topic Re: Harmony Corporate Access: How does Protection Profile work for internal applications? in SASE and Remote Access

Harmony Corporate Access: How does Protection Profile work for internal applications?

timlewandowski — Mon, 24 Oct 2022 11:50:46 GMT

Dear Check Mates,

on harmony connect's threat prevention profile it says: "Includes protection for users browsing the web, working with desktop applications, accessing corporate applications, sharing files over FTP or using other network protocols."

1. Does this mean traffic to internal windows file servers is also verified?

2. What happens if a customers attempts to upload a malware to an internal file server? Is the connection terminated? Does the users receive some notification about this?

3. Is there any documentation concerning this feature? Unfortunately, the Admin Guide is very unspecific here.

Thank you all for your input

Tim

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

Chris_Atkinson — Tue, 25 Oct 2022 07:17:33 GMT

For remote users / branches or both?

I see there's some risk of confusion here between Corporate Access & Internet Access license options and what each entails.

With that said some of the user centric use cases that immediately come to mind here are:

SaaS applications accessed via the "Internet" (SWG for remote users)
Split tunneling risk mitigation (for traditional VPN)
Secure remote access (single agent)
Secure remote access (clientless) - Application access is abstracted/proxied.

Recommend discussing further with your local SE to dive deeper.

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

timlewandowski — Tue, 25 Oct 2022 08:04:27 GMT

Hi Chris,

thanks for your quick reply.

I am referring to both (remote users and branches) accessing corporate applications. The profile description indicates that connections are sandboxed. Is this correct?

BR
Tim

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

Chris_Atkinson — Tue, 25 Oct 2022 08:13:15 GMT

Typically, you would apply Threat Emulation (Sandboxing) to files from external sources correct.

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

anstelios — Tue, 25 Oct 2022 16:45:25 GMT

I 'm not sure I understand this answer.

When we use Harmony Connect client (Secure Remote Access) for network access, does user traffic to internal resources go through the TP profile blades??

Same question for the clientless Application Access.

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

anstelios — Mon, 26 Dec 2022 10:38:11 GMT

Can we have someone from CP to reply on this one please?

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

Chris_Atkinson — Mon, 26 Dec 2022 14:46:03 GMT

Threat Emulation is about users downloading potential malicious content from external / untrusted sources. Typically this isn't something you would enforce for internal content.

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

anstelios — Tue, 27 Dec 2022 19:33:45 GMT

I understand what you're saying here, but my question wasn't specifically about TE.
I am talking about all TP blades in general.

At the end of the day, we have remote users accessing internal resources through Harmony Connect which is CPs SASE solution.
So how are these resources protected during this access? Are there any TP blades applied to this traffic??

Re: Harmony Corporate Access: How does Protection Profile work for internal applications?

Chris_Atkinson — Tue, 27 Dec 2022 22:22:23 GMT

"The Threat Prevention profile is applicable to Internet Access (remote and branch users) and Network Access (remote and branch users)."

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Connect-Admin-Guide/Topics-Harmony-Connect-AG/Policy/Threat-Prevention.htm?tocpath=Policy%7C_____3