Quantum SASE TechTalk December 2023: Video, Slides...

PhoneBoy · ‎2023-12-14

Slides will be added soon.
An edited Q&A will appear below the video.

Can Branch office connections be made for Site-to-Site VPN without a physical device at the location? (Example creating an IPSec tunnel with a Cisco Meraki Device)

Yes, we do support IPsec, Wireguard and OpenVPN to allow connectivity with any device.

Are you planning to integrate Perimeter 81 agent with Harmony Endpoint agent? Like a single agent for all?

This is indeed an option which we are evaluating. There are no short term plans to do so but consolidation is key.

Will current Harmony Connect licenses be transferred to Quantum SASE?

While it is possible to transition, this will not happen automatically. Please contact your local Check Point office for more information.

Is Quantum SASE thinking about doing any blocking to include country so you could add a country to a block instead of adding multiple IPs to cover the country?

We support geo blocking in our agentless solution, more policy enhancements are on the roadmap.

Just curious, is this solution able to replace say vpn blade on the firewall or is it more related to old school snx extender (clientless) VPN?

It can replace both by providing agent based and agentless access, depends on the use case.

What is the underlay of the Platform?

Most of the PoPs are owned and managed by Check Point - equipment that we buy and host in different co-locations like Equinix and others. We do use some semi private PoPs which are owned by 3rd party cloud vendors but are managed by us.

Roadmap-wise: Which parts of Perimeter81 are here to stay, which ones will be integrated into other products, will other products merge into Perimeter81/Quantum SASE, will parts of Perimeter81 become deprecated?

Most if not all the parts of P81 will stay and further expanded. We are integrating the management portal to the infinity portal at the end of this month.

Hi, can Quantum SASE support VOIP traffic? Some competing solutions do not.

Yes, we should be able to support that.

When adding Web filtering rules how does the system process these rule?

Top down, as a regular firewall policy. TLS inspection is performed directly on the endpoint device.

Do you have any white papers on the agentless solution?

https://support.perimeter81.com/docs/360008864000-managing-application-access

Is an app need for Quantum SASE work on a mobile device?

Yes, apps are available for iOS and Android.

What's the roadmap for integrating SDWAN into Quantum SASE? After SDWAN integration, can we use QSASE as a backbone so all branches will be connecting to QSASE fog and domains behind them can access to each other without having an agent installed?

Yes, that is the direction and we’re planning to introduce branch security and SD-WAN in 2024.

When is CASB coming to Quantum SASE?

CASB is a high priority item on our 2024 roadmap.

Can the end user select the VPN tunnel depending on their geographic access needs?

Users are redirected automatically to closest location, but can switch between networks if needed.\

Are web filtering rules implicit deny or allow?

Implicit allow as a baseline.

Does Quantum SASE support non-English languages?

Not at this time, but we are considering others.

How does the agentless access work?

Reverse proxy via cloud edge, more info here:https://support.perimeter81.com/docs/360008864000-managing-application-access

Will there be a unified policy between SASE/Smart-1/Endpoint at some point?

We’re currently exploring this.

Will there be an "easy" way to move from Harmony Connect to Quantum SASE?

Right now it is a manual process to convert, but we are working on tools to simplify this migration.

Does the Platform support Multitenancy?

Yes, you can manage multiple tenants within one “parent” tenant, you can also run multiple networks within one tenant.

Do you have a selectable to importable app list for rules? As in, Allow "Youtube" instead of adding all the youtube urls/ips individually for the rule.

We have an FQDN support, so you can type *.youtube.com to have a match on the rule.

Is Quantum SASE managed using Infinity Portal?

Not currently, but this will be available soon.

Will there be allowed connection logs for auditing of resource access in the future? Currently only blocked network traffic is logged.

For SWG - allow logs are planned to be introduced in 2024.
For FWaaS we log all the traffic.

Is the agentless option an add-on?

It’s included in all the plans

How I connect my corporate network to Quantum SASE network ?

There are 3 options:

IPsec Site to Site VPN
VM based connector
OpenVPN tunnel from simple router you can buy at best buy for home offices etc

What about adding specific HTTP headers to traffic towards a specific urls/ domain?

Possible with private applications, not SWG.

What does "Solution Architect included in base price" mean?

Customer Success Engineer that will help you during the on-boarding and any support you’d need throughout your contract.

What about DLP?

Planned for future.

Do you decrypt https on the user computer?

Yes.

Can i block Private Google acount and enable organisation google Workspace access only using this SWG?

Not yet, this will be possible with CASB

Are we adding additional security functionality to the Quantum SASE client?

We’re planning to bring Check Point’s security engines in Quantum SASE in 2024, stay tuned

Does Quantum SASE offer MSSP?

