Check Point Harmony SASE (formerly Perimeter 81) Reviews

My work started using Perimeter 81 as a replacement for our previous VPN provider. Our previous solution was Sophos. 

We are a company that is around 75% fully remote, and we are an ISO 27001 Certified legal tech solution provider to some of the largest law firms and health care providers in the UK and North America. For that reason, ensuring our internal and client data is of the highest priority. 

We use the Perimeter 81 solution to secure all of our internal cloud-based systems as well as the demo system for the products we sell to our customers.

With the previous solution, we had to have an app on our phone that would generate PIN numbers that would auto-generate. It was cumbersome and not very user-friendly. 

This solution has allowed for a more seamless login experience when accessing my files, and from a user standpoint, it is fantastic. I am barely cognizant of the fact that Perimeter is running in the background. This was not the case with our previous VPN solution. 

Direct login using Microsoft network credentials and no extra applications or manual inputting of PIN codes is probably the best feature of using Perimeter 81. Our last VPN solution required that users manually input PIN codes to confirm two-factor authentication, and the process was not very user-friendly. Moreover, logging back into Perimeter 81 is relatively user-friendly as I just need to re-type my Windows credentials in to access the VPN. Of course, having to regain access to the VPN is kind of annoying, however, it is still a much better user experience than our previous solution.

One of the more negative experiences using Perimeter 81 is the fact that I am logged off after a pre-determined amount of time which cuts off access to some of my company's resources. It's probably a configuration thing on our end, yet frustrating nonetheless. If there was a way to have quicker access to the Perimeter login page, that would probably be of great assistance when re-logging into the VPN. For instance, if the pop-up for Perimeter 81 allowed me to log in from there, that would probably streamline the process.

I've used the solution for about six months.

The product seems stable to me!

The solution is very scalable.

I have not interacted with customer service.

Positive

We used Sophos and switched. I am not sure why.

I am not sure how the setup process was handled. 

I have no idea if we have looked into monitoring for ROI.

I do not advise anyone at my company on any of those topics. 

I am not aware of the other options that were evaluated if any.

I really like Perimeter 81 as opposed to our previous VPN solution. It is a much more streamlined and user-friendly experience.

I have experience with Check Point Harmony Connect and Harmony Endpoint, mainly in an enterprise setting for the cloud-based access control and firewall functionality. It is a good, easy-to-deploy solution that is ideal when it comes to managing access to enterprise resources for those working in a home office type of scenario.

What I like about Harmony Connect is that every packet through the network is screened and filtered so that only clean packets can enter the PC. This is useful for a variety of security reasons because you no longer need to worry about things like DDoS attacks, etc.

Nowadays a lot of people are working from a home office, and Harmony Connect is an ideal solution when it comes to remote working. Let's say there is an organization of around 100-200 people — if they are working from home, they will have a strong need for enhanced firewall and UTM functionality. In this case, the organization can simply deploy Harmony Connect and the employees will have access to secure VPN connectivity.

Another point to mention is that Harmony Connect's real advantage over other solutions is that their support is excellent and they have really awesome technical staff.

The main problem with Harmony Connect is that, because it's in a new category of offerings by Check Point, there's very little marketing of the product so far, and this means that many potential users don't even know this kind of solution is available. There are also few testimonials or case studies talking about people who have used the product and fell in love with it, for example.

The second area in which they could improve is the performance of their management portal. For the end user of Harmony Connect, the performance is great and lightweight, but there is often some slowness when using the management portal as an administrator.

I have six months of experience with Harmony Connect.

Harmony Connect is very stable and its performance is good in the production environment. One of my customers has been using it for six months so far and no issues have been found.

It's a cloud offering so it scales nicely. I don't know about managing Harmony Connect beyond 1,000 users, but I'm not finding any difficulty with scaling because you just need to push the agent to the end user. I believe Check Point are using a major cloud provider such as Amazon, and I don't think scalability is an issue at all for them.

The real advantage of Harmony Connect is their support team. They are excellent, and their technical guys are really awesome. If there is any issue, you simply call them, and most of the time the issue will be resolved on the first call.

