topic Checkpoint Harmony Endpoint in Endpoint

Checkpoint Harmony Endpoint

an_technical — Wed, 17 Dec 2025 17:48:21 GMT

Hi All,

I am deploying url filtering in checkpoint harmony endpoint. I changed url filtering to prevent mode by selecting categories in adv settings.

I am getting only logs for block category/url not for allow url.

Is any configuration that need to be selected I am missing?

Regards

Ankur

Re: Checkpoint Harmony Endpoint

PhoneBoy — Wed, 17 Dec 2025 18:02:59 GMT

I asked Support AI Copilot this question and here's what it came back with:

1. Access the Policy Settings

Go to:
Policy → Threat Prevention → Web & Files Protection → Advanced settings

2. Enable Logging for Visited Sites

In the Advanced settings section, look for the option:
- Allow logs for visited sites
This checkbox is not selected by default to prevent generating excessive logs.
Select (check) this option to log all visited (accepted) URLs.

Note:

This option may not be visible for all customers and is OFF by default.

Enabling this on a large number of endpoints can overwhelm your management server. It is recommended to enable it only for a small group of endpoints if you are troubleshooting or need detailed visibility.

A couple of notes about this:

If you are managing your Endpoints via an on-prem management server, this can only be done in the Web interface (not SmartEndpoint).
If you are using Infinity Portal, this will increase the log storage requirements in the cloud, particularly if it is enabled for a large user population.

Re: Checkpoint Harmony Endpoint

the_rock — Thu, 18 Dec 2025 01:57:23 GMT

Not to compare AI copilot with MS copilot, but here is what MS one came up with (I choose think deeper setting, rather than auto or quick response, since we have fully licenses version)

*********************************

What to change

Enable logging for allowed URLs
- Go to: Policy → Threat Prevention → Web & Files Protection → Advanced settings.
- Check the option “Allow logs for visited sites.”
  This is off by default to avoid massive log volumes. [community....kpoint.com]
Be aware of scope and UI
- This setting is available in the web management interface; it’s not in SmartEndpoint. If you’re managing on‑prem via SmartEndpoint only, you won’t see it because URL Filtering is not supported with SmartEndpoint (use the web UI/Infinity Portal). [community....kpoint.com], [sc1.checkpoint.com]
(Optional) Cover non‑browser traffic
- In the same Advanced settings → URL Filtering area, consider enabling “Network URL Filtering” so URLs opened by applications/processes (not just browsers) are also inspected and logged. [sc1.checkpoint.com]

Why you currently see only “block” logs

In Prevent mode, Harmony Endpoint stops access to selected categories and logs the block. Allowed traffic isn’t logged unless you enable Allow logs for visited sites. [sc1.checkpoint.com], [community....kpoint.com]
Switching a category to Detect will log detections while allowing access, but it doesn’t produce full “allow” visibility across all benign sites. The “Allow logs for visited sites” checkbox is what gives comprehensive allow logs. [sc1.checkpoint.com]

Where to see the logs (and forward them)

Infinity Portal → Harmony Endpoint Logs provides filters, views, and CSV export for endpoint events. [sc1.checkpoint.com]
Infinity Events offers a unified events view (including Harmony Endpoint) with customizable columns and 90‑day default retention. [sc1.checkpoint.com]
If you need to send these logs to a SIEM, set up Event Forwarding from Infinity Portal (Push to SIEM or Azure storage). [sc1.checkpoint.com]

Practical tips & cautions

Start small: Enabling allow‑logs for all endpoints can overwhelm storage/ingestion. Enable it for a test group first to gauge volume. [community....kpoint.com]
Browser plugin dependency: The Harmony Endpoint browser extension (SBA plugin) is used to gain full visibility into HTTP/HTTPS traffic; make sure it’s present (especially on Chrome/Edge). [community....kpoint.com]
Policy coverage: Double‑check your selected categories (and any deny list entries/wildcards) in Advanced settings → URL Filtering so your configuration matches your intent. [sc1.checkpoint.com]

Re: Checkpoint Harmony Endpoint

an_technical — Thu, 18 Dec 2025 06:13:25 GMT

Okay. I don't see this option so its look like its off by default as I am using cloud portal.

Re: Checkpoint Harmony Endpoint

PhoneBoy — Thu, 18 Dec 2025 16:03:42 GMT

Open a TAC case: https://help.checkpoint.com