This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Corporal307
Explorer
‎2024-08-13 10:17 PM

Harmony Endpoint and settings Mobile Access

Good afternoon Tell me, is it possible to allow remote connection with the Harmony agent only through SCV policies or is there another way? And if we use SCV policies to check the installed Harmony agent on the end device, is it possible to make sure that the first group of users has the Harmony agent checked, and the second group of users have some other checks?

 

0 Kudos
9 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-08-13 11:57 PM

https://community.checkpoint.com/t5/Remote-Access-VPN/Limit-the-SCV-policy-to-a-specific-group-of-us...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer
‎2024-08-14 12:05 AM
In response to G_W_Albrecht 

Thanks for the answer! Is there any information for the first question? Checking your installed Harmony by looking at a registry entry or the name of a running application is not at all safe.
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-08-14 12:23 AM
In response to Corporal307

Sorry, but i do not fully comprehend the first question ! I think you are talking about Harmony Endpoint Security VPN client https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

Here, you do not need to check for the Harmony Version as you have automatic In-Place updates https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

 

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer
‎2024-08-14 12:28 AM
In response to G_W_Albrecht 

The question is, how can I allow VPN connections only through Harmony Endpoint? The only solution I found was to configure Harmony Endpoint presence checking on the end device through SCV policies.
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-08-14 12:33 AM
In response to Corporal307

You only need to enable EPS VPN alone:

ravpn.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer
‎2024-08-14 12:38 AM
In response to G_W_Albrecht 

In this case, I, as a user, can use Endpoint Secuirty Client VPN. And Harmony Endpoint will not be mandatory for me here. And if I check the presence of Harmony Endpoint through the registry, then I can manually add this entry to the registry and it will still let me through. :(
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-08-14 12:44 AM
In response to Corporal307

Connection with this option checked is only possible using Endpoint Security VPN client, so it is mandatory to use this client anyway. I do not understand why you need to check the registry ?

Or do you think of Harmony Endpoint client ? That will be unable to connect without EPM active on-site or in cloud.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer
‎2024-08-14 12:46 AM
In response to G_W_Albrecht 

I want users to be able to use the VPN only after Harmony Endpoint confirms that the device is secure. For this, apparently my only option is to use SCV policies to verify that Harmony Endpoint is running on the end device.
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-08-14 12:54 AM
In response to Corporal307

So you want to use Harmony Endpoint like here: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_HarmonyEndpointWebManagement...

You will see in the HEP portal the state of the client and not have to use SCV at all (you do not want to look for the latest Win11 update?):

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events