Although the interface is user-friendly, further simplification and customization options tailored for non-technical users would benefit smaller firms without dedicated IT teams. Intuitive dashboards and guided setups can help in reducing the learning curve. Increasing the automation capabilities for threat detection, response, and reporting can help reduce the manual workload on IT staff. Automated compliance reporting tailored to regulatory requirements could be particularly beneficial.
There is a hefty cost, but it has excellent coverage. We need SASE management for five websites, including streamlining, logging, and monitoring. The solution offers the final customer three cloud coverage options and an excellent price point. Our competitors are Palo Alto, Cisco, Symantec, and Solar. If the dashboard allows the PMS administrator to easily and quickly deploy configurations, it will facilitate the solution's faster deployment.
When it comes to Check Point Quantum SASE, though the OEM provides security, it is not 100 percent full-fledged to meet the requirements from the customers' end. There are no OEMs in the market that provide 100 percent security. The security of the product has to be improved.
Learn what your peers think about Check Point Harmony SASE (formerly Perimeter 81). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
While the product has been instrumental in enhancing security, continuous improvement is essential. Feedback from users and ongoing technological advancements should guide the refinement of these security measures. Exploring ways to streamline the integration process and optimize performance ensures a seamless experience for developers and users. Additionally, fostering an open dialogue with the security community and staying attuned to emerging threats aids in identifying areas for improvement. Regular updates and patches to address vulnerabilities improve the tool's longevity and effectiveness.
Harmony Connect has two components: one for accessing the internet and the other for accessing the corporate network. The Access intelligence lab is particularly useful because it eliminates the need to purchase a separate firewall for the branch office. Instead, you can connect the Check Point VPN, providing you with Check Point Harmony Connect firewall functionality for monitoring traffic. The setup is easy, but it depends on the router configuration. The router configuration, in turn, will depend on the specific releases. The configuration could be improved.
They should improve certain features, although they have a modern graphical interface. They can centralize the options or have faster access to options, in addition to improving the authentication to the tool since sometimes it presents problems when entering. In a future version of the tool, they could add a space where information on common errors is shown so that there would not be much dependence on the support they offer.
Security Engineer at Down To Earth Technologies Ltd.
Real User
Top 20
2023-11-02T11:29:20Z
Nov 2, 2023
The product is a bit heavy on the machine. Sometimes, the product is very slow. When we connect an external hard disk, it takes the product quite some time to go through the files and allow us to access them.
In our organization, we use two managed SaaS products or technology at a time when everything appears to be moving to the cloud, and we still work with tools like Check Point Harmony Connect that require a license since the problem related to the product lies in the licensing part, the aforementioned details should be considered to improve the product. The complex initial setup phase of the product is an area that can be improved.
Manager Cyber Security at a energy/utilities company with 1,001-5,000 employees
Real User
Top 20
2023-02-06T08:27:33Z
Feb 6, 2023
The integration from a management perspective could be improved so that the management can, from an existing Check Point firewall, manage a Harmony firewall through one pane of glass. I would like to see the use of either GRE or non-IP tunnels in the next release.
My customers want more remote functionality. They need another routing option after they connect to the enterprise intranet. For example, let's say a user tries to connect to a remote branch office and headquarters through Harmony Connect. They need a local breakout after connecting to the headquarters, especially in China. They need to put local breakout in the Chinese internet. The current version cannot do something like this.
Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options. Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap. Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.
The main problem with Harmony Connect is that, because it's in a new category of offerings by Check Point, there's very little marketing of the product so far, and this means that many potential users don't even know this kind of solution is available. There are also few testimonials or case studies talking about people who have used the product and fell in love with it, for example. The second area in which they could improve is the performance of their management portal. For the end user of Harmony Connect, the performance is great and lightweight, but there is often some slowness when using the management portal as an administrator.
Check Point Harmony Connect has basic improvement areas, such as the following: * In order to be able to invite users, send the agent and implement it, the user input must be generated manually. It would be easier if we could add them automatically via automation. * The guides for some capabilities are limited or do not represent the reality of the application. It is difficult to find 100% reliable documentation. It is not always possible to perform all the steps due to some problems. Some manuals are not so intuitive.
They could improve on the available public documentation. The most modern applications or features of Check Point are difficult to find in their documentation for implementation. According to the manufacturer, sometimes it happens that the manual is applied, yet the desired implementation is not achieved. Also, as seen in our support cases, it is somewhat slow to solve problems. There are other manufacturers that have better support. They can improve on that part and prevent customers from complaining about how they provide solutions.
