Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Quantum SASE TechTalk December 2023: Video, Slides, and Q&A

Slides will be added soon.
An edited Q&A will appear below the video.

Can Branch office connections be made for Site-to-Site VPN without a physical device at the location? (Example creating an IPSec tunnel with a Cisco Meraki Device)

Yes, we do support IPsec, Wireguard and OpenVPN to allow connectivity with any device.

Are you planning to integrate Perimeter 81 agent with Harmony Endpoint agent? Like a single agent for all?

This is indeed an option which we are evaluating. There are no short term plans to do so but consolidation is key.

Will current Harmony Connect licenses be transferred to Quantum SASE?

While it is possible to transition, this will not happen automatically. Please contact your local Check Point office for more information.

Is Quantum SASE thinking about doing any blocking to include country so you could add a country to a block instead of adding multiple IPs to cover the country?

We support geo blocking in our agentless solution, more policy enhancements are on the roadmap.

Just curious, is this solution able to replace say vpn blade on the firewall or is it more related to old school snx extender (clientless) VPN?

It can replace both by providing agent based and agentless access, depends on the use case.

What is the underlay of the Platform?

Most of the PoPs are owned and managed by Check Point - equipment that we buy and host in different co-locations like Equinix and others. We do use some semi private PoPs which are owned by 3rd party cloud vendors but are managed by us.

Roadmap-wise: Which parts of Perimeter81 are here to stay, which ones will be integrated into other products, will other products merge into Perimeter81/Quantum SASE, will parts of Perimeter81 become deprecated?

Most if not all the parts of P81 will stay and further expanded. We are integrating the management portal to the infinity portal at the end of this month.

Hi, can Quantum SASE support VOIP traffic? Some competing solutions do not.

Yes, we should be able to support that.

When adding Web filtering rules how does the system process these rule?

Top down, as a regular firewall policy. TLS inspection is performed directly on the endpoint device.

Do you have any white papers on the agentless solution?

https://support.perimeter81.com/docs/360008864000-managing-application-access 

Is an app need for Quantum SASE work on a mobile device?

Yes, apps are available for iOS and Android.

What's the roadmap for integrating SDWAN into Quantum SASE? After SDWAN integration, can we use QSASE as a backbone so all branches will be connecting to QSASE fog and domains behind them can access to each other without having an agent installed?

Yes, that is the direction and we’re planning to introduce branch security and SD-WAN in 2024.

When is CASB coming to Quantum SASE?

CASB is a high priority item on our 2024 roadmap.

Can the end user select the VPN tunnel depending on their geographic access needs?

Users are redirected automatically to closest location, but can switch between networks if needed.\

Are web filtering rules implicit deny or allow?

Implicit allow as a baseline.

Does Quantum SASE support non-English languages? 

Not at this time, but we are considering others.

How does the agentless access work?

Reverse proxy via cloud edge, more info here:https://support.perimeter81.com/docs/360008864000-managing-application-access

Will there be a unified policy between SASE/Smart-1/Endpoint at some point?

We’re currently exploring this.

Will there be an "easy" way to move from Harmony Connect to Quantum SASE?

Right now it is a manual process to convert, but we are working on tools to simplify this migration.

Does the Platform support Multitenancy?

Yes, you can manage multiple tenants within one “parent” tenant, you can also run multiple networks within one tenant.

Do you have a selectable to importable app list for rules? As in, Allow "Youtube" instead of adding all the youtube urls/ips individually for the rule.

We have an FQDN support, so you can type *.youtube.com to have a match on the rule.

Is Quantum SASE managed using Infinity Portal?

Not currently, but this will be available soon.

Will there be allowed connection logs for auditing of resource access in the future? Currently only blocked network traffic is logged.

For SWG - allow logs are planned to be introduced in 2024.
For FWaaS we log all the traffic.

Is the agentless option an add-on?

It’s included in all the plans

How I connect my corporate network to Quantum SASE network ?

There are 3 options:

  1. IPsec Site to Site VPN
  2. VM based connector
  3. OpenVPN tunnel from simple router you can buy at best buy for home offices etc

What about adding specific HTTP headers to traffic towards a specific urls/ domain?

Possible with private applications, not SWG.

What does "Solution Architect included in base price" mean?

Customer Success Engineer that will help you during the on-boarding and any support you’d need throughout your contract.

What about DLP?

Planned for future.

Do you decrypt https on the user computer?

Yes.

Can i block Private Google acount and enable organisation google Workspace access only using this SWG?

Not yet, this will be possible with CASB

Are we adding additional security functionality to the Quantum SASE client?

We’re planning to bring Check Point’s security engines in Quantum SASE in 2024, stay tuned

Does Quantum SASE offer MSSP?

Of course, We have a really great MSSP feature set including multi-tenancy, role based access, tiered pricing and we gained really great success in that segment. We put a lots of focus there alongside enterprise growth.

Is Firewall as a Service part of the offering in addition to PIA - IA - SD_WAN?

Yes it is included in Private Access package.

How to do you collect user identity?

We integrate with various iDP out of the box, generic SAML and LDAP.

For OS restriction, is Linux OS supported?

Yes.

When do we going to have access to a lab/Demo environment?

For Partners that have access to DemoPoint, there is a blueprint for Quantum SASE. You can also reach out to  sase-partners@checkpoint.com.

For customers, you can schedule a demo here: https://www.perimeter81.com/demo-cp?utm_source=cp&utm_medium=website&utm_campaign=tachtalk 

Is there a place to create URL or IP lists to use in policies/rules?

Yes, we do support objects: IP, Categories, FQDNs and URLs.

For the device posture, it is possible to monitor if the antivirus is update the latest or not?

Currently, only the presence of specific AV.

Is there plans to have additional integrations besides Amazon S3, Splunk, or Sentinal?

We’re planning export of events via Infinity Portal and will support any format supported there, including generic syslog.

Where is Data Residency currently?

Presently, it's in the US only. EU is on the roadmap.

API support for Identity and Access Management solutions?

Yes, we have API support and also SCIM support

Will Quantum Gateways be supported as connectors to publish applications instead of VMs ?

Not to publish applications but our cloud edge can easily connect to a gateway.

Can we create traffic steering rules based on Users groups?

Yes

Where are your POPs?

https://support.perimeter81.com/docs/adding-regions-and-gateways 

There are some functionality gaps in Quantum SASE compared to Harmony Connect

We’re working hard to complete the gaps, a lot is planned for 2024

(1)
Who rated this post