Of course, We have a really great MSSP feature set including multi-tenancy, role based access, tiered pricing and we gained really great success in that segment. We put a lots of focus there alongside enterprise growth.

Is Firewall as a Service part of the offering in addition to PIA - IA - SD_WAN?

Yes it is included in Private Access package.

How to do you collect user identity?

We integrate with various iDP out of the box, generic SAML and LDAP.

For OS restriction, is Linux OS supported?

Yes.

When do we going to have access to a lab/Demo environment?

For Partners that have access to DemoPoint, there is a blueprint for Quantum SASE. You can also reach out to sase-partners@checkpoint.com.

For customers, you can schedule a demo here: https://www.perimeter81.com/demo-cp?utm_source=cp&utm_medium=website&utm_campaign=tachtalk

Is there a place to create URL or IP lists to use in policies/rules?

Yes, we do support objects: IP, Categories, FQDNs and URLs.

For the device posture, it is possible to monitor if the antivirus is update the latest or not?

Currently, only the presence of specific AV.

Is there plans to have additional integrations besides Amazon S3, Splunk, or Sentinal?

We’re planning export of events via Infinity Portal and will support any format supported there, including generic syslog.

Where is Data Residency currently?

Presently, it's in the US only. EU is on the roadmap.

API support for Identity and Access Management solutions?

Yes, we have API support and also SCIM support

Will Quantum Gateways be supported as connectors to publish applications instead of VMs ?

Not to publish applications but our cloud edge can easily connect to a gateway.

Can we create traffic steering rules based on Users groups?

Yes

Where are your POPs?

https://support.perimeter81.com/docs/adding-regions-and-gateways

There are some functionality gaps in Quantum SASE compared to Harmony Connect

We’re working hard to complete the gaps, a lot is planned for 2024

the_rock · ‎2023-12-14

Awesome presentation 👍

Best,
Andy

SamiFares · ‎2023-12-15

I recently had the opportunity to learn about the Quantum SASE solution during your valuable presentation also no SE MASTERS23, and I was truly impressed with its capabilities.

To further explore its features and effectively present them to our customers, I would greatly appreciate it if you could provide us with the link and read-only credentials for the Quantum SASE demo. I know that there's a Demo for this purpose but I couldn't find the link to access it. This would allow us to delve deeper into the solution and tailor our presentations to the specific needs and interests of our clients.

Thank you in advance for your assistance. I look forward to the opportunity to showcase the Quantum SASE solution to our customers.

Cheers!

Sami.

the_rock · ‎2023-12-17

Absolutely...looks promising!

Andy

Best,
Andy

PhoneBoy · ‎2023-12-18

Partners should have access to a Quantum SASE Demo in TechPoint, which you can access through here:

JoSec · ‎2023-12-15

Comments and Questions

1. Remote Browser Isolation which other vendors provide

2. User Entity and Behavior analytics. This would be critical in being able to identify a possible compromised host or internal risk and utilize automation to remediate and this should be utilized across products.

3. Cloud Based Applications in Rules - I see the ability to utilize web categories but not defined cloud applications to therefore restrict access further. One example, user needs access to Google Drive and not an entire category that gives them access to additional file upload/downloads services. Other products you can utilize a cloud application object to limit that access.

4. Reporting - I did not see much in the video but this is critical when showing ROI to management. Also, some products provide continuous evaluation reports on security best practices/posture which is great when going through an audit.

5. I see that you are able to limit access by defining a program in the SWG which is great since the majority of time just the web browser needs access and not the entire system when a user is logged in. How does it identify the program, by hash or by user-agent.

6. How does the client software register itself with the service and your tenant?

7. Would be nice to be able to profile normal traffic via the VPN to get a visual on what your users are doing and the resources they are accessing. Would go a long way in restricting access to only what is needed.

8. CASB - Critical for todays SaaS applications and it must be comprehensive including risk scores and being able to remediate risky activity or unsanctioned SaaS applications.

9. DLP - Do not need to explain why this is needed.

10. Is Split tunneling supported and would you be able to utilize Checkpoint update objects and applications?

PhoneBoy · ‎2023-12-15

At present, the policy constructs are as they existed prior to the Check Point acquisition of Perimeter 81.
I assume things like Updatable Objects and definitions for Cloud applications are items that will be integrated as part of the roadmap.

CASB/DLP are roadmap items, as acknowledged in the session.
Split tunneling is supported, yes.

@Dima_M might be able to answer your other questions.

ArsathParves1 · ‎2024-02-07

where can I find the PPT deck for this session?

PhoneBoy · ‎2024-02-07

Unfortunately, we were not provided the slides.
If you're a partner, we have slides in the CheckMates for Partners section under Master Our Solutions.
Note that since we've done this webinar, the product was rebranded as Harmony SASE.

Are you a member of CheckMates?