Deploying the Harmony Mobile Protect app automatically (Zero Touch Deployment)

This section is optional.

UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. solutions traditionally prompt the mobile device user to install the application once it is registered. In addition, to get full protection, the user needs to approve the required permissions and profiles. Many users are vigilant about installing new mobile applications or granting different permissions, and as a Security company, Check Point even encourages that. Most of them don't know that the Harmony Mobile Protect app is focused on device characteristics and behaviors and not the content stored on or flowing through the device. Furthermore, some users are incompliant with the company's security policyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., especially when they use their own devices. Therefore, users often decide not to install the app or approve the required configuration. On top of that, users who do agree to install and accept the configuration will not often do it immediately and it will take time until the application is activated. As a result, many devices remain exposed to potential cyber-attacks.

Harmony Mobile's innovative zero-touch technology allows the Protect app to be installed and activated automatically without any user interaction. