Check Point Harmony SASE (formerly Perimeter 81) Reviews

This tool was acquired when the organization made the decision to move the entire infrastructure to the cloud. It was going to handle different types of schemes such as IaaS and SaaS up to Office 365, so all these schemes were going to meet the need for accessibility by users. We needed a tool with complex, centralized management that would help us prevent all types of malicious attacks both from inside and outside in order to guarantee security and reliability for all our clients.

Since the implementation of Harmony, we managed to establish excellent communication in all environments. It has helped us a lot in preventing cyber attacks from anywhere, such as remote users, internet SaaS, and IaaS. In addition, it provides us with real-time information so we can make decisions immediately and achieve complete analysis to be able to carry out compliance management for the corresponding audits.

The tool has many valuable features - such as protection against threats. It also has centralized management that allows administrators to supervise and control the security of the entire network. The VPN and authentication functions guarantee secure and efficient connections from anywhere in the country, device, or network. Due to these characteristics, the tool is one of the best on the market.

They should improve certain features, although they have a modern graphical interface. They can centralize the options or have faster access to options, in addition to improving the authentication to the tool since sometimes it presents problems when entering. In a future version of the tool, they could add a space where information on common errors is shown so that there would not be much dependence on the support they offer.

I managed to use it for approximately two years.

It is a stable tool; I very rarely have problems.

Regarding scalability, it is very good. It behaves and integrates very well with other tools.

Support is one of the points of improvement. They should focus on this part as they are not complying with the SLAs.

Positive

There was no solution implemented previously. This was done when it was decided to implement a cloud implementation.

The implementation is a little complicated at first; its learning curve is intermediate.

The implementation was carried out with the vendor who demonstrated considerable skill in managing the solution.

It is an investment that must be considered and looked at very carefully. You need to understand what type of tool is needed since it is an important contribution to online safety.

The installation is simple once you know how to do it. At first, it is somewhat complicated- especially the configuration. Once you learn, it's very easy. The cost was one of the best quotes we found with the features we needed.

We explored several tools on the market, such as Barracuda CloudGen Firewall, Sophos XG Firewall, and Fortinet FortiGate.

It is a very complete and competitive tool in the marketplace.

I work remotely from quite a remote location in South Africa, for a US-based Software company (GoCanvas/Device Magic). GoCanvas and Device Magic are 2 software platforms used for data collection on mobile devices. In order for me to access platforms such as Salesforce and Cornerstone, I need to be connected to the Perimeter81 GoCanvas VPN. Salesforce is an important integration to our entire organization, and I need to be connected to the Perimeter81 GoCanvas VPN to access my own shared Salesforce account.

Perimeter81 has made it easy and hassle-free for South African employees to access certain platforms needed to do our work on a daily basis. 

Before having the pleasure of being on the Perimeter81 GoCanvas VPN, it was very frustrating. I had many hassles with JumpCloud and I could not get onto the platforms I needed to be working on to get my work done.

I never have any issues with Perimeter81, it really is simple and easy to use.

It really has provided a seamless gateway to much-needed platforms.

I work on a Macbook Air M1, and I love the small icon at the top of my screen that allows me to see when I am connected to the VPN or not. I don't have to open the app to connect to the VPN - I can just click on the small icon and a small tab opens wherein I can click "Connect". It's simple, easy, and convenient.

It would be nice to have a notification sound when Perimeter81 disconnects, as I sometimes don't notice when the icon shows that it's disconnected, and I end up wasting time waiting for my browser to load a page that shows an error, usually error 404.

I've used the solution for 18 months.

The solution is very, very stable. I never have issues with Perimter81.

The scale on which this platform can be used is vast. I work remotely in a remote location in South Africa. We have 400 people in our town (it's a tiny place), and yet, Perimeter81 connects me to a VPN that allows me to access US-based platforms.

I have never had to contact customer service or support for Permieter81.

Positive

I am not sure which solution was used before the company started using Perimeter81.

The initial setup was very straightforward.

Our IT team set me up; I received an email and followed the prompts.

My understanding is the initial setup was handled in-house.

I cannot speak to the ROI.

I do not know the details of the cost or licensing.

I did not evaluate other options.

I'm overall super happy with this product.

I am a remote developer and I use Perimeter81 as a VPN to access development and UAT servers for booking systems that service tier1 airlines. Those servers are mostly on the cloud, however, some are physical. We use AWS servers and physical servers in Dublin, Manchester, Amsterdam, Bejing, and Altlanta. We have individual team members spread out possibly 15-20 countries that need to be managed so it's important that we can be grouped and organized in a manner that allows us to authorize not just depending on our location but also our roles.

Our organization is made up of permanent and contract employees both onsite in our office worldwide and in remote individual locations across the globe. Perimeter81 allows us to develop software as a service (SaaS) collaboratively in a safe and efficient manner. We can authorize our web services not just by our team members' roles but also by our team members' locations based on the IP addresses on an individual level but also based on the group role for that member. The benefits are really built into the underlying protocol, however, Perimeter81 makes these available in a user-friendly way.

As a virtual private network, it enables us to communicate through development groups that segment our organization through the correct allocation of bandwidth and easily configured groups. 

Being able to add individuals to groups is the single most valuable feature, simple as it may seem. This combined with the underlying protocol makes for a powerful and easy-to-use feature for our organization. Adding and removing individuals is simple and easy to do which adds to the overall convenience and usability.

There is a very small amount of downtime. As a general user of the network, I'm not sure if this is down to maintenance time needed by our own network engineers who support our organization or indeed if it is up to Perimeter81 and its maintenance. What would be helpful is if this downtime was reduced. This may or may not involve some collaboration with Perimeter81 engineers and our own organization's engineers to ensure more up time, although I'm not complaining as this is very infrequent.

I've used the solution for over one year now.

The solution is highly scalable.

I don't directly deal with technical support.

Positive

Openpath was our old solution. We switched simply for better service and more uptime.

I did not handle the initial setup.

I did not handle the initial setup.

I don't know anything about the ROI - it's not my area.

Licensing is not my area.

I don't what other solutions were considered.

We primarily use Perimeter 81 for VPN purposes.

The customer support was excellent. They were very helpful whenever we needed assistance. Also, the gateway they provided worked well. The availability of support programs made it easy for us to resolve any issues promptly. The solution itself was quite similar to others we have used, so the strong support was a distinguishing factor.

There are a few areas where the solution could be improved. For instance, we sometimes encounter connectivity issues, which can be problematic. Recently, I experienced a connectivity issue while trying to move to Azure. Connectivity issues can be quite frustrating.

Moreover, in the past, they may have charged differently for their services, which could have impacted the current performance or connectivity. However, I am not entirely sure about the specifics of their previous service offerings. But overall, connectivity issues are a common occurrence when using VPNs.

We've been using Perimeter 81 for almost three months now.

Scaling Perimeter 81 was easy to do. Around 20+ users were using it.

I had a moderate level of experience with the support. During the installation phase, I found it very easy and supportive. However, after that, when I faced an issue, the support person themselves became part of the problem. We went back and forth trying to resolve the issue, but unfortunately, nothing worked out, and we had to find a solution on our own. So, that's been my experience with their support.

The installation on Azure was actually quite easy. I had to provide a couple of personal details for data installations, and then I was able to set it up. 

In Azure, there were multiple instances available for the installation, which was helpful. It was a good experience, and I was able to get it up and running smoothly.

For the installation of Perimeter 81, it didn't take long at all. Setting up the backend and connecting with the users only took about ten minutes. It was a quick process, and I didn't spend more than that time on it. However, I didn't handle the filling up of all the details myself, as that part was handled by a third person.

We only had a single point of contact for the deployment. There was one person available to assist with the installation and configuration.

When it came to maintenance, we faced some connectivity issues, and whenever that happened, we contacted their support for assistance. There were some technical workarounds provided, but sometimes the response and resolution were not satisfactory, which became frustrating. Due to this, I had to get in touch with the solution team often. Eventually, I decided to move away from their service.

Perimeter 81 charges separately for gateways and VPN connectivity, but compared to Azure, it seemed more reasonable. Azure's pricing details were not as clear as Perimeter 81's. While Azure team mentioned certain areas, Perimeter 81 provided a clearer breakdown of the pricing, making it more understandable. So, I would say it was moderate in terms of cost.

Perimeter 81 offers both monthly and yearly licensing options. Users can choose whichever option they prefer based on their needs and preferences.

For those planning to use Perimeter 81, I would recommend going ahead with it. However, I suggest ensuring that there is a reliable tech support process in place. It's essential to know which person would be available for assistance so that you can connect with them anytime you face any issues. Also, it's important to avoid any support connectivity issues during usage. In my experience, they were in a good space when it came to using the solution.

Overall, I would rate the solution a six out of ten. 

We are using the product to secure roaming users who work outside the office as well for protecting a variety of company locations. 

It is great that Check Point continues to be a visionary in the network security market and delivers such anticipated products which allow users to cope with ongoing security challenges and trends.

It is used to protect offices and retail stores and it is a step forward from the traditional connectivity architecture which lacks flexibility and prevents business to advance at the desired pace.

It is great from an operational point of view. There is no need to procure and install HW; a new location could be secured almost instantly.

There is no need to talk about security. It comes from a team of talented developers and has a historic record. The Check Point portfolio showcases very strong products. 

The support from Check Point's side is great as it always and allows you to understand the product, produce and secure design as well as deploy and test it. Furthermore, the product owners are actively looking for feedback. This allows you to express your opinion and shape the product to improve it according to your needs.

The product is great as it allows users to deliver the most security value at the fastest speed. It reduces an operational load in terms of provision, installation, management, patching, and hardware replacement by increasing uptime and reducing the time to deliver to market. It also provides cloud-native availability and allows you not to bother with the sizing and location capacity as long as you stick with Harmony Connect. The price is reasonable.

Last but not least, there is an option to manage Harmony Connect from the centralized management station which allows users to apply existing policies while having a single pane of glass for network security.

An improvement could be made in terms of achieving better coverage in such complicated regions as the Asia Pacific, China, and Russia. Some PoP locations might create complicated traffic flows and impact the latency and load on network infrastructure even further.

Advanced details of log information are missing. However, the Check Point team is definitely open to constructive advice and is happy to make any requested changes.

There are still some limitations that exist while using centralized management with Harmony Connect.

I've used the solution for six months.

In order to connect to our applications like our own GitLab solution or our logs tracking system, we need to connect using the Perimeter 81 application. Before that, we needed to have installed the Amazon Workspaces solution and joined it to that one, so every developer or person who needed access to Gitlab. With Perimeter81, each user that needs Gitlab or logs access has a user created. 

The maintenance of this solution is easier and we also decrease the problems related to workspace scenarios

In the past, we needed to use Amazon workspaces in order to connect to the 'VPN', and, after that, we were able to have access to our private Gitlab solution and logs. 

This was a mess as each developer or person who needed access to Gitlab needed a Workspace created for that use - even if only you needed to access it just for one day and did not use it anymore. Even in these cases, we needed someone from the infrastructure team to create that particular workspace. With Perimeter 81, we only need to create a user and install the Perimeter81 application on the computer.

The solution provides us with:

- An easy way to configure and join the VPN with Perimeter 81. Previously, we were using Amazon workspaces and it took too much time in order to configure the workspace properly in order to just access our Gitlab repository or our logs for just one or two times of use.

- An easy way to find connection problems. You can easily contact Perimeter 81 or check https://status.perimeter81.com to see if some incidents are related to the issue that you have.

In order to have to bypass the login using the website, a good feature for Perimeter 81 to have is a login instance in the Perimeter 81 application. I'm using a Mac and we don't have that functionality. I'm using a Mac and we don't have that functionality. On the other hand, in order to connect with an application, we could have the opportunity to use a Google Chrome application/extension. That will make it easy to use and we can skip situations related to admin permissions in order to install the application on some laptops and computers. 

I've used the solution for six to seven months. 

I have experience with Check Point Harmony Connect and Harmony Endpoint, mainly in an enterprise setting for the cloud-based access control and firewall functionality. It is a good, easy-to-deploy solution that is ideal when it comes to managing access to enterprise resources for those working in a home office type of scenario.

What I like about Harmony Connect is that every packet through the network is screened and filtered so that only clean packets can enter the PC. This is useful for a variety of security reasons because you no longer need to worry about things like DDoS attacks, etc.

Nowadays a lot of people are working from a home office, and Harmony Connect is an ideal solution when it comes to remote working. Let's say there is an organization of around 100-200 people — if they are working from home, they will have a strong need for enhanced firewall and UTM functionality. In this case, the organization can simply deploy Harmony Connect and the employees will have access to secure VPN connectivity.

Another point to mention is that Harmony Connect's real advantage over other solutions is that their support is excellent and they have really awesome technical staff.

The main problem with Harmony Connect is that, because it's in a new category of offerings by Check Point, there's very little marketing of the product so far, and this means that many potential users don't even know this kind of solution is available. There are also few testimonials or case studies talking about people who have used the product and fell in love with it, for example.

The second area in which they could improve is the performance of their management portal. For the end user of Harmony Connect, the performance is great and lightweight, but there is often some slowness when using the management portal as an administrator.

I have six months of experience with Harmony Connect.

Harmony Connect is very stable and its performance is good in the production environment. One of my customers has been using it for six months so far and no issues have been found.

