Check Point Harmony SASE (formerly Perimeter 81) Reviews

It was installed on the machines of the organization due to the need to filter all the incoming and outgoing content and to protect the teams - mainly our units that use laptops and have to be constantly moving. 

In the last two years with the appearance of Covid-19, this solution gave us that protection outside the organization that had been neglected for strengthening internal security. 

Another great advantage is the possibility of being able to protect our mobile devices by integrating the solution into all mobile devices.

The solution has given us an additional layer of protection in our equipment and applications, mainly now that the equipment is portable and in many cases, we must connect to various public Wi-Fi networks.

Its Granular Access Control over and within each resource, based on dynamic and contextual evaluation of user attributes and device states is great. 

A broad set of rules can be applied across all users, servers, and enterprise data stores, including user commands and database queries - giving users well-managed access.

Review of exported and imported packages and protection and content filtering have been useful. 

Advanced behavior analysis and machine learning algorithms shut down malware before it does damage. 

The solution offers high catch rates and low false positives to ensure safety,
efficacy, and effective prevention.

The automated forensic data analysis delivers insights into threats. 

Complete attack containment and remediation can quickly restore any infected system. 

It blocks malware coming from web browsing or email attachments before it reaches the endpoints. 

It is important to locally validate the consumption exerted on the equipment. At times, when I lose connection, I feel that the equipment is slowing me down. They could improve this detail or indicate that the application, while it is being restored, can generate latency in the communication processes. That said, it is definitely a very good solution for the protection layer in teams inside and outside the organization. 

In mobile devices, there is also sometimes a bit of tear when it is via LTE, however, that must be due to connectivity.

I have been using the solution for two years and it really works.

It is very stable and normally any problems generated are from loss of internet.

Scaling is easy and fast, thanks to the fact that it is licensed.

We did not use a different solution previously.

It is a quick solution to install, however, its cost is really medium and not low.

We did not evaluate other options.

It is perfect for keeping all my devices protected.

We use the EDR solution for servers and endpoints for a lot of customers. The use case is for offering protection at the OS level. 

We wanted a better solution than legacy antivirus to secure each OS in the organization. Harmony Endpoint gives us a complete security package with a lot of security features that regularly require a lot of separate security products and a lot of overhead management. 

The environments include on-premise servers - mostly Windows - as well as laptops and desktops with Windows and Mac OS. We also have some cloud services in Azure and AWS.

It's improved the security of every single OS in the organization as well as the visibility and security capabilities. With Harmony Endpoint, we give each computer advanced anti-malware protection and internet browsing protection (like proxy protection), and advanced phishing protection inside websites. 

It takes care of the concern about ransomware. Today, it's more important to secure each endpoint in the organization at the OS level rather than the organization network level as users are connecting from everywhere. This is why Harmony is so important to us.

The solution offers very good features including anti-malware, URL filtering, and anti-ransomware. The product offers a complete solution in one package and it's on every single OS. 

The most valuable part of this product is the complete security package in one single endpoint that includes the legacy anti-virus protection, advanced anti-malware protection, browsing protection, and even firewall capabilities at the OS level. 

In a lot of cases, when we want to give all these security features to every endpoint, we need to implement a lot of separate security products.

More report and alert options would be useful. The reports are not good enough and alerts are not usable. 

We need more user-friendly alerts and more options for the alerts. The reports are not capable of giving important information from some parts of the system - like inventory details, etc. 

Also, the logs in the product are not very usable. If you have any blocking of a legitimate app or some problem you will have a hard time finding a log about it and most of the time you will not find any information. 

The product doesn't have an automatic shutdown switch. You must uninstall it in order to shut it down.

I've used the solution for about one year.

It's very stable. However, they need to resolve some bugs and feature requests.

It's a cloud solution. We are using the cloud-managed solution which makes it very scalable.

The solution offers the best customer service and support in the market.

Positive

I used Symantec and we wanted to move forward to an EDR solution that gives a more complete security solution for today's needs.

The initial setup is very straightforward.

We implemented it in-house. We learned how to do it by ourselves.

There are only two types of licenses. If you don't need sandbox features, you can take the basic license and it includes everything.

We tried Sentinal ONE, CrowdStrike, Microsoft, Trend Micro, and McAfee.

It's the perfect solution for endpoint protection and has a lot of features included.

The solution provides high performance along with ATP prevention, policy management, remote activity, and IoT support. We have all these features integrated into our security gateway for every business year, like the SASE model. Cyber threats are becoming increasingly sophisticated nowadays. We have this next-generation firewall, to protect all your network, cloud, data centre, IoT devices, and remote connections. Due to these reasons, we prefer Check Point's network solution. It helps improve the remote workforce security.

The solution offers ATP features and management features. We have a smart console and GIA portal. We used to manage all policies on the smart console. We do have the URL filtering and prevention part. We used to do the policy databases and all that configuration from the GIA portal. We have intrusion prevention, application consultant, filtering options and web filtering. It works as a next-gen firewall.

