Network Overview

  • Updated on Dec 30, 2025
  • Published on Aug 15, 2023
  • 1 minute(s) read
  • a
  • R
  • Perimeter Support
 Prev Next

This guide provides an overview of Harmony SASE networking options designed to secure and optimize your organizations connectivity. The two available network types are:

  • Standard Network: Provides essential security and connectivity using gateways.

  • Enhanced Network: Offers improved scalability, resiliency, and simplified management with region-centric design and Scale Units instead of gateways.

Difference Between Standard and Enhanced Networks

Feature

Standard Network

Enhanced Network

Public IPs

One IP per gateway

One IP per region (simplifies allow listing and routing)

Tunnel Types

  • IPsec

  • Harmony SASE Connector (WireGuard)

  • OpenVPN

Only IPSec

Tunnel Mode

  • Single (static)

  • Redundant (BGP, supports only 2 terminations)

  • Static (static routes)

  • Dynamic (BGP-based, supports 1–8 terminations)

DNS Services

Network level

Per-tunnel toggle (Enable/Disable DNS interception)

 Network Components

Each network consists of Regions and Tunnels.  

  • Standard Networks use Gateways per region.  

  • Enhanced Networks use Scale Units per region (virtual capacity units replacing gateways).

  • Regions:

    • Physical locations where your network resources are deployed.

    • One network can include multiple regions for lower latency and better performance.

    • Members connecting to a multi-regional network are automatically routed to the closest Region.

  • Gateways (Standard Networks):

    • Dedicated private servers deployed in your selected regions.

    • Each gateway has a static IP address and connects to on-premises or cloud resources via tunnels.

    • Multiple gateways in a region improve redundancy and load balancing.

  • Scale Units (Enhanced Networks):

    • Virtual capacity units that enable flexible scaling in enhanced networks.

    • Each scale unit uses one gateway license and simplifies IP management with a single public IP per region.

    • Scale Units allow dynamic scaling and reduce complexity for large deployments.

  • Tunnels:

    • Site-to-Site securely encrypted connections deployed from your network to your on-premises and cloud-based resources.

    • In Standard Networks, tunnels are tied to gateways.

    • In Enhanced Networks, tunnels are tied to regions and support Static or Dynamic routing with up to eight terminations for redundancy and load sharing.

 Must-Visit Resources

  • Creating and Managing Networks: Master the art of creating and maintaining your networks within Harmony SASE. 

  • Establishing a Site-to-Site VPN Tunnel: Uncover how to establish a secure VPN tunnel to both cloud-based solutions like AWS and Azure, and on-premise firewalls and routers. 

  • Network Troubleshooting Guide: To troubleshoot your network issues, see Troubleshooting. It covers common problems and solutions to help you resolve issues quickly.

This is just a glimpse. Explore the networks category for more detailed guides and rich resources.

 Jumpstart Your Journey

 If you're just stepping into the world of Harmony SASE, our Getting Started Guide is the perfect starting point.

 Support at Your Fingertips

 Got questions or need help? Our support team is available round the clock.

You can chat with us anytime on our website, or drop us an email at sase-support@checkpoint.com.