It's a cloud offering so it scales nicely. I don't know about managing Harmony Connect beyond 1,000 users, but I'm not finding any difficulty with scaling because you just need to push the agent to the end user. I believe Check Point are using a major cloud provider such as Amazon, and I don't think scalability is an issue at all for them.

The real advantage of Harmony Connect is their support team. They are excellent, and their technical guys are really awesome. If there is any issue, you simply call them, and most of the time the issue will be resolved on the first call.

They are not very aggressive in their promotion of Harmony Connect, so you would expect that the support might be lacking but this is not the case. And when it comes to new feature requests, they are open to listening. If you can convince them to bring out a new feature, they will keep you updated and perhaps even connect you with their R&D team, no matter how small you might feel to them. Check Point's support team is truly one of the best.

Positive

Earlier, we used to deal with Symantec, but lately Symantec has not been operating well in India. It is very difficult to even get quotations for the pricing, so we don't deal with them much nowadays.

You hardly have to click more than three times and your Harmony Connect will be configured.

The implementation for about 1,000 users is not particularly difficult. It will need a system administrator for the data, managing the security features, and maintenance, but typically two or three staff members are more than enough to handle it.

The pricing is good, especially when you compare it to other firewall or UTM solutions from FortiGate or SonicWall, where you would have to invest about four hundred thousand rupees for 100 users over a three-year period. On top of that, for those solutions you would also need to pay for the expertise to manage the solution, including 24/7 monitoring and so on.

We have considered another solution called Prisma Access from Palo Alto Networks, and it may turn out that we will need that solution instead of Harmony Connect to fulfill our future ambitions, but I don't have any personal experience with it yet.

I would rate Harmony Connect a nine out of ten.

Our primary use case is as a Security Web Gateway for off-premises users. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed. 

We wanted to be able to have one single policy, managed in one place, and for our users to have the same browsing experience whether off-prem or on-prem. It was also a primary requirement to be able to have the logs generated from Harmony merged into the same locations (SmartConsole and our SIEM) as our on-prem gateway logs go.

It has not improved our organization due to being unable to fully implement in the manner it was sold to us as being able to. 

After attempting to use the same policy for Harmony that we use for on-prem users (managed by on-prem smartConsole), and after much time going through Check Point account reps and support, we were informed it is not possible to manage Harmony Connect policy from SmartConsole if layers or source objects (such as AD users, machines) were used. 

We then were told by Check Point it would be possible to manage both policies from the same platform if we used the Management-as-a-Service Smart1Cloud smartconsole, but after further investigation, we were then later told by Check Point account executives and support that we are unable to manage Harmony policies from Smart1 Cloud, even though they are both housed in the Check Point Infinity Portal. 

It is also not even possible to send our Harmony Connect logs to the Smart1Cloud portal, again - even though they are both within the Infinity portal.

HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways. With as much traffic being HTTPS as opposed to HTTP these days it is very important to be able to run that traffic through all the security modules such as IPS and Application Control. 

We also found the SAML integration to be useful. It is handy to be able to access the portal from anywhere in the world, though as mentioned above we are not fully implementing the product at this time due to other issues.

We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). 

Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs

I've used the solution for about six months.

I have not had any issues with stability, although we have not fully used the solution in the manner intended.

I have not had any issues with cloud-based resources, so I assume it would be easily scalable.

We have had many issues with customer support on this product. 

One example: I created a support ticket for a simple issue on the product not being able to be installed on our client machines. 

It took over a month to resolve with my team having to repeatedly follow up with support in order to get a result. My team eventually had to dig into the issue at a great depth ourselves and discovered the problem - it was that Check Point developers did not properly sign multiple scripts associated with installation, which would not allow it to install in our secure environment. 

My team had to unpack the installer and dig around to examine the files and find the mistake in signing. The issue was then finally solved by Check Point developers in Tel Aviv.

Negative

We previously used Check Point Cloud Capsule, which is a similar product. However, we were never happy with its performance and its Application Control objects were very out of date. Support was always hard to get on it from Check Point as well. It was also unable to be used alongside our VPN solution (Microsoft Always-On VPN).

The initial portal setup was straightforward in that the portal is automatically provisioned. 

Getting users integrated through SAML was not straightforward in that the instructions from Check Point on linking it with Azure AD were not accurate. The pre-built Enterprise Application object within Azure AD that is provided for Harmony did not work either. We had to adjust several of the settings to make it work (which were not covered by any support article).

We handled the implementation in-house.

We have seen a negative return on investment

Pricing and licensing seemed acceptable; we have no complaints there. 

We also evaluated solutions from Cisco and Palo Alto.

Users should just make sure the solution will actually do what is expected, regardless of what the company says it can do.