This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wei_Soon_Heng
Contributor
Contributor
‎2024-02-04 09:44 PM
Jump to solution

Harmony Endpoint client that is not allowed to go to Internet

Hi All,

Recently, my client has purchased 250 seats of harmony endpoint license with EPS Cloud Management.

Their environment is all servers that comprised mix of Window and Linux and are not allowed to go to Internet.

In this case, how should we ensure that installed endpoint client able to grab malware database update and how management server able to manage those offline client ?

I had gone through Harmony Endpoint EPMaaS Administration Guide, there are few possible methods to achieve and will need verification on some capability as listed below:

Super Node:

1) Does Super Node able to push all Threat Prevention blade database update to all endpoint clients(Windows and Linux), and able to relay policy changes to clients(Windows and Linux)?

Proxy:

1) Does authenticated proxy able to work on Linux servers?

2) I knows that it mostly will work on Windows server.

Deploy another On-Prems Endpoint Management Server

1) If the On-Prem Endpoint Management Server is able to go over internet, does the client(Linux and Windows) itself also need to have internet connectivity ?  Based on Harmony Endpoint EPMaaS Administration Guide, it shows the linux endpoint need to have internet connectivity by itself.

Thanks,

1 Solution

Accepted Solutions
JonnyRabinowitz
Employee
Employee
‎2024-03-13 04:29 AM
In response to JonnyRabinowitz
Jump to solution

E88.20 is now available and includes this capability for Windows based clients

Enables semi-isolated environment where all endpoint communications are routed through a super node

This capability is for Early Availability (EA) and not available by default in General Available (GA) version 

Please unicast me if any interest to join EA program

View solution in original post

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend
‎2024-02-05 12:05 AM
Jump to solution

Ask CP TAC for the configuration suggested by CP !

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-02-05 01:55 PM
Jump to solution

You are correct that the SuperNode is available for Windows and allows to share local copies of things like Anti-Malware signatures, Behavioral Guard rules and Static Analysis ML/AI models. 

This capability is currently being extended so that will allow all communication from the Windows client to be made through the Super Node and prevent direct connectivity to the Internet. These new capabilities should e available during Q1 2024

There are also plans to have the SuperNode provide the same capabilities for Linux and Mac clients. The final schedule for these items has not been locked down yet but should be in firs half of the year

Blason_R
Leader
Leader
‎2024-03-10 08:21 PM
In response to JonnyRabinowitz
Jump to solution

Hey Folks,

Wondering has that been rolled out? Will that be available in R81.20?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-03-11 04:26 AM
In response to Blason_R
Jump to solution

Hi Blason

Yes. It will be available in E88.20 that should be released any time soon (will try and remember to post again when it does)

The capability will be available for Windows clients as Early Availability (EA). Please reach out to me directly if want to participate

 

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-03-13 04:29 AM
In response to JonnyRabinowitz
Jump to solution

E88.20 is now available and includes this capability for Windows based clients

Enables semi-isolated environment where all endpoint communications are routed through a super node

This capability is for Early Availability (EA) and not available by default in General Available (GA) version 

Please unicast me if any interest to join EA program

0 Kudos
PJ_WONG
Explorer
‎2024-08-27 08:46 PM
In response to JonnyRabinowitz
Jump to solution

Hi Jonny,

May I know is this capability currently included for or removed for the superNode and the superNode client?

This is because we have client utilizing superNode and able to get all the blades updated previously but now we are only able to get the AM database to update from superNode only while other blades will have no connection to server. This is behaving like the version before E88.20.

Could you provide any insight on this? Appreciate.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-28 07:13 AM
In response to PJ_WONG
Jump to solution

Should be GA, considering there's several SKs on it.
For example: https://support.checkpoint.com/results/sk/sk171703 

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-08-28 10:38 AM
In response to PhoneBoy
Jump to solution

To repeat from earlier in the thread

"You are correct that the SuperNode is available for Windows and allows to share local copies of things like Anti-Malware signatures, Behavioral Guard rules and Static Analysis ML/AI models. (this existed prior to E88.20) 

This capability is currently being extended so that will allow all communication from the Windows client to be made through the Super Node and prevent direct connectivity to the Internet. (Extended functionality available from E88.20 and onwards as EA]"

I have not been able to get any confirmation that extended functionality (aka semi-isolated network) is GA and EAs for customers are ongoing with the latest release

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-08-28 11:38 PM
In response to JonnyRabinowitz
Jump to solution

Was able to confirm that GA for this feature will in fact be in E88.60 which is the next release up and should be available within the order of weeks

It is great to see the interest in this feature. Note that customers leveraging semi-isolated networks will also be able to leverage the EDR package with HEP and leverage XDR capabilities

0 Kudos
PJ_WONG
Explorer
‎2024-08-29 07:12 PM
In response to JonnyRabinowitz
Jump to solution

Thank you for the information! It appears that we were able to download E88.20 with EA capability from the web portal when it was released. In that case, we'll be anticipating the next release for download. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events