This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ray_Burquest
Participant
‎2023-03-22 06:30 PM
Jump to solution

Harmony Connect Branch route exclusions

Excluded routes can be set for the device agent in Harmony Connect to cover internal subnets so they do not route to the Harmony Gateways, Check Point also adds exclusions for a list of destinations (see SK170299) for the likes of YouTube which also go direct and not to Harmony Gateways.

To replicate this routing functionality for a branch (where I may have guest users or we elect to turn off the client) I can add other, more specific IPSec routes on the branch device for the known internal subnets, but how are the Check Point exclusions (like YouTube) catered for? The traffic would route up to the Harmony Gateways as they follow the default gateway.

 

Ray

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-03-23 07:17 AM
Jump to solution

I believe we can only manage the application specific exclusions on the client itself.
For branch office devices, it would have to be configured on the device itself (subject to what it allows).

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-03-23 07:17 AM
Jump to solution

I believe we can only manage the application specific exclusions on the client itself.
For branch office devices, it would have to be configured on the device itself (subject to what it allows).

0 Kudos
Ray_Burquest
Participant
‎2023-03-23 02:15 PM
In response to PhoneBoy
Jump to solution

Thanks, that makes sense when I configure the routing set up of the SDWAN device. I think the SK should be updated to add a note about this and to alert people to the risk of some apps not working as alluded to in the SK.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-23 03:04 PM
In response to Ray_Burquest
Jump to solution

Sounds like a good suggestion.
Recommend leaving specific feedback on the SK.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events