They are not very aggressive in their promotion of Harmony Connect, so you would expect that the support might be lacking but this is not the case. And when it comes to new feature requests, they are open to listening. If you can convince them to bring out a new feature, they will keep you updated and perhaps even connect you with their R&D team, no matter how small you might feel to them. Check Point's support team is truly one of the best.

Positive

Earlier, we used to deal with Symantec, but lately Symantec has not been operating well in India. It is very difficult to even get quotations for the pricing, so we don't deal with them much nowadays.

You hardly have to click more than three times and your Harmony Connect will be configured.

The implementation for about 1,000 users is not particularly difficult. It will need a system administrator for the data, managing the security features, and maintenance, but typically two or three staff members are more than enough to handle it.

The pricing is good, especially when you compare it to other firewall or UTM solutions from FortiGate or SonicWall, where you would have to invest about four hundred thousand rupees for 100 users over a three-year period. On top of that, for those solutions you would also need to pay for the expertise to manage the solution, including 24/7 monitoring and so on.

We have considered another solution called Prisma Access from Palo Alto Networks, and it may turn out that we will need that solution instead of Harmony Connect to fulfill our future ambitions, but I don't have any personal experience with it yet.

I would rate Harmony Connect a nine out of ten.

Our primary use case is as a Security Web Gateway for off-premises users. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed. 

We wanted to be able to have one single policy, managed in one place, and for our users to have the same browsing experience whether off-prem or on-prem. It was also a primary requirement to be able to have the logs generated from Harmony merged into the same locations (SmartConsole and our SIEM) as our on-prem gateway logs go.

It has not improved our organization due to being unable to fully implement in the manner it was sold to us as being able to. 

After attempting to use the same policy for Harmony that we use for on-prem users (managed by on-prem smartConsole), and after much time going through Check Point account reps and support, we were informed it is not possible to manage Harmony Connect policy from SmartConsole if layers or source objects (such as AD users, machines) were used. 

We then were told by Check Point it would be possible to manage both policies from the same platform if we used the Management-as-a-Service Smart1Cloud smartconsole, but after further investigation, we were then later told by Check Point account executives and support that we are unable to manage Harmony policies from Smart1 Cloud, even though they are both housed in the Check Point Infinity Portal. 

It is also not even possible to send our Harmony Connect logs to the Smart1Cloud portal, again - even though they are both within the Infinity portal.

HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways. With as much traffic being HTTPS as opposed to HTTP these days it is very important to be able to run that traffic through all the security modules such as IPS and Application Control. 

We also found the SAML integration to be useful. It is handy to be able to access the portal from anywhere in the world, though as mentioned above we are not fully implementing the product at this time due to other issues.

We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). 

Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs

I've used the solution for about six months.

I have not had any issues with stability, although we have not fully used the solution in the manner intended.

I have not had any issues with cloud-based resources, so I assume it would be easily scalable.

We have had many issues with customer support on this product. 

One example: I created a support ticket for a simple issue on the product not being able to be installed on our client machines. 

It took over a month to resolve with my team having to repeatedly follow up with support in order to get a result. My team eventually had to dig into the issue at a great depth ourselves and discovered the problem - it was that Check Point developers did not properly sign multiple scripts associated with installation, which would not allow it to install in our secure environment. 

My team had to unpack the installer and dig around to examine the files and find the mistake in signing. The issue was then finally solved by Check Point developers in Tel Aviv.

Negative

We previously used Check Point Cloud Capsule, which is a similar product. However, we were never happy with its performance and its Application Control objects were very out of date. Support was always hard to get on it from Check Point as well. It was also unable to be used alongside our VPN solution (Microsoft Always-On VPN).

The initial portal setup was straightforward in that the portal is automatically provisioned. 

Getting users integrated through SAML was not straightforward in that the instructions from Check Point on linking it with Azure AD were not accurate. The pre-built Enterprise Application object within Azure AD that is provided for Harmony did not work either. We had to adjust several of the settings to make it work (which were not covered by any support article).

We handled the implementation in-house.

