This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wei_Soon_Heng
Contributor
Contributor
‎2024-02-04 09:44 PM
Jump to solution

Harmony Endpoint client that is not allowed to go to Internet

Hi All,

Recently, my client has purchased 250 seats of harmony endpoint license with EPS Cloud Management.

Their environment is all servers that comprised mix of Window and Linux and are not allowed to go to Internet.

In this case, how should we ensure that installed endpoint client able to grab malware database update and how management server able to manage those offline client ?

I had gone through Harmony Endpoint EPMaaS Administration Guide, there are few possible methods to achieve and will need verification on some capability as listed below:

Super Node:

1) Does Super Node able to push all Threat Prevention blade database update to all endpoint clients(Windows and Linux), and able to relay policy changes to clients(Windows and Linux)?

Proxy:

1) Does authenticated proxy able to work on Linux servers?

2) I knows that it mostly will work on Windows server.

Deploy another On-Prems Endpoint Management Server

1) If the On-Prem Endpoint Management Server is able to go over internet, does the client(Linux and Windows) itself also need to have internet connectivity ?  Based on Harmony Endpoint EPMaaS Administration Guide, it shows the linux endpoint need to have internet connectivity by itself.

Thanks,

1 Solution

Accepted Solutions
JonnyRabinowitz
Employee
Employee
‎2024-03-13 04:29 AM
In response to JonnyRabinowitz
Jump to solution

E88.20 is now available and includes this capability for Windows based clients

Enables semi-isolated environment where all endpoint communications are routed through a super node

This capability is for Early Availability (EA) and not available by default in General Available (GA) version 

Please unicast me if any interest to join EA program

View solution in original post

0 Kudos
5 Replies
G_W_Albrecht
Legend
Legend
‎2024-02-05 12:05 AM
Jump to solution

Ask CP TAC for the configuration suggested by CP !

 

CCSE CCTE CCSM SMB Specialist
0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-02-05 01:55 PM
Jump to solution

You are correct that the SuperNode is available for Windows and allows to share local copies of things like Anti-Malware signatures, Behavioral Guard rules and Static Analysis ML/AI models. 

This capability is currently being extended so that will allow all communication from the Windows client to be made through the Super Node and prevent direct connectivity to the Internet. These new capabilities should e available during Q1 2024

There are also plans to have the SuperNode provide the same capabilities for Linux and Mac clients. The final schedule for these items has not been locked down yet but should be in firs half of the year

Blason_R
Leader
Leader
‎2024-03-10 08:21 PM
In response to JonnyRabinowitz
Jump to solution

Hey Folks,

Wondering has that been rolled out? Will that be available in R81.20?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-03-11 04:26 AM
In response to Blason_R
Jump to solution

Hi Blason

Yes. It will be available in E88.20 that should be released any time soon (will try and remember to post again when it does)

The capability will be available for Windows clients as Early Availability (EA). Please reach out to me directly if want to participate

 

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-03-13 04:29 AM
In response to JonnyRabinowitz
Jump to solution

E88.20 is now available and includes this capability for Windows based clients

Enables semi-isolated environment where all endpoint communications are routed through a super node

This capability is for Early Availability (EA) and not available by default in General Available (GA) version 

Please unicast me if any interest to join EA program

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events