Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pawel_eM
Participant

Allowing firewall traffic to non "checkpoint services" used by harmony endpoint

Just wondering or maby just missed it in admin guide but. is there an easier way to allow connections to non "checkpoint services" associated with harmony endpoint?
For example the edr funcionality. Is there an updatable object for that (we are using also checkpoint firewall software 80.40) or i should just check ip associated with every url and pass that list to the network team to unlock the communication?

 

 

0 Kudos
5 Replies
Chris_Atkinson
Employee
Employee

Sounds like you are familiar with sk116590 which outlines a list of the URLs.

Recent versions ship with a utility to help validate the connectivity exists.

Do users in your environment use a proxy for their internet access? 

0 Kudos
Pawel_eM
Participant

Hello,
Yes i'm fomiliar with this SK and with the conectiity test tool. Conectivity test looks like this (the part with fails)

image.png

In this case its server environment. Yes the servers use proxy. I've made an exclusion for some url directory on the os level (i don't want (by default the servers have restricted access to internet) 
to push whole traffic generated by harmony through the proxy server).
The network Team alloved traffic on the firewall from servers to updatable objects of "checkpoint services" and another updatable object for "eu-west-1.elb.amazonaws.com" the aws is for initial agent to connect to management.

Also made na test machine, disabled the proxy but then i see drops on the firewall. 


0 Kudos
80fd220b-e3b5-4
Explorer

Hi Pawel,

which command did you use in order to check the connectivity?

 

thanks a lot

Emiliano 

0 Kudos
Pawel_eM
Participant

Used the "CheckConnectivity.exe" in 

C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\

0 Kudos
G_W_Albrecht
Legend
Legend

Updatable objects are available for MS and Google Services.

CCSE CCTE SMB Specialist
0 Kudos