We have seen a negative return on investment

Pricing and licensing seemed acceptable; we have no complaints there. 

We also evaluated solutions from Cisco and Palo Alto.

Users should just make sure the solution will actually do what is expected, regardless of what the company says it can do.

We primarily use Perimeter 81 for VPN purposes.

The customer support was excellent. They were very helpful whenever we needed assistance. Also, the gateway they provided worked well. The availability of support programs made it easy for us to resolve any issues promptly. The solution itself was quite similar to others we have used, so the strong support was a distinguishing factor.

There are a few areas where the solution could be improved. For instance, we sometimes encounter connectivity issues, which can be problematic. Recently, I experienced a connectivity issue while trying to move to Azure. Connectivity issues can be quite frustrating.

Moreover, in the past, they may have charged differently for their services, which could have impacted the current performance or connectivity. However, I am not entirely sure about the specifics of their previous service offerings. But overall, connectivity issues are a common occurrence when using VPNs.

We've been using Perimeter 81 for almost three months now.

Scaling Perimeter 81 was easy to do. Around 20+ users were using it.

I had a moderate level of experience with the support. During the installation phase, I found it very easy and supportive. However, after that, when I faced an issue, the support person themselves became part of the problem. We went back and forth trying to resolve the issue, but unfortunately, nothing worked out, and we had to find a solution on our own. So, that's been my experience with their support.

The installation on Azure was actually quite easy. I had to provide a couple of personal details for data installations, and then I was able to set it up. 

In Azure, there were multiple instances available for the installation, which was helpful. It was a good experience, and I was able to get it up and running smoothly.

For the installation of Perimeter 81, it didn't take long at all. Setting up the backend and connecting with the users only took about ten minutes. It was a quick process, and I didn't spend more than that time on it. However, I didn't handle the filling up of all the details myself, as that part was handled by a third person.

We only had a single point of contact for the deployment. There was one person available to assist with the installation and configuration.

When it came to maintenance, we faced some connectivity issues, and whenever that happened, we contacted their support for assistance. There were some technical workarounds provided, but sometimes the response and resolution were not satisfactory, which became frustrating. Due to this, I had to get in touch with the solution team often. Eventually, I decided to move away from their service.

Perimeter 81 charges separately for gateways and VPN connectivity, but compared to Azure, it seemed more reasonable. Azure's pricing details were not as clear as Perimeter 81's. While Azure team mentioned certain areas, Perimeter 81 provided a clearer breakdown of the pricing, making it more understandable. So, I would say it was moderate in terms of cost.

Perimeter 81 offers both monthly and yearly licensing options. Users can choose whichever option they prefer based on their needs and preferences.

For those planning to use Perimeter 81, I would recommend going ahead with it. However, I suggest ensuring that there is a reliable tech support process in place. It's essential to know which person would be available for assistance so that you can connect with them anytime you face any issues. Also, it's important to avoid any support connectivity issues during usage. In my experience, they were in a good space when it came to using the solution.

Overall, I would rate the solution a six out of ten. 

I use Perimeter 81 primarily for VPN connections and work and home banking. Additionally, I use it for some oil and gas applications. You should also consider using it for SD-WAN solutions. In fact, SD-WAN is one of the primary solutions offered by Perimeter 81.

In order to minimize costs, you can use a zero-trust security model. We also use VPN to interconnect many branches, for example, here in Nigeria, for an operator in the oil and gas industry. We have a high frequency in our network.

For us, SD-WAN is the most valuable feature. They provide a unique advantage for banking purposes and are also different from other solutions. VPN is good for security.

One of our challenges is ensuring the security of our cloud-based operations. We place a high priority on security and take measures to protect our data. We avoid using public cloud services and instead rely on data centers to collect data for both small and large branches.

In the next release, I would like to see more improvement in security capabilities.

I have been using Perimeter 81 for ten years. I am working with the latest version.

It is a very stable solution. It efficiently ensures security. We also use VPN to touch cloud and ensure secure information. However, for a specific company, we may need to improve security. The code is updated biweekly.

The scalability of Perimeter 81 depends on your equipment and routers. Different solutions may require different approaches. It is also a PLS to control.

