What is our primary use case?
We needed to connect the branches with the users, and, in turn, we needed to connect the users with the applications of the organization. However, we needed to secure this connection since the users were at home. The branches had Citrix SD-WAN and therefore we needed a solution that would integrate with the current solution that connected the branches to the central site.
The client's requirements were that the solution could:
- Be designed to prevent the most evasive cyberattacks
- Have Zero-Trust network access to enterprise applications
- Secure Internet access for remote users
- Protect branch office (SD-WAN) connections to the Internet and the cloud
How has it helped my organization?
I have worked with Check Point Harmony Connect, which is a Secure Access Service Edge (SASE) solution, which unifies multiple cloud-delivered network security products to prevent sophisticated cyberattacks and simplify policy management.
I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.
The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.
What is most valuable?
One point to keep in mind is that it is a user-centric solution.
Additionally, the solution has an integration with Citrix SD-WAN that allows a remote implementation in each of the branches.
Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization.
I find it very easy to implement and deploy in the organization.
What needs improvement?
A ZTNA architecture is designed to reduce cybersecurity risk by eliminating implicit trust within an organization's IT infrastructure.
Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.
It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.
For how long have I used the solution?
I've been using the solution for almost two years.
What do I think about the stability of the solution?
Check Point Harmony Connect is quite stable in the implementation I did together with Citrix SD-WAN.
Citrix SD-WAN appliances are SDN/NFV-ready platforms designed to host virtualized network functions (VNFs).
Hosting a Check Point virtual machine (VM) on Citrix SD-WAN branch appliances provides customers with granular control of their security and data.
Together, the integrated SD-WAN and advanced Threat Prevention platform provide secure and optimized WAN connectivity over Internet links and WAN connections. By dramatically simplifying deployments and reducing costs, Check Point and Citrix SD-WAN provide enterprises with an affordable and secure remote branch office security solution.
What do I think about the scalability of the solution?
I find it very easy to implement and deploy in the organization.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
What's my experience with pricing, setup cost, and licensing?
This is a SaaS. For this reason, the cost, pricing, and licensing depend according to your necessity.
Which other solutions did I evaluate?
I also looked into Forcepoint SASE.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.