybrids has been working well during Covid.

How was the initial setup?

The initial setup was not complex. 

What about the implementation team?

We did both - we implemented through a vendor and in-house.

What was our ROI?

The product offers a great lower cost than previous solutions.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to talk to your Check Point partners or find a good one.

Which other solutions did I evaluate?

We spent a long time reviewing the marketplace and comparison sites however, we did not test anything.

What other advice do I have?

I am very positive in terms of the solution and Check Point in general.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1777338 - PeerSpot reviewer
Supervisor Tecnico at M.Coutinho Douro - ComÉrcio De AutomÓveis, S.A.
User
Feb 9, 2022
Great URL filtering and management with very good licensing tiers
Pros and Cons
  • "We're able to secure all endpoints and manage them from a single console."
  • "Sometimes, with a lot of clients (1,000) the UI is a bit sluggish."

What is our primary use case?

We're using the product to secure our endpoint users internally and for a hybrid workplace setting. 

We wanted to replace Windows Defender with a more professional solution and, after checking some vendors, we opted for Check Point since we've been using their firewall product for quite some time.

The license tier is also nice as we can buy licenses to specific cases and save some money on that end. 

The inclusion of URL filtering was a plus since we replaced another product we used in the company.

How has it helped my organization?

We're able to secure all endpoints and manage them from a single console. 

Being able to set policies linked to Active Directory objects made the administration of the platform much simpler and the documentation of those policies very easy. We can just change a setting on Active Directory and the computer gets a totally different policy in a matter of minutes. Of course, this syncronization time must be set up in advance on an agent machine. However, it is a very easy task to do.

The drive encryption was another feature we implemented with the product.

What is most valuable?

The management of all endpoint settings from a single portal does not need to use more than this one to set all the policies. We used the deployment of this product to push drive encryption to some of the more sensitive users of the company since we haven't had any solution to this problem.

We're also using application control to block some unwanted apps from being executed on clients, however, sometimes the management of those apps can be a little time-consuming due to newer versions being released often.

What needs improvement?

The lack of time setting for policy application, for example, from 8 am to 9 am, to have a policy applied and then from 9 am to 10 am for another one.

A more responsive UI would be nice. Sometimes, with a lot of clients (1,000) the UI is a bit sluggish.

The operation of reinstalling a machine also requires a bit of work since we have to delete the object before installing the app on a formatted operating system. It should be able to lock settings and licenses to the machine ID that never changes with an OS installation.

For how long have I used the solution?

I've used the solution for one year.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1773669 - PeerSpot reviewer
Network Security Engineer at Maine Bureau Of Taxation
Real User
Feb 6, 2022
Great technical support, no downtime, and easy to clone and expand
Pros and Cons
  • "This solution helps make sure that we can patch and keep security going without having to talk to everyone for change management."
  • "Scalability is a huge factor; the need for no downtime is key for us, and this solution offers that, as we can patch and reboot firewalls while keeping connections running 100% of the time and no one even notices."
  • "The biggest thing would be the ability to update the SMO's and gateways through Gaia instead of always completing it through the command line."

What is our primary use case?

We use the Check Point Maestro for data center firewalls. It has the ability to spread the load across multiple devices and still only have one source of management, which is incredible. Plus, everything duplicates across the firewalls without manual intervention.

We are currently moving from a flat network into this setup, and, with the amount of traffic that we are going to be sending through the firewalls, this is the only way it could have been done. 

Also, the product offers the ability to have little to no downtime during patching. 

This setup is a beast!

How has it helped my organization?

We didn't have anything before. This really creates a secure and fast solution. In order to be able to track everything coming in and out of our data center. We have a flat network and now that we are moving to this design, we needed something that can secure servers and users from each other and make sure we are only allowing what needs to be allowed and not allowing anyone to traverse the network maliciously. 

Also, we have no ability for downtime - so having this solution helps make sure that we can patch and keep security going without having to talk to everyone for change management.

What is most valuable?

Scalability is a huge factor. 

The need for no downtime is key for us - and this solution offers that. When you have six gateways you have to patch and no one even notices, it's phenomenal. 

We need to be able to keep these connections running 100% of the time. The fact that we can patch and reboot firewalls and no one even notices is a huge plus. We need to be able to keep it secure but also keep it up and running. 

Having the six gateways and being able to clone them in when we need a new gateway is excellent. I love that we are able to just put a new gateway in and clone it.

What needs improvement?