One of the areas that should be improved is the ability to make the software less heavy for laptops that handle a relatively normal performance since, if it is used with a computer with high performance, Harmony behaves well and does not cause slowness. This made us uninstall the product on several collaborator machines as the performance of the PC dropped a lot. Some programs, like Teams, do not work and this causes us issues where we cannot monitor those machines.
Sometimes downloading PDF files can be slow. It may take a while to scan the downloaded files. On some computers, the Check Point Harmony Connect agent can be a bit heavy to run in terms of CPU and Memory resources. Transparency to end-users could be improved. More compatible applications can be included. The support provided could be improved for when problems arise that require support from the Check Point team. Check Point is an expensive product so support should be more adequate. Some EDR features may still be under development and may need more time to be ready for use on a larger scale.
Project Management and Deployment Team Leader at Sefisa
MSP
2022-04-06T17:50:00Z
Apr 6, 2022
A ZTNA architecture is designed to reduce cybersecurity risk by eliminating implicit trust within an organization's IT infrastructure. Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness. It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.
Cloud Support at a tech company with 51-200 employees
User
2022-04-06T15:56:00Z
Apr 6, 2022
Previously, it was not available for Mac. They could also verify the time at which the emails arrive. Sometimes it takes a while. The console, the inclusion of users, could be massive. We should have to add them one by one. Doing it in bulk would make it easier for administrators. We need to verify if the agent is providing latency in the equipment. Some collaborators indicated that the product could be occupying a lot of performance of the equipment for which they sometimes complain.
Information Security Team Lead at Oregon State Treasury
Real User
2022-04-06T14:53:00Z
Apr 6, 2022
We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs
We have noticed that sometimes even performing just a few changes in the portal, the installation takes a long time to finish. The access to the portal should be faster. It shouldn't crash a lot. We have a lot of crashes right now. We noticed that, for some days of the month, the portal would be down and not accessible depending on the time that we tested. Sometimes we performed some changes after work or at dawn to minimize the impact that it could cause to the users. However, sometimes the portal is not online as we expect it to be or we need to reload the page a few times before it works. I would give it a score of eight out of ten due to the portal being slow.
As it is a new market solution, I still face some instabilities in access at certain times of the day when I have more than 150 users using it simultaneously. It would be interesting for the solution to have something that monitors and scales more resources by itself so that these instabilities do not occur. Another problem faced is that, regarding the audit, native RDP sessions, as well as the database, are not recorded and it is not possible to audit the use by the collaborators. These two points would be important for the evolution of the tool.
Perimeter 81 is a cloud-based network security and software-defined perimeter (SDP) solution designed to provide secure access to resources in the cloud, data centers, and on-premises environments. It offers a unified platform for organizations to manage and secure their network infrastructure, regardless of the location or type of resources.
Perimeter 81 Benefits:
Easy to use
Flexible access policies
Strong encryption and authentication protocols
Scalable
Compatible with various...
Although the interface is user-friendly, further simplification and customization options tailored for non-technical users would benefit smaller firms without dedicated IT teams. Intuitive dashboards and guided setups can help in reducing the learning curve. Increasing the automation capabilities for threat detection, response, and reporting can help reduce the manual workload on IT staff. Automated compliance reporting tailored to regulatory requirements could be particularly beneficial.
The Point locations need to improve the latency and speed.
The platform's pricing can be an issue for smaller companies, as the cost may be higher than for larger organizations.
The tool could be more user-friendly.
There is a hefty cost, but it has excellent coverage. We need SASE management for five websites, including streamlining, logging, and monitoring. The solution offers the final customer three cloud coverage options and an excellent price point. Our competitors are Palo Alto, Cisco, Symantec, and Solar. If the dashboard allows the PMS administrator to easily and quickly deploy configurations, it will facilitate the solution's faster deployment.
When it comes to Check Point Quantum SASE, though the OEM provides security, it is not 100 percent full-fledged to meet the requirements from the customers' end. There are no OEMs in the market that provide 100 percent security. The security of the product has to be improved.
While the product has been instrumental in enhancing security, continuous improvement is essential. Feedback from users and ongoing technological advancements should guide the refinement of these security measures. Exploring ways to streamline the integration process and optimize performance ensures a seamless experience for developers and users. Additionally, fostering an open dialogue with the security community and staying attuned to emerging threats aids in identifying areas for improvement. Regular updates and patches to address vulnerabilities improve the tool's longevity and effectiveness.
Harmony Connect has two components: one for accessing the internet and the other for accessing the corporate network. The Access intelligence lab is particularly useful because it eliminates the need to purchase a separate firewall for the branch office. Instead, you can connect the Check Point VPN, providing you with Check Point Harmony Connect firewall functionality for monitoring traffic. The setup is easy, but it depends on the router configuration. The router configuration, in turn, will depend on the specific releases. The configuration could be improved.
