topic Harmony SASE and Endpoint Security Signature Updates in General Topics

Harmony SASE and Endpoint Security Signature Updates

Simon_Moscovitz — Wed, 20 May 2026 10:28:17 GMT

Upon trialing SASE, Endpoint security will not allow signature updates at all. Even though there's a Check Point Updates - HTTPS bypass rule, it didnt seem to work, unless we added in *.checkpoint.com.

Re: Harmony SASE and Endpoint Security Signature Updates

simonemantovani — Wed, 20 May 2026 10:38:06 GMT

The "Check Point Updates HTTPS bypass" should contains these FQDN (based on sk163595)

avupdates.checkpoint.com
secureupdates.checkpoint.com
updates.checkpoint.com

And here you should find the FQDN used by the Endpoint: So https://support.checkpoint.com/results/sk/sk83520.

So using that object seems to be not enough as reported by the Sks

Re: Harmony SASE and Endpoint Security Signature Updates

Simon_Moscovitz — Wed, 20 May 2026 10:41:31 GMT

Yes, but i would have thought that these exceptions should be in the bypass rules by default, not just the three. No?

Re: Harmony SASE and Endpoint Security Signature Updates

simonemantovani — Wed, 20 May 2026 10:42:42 GMT

Oh yes I agree with you, only Check Poinrt could give an explanation maybe.

Re: Harmony SASE and Endpoint Security Signature Updates

simonemantovani — Wed, 20 May 2026 10:47:40 GMT

taking a look about the threee FQDN included in the object you mentioned and the SKs I mentioned, they are used only by the security gateway and management ... so that object is not used and related to Endpoint upgrades

Re: Harmony SASE and Endpoint Security Signature Updates

Simon_Moscovitz — Wed, 20 May 2026 10:52:59 GMT

Acutally, I've just changed the rule to the destination being Checkpoint services updateable objects instead of the domain names, which seems to work, and is now dynamic!