I don't really have any real suggestions for this to be improved. The biggest thing would be the ability to update the SMO's and gateways through Gaia instead of always completing it through the command line. As we train new people and have fewer hands that touch these firewalls, having a good understanding of how CLI works and how to install patches and remove patches from gateways using this method is dying. So, being able to do it the same way we do all the other gateways would be excellent.

For how long have I used the solution?

I've been using the solution for over one year.

What do I think about the stability of the solution?

I am very impressed. I didn't think anything like this would be possible.

What do I think about the scalability of the solution?

It has the MOST scalability of any product out there. You can slam another gateway in and clone it and off you go.

How are customer service and support?

We always have great support and service. I don't think any other vendor provides this level of support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used Fortigate before, however, the management on Check Point is unrivaled.

How was the initial setup?

The setup was slightly complex to begin with. That said,  once you've set up a new connection a few times it gets easier.  

What about the implementation team?

We handled the setup with the vendor team. They are the best at Check Point!

What was our ROI?

I don't pay the bills, however, it's my understanding that there is an argument out there for ROI.

What's my experience with pricing, setup cost, and licensing?

The cost is up there. However, when you are dealing with the best, you cannot really balk at pricing.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

Check Point Support is top-notch. You cannot beat their support.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Anil Redekar - PeerSpot reviewer
Network and Security Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Jan 18, 2022
Great anti-malware, anti-phishing and anti-ransomware capabilities
Pros and Cons
  • "The main advantage of the solution is the ability to implement complete security policies for the terminals in order to address how apps are installed on corporate devices."
  • "In many ways, it made us feel safe."
  • "The solution needs more alerts to warn of attacks."
  • "I would suggest that the Check Point team always allocates an SME to all the vendors before implementation."

What is our primary use case?

In our organization, we are creating Trusted, Untrusted, and DMZ zones. 

We use URL filtering, antivirus and threat prevention, as well as detect and monitoring of all the outside traffic that enters the organization. 

It downloads the latest signature from the Check Point database for anti-malware and it keeps my laptop clear from malware files and attacks. 

We are now able to regularly scan after implementing this product and now we feel happy. In many ways, it made us feel safe. 

We have installed this tool for every user.

How has it helped my organization?

The Harmony vendor is excellent at providing various features and updates regularly. 

The main advantage of the solution is the ability to implement complete security policies for the terminals in order to address how apps are installed on corporate devices. 

It secures our organization from attacks from ransomware, malware, et cetera. 

The most important feature is the file scan capability. It saves us from attacks by modified files. In this way, we secure our internal traffic from outside attackers.

What is most valuable?

The below features are most valuable:

1) Anti-malware

2) Threat protection with signature

3) Anti-ransomware

4) Anti-phishing (support for all leading browsers)

1) Anti-malware (to detect and prevent malicious activity)

2)  Threat protection with signatures to prevent the threat on the basis of a signature. Signatures are stored in the database. 

What needs improvement?

I would suggest that the Check Point team always allocates an SME to all the vendors before implementation. This will help when the endpoint agent cannot integrate with another product or third party. It could expand the functionalities too. In addition to security functionality, they could incorporate Mobile Device Management (MDM) functionalities such as remote device management, administration of installed applications, et cetera. 

The solution needs more alerts to warn of attacks. 

For how long have I used the solution?

I have used this product for the last two years.

Which solution did I use previously and why did I switch?

We did not use a different solution previously.

How was the initial setup?

The setup is somewhat complex the first time, however, it is not too complicated or difficult.

What about the implementation team?

We implemented this product as per the organization's requirements. We did it ourselves.

What was our ROI?

Our ROI has definitely improved after installing this product.

What's my experience with pricing, setup cost, and licensing?

It is a fair price and according to the quality of the product offered.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1398543 - PeerSpot reviewer
Network Security Engineer at a financial services firm with 51-200 employees
Real User
Jan 12, 2022
Resilient by design, provides redundancy, and offers ongoing constant improvements
Pros and Cons
  • "We love that we don't have to upgrade it anymore. They take care of that."
  • "The new clients seem to be faster and more stable, and everyone in the company can appreciate that they can VPN and connect faster with more resilience, as the client will even reconnect on its own after an internet outage, which is amazing."
  • "It would be ideal if they had a migration tool of some sort."
  • "Other than that, the only other thing I could complain about was that they did this process where they did some type of certificate update on the backend of all of their staff solutions. That created downtime for our VPN clients and they didn't notify us of the certificate update."

What is our primary use case?