Firstly, there are different consoles involved. If someone is selling another product that already has a single console for managing everything, that would be better.

I have been using Check Point Quantum SASE for 6 months.

Support is handling requests via email. Additionally, they share documents. We haven't encountered any major issues requiring support. They are available 24hr/day along with alerts, reports or security issues.

The initial setup depends on the organisation. Let's say they are currently using FortiGate, but they want to migrate to Check Point Quantum SASE. We have different options for migration. We can either perform the migration manually or upload existing tests. Manual deployment can be time-consuming. We have two types of configurations: basic and advanced. Basic configuration can be completed quickly, but advanced configurations may take more time. Our deployment process is relatively easy, but managing traffic and other aspects can be challenging. We need to align with the organisation's flow during this process.

Deployment takes about a month depending on the number of firewalls.

The zero trust aspect is being used for VPN purposes. It replaces your VPN, assisting anyone trying to access VPNs.

We are using it for large organisations and enterprises. For instance, if some organisations are using Check Point hardware for their firewalls but don't want to switch to other vendors, they can opt for this solution. Especially for big organisations with data centres facing numerous network issues, it's highly scalable. When it comes to firewall configuration, sometimes we encounter issues, but we can't always blame the firewall.

Check Point offers SmartConsole and other tools. If you compare Quantum with FortiGate, FortiGate doesn't have separate controls for various functions like policy publishing and control. In FortiGate, within one console, you can manage everything by enabling features.

Overall, I rate the solution a 7 out of 10.

The solution is predominantly used for Internet access when mobile. In the office, we have already deployed a Quantum Spark appliance, and this was focused on mobile users. 

We don't have on-premise applications or servers, so there is no use case for Remote access. However, we were keen to try it out from an evaluation perspective by bridging to the existing Check Point gateway at the site. 

Simplicity was needed, and importantly, we wanted something to not be too intrusive to mobile users. The interface has a few simple options, and it makes it easier.

We believe in defense in depth, and Harmony connect SASE adds another layer of protection for internet access. 

We have already deployed the entire Harmony suite, from Email & Collab protection to Harmony Endpoint. This adds a layer on top. Being a mobile user, securing Internet access was very important, and the product's pricing was simple enough and unlike other multiple add-ons on top of the base products from other vendors.

The reports give a simple overview of the traffic pattern within the organization. Though we don't use it to track user productivity, we can if necessary. There are reports specific to SaaS applications as well, which do come in handy.

The simplicity is good. It's good for consolidating security and being manageable from the Infinity portal with other Harmony solutions and makes management easy. We can use this instead of managing multiple-point solutions. It has a unified policy for private and internet access, making it easier to manage policies. 

The weekly reports have been informative as well. We are also keen on trying clientless access to provide restricted access to applications for third-party users.

Deployment was a breeze. We just key in the target users' email, and the rest is easy.

Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options.

Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap.

Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.

I've been using Harmony Connect for more than three months now. 

We haven't had any glitches or issues with it at all. It's very transparent to the user.

It's very scalable and easy to deploy. It's scalable with users and it's scalable with the existing CP gateway deployments as well. There isn't much information on how it integrates with other end-point solutions. We had a full Check Point environment and it was clean.

We haven't run into any issues so far. We did need some assistance during the initial policy configuration, and the Check Point solutions team was there to assist.

Positive

We did not use any other SASE offering before. 

It's a simple setup; we just key in the end user's email address and it sends an invite to download the client. 

We implemented it in-house with the assistance of Check Point's solutions team.

The ROI is better than using a traditional VPN to connect back to the office gateway. We needed something that was light and transparent without the hassle of having to connect manually. We aren't planning to remove the gateway yet, however, in the long run, we will consider it, and that should negate the gateway costs.

Setup is a breeze. You key in the target user's email, and the rest is a click away. Pricing is competitive compared to the top players in the SASE market. 

Also, there is no concept of add-ons which makes it easier. 

Licensing with a minimum of 50 users could be a show-stopper for smaller organizations. However, a small company has probably got to do it with the infra in the backend to make it worthwhile.

Since we were keen on consolidating, we did not focus on multiple options.

The product seems to be transparent to the users. It lacks application segmentation options which some competitors offer.

We use Harmony SASE to manage remote users across multiple countries, including India, Poland, and the US. The customer required a setup to control access for different groups and users, protecting them from threats and securing their systems.

Harmony SASE helps us to manage compliance by regulating the amount of access to each department and user. We control the relevant apps and websites, which can be accessed from company-owned devices. Harmony SASE uses its own threat intelligence data from the cloud for threat prevention, and detect and manage threats with their own threat intelligence data and SASE firewall features.

The Point locations need to improve the latency and speed. 

I have been using Harmony SASE for six months.

I would rate the stability as a seven out of ten. 

Harmony SASE is a scalable solution and I would rate it an eight out of ten.

The support from Harmony SASE is really good.

Positive

I've worked with Fortinet. In comparison to Harmony SASE with Fortinet, Fortinet is easier to manage because all FortiGate devices use the same FortiOS, making management straightforward.

