This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
timlewandowski
Explorer
‎2022-10-24 04:50 AM

Harmony Corporate Access: How does Protection Profile work for internal applications?

Dear Check Mates,

 

on harmony connect's threat prevention profile it says: "Includes protection for users browsing the web, working with desktop applications, accessing corporate applications, sharing files over FTP or using other network protocols."

 

1. Does this mean traffic to internal windows file servers is also verified?

2. What happens if a customers attempts to upload a malware to an internal file server? Is the connection terminated? Does the users receive some notification about this?

3. Is there any documentation concerning this feature? Unfortunately, the Admin Guide is very unspecific here.

 

Thank you all for your input

Tim

 

Screenshot 2022-10-24 at 13.44.46.png

Labels
0 Kudos
8 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-10-25 12:17 AM

For remote users / branches or both?

I see there's some risk of confusion here between Corporate Access & Internet Access license options and what each entails.

With that said some of the user centric use cases that immediately come to mind here are:

  • SaaS applications accessed via the "Internet" (SWG for remote users)
  • Split tunneling risk mitigation (for traditional VPN)
  • Secure remote access (single agent)
  • Secure remote access (clientless) - Application access is abstracted/proxied.

Recommend discussing further with your local SE to dive deeper.

 

CCSM R77/R80/ELITE
0 Kudos
timlewandowski
Explorer
‎2022-10-25 01:04 AM
In response to Chris_Atkinson

Hi Chris, 

thanks for your quick reply.

I am referring to both (remote users and branches) accessing corporate applications. The profile description indicates that connections are sandboxed. Is this correct?

 

BR
Tim

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-10-25 01:13 AM
In response to timlewandowski

Typically, you would apply Threat Emulation (Sandboxing) to files from external sources correct.

CCSM R77/R80/ELITE
0 Kudos
anstelios
Collaborator
‎2022-10-25 09:45 AM
In response to Chris_Atkinson

I 'm not sure I understand this answer.

When we use Harmony Connect client (Secure Remote Access) for network access, does user traffic to internal resources go through the TP profile blades??

Same question for the clientless Application Access.

0 Kudos
anstelios
Collaborator
‎2022-12-26 02:37 AM
In response to anstelios

Can we have someone from CP to reply on this one please?

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-12-26 04:05 AM
In response to anstelios

Threat Emulation is about users downloading potential malicious content from external / untrusted sources. Typically this isn't something you would enforce for internal content.

CCSM R77/R80/ELITE
0 Kudos
anstelios
Collaborator
‎2022-12-27 11:32 AM
In response to Chris_Atkinson

I understand what you're saying here, but my question wasn't specifically about TE.
I am talking about all TP blades in general.

At the end of the day, we have remote users accessing internal resources  through Harmony Connect which is CPs SASE solution.
So how are these resources protected during this access? Are there any TP blades applied to this traffic??

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-12-27 02:21 PM
In response to anstelios

"The Threat Prevention profile is applicable to Internet Access (remote and branch users) and Network Access (remote and branch users)."

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Connect-Admin-Guide/T...

CCSM R77/R80/ELITE
0 Kudos
Upcoming Events

    CheckMates Events