Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Harmony SASE Masters Migration: Video, Slides, and Q&A

Slides are below the the Q&A, which is listed below the video.

PhoneBoy_0-1714675197287.gif

Is it Harmony SASE or Perimeter 81?

Harmony SASE, which is based on our acquisition of Perimeter 81. Perimeter 81 branding is still used in many places.

I understand that Harmony connect is going to be replaced by Harmony SASE and that SASE would be based on Perimeter 81, is that correct?

Harmony SASE is the replacement for Harmony Connect and is based on our Perimeter 81 acquisition. Harmony Connect was declared End of Sale at the end of 2023.

So traffic is throttled with Harmony SASE?

Quite the opposite. Because we are using our own POPs (not Public Cloud providers like the other SASE players use), there is better speed at lower latency.

Has Perimeter81-portal been migrated to Infinity Portal?

Yes

Can you limit access via a specfic browser as well for employee internet access? For example, a user can access the inetrnet but only from Edge Chromium.

Yes

Where can I find the complete implementation documentation?

https://support.perimeter81.com/docs has a Quickstart guide. For larger implementations, we also provide assistance.

In regards to employee internet access, do you support access via application not only category for granular control and do you support updateable objects?

We support access by Application and Category. Updatable Objects (similar to what is available in Quantum Security Gateways) are on the roadmap.

Can we use on-premise Active Directory as an identity source?

Yes.

Is UEBA (User Entity Behavior Analytics) a feature within the platform and be able to take an action on that behavior?

Not presently, but it's on the roadmap.

For tunnels in remote connections, do you integrate through SDWAN appliances or VMs?

We provide connectivity to on-premise/cloud resources via a number of methods:

Does Check Point inform clients of all vulnerabilities in its SASE infrastructure that have to be patched/fixed?

Harmony Endpoint (different product) offers this.

Is the firewall policy managed separately or as part of the normal Check Point policy?

The policy is different at current.

In Harmony SASE, is there an option to unlock clientless users in the case the user fail to login to the web portal?

Yes

Does the Solution include DLP?

Not currently, but this is on the roadmap for 2024.

With the SASE client, will that enforce a local firewall policy as well or just forward all ports and protocols to the SASE instance?

Yes, we do filtering directly on the client.

THE IWG root certificate is always necessary on client? How is used ?

For inspection of web content.

Is there a third party analyst report which is listing Harmony SASE or P81 (before aquired by Check Point)?

Yes.

I can record session for remote access (e.g. RDP)?

On the roadmap.

Can we do deploy SASE Platform on-premise?

While there are elements deployed on-premise for connectivity purposes, SASE is cloud-based by design.

Is RBI covered in project?

We do not use Remote Browser Isolation technologies in our solution, it is done through an agent on the Endpoint.

Is there a roadmap to integrate the Perimeter 81 client into the existing Endpoint Security client, say, for a customer that's also doing FDE?

The roadmap for this is not yet finalized. 

What About Data Residency outside of EU and the US?

Please contact your local Check Point office with your requirements.

CASB Support?

On the roadmap for 2024.

Can the log be exported to a log server? (XDR;Splunk;ELKSTACK;or other Vendors)

Yes

How will the security be enforced really? will it still be the GAIA OS? what is currently enforcing security? Linux IP tables?

This is largely a function of the device used to connect your SASE users to your on-prem resources. This can be a Check Point gateway and you can define the relevant policy there. For other devices, consult the relevant vendor documentation.

For the endpoint inspection, if we aim to do inspection on the computer, how heavy will this be on a computer? And how will we compare with the current endpoint client?

The agent does not have significant hardware requirements.

Do we have a jump start course form Harmony SASE ?

Not yet, stay tuned!

How does the client version update process work?

Depending on the configured posture policy, updates can be pushed directly from Harmony SASE, the user can be prompted to install the updated client, or the updates can be pushed manually through an MDM or similar. 

What is the equivalent of the Harmony Connect on-premise Connector docker instance? I believe it’s a VM.

While we do not provide a pre-built docker or VM, it is possible to create one using our Wireguard Connector: https://support.perimeter81.com/docs/wireguard-for-linux 

Does the agent work in always on mode? And some split tunneling for handling streaming web sites or it is already builtin?

Yes.

What is the platforms log retention? 

Currently 90 days.

Is direct connectivity possible from clients to targets other than public internet, for example via existing site-2-site vpn's?

Yes

Is there already an API which can be used?

Yes: https://support.perimeter81.com/docs/api-getting-started

Is there support for rules based on country location for remote access and Internet access?

Yes

I saw that with 2FA Harmony SASE supports Google Authenticator/Microsoft Authenticatro/etc. ... what about hardware devices like Yubico ?

Depends on the Identity Provider you are using.
If you are not using an external Identity Provider, the supported options for MFA are SMS, Google Authenticator, and Duo: https://support.perimeter81.com/docs/two-factor-authentication 

 

1 Reply
the_rock
Legend
Legend

Very informative!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events