The installation and deployment of Harmony SASE are easy. It usually takes fifteen to twenty minutes to install and configure on a single device

For deployment and maintenance, a single engineer is sufficient for MDM solutions. However, in multiple tasks, two or more people are required to sort out the glitches in the solution.

The remote users, who have been using Harmony SASE has shown cost savings. With SASE, we don't have to manage VPNs, which leads to long-term cost benefits. We don't need dedicated leased lines or bandwidth in the office, making it a good approach.

There are no such AI features as of now on Harmony SASE. I would recommend it and would rate it eight out of ten.

We use the solution since it is required by our client in Singapore. They needed to use a VPN solution, like Perimeter 81, because they wanted to connect it from an overseas place where their workers travel.

The best feature of Perimeter 81 is that it provides a secure feature while connecting, such as the IPsec tunneling or Perimeter 81's connector called Wireguard Connector.

The solution's speed of upload and download is an area where it lacks. If Perimeter 81 enhances the speed of upload and download, then it could be an improvement.

I have been using Perimeter 81 with Azure Active Directory. I started using it when my company got our license from Perimeter 81 in December last year. So, have six months of experience with the solution. My company has a partnership with the solution.

In my company, along with my coworker, two engineers use the solution for testing.

I rate the support team a ten out of ten.

Positive

The setup is really easy. The setup is very user-friendly.

The solution is priced appropriately considering its uses. For an essential license, a user pays only 30 USD per month. For an enterprise version, the prices can be negotiated with the company.

We use Perimeter 81 integrated with Azure Active Directory single sign-on (SSO). Not only in Azure but also Okta, an identity provider, we can guarantee the convenience of login, and also, it secures the connection.

I rate the overall solution an eight and a half out of ten.

This is a VPN solution that caters to remote working. I rely on this software heavily in order to connect to my company's internal network. Compared to my last job, which used a different VPN vendor, Perimeter 81 has caused no issues whatsoever. 

I'd easily recommend Perimeter to any businesses that are interested in purchasing the software. As an end-user, speaking from experience, I've found no issues whatsoever with this VPN. Changing between different networks is very easy and straightforward to do.

Perimeter 81 provides a very secure and non-disruptive experience. At my last job, we used a VPN vendor which would interrupt vital connections to the network. Whereas using Perimeter 81 in my new job has been a very stress-free experience without having to worry about disconnections. It's made my working relationship with my new employer easier without having to worry about dropped connections. What I would say is this has improved our organization via its simple and easy-to-use UI. Other users can easily troubleshoot and provide remedies to each other if issues do occur, which are very rare.

The easy but secure way of logging into the VPN makes mornings easier when logging in. It's a straightforward, 30-second sign-in process without any hassle required. I also found the lack of configuration required by end-users a much-appreciated touch. It's incredibly important that my connection is always stable and reliable. That is what I'd say is valuable about Perimeter 81. I rarely see any complaints on Perimeter 81 amongst other colleagues. This wasn't the case with the last vendor we used at my previous place of employment.

I am struggling to find improvements in particular that would benefit users. What would be useful would be a notification/warning that a session is due to timeout after exceeding the default connection limit. This can help me prepare for imminent disconnection due to my existing organizational connection limit. However, that being said, it could be a setting somewhere but I thought I'd add this as a point anyway. In terms of constructive feedback, I can't find any other improvements or suggestions from an end-user point of view.

I've used the solution for less than one year.

We are using the product to secure roaming users who work outside the office as well for protecting a variety of company locations. 

It is great that Check Point continues to be a visionary in the network security market and delivers such anticipated products which allow users to cope with ongoing security challenges and trends.

It is used to protect offices and retail stores and it is a step forward from the traditional connectivity architecture which lacks flexibility and prevents business to advance at the desired pace.

It is great from an operational point of view. There is no need to procure and install HW; a new location could be secured almost instantly.

There is no need to talk about security. It comes from a team of talented developers and has a historic record. The Check Point portfolio showcases very strong products. 

The support from Check Point's side is great as it always and allows you to understand the product, produce and secure design as well as deploy and test it. Furthermore, the product owners are actively looking for feedback. This allows you to express your opinion and shape the product to improve it according to your needs.

The product is great as it allows users to deliver the most security value at the fastest speed. It reduces an operational load in terms of provision, installation, management, patching, and hardware replacement by increasing uptime and reducing the time to deliver to market. It also provides cloud-native availability and allows you not to bother with the sizing and location capacity as long as you stick with Harmony Connect. The price is reasonable.

Last but not least, there is an option to manage Harmony Connect from the centralized management station which allows users to apply existing policies while having a single pane of glass for network security.

An improvement could be made in terms of achieving better coverage in such complicated regions as the Asia Pacific, China, and Russia. Some PoP locations might create complicated traffic flows and impact the latency and load on network infrastructure even further.

Advanced details of log information are missing. However, the Check Point team is definitely open to constructive advice and is happy to make any requested changes.

There are still some limitations that exist while using centralized management with Harmony Connect.

I've used the solution for six months.