Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
timlewandowski
Explorer

Harmony Corporate Access: How does Protection Profile work for internal applications?

Dear Check Mates,

 

on harmony connect's threat prevention profile it says: "Includes protection for users browsing the web, working with desktop applications, accessing corporate applications, sharing files over FTP or using other network protocols."

 

1. Does this mean traffic to internal windows file servers is also verified?

2. What happens if a customers attempts to upload a malware to an internal file server? Is the connection terminated? Does the users receive some notification about this?

3. Is there any documentation concerning this feature? Unfortunately, the Admin Guide is very unspecific here.

 

Thank you all for your input

Tim

 

Screenshot 2022-10-24 at 13.44.46.png

0 Kudos
8 Replies
Chris_Atkinson
Employee
Employee

For remote users / branches or both?

I see there's some risk of confusion here between Corporate Access & Internet Access license options and what each entails.

With that said some of the user centric use cases that immediately come to mind here are:

  • SaaS applications accessed via the "Internet" (SWG for remote users)
  • Split tunneling risk mitigation (for traditional VPN)
  • Secure remote access (single agent)
  • Secure remote access (clientless) - Application access is abstracted/proxied.

Recommend discussing further with your local SE to dive deeper.

 

0 Kudos
timlewandowski
Explorer

Hi Chris, 

thanks for your quick reply.

I am referring to both (remote users and branches) accessing corporate applications. The profile description indicates that connections are sandboxed. Is this correct?

 

BR
Tim

0 Kudos
Chris_Atkinson
Employee
Employee

Typically, you would apply Threat Emulation (Sandboxing) to files from external sources correct.

0 Kudos
anstelios
Contributor

I 'm not sure I understand this answer.

When we use Harmony Connect client (Secure Remote Access) for network access, does user traffic to internal resources go through the TP profile blades??

Same question for the clientless Application Access.

0 Kudos
anstelios
Contributor

Can we have someone from CP to reply on this one please?

 

0 Kudos
Chris_Atkinson
Employee
Employee

Threat Emulation is about users downloading potential malicious content from external / untrusted sources. Typically this isn't something you would enforce for internal content.

0 Kudos
anstelios
Contributor

I understand what you're saying here, but my question wasn't specifically about TE.
I am talking about all TP blades in general.

At the end of the day, we have remote users accessing internal resources  through Harmony Connect which is CPs SASE solution.
So how are these resources protected during this access? Are there any TP blades applied to this traffic??

 

0 Kudos
Chris_Atkinson
Employee
Employee

"The Threat Prevention profile is applicable to Internet Access (remote and branch users) and Network Access (remote and branch users)."

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Connect-Admin-Guide/T...

0 Kudos