Re: Harmony Corporate Access: How does Protection ...

timlewandowski · ‎2022-10-24

Dear Check Mates,

on harmony connect's threat prevention profile it says: "Includes protection for users browsing the web, working with desktop applications, accessing corporate applications, sharing files over FTP or using other network protocols."

1. Does this mean traffic to internal windows file servers is also verified?

2. What happens if a customers attempts to upload a malware to an internal file server? Is the connection terminated? Does the users receive some notification about this?

3. Is there any documentation concerning this feature? Unfortunately, the Admin Guide is very unspecific here.

Thank you all for your input

Tim

Screenshot 2022-10-24 at 13.44.46.png

Chris_Atkinson · ‎2022-10-25

For remote users / branches or both?

I see there's some risk of confusion here between Corporate Access & Internet Access license options and what each entails.

With that said some of the user centric use cases that immediately come to mind here are:

SaaS applications accessed via the "Internet" (SWG for remote users)
Split tunneling risk mitigation (for traditional VPN)
Secure remote access (single agent)
Secure remote access (clientless) - Application access is abstracted/proxied.

Recommend discussing further with your local SE to dive deeper.

CCSM R77/R80/ELITE

timlewandowski · ‎2022-10-25

Hi Chris,

thanks for your quick reply.

I am referring to both (remote users and branches) accessing corporate applications. The profile description indicates that connections are sandboxed. Is this correct?

BR
Tim

Chris_Atkinson · ‎2022-10-25

Typically, you would apply Threat Emulation (Sandboxing) to files from external sources correct.

CCSM R77/R80/ELITE

anstelios · ‎2022-10-25

I 'm not sure I understand this answer.

When we use Harmony Connect client (Secure Remote Access) for network access, does user traffic to internal resources go through the TP profile blades??

Same question for the clientless Application Access.

anstelios · ‎2022-12-26

Can we have someone from CP to reply on this one please?

Chris_Atkinson · ‎2022-12-26

Threat Emulation is about users downloading potential malicious content from external / untrusted sources. Typically this isn't something you would enforce for internal content.

CCSM R77/R80/ELITE

anstelios · ‎2022-12-27

I understand what you're saying here, but my question wasn't specifically about TE.
I am talking about all TP blades in general.

At the end of the day, we have remote users accessing internal resources through Harmony Connect which is CPs SASE solution.
So how are these resources protected during this access? Are there any TP blades applied to this traffic??

Chris_Atkinson · ‎2022-12-27

"The Threat Prevention profile is applicable to Internet Access (remote and branch users) and Network Access (remote and branch users)."

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Connect-Admin-Guide/T...

CCSM R77/R80/ELITE

Are you a member of CheckMates?

Harmony Corporate Access: How does Protection Profile work for internal applications?