SASE Pilot Checklist

A structured pilot helps validate your configuration, processes, and readiness to scale before a full rollout. This chapter provides a detailed checklist to help you run a successful SASE pilot.

Defining the Pilot

  1. Select 10 to 50 users representing a mix of roles, device types, and locations.

  2. Identify the specific resources (servers and applications) that pilot users need to access.

  3. Set a timeline for the pilot, typically 2 to 4 weeks.

  4. Define success criteria upfront, such as:

    • Percentage of active sessions by the first week

    • Support ticket volume

    • User feedback scores

Preparing the Environment

  1. Create a network and establish IPSec tunnels from the network to required resources. See Defining a Network.

  2. Remove or disable legacy VPN clients on all pilot devices.

  3. Deploy the Check Point SASE Agent to managed devices via MDM (silent installation). See Deploying the SASE Agent.

  4. For BYOD and contractor users, configure agentless Zero Trust Application access. See Applications.

  5. Verify IdP integration and SCIM synchronization for all pilot users.

Configuring Policies

  1. Create a dedicated group for pilot users in the SASE Administrator Portal. See Creating a Group.

  2. Define cloud firewall rules (Private Access), starting with least privilege. See Creating a Firewall Access Rule.

  3. If applicable, configure agentless application access rules (HTTP/HTTPS, RDP, SSH, VNC). See Application Policies.

  4. Set up device posture profiles, if required by your organization.

  5. Audit all firewall rules to ensure users can access the correct resources.

Notifying Users

Inform pilot users about the following:

  1. What is changing

  2. Why they were selected

  3. What to expect on their devices

  4. How to report issues

  5. Timeline for the pilot

Running the Pilot

Week 1:

  1. Monitor:

    Track these on a daily basis:

    • Active sessions

    • Device inventory

    • Firewall events

  2. Troubleshooting:

    • Address low adoption by ensuring users are aware of the new system.

    • Identify users who are still using a legacy VPN or experiencing authentication issues.

After Week 2:

  1. Watch for edge cases:

    • Identify unusual networks

    • Unanticipated applications

    • Device conflicts

  2. Validate with users (5 questions, 5 minutes):

    • Confirm whether the system is working as expected.

    • Ask whether performance is faster or slower.

    • Identify any access gaps.

    • Verify whether users are still using the legacy VPN.

Evaluating and Deciding Rollout

  1. Compare pilot results against your predefined success criteria.

  2. Proceed to rollout if all these conditions are met:

    • Majority of users have active sessions

    • Open issues are resolved

    • Support ticket volume is manageable

    • User feedback positive

  3. Run another pilot iteration if any of these occur:

    • A significant number of users never connected

    • Policy gaps require substantial changes

    • Recurring issues remain unresolved

Preparing for Full Rollout

  1. Document all issues encountered and how they were resolved.

  2. Apply policy and firewall changes from the pilot.

  3. Brief your help desk with the pilot issue log.

  4. Plan the rollout sequence:

    Expand the rollout department by department. See SASE User Rollout.

Help Options

  • Sent an email to SASE support or start a live chat.

  • Reach out to your Technical Account Manager* for assistance.

    * Available for qualifying plans only