Important Information

	Certifications For third party independent certification of Check Point products, see the Check Point Certifications page.
	Check Point Harmony Connect For more about the latest release, see the Harmony Connect What's New page.
	Latest Version of this Document in English Open the latest version of this document in a Web browser. Download the latest version of this document in PDF format.
	Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments.

Revision History

Date	Description
18 January 2023	Added Simulation Mode.
16 January 2024	Added a note about Native RDP client.
20 December 2023	Added a note about TunelCrack diversion. See Bypass Destinations.
18 December 2023	Starting from the Harmony Connect Agent version 1.5.7, you can block internet access on the endpoint unless the end-user successfully completes the registration with the agent after downloading it. See Adding Users.
12 December 2023	Desktop device posture now supports verifying Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. software application for macOS. See Device Posture.
11 December 2023	Added Exit Agent by End User. Added Anti-tampering Manager. See Specific Service Roles. Updated Suspend Security by End User and Uninstall Agent. See Harmony Connect Agent.
8 November 2023	Added Managing Groups. Updated Users and Devices status: Users Devices
18 October 2023	Replaced the term Microsoft Azure AD with Microsoft Entra ID (formerly Azure AD). Added AP region to which the Connector must have access. See Monitor Connector Status.
10 October 2023	Divided Users and Devices into separate topics: Users Devices
27 September 2023	Added support for Multiple Identity Provider.
05 September 2023	Added VPN Logs.
04 September 2023	Added toggle button to enable Automatic Agent Deployment. See Agent Deployment.
21 August 2023	Added Compliance Logs.
04 July 2023	TCP is not supported when you add new service types and added the new SSL Certificate Validation option. See Corporate Office Security.
03 July 2023	Added App Deployment Manager role. See Specific Service Roles.
29 June 2023	Added: Desktop Device Posture Agent Deployment
07 June 2023	Added option to view tunnel metrics when Adding a New Branch Site.
11 May 2023	Added support to configure Internet and Network Access policies through Check Point Harmony Connect API. Note that Check Point Harmony Connect API is not supported with the SmartConsole Mode.
20 April 2023	For new accounts created from April 02 2023 onwards, IDP configuration is supported from Global Settings. See Identity Provider Settings. Added Google IDP to the Feature Support table.
17 April 2023	Added information about Safe Search.
5 April 2023	Threat Prevention Exceptions supports URL.
24 March 2023	Updated Accessing the Harmony Connect Administrator Portal for the new Trial Management process.
14 March 2023	Added information about Key Expiration in User Session. Updated the minor UI details in Integrations. Replaced the term Harmony Connect App with Harmony Connect Agent. Added information about the Policy Operations Manager in Specific Service Roles.
7 March 2023	Added Check Point Quantum Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. to Branch Offices.
28 February 2023	Added information about Upgrading the Connector Without Access to Docker Hub in Appendix B - Upgrading the Connector. Added a new topic Performance and Latency Considerations. Harmony Connect supports exporting logs to third-party applications. See Logs and Events. Added OPNsense to Branch Offices.
13 February 2023	Added information about the SSL certificate verification. See Web Applications. Added information about the SSH server key verification. See SSH Applications.
24 January 2023	Added a new topic Adding Harmony Connect PoP IP Address to SaaS Application Allow-List.
27 December 2022	Added a table to identify the group ID in Identity Providers that do not support automatic sync. See Adding Users and Groups Manually and Enforcing Access Control.
10 November 2022	Added a walkthrough for configuring Microsoft Azure AD with Harmony Connect as the Identity Provider. See Configuring Microsoft Azure AD as Identity Provider. Added information about the Specific Service Roles. See Specific Service Roles. Added prerequisite to add users for macOS-based endpoints. See For macOS-based PCs.
07 November 2022	Added support for Updatable Objects: To the destination in the Internet Access policy. As an exception to the full SSL Inspection
04 November 2022	Added information about seamless login for Identity Providers. SeeIdentity Provider Settings.
13 October 2022	Added a new topic Management Mode. Management Mode allows you to choose the mode to manage Harmony Connect; Infinity Portal or SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
11 October 2022	Added how to determine the Connector's version number. See Setting up an Application Site and Appendix B - Upgrading the Connector (Application Access).
06 October 2022	Updated Setting up an Application Site that `sudo su` must be run before running the Docker Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. command.
30 September 2022	Added information about the number of users supported for Internet Access, Network Access and Application Access. See Adding Users, Updated the Docker command for Application Access. See Setting up an Application Site.
21 September 2022	Add support for Harmony Connect Agent version 1.2.8 for macOS. See Harmony Connect Agent.
15 September 2022	Added a new feature User Authentication Mode.