The customer service was good. We needed to make some configurations, and it was the same as with other providers because it's a solution we use.

The initial setup is easy. The deployment process is different for each project, and it depends on the project's scope, such as the type of network and the kind of project. If you use IP and POS, it's different from if you don't use them.

It's possible to implement it in-house, or we can get some help. As for the technical aspects, we have six people who are required for the deployment and maintenance. We plan to increase the number of users for Permieter 81 in our company.

The system should think about how to maximize the ROI and minimize the OpEx cost for the customer. When you use a good solution, you can decrease your supply costs, increase engineering, reduce repair costs, and increase product stability. It's a win-win solution where the customer wins, and you win.

I would definitely recommend using Perimeter 81. Overall, I would rate the product a nine out of ten, but I would like to improve its security.

I'm using it for the VPN, I work from a home office and need to access data from different websites. I'm a front-end web developer for a famous brand, working remotely from another country, and the content I have to access must be from different countries. There are some internal tools we must use too, and we must access them with a VPN. Some of these tools are on mobile too, so we also have to install VPN solutions on mobile phones. I have to use a tool that we can access multiple VPNs and switch regions with ease.

We use some VPN solutions, and Perimeter 81 has the best user experience for desktop or mobile. The other solutions have more steps to set up, are more complicated and it was not a good experience. Unfortunately, I can't use Perimeter 81 for all VPN use cases, due to the company's policy, however, when I can, I always choose it. 

I have to use it on my phone too, and my smartphone was not compatible with the other VPN solutions (old Android version), but Perimeter 81 works on old mobile phones and is very light. 

The best points of Perimeter 81 are the:

- User experience
- Design
- Ease of use
- Support for mobile and desktop
- Very light mobile app

The other VPN tools have some old interface with a not great user experience. I use a Mac and the interface looks like an old Windows App. Perimeter 81 is very pretty. My phone is an old Android version (I cannot upgrade right now) and I could not use the other tools to access the VPN because their two-step authentication app could not run on my phone. Perimeter 81 app works on old phones and is very lightweight. The battery consumption is very low. 

I am very satisfied with the product right now. I don't know if it is technically feasible, however, if the Desktop App could be used as a Web App or a Chrome Extension it would be very nice. It would help a lot if I could click a link with the right-click and select from a range of options like: "Open a with VPN: Network main" and that tab would open with VPN activated only on that. And then I could refresh the tab with the VPN on or off. When I access a URL, the Extension could have an option like: "Reload current tab with VPN".

I've used the solution for two months.

I didn't have to deal with any bugs so far.

Our team is big, from people all around the world. Everybody is using a VPN. It scales well.

Until now, I have not needed to reach out for service support.

Neutral

Yes, I did use a different solution, however, I didn't make a full switch as some tools we use can only be accessed with specific VPN tools. That said, when I can choose, I prefer Perimeter 81 due to its ease of use.

It was very easy to set up.

Our IT team provided a step-by-step to setup the solution.

I don't deal with the billing.

I don't deal with billing, however, it would be nice to have a time trial.

IT selects the tools we use. I did not evaluate others.

I'd advise others to use it if you need to access VPN for both desktop and mobile.

In our company, Quantum SASE is available for namesake in our environment since we rely on Check Point Secure Web Gateway for its firewall functionalities. Most of our company's customers use firewalls from Check Point Software, Palo Alto, or Fortinet. The simple use case of the tool for our company's customers stems from the fact that they have a general internal network or many users for which a firewall is required to secure the network traffic flow and communications that happen from outside to inside the company.

When it comes to Check Point Quantum SASE, though the OEM provides security, it is not 100 percent full-fledged to meet the requirements from the customers' end. There are no OEMs in the market that provide 100 percent security. The security of the product has to be improved.

I have been using Check Point Quantum SASE for seven years.

The product's stability is very good. Stability-wise, I rate the solution a nine out of ten.

In firewall products, scalability is not required. If you set up the two firewall tools, no scalability is required. Scalability-wise, I rate the solution a nine out of ten.

