Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Corporal307
Explorer

Harmony Endpoint and settings Mobile Access

Good afternoon Tell me, is it possible to allow remote connection with the Harmony agent only through SCV policies or is there another way? And if we use SCV policies to check the installed Harmony agent on the end device, is it possible to make sure that the first group of users has the Harmony agent checked, and the second group of users have some other checks?

 

0 Kudos
9 Replies
G_W_Albrecht
Legend Legend
Legend

0 Kudos
Corporal307
Explorer

Thanks for the answer! Is there any information for the first question? Checking your installed Harmony by looking at a registry entry or the name of a running application is not at all safe.
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Sorry, but i do not fully comprehend the first question ! I think you are talking about Harmony Endpoint Security VPN client https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

Here, you do not need to check for the Harmony Version as you have automatic In-Place updates https://sc1.checkpoint.com/documents/RemoteAccessClients_forWindows_AdminGuide/Content/Topics-RA-VPN...

 

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer

The question is, how can I allow VPN connections only through Harmony Endpoint? The only solution I found was to configure Harmony Endpoint presence checking on the end device through SCV policies.
0 Kudos
G_W_Albrecht
Legend Legend
Legend

You only need to enable EPS VPN alone:

ravpn.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer

In this case, I, as a user, can use Endpoint Secuirty Client VPN. And Harmony Endpoint will not be mandatory for me here. And if I check the presence of Harmony Endpoint through the registry, then I can manually add this entry to the registry and it will still let me through. :(
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Connection with this option checked is only possible using Endpoint Security VPN client, so it is mandatory to use this client anyway. I do not understand why you need to check the registry ?

Or do you think of Harmony Endpoint client ? That will be unable to connect without EPM active on-site or in cloud.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Corporal307
Explorer

I want users to be able to use the VPN only after Harmony Endpoint confirms that the device is secure. For this, apparently my only option is to use SCV policies to verify that Harmony Endpoint is running on the end device.
0 Kudos
G_W_Albrecht
Legend Legend
Legend

So you want to use Harmony Endpoint like here: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_HarmonyEndpointWebManagement...

You will see in the HEP portal the state of the client and not have to use SCV at all (you do not want to look for the latest Win11 update?):

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events