They should improve certain features, although they have a modern graphical interface. They can centralize the options or have faster access to options, in addition to improving the authentication to the tool since sometimes it presents problems when entering. In a future version of the tool, they could add a space where information on common errors is shown so that there would not be much dependence on the support they offer.
The product is a bit heavy on the machine. Sometimes, the product is very slow. When we connect an external hard disk, it takes the product quite some time to go through the files and allow us to access them.
In our organization, we use two managed SaaS products or technology at a time when everything appears to be moving to the cloud, and we still work with tools like Check Point Harmony Connect that require a license since the problem related to the product lies in the licensing part, the aforementioned details should be considered to improve the product. The complex initial setup phase of the product is an area that can be improved.
Automation and scalability are areas where the solution lacks and needs to improve.
The integration from a management perspective could be improved so that the management can, from an existing Check Point firewall, manage a Harmony firewall through one pane of glass. I would like to see the use of either GRE or non-IP tunnels in the next release.
My customers want more remote functionality. They need another routing option after they connect to the enterprise intranet. For example, let's say a user tries to connect to a remote branch office and headquarters through Harmony Connect. They need a local breakout after connecting to the headquarters, especially in China. They need to put local breakout in the Chinese internet. The current version cannot do something like this.
The solution requires you to buy a minimum of 50 licenses and that is not practical.
Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options. Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap. Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.
The main problem with Harmony Connect is that, because it's in a new category of offerings by Check Point, there's very little marketing of the product so far, and this means that many potential users don't even know this kind of solution is available. There are also few testimonials or case studies talking about people who have used the product and fell in love with it, for example. The second area in which they could improve is the performance of their management portal. For the end user of Harmony Connect, the performance is great and lightweight, but there is often some slowness when using the management portal as an administrator.
Check Point Harmony Connect has basic improvement areas, such as the following: * In order to be able to invite users, send the agent and implement it, the user input must be generated manually. It would be easier if we could add them automatically via automation. * The guides for some capabilities are limited or do not represent the reality of the application. It is difficult to find 100% reliable documentation. It is not always possible to perform all the steps due to some problems. Some manuals are not so intuitive.
They could improve on the available public documentation. The most modern applications or features of Check Point are difficult to find in their documentation for implementation. According to the manufacturer, sometimes it happens that the manual is applied, yet the desired implementation is not achieved. Also, as seen in our support cases, it is somewhat slow to solve problems. There are other manufacturers that have better support. They can improve on that part and prevent customers from complaining about how they provide solutions.
One of the areas that should be improved is the ability to make the software less heavy for laptops that handle a relatively normal performance since, if it is used with a computer with high performance, Harmony behaves well and does not cause slowness. This made us uninstall the product on several collaborator machines as the performance of the PC dropped a lot. Some programs, like Teams, do not work and this causes us issues where we cannot monitor those machines.
Sometimes downloading PDF files can be slow. It may take a while to scan the downloaded files. On some computers, the Check Point Harmony Connect agent can be a bit heavy to run in terms of CPU and Memory resources. Transparency to end-users could be improved. More compatible applications can be included. The support provided could be improved for when problems arise that require support from the Check Point team. Check Point is an expensive product so support should be more adequate. Some EDR features may still be under development and may need more time to be ready for use on a larger scale.
A ZTNA architecture is designed to reduce cybersecurity risk by eliminating implicit trust within an organization's IT infrastructure. Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness. It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.
Previously, it was not available for Mac. They could also verify the time at which the emails arrive. Sometimes it takes a while. The console, the inclusion of users, could be massive. We should have to add them one by one. Doing it in bulk would make it easier for administrators. We need to verify if the agent is providing latency in the equipment. Some collaborators indicated that the product could be occupying a lot of performance of the equipment for which they sometimes complain.
We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs
We have noticed that sometimes even performing just a few changes in the portal, the installation takes a long time to finish. The access to the portal should be faster. It shouldn't crash a lot. We have a lot of crashes right now. We noticed that, for some days of the month, the portal would be down and not accessible depending on the time that we tested. Sometimes we performed some changes after work or at dawn to minimize the impact that it could cause to the users. However, sometimes the portal is not online as we expect it to be or we need to reload the page a few times before it works. I would give it a score of eight out of ten due to the portal being slow.
As it is a new market solution, I still face some instabilities in access at certain times of the day when I have more than 150 users using it simultaneously. It would be interesting for the solution to have something that monitors and scales more resources by itself so that these instabilities do not occur. Another problem faced is that, regarding the audit, native RDP sessions, as well as the database, are not recorded and it is not possible to audit the use by the collaborators. These two points would be important for the evolution of the tool.