This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
thelmer
Explorer
3 weeks ago

Auto Sign-In for Harmony SASE

Hello, 

We are inquiring on the ability to force users to sign into the Harmony SASE application once they are logged into Windows.
With our last VPN solution, we had the capabilities to lock down our users' ability to do anything other than authenticate themselves and connect to the VPN. 

As of right now, our users are able to access the internet BEFORE connecting to the SASE gateway due to them having to click "Sign-In to Private Access" to start the process.

We have "Always On VPN" enabled but that only seems to function AFTER they are signed in, during the allotted timeframe we have set in the SASE User Profile (12 hours).

We currently use Harmony Browse as well which does allow us to enforce threat prevention and DLP policies while our users are off the VPN, but we do not see a way to lock down sites before users get connected to the VPN.

Please advise. 

Thank you!

5 Replies
PhoneBoy
Admin
Admin
3 weeks ago

In the relevant User Profile, what settings are set under Agent Configuration > General Settings?

Also, did you use the Kill Switch with Always-On?
This seems like it'd be required for your desired use case.

image.png

thelmer
Explorer
3 weeks ago
In response to PhoneBoy

Thank you @PhoneBoy and @the_rock 

Currently, Always On and the Killswitch are enabled.
Attached is a screenshot of the pertinent settings.
Current Config.png

While these settings do auto-connect to the specified VPN, and the killswitch does function correctly, it seems to occur ONLY if the current user is already signed into the application.
Because we have an auto sign-out of the application set for 12 hours, when our staff begin work the next day, they are required to sign into the app again.
The issue is that before they manually click Sign In, they have free range access to the internet.

We are thinking this can be circumvented if we increase the amount of time before the automatic sign out, but ultimately we would like our staff to authenticate themselves (Azure + DUO 2FA) each time they attempt to connect to the VPN.

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to thelmer

In that case, I would open case with P81 support. Not sure how it works these days,as few months ago when I called TAC, they asked me to simply email support@perimeter81.com and they then gave me a reference number, though it was only via email. I could not find phone number to call them anywhere and TAC did not have it either.

Best,

Andy

the_rock
Legend
Legend
3 weeks ago

I believe what Phoneboy gave you is indeed what you need to do. P81 support gave me the same when my colleague and I did POC for the customer last year for Harmony Sase. Not sure if there are any additional settings now, but thats what fixed it for us.

Andy

the_rock
Legend
Legend
3 weeks ago
In response to the_rock

@thelmer 

One other thing I forgot to say, if you do end up emailing them, they will eventually ask for access to the portal, so you may be required to provide that.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
Auto Sign-In for Harmony SASE
Upcoming Events

    Sort by:
    CheckMates Events