08 September 2022	The system now verifies the specified corporate DNS server information. See Corporate DNS Servers.
24 August 2022	Added information about the new feature, Device Authentication. The feature is available only to customers in the Early Availability program.
03 August 2022	Added information about managing multiple HTTPS certificates. See Managing Certificates.
20 June 2022	Updated the topic for Branch Offices Fortinet SD-WAN Software-Defined Wide Area Network - A virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE and broadband internet services – to securely connect users to applications. support.
15 June 2022	Updated the Hibernate mode conditions. See Appendix C - Hibernate Mode. Updated that only the Active Directory It is a Microsoft directory service that enables Administrators to manage permisssions and network resources. domain is verified for Access Control.
16 May 2022	Added supported operating systems for Native RDP. See RDP Applications.
04 May 2022	Enhanced the procedure in the Appendix B - Upgrading the Connector (Application Access) topic.
26 April 2022	Added the support of Podman with Harmony Connector. See Setting up an Application Site.
25 April 2022	Added the third bullet point that a deleted user is still connected to the network until the certificate on the server is revoked. See Deleting Users.
13 April 2022	Added IP addresses for regions to which the Connector must have access. See Monitor Connector Status.
22 March 2022	Added a new topic for the feature Monitor Connectors. See Monitor Connector Status. Updated: Remote Users Setting up an Application Site
28 February 2022	Access Conditions feature: Added a new topic. See Device Posture. Updated the Remote Users topic.
21 February 2022	Added a note that branch office and data center subnet addresses cannot be in the range 100.64.0.1-100.127.255.254. See Adding a New Branch Site and Adding a New Data Center or Cloud Infrastructure.
16 February 2022	Updated: The following topics for the new Network Access feature: Introduction to Harmony Connect Getting Started with Harmony Connect Enforcing Access Control Added: The following topics for the new Network Access feature: Remote Users Adding a New Data Center or Cloud Infrastructure Installing the Connector for Network-Level Access Network Access Corporate DNS Servers Connectivity Mode
15 February 2022	Updated the Threat Prevention topic with information on how to add a Threat Prevention exception.
08 February 2022	Added Control Plane IP addresses to the table. See Setting up an Application Site.
31 January 2022	Added prerequisite for Windows-based endpoints to install theHarmony Connect Agent. See Adding Users. Red Hat Linux 7.9 and CentOS 7.9 are supported for the Application-Level Access Connector application. See Setting up an Application Site.
24 January 2022	Added additional IP addresses for the Sydney data plane region and added a new data plane region Ireland. See Setting up an Application Site.
20 January 2022	Added Oregon and Seoul data planes to the EMEA region. See Setting up an Application Site.
18 January 2022	Updated IP Address and FQDN columns in the table. See Setting up an Application Site.
06 January 2022	Updated: The RDP Applications topic for the new Native RDP Client feature.
19 December 2021	Added: A new topic - Getting Started with Harmony Connect
15 December 2021	Updated: FQDNs in the table. See Setting up an Application Site. The latest version of CentOS (7.7.1908) supported for the Application Access Connector. See Setting up an Application Site.
08 December 2021	Added: A new Appendix book. Updated: Step 5 in Configuring OneLogin as Identity Provider.
29 November 2021	Added: Supported Linux OS in the Setting up an Application Site section. The third bullet and the Control Plane column in the Setting up an Application Site topic. Updated: Appendix A - Installing Linux and Docker - added the link to the Setting up an Application Site section. Setting up an Application Site - the IP addresses. Setting up an Application Site Configuring Microsoft Azure AD as Identity Provider How It Works - the Control Plane and Data Plane sections.
03 November 2021	Updated: Setting up an Application Site Web Applications Linked Web Applications All Trusted Devices View
17 October 2021	Added: API Reference Data & Privacy Updated: General updates Changed Remote Access and Clientless Access to Application Level Access Format of portal URLs
03 October 2021	Added: Tunnel Applications Updated: General updates Configuring Ping Identity as Identity Provider
08 August 2021	Updated: Configuring Okta as Identity Provider
28 July 2021	Updated: Configuring Microsoft Azure AD as Identity Provider DNS Troubleshooting for Connector Setting up an Application Site Application Access
09 July 2021	Added: Remote Users Updated: Getting Started with Harmony Connect Logs and Events Adding Users Users and Devices Merged Application-Level Access to Corporate Applications
20 May 2021	Added: Domain Verification Updated: Configuring Ping Identity as Identity Provider Configuring Okta as Identity Provider
Added: 02 May 2021	Added: Enforcing Access Control Updated: Access Control Identity Provider Settings Configuring Microsoft Azure AD as Identity Provider
22 February 2021	Changed the name from CloudGuard Connect to Harmony Connect
10 November 2020	Added: Identity Provider Settings General updates
03 May 2020	General updates
31 March 2020	Sites changed to Assets
20 February 2020	General updates
01 December 2019	First release of this document