My company deals with 20 or 30 customers of the tool.

My company's customers extensively use the product.

The support from Check Point Quantum SASE is very good, and the response from the support team is fast. The support from Check Point Quantum SASE is customer-friendly and knowledgeable about troubleshooting issues.

The product's initial setup phase is very simple.

The product's installation process consists of racking, stacking, and mounting, after which a user can directly start the appliance and configure the HA status and policies.

The solution is deployed on an on-premises model.

The solution can be deployed in two or three days.

One engineer is required to take care of one single deployment process.

The ROI of the tool can be calculated depending on the tool's ability to be used for multiple use cases and protect the confidential data of users. It is very simple to calculate the product's ROI. If you use Check Point Quantum SASE, then your internal users are protected from outside attackers.

Check Point Quantum SASE provides SASE functionalities with all the required features. Check Point Quantum SASE's price is higher than what its competitors offer. The price of the product is something that depends on the requirements, and the purchase or order value of the customers.

The price of the tool depends on whether customers need SMTP, NGTP, or Check Point NG licenses.

I consider the product to be a medium-priced solution. There are no additional costs attached to the tool.

The solution enhances the ability of our company's remote workforce to secure access to corporate resources since we use VPN to secure work-from-home users and domain users.

Check Point Quantum SASE offers all the features essential for threat prevention, threat emulation, threat extraction, anti-spam, and anti-malware.

In relation to Check Point Quantum SASE, I haven't worked with the part involving WAN architecture. I only handle cybersecurity for a portfolio with respect to the LAN segment, and not WAN segment.

I rate the tool's performance a ten out of ten.

Check Point Quantum SASE can be described as the world's best security product without a doubt since it is a market leader in its segment.

The performance and reliability offered by the tool depend on the customer environment, and after considering aspects like throughput, how many users, and how many concurrent connections, my company plans the sizing part of the tool.

The value of working with the tool is good, as it can secure users, environments, and applications.

I rate the tool a nine out of ten.

This tool was acquired when the organization made the decision to move the entire infrastructure to the cloud. It was going to handle different types of schemes such as IaaS and SaaS up to Office 365, so all these schemes were going to meet the need for accessibility by users. We needed a tool with complex, centralized management that would help us prevent all types of malicious attacks both from inside and outside in order to guarantee security and reliability for all our clients.

Since the implementation of Harmony, we managed to establish excellent communication in all environments. It has helped us a lot in preventing cyber attacks from anywhere, such as remote users, internet SaaS, and IaaS. In addition, it provides us with real-time information so we can make decisions immediately and achieve complete analysis to be able to carry out compliance management for the corresponding audits.

The tool has many valuable features - such as protection against threats. It also has centralized management that allows administrators to supervise and control the security of the entire network. The VPN and authentication functions guarantee secure and efficient connections from anywhere in the country, device, or network. Due to these characteristics, the tool is one of the best on the market.

They should improve certain features, although they have a modern graphical interface. They can centralize the options or have faster access to options, in addition to improving the authentication to the tool since sometimes it presents problems when entering. In a future version of the tool, they could add a space where information on common errors is shown so that there would not be much dependence on the support they offer.

I managed to use it for approximately two years.

It is a stable tool; I very rarely have problems.

Regarding scalability, it is very good. It behaves and integrates very well with other tools.

Support is one of the points of improvement. They should focus on this part as they are not complying with the SLAs.

Positive

There was no solution implemented previously. This was done when it was decided to implement a cloud implementation.

The implementation is a little complicated at first; its learning curve is intermediate.

The implementation was carried out with the vendor who demonstrated considerable skill in managing the solution.

It is an investment that must be considered and looked at very carefully. You need to understand what type of tool is needed since it is an important contribution to online safety.

The installation is simple once you know how to do it. At first, it is somewhat complicated- especially the configuration. Once you learn, it's very easy. The cost was one of the best quotes we found with the features we needed.

We explored several tools on the market, such as Barracuda CloudGen Firewall, Sophos XG Firewall, and Fortinet FortiGate.

It is a very complete and competitive tool in the marketplace.