This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
lrossi89
Contributor
‎2023-02-17 05:53 AM

Harmony Endpoint connection to cloud console via authenticated Proxy

 

Harmony Endpoint Administration Guide

Authenticated Proxy

If you have a proxy server to authenticate access to a resource:

  1. Go to Policy Client Settings > General Authenticated Proxy.

  2. Enter:

    • Proxy - Proxy server address in the format address:host. For example, 192.168.79.157:3128

    • Username - User name for the proxy server.

    • Password - Password for the proxy server.

  3. Click Save.

 

We have configured an authenticated proxy to bring out the endpoints (which are on an isolated network and cannot navigate and must not use the internet), but there is a need for the client to reach the endpoint console in the cloud.

We configured the features as per documentation above, but does not seem to work 😞

Is this functionality correctly supported?

7 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-02-17 06:04 AM

Which endpoint client version do you have deployed - E86.60 or higher?

EPS-34852 Enhancement: Endpoint Client now supports communication with the Endpoint Server through an authenticated proxy when the proxy username and password are received through policy.

CCSM R77/R80/ELITE
lrossi89
Contributor
‎2023-02-17 06:05 AM
In response to Chris_Atkinson

Version: E87.10 (87.10.0213)

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-17 06:10 AM
In response to lrossi89

It should be supported, if it doesn't appear to be working as expected on this version please open an SR with TAC to investigate further. 

CCSM R77/R80/ELITE
0 Kudos
Swiftyyyy
Advisor
‎2023-02-17 11:29 AM
In response to Chris_Atkinson

Is there any information regarding the authentication scheme supported by the agent itself?
If all the agent knows how to work with is "Basic" authentication, then I find it unlikely that a modern proxy would be configured to support that.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-20 03:56 AM
In response to Swiftyyyy

I'm checking the supported authentication methods and will advise.

CCSM R77/R80/ELITE
0 Kudos
lrossi89
Contributor
‎2023-02-20 01:11 AM
In response to Chris_Atkinson

I am investigating with the TAC, but it seems that the client must rely on the Windows proxy (the ticket is not yet closed)
In parallel, could you ask internally if it really is so?

Chris_Atkinson
Employee Employee
Employee
‎2023-02-20 03:54 AM
In response to lrossi89

We read the OS proxy settings, however:

If authentication is required we use the settings on that page in the UI including the proxy IP, the client itself cannot authenticate on behalf of a user hence the need to specify credentials / service account there. 

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events