There have been improvements in the way our organization functions, as, from an administrative perspective, and being available and taking upgrades out of our court if our users need it, it's going to be out there hanging off of AWS's internet or environment. There is no downtime.  

Theirs (AWS) is probably more highly available than ours. Other than that, it's supposed to be the same product that we were using. It's a Check Point Management Station to a Check Point Management Station in the cloud. Basically, it's not that much of a difference. We have upgraded all the clients since, and we're on one of the later versions of the VPN clients that are supported by the new Management Station. The old Management Station wasn't supporting the newer clients anymore.

The new clients seem to be faster and more stable. Those are improvements that everyone in the company can appreciate. They can VPN and connect faster. They're more resilient. I've noticed that they try to reconnect. If our internet goes out for 20 minutes and you VPN'd in, it will actually reconnect on its own at the same token, which is amazing. Before, if only the slightest instability of the internet connection disconnected you from VPN, you were then required to put in your RSA token and password, and username. That is annoying for people as a lot of people's WiFi's aren't that great and/or they're in some airport or something and might momentarily disconnect.

What is most valuable?

We love that we don't have to upgrade it anymore. They take care of that.

The upgrade process was nice with the new Management Station compared to the old one. I like how they have the clients already available. I didn't have to download them and upload them as I did with the old Management Station.

We're happy with the solution overall as it takes away the administrative overhead of operating it and patching it and being able to also sign in through the web browser anywhere as opposed to just having to VPN back to our work and connect to the Management Station in order to use it. We can just use the Check Point portal and just use any browser anywhere. That gives us more options, which we like. 

I've noticed they're constantly updating the interface and making it easier to use, which I appreciate. When we first started using it, it was really laggy and it was really slow and it was hard to sort some of the computers and users, however, they make updates almost every time that I log in. It gets better and better every day. It has gotten better and it's not as slow as it was.

There seem to be constant improvements happening, which you can't say for everything. We don't have to upgrade to get the benefits of the improvements, either. That takes a lot off of our plate and allows us to focus on other things. We're taking the good with the bad and the bad seem to be one-offs and we're looking forward to the future.

Therefore, the most valuable feature is its ability to take the management and the administration of the product off of our plate and onto their plate. We don't have to worry about upgrading it, creating downtime, working off-hours, doing all the research and stress of seeing if it's compatible, if there are problems, letting them test it. That's nice. Previously, we would upgrade our products or patch them maybe two to four times a year, depending on if there's a security vulnerability. Each time we do something like that, it was about three to four hours of downtime. Now, that process doesn't exist. 

Before, with on-premise, we had two Management Stations. One was primary, one was secondary and there were two different data centers in case one data center was down. The other one would come up and be the Management Station for all of the clients. Now, in this case, we only have one. It's in their cloud. Their cloud is in AWS. It's a great thing. It's resilient by design and it provides redundancy in a single source of administration for us. We like that too

What needs improvement?

It would be ideal if they had a migration tool of some sort.

There were some caveats that we encountered on the new Management Station. For example, they had some features that were not supported by older clients. There are the clients that are running on the laptops, and there are the Management Stations, and then we had one on-premise, which was older in terms of the clients that we were running. Then we had the new Management Station in the Cloud that Check Point is administering as it is a SaaS, which is a benefit.

The newer Management Station has features that it enforced on the clients that the clients weren't able to support. For example, Windows Service or Windows Subsystem Linux. Everyone in my company that uses Windows Subsystem Linux, which is about 15 or 20 people, that need it on a daily basis, were running the older clients of course, as they were migrated over the new Management Station and they weren't allowed to use that. It was being blocked automatically due to the fact that that was the new policy being enforced that was literally a tick box in the new Management Station that I didn't set. Even if I enabled WSL, it didn't matter. The older clients couldn't take advantage of the new newer Management Station telling them to use it. That was annoying trying to troubleshoot that and figure it out. tNo one at Check Point really knew that was the problem. It took a while to resolve. We finally figured out upgrading may solve the problem. When we did that, we upgraded those users, however, that created a little bit of an issue in the company, as we upgraded those users. We like to test them with a small group and make sure they're stable and make sure nothing weird happens. We were forced to upgrade them without testing first. 

One thing they still haven't improved on from the old Management Station to the new Management Station, which should totally be an improvement, is when you create a Site List for the VPN clients and you deploy it from the Management Station, you are not able to get that Site List. You have to play around with something called the Track File, which is a miserable process. You have to download the client, decrypt the Track File, edit it, then upload it again to the Management Station and download the client a second time and then test it and make sure the Track File's in the right order of sites as well, due to the fact that it's kind of random how it decides to order the Site List. The Site List is what the clients use to connect to the VPN Gateway, and if you have more than one gateway, for example, for disaster recovery, which we do, then they'll need that list.

It's something they've never improved on, which I was hoping by going to the cloud and having this whole thing recreated. Since it's more advanced I thought they'd have that ability to edit the Site List with the initial download. You should be able to just add the sites and then that's it. That kind of sucks that you can't. 

Other than that, the only other thing I could complain about was that they did this process where they did some type of certificate update on the backend of all of their staff solutions. That created downtime for our VPN clients and they didn't notify us of the certificate update. We're using the product in their cloud as opposed to their product on-premise, which seemed to be more stable in that regard. They didn't communicate that out. However, when we spoke to support after about a week, they told us there was this thing they did the past week, and that's the reason why we had that problem. Everyone that had that product had that problem. That really wasn't ideal.

For how long have I used the solution?

I've been using the solution for about a year. Maybe a little bit more. 

We've been a Check Point shop for approximately 15 years. We're very well versed in Check Point.

What do I think about the scalability of the solution?

Seeing that it's in the Cloud, I think it's very scalable and I am impressed with that aspect of it.

For this solution, in particular, we are using 100% of the Cloud VPN Management Station and all users are phoning home up into the cloud. We're going to stick with it unless they have some severe outages or certificate updates without telling us like they did last time. Right now, there's no reason for us to change and I'm very pleased with the product.

How are customer service and support?

To set it up, we relied heavily on technical support as it was new. That said, it's really the same ball of wax, so we're good now. It was just the initial setup we needed help with as it was new to us. We hadn't done much. We had to learn how to connect our software clients to the cloud. We had to use special cloud keys that were proprietary to Check Point. It's like learning a new suite from Check Point. 

We literally got on this as it was cutting edge. We're like one of their first customers using their SaaS. We were using their VPN and Smart-1 Cloud before most people. When we were setting it up, we're setting it up with their actual product engineers or whatever. It was interesting.

They changed it a lot since we started setting it up. 

I'd call them to their support and they didn't even know about anything due to the fact that the support wasn't even trained on the cloud yet. They weren't even trained on their Smart-1. They would just say "we don't know about that yet and/or we can't help you." It was kind of funny. I told our sales team that and they got pissed.

They called them and they're like, no one should ever tell the customer that you don't know about this yet and it became a big deal in Check Point. 

That said, I'd rate their service as pretty high. I respect those in the endpoint or firewall department as they largely understand what's going on. At the same time, they do need to get people more people trained up. They don't seem to have trouble keeping people around for a few years so that they learn.

How was the initial setup?

After signing up with Check Point, the migration of users took about a month and a half. 

We had to build out the Management Station in Check Point too and that took from probably January to almost July as we had to build it from scratch. They didn't have a migration tool for our current policy, as it enforces firewall policy on the endpoints locally on the local firewall and that wasn't ideal. We had to build that whole Management Station from scratch.

I had to go back and forth between the on-premise Management Station and the Cloud Management Station and literally look at every single feature, every single function, every single rule. I had to recreate every single object. I had to recreate every single everything. That took a very long time.

It was very manual. It's literally two screens and comparing items. That took a couple of months while doing other things, of course. However, that was my priority for about a month and a half. I worked on that a lot. I wish they had a migration tool, like a migrate export for the policy and the features. Once that was created, however, everything pretty much worked. That said, there were a couple of caveats. 

What other advice do I have?

We're customers of Check Point.

I've been working on setting it up and migrating users from the on-premise platform since January of this year. This is their Cloud Endpoint, VPN Management Station versus their on-premise VPN Management Station for Endpoint. We had to migrate the users from the on-premise version using a special tool that you have to ask them to make, which is kind of weird, however, their product is so new that that's the way that they do it. I had to deploy that tool to all the users in our company and that switched them over to their Cloud Management Station.

I'd rate the solution at an eight out of ten. There's room for improvement, however, I respect it and it works well.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Esra Bilgin - PeerSpot reviewer
Esra BilginPresales with 11-50 employees
User

Harmony Endpoint is an endpoint security solution built to protect the remote workforce from today's complex threat landscape. It prevents potential threats to the endpoint, such as ransomware, phishing, or malware redirection, while quickly minimizing breach impact with its autonomous detection and response capability. This way, your organization gets all the endpoint protection it needs in a quality, efficient and cost-effective solution it deserves.

See all 2 comments
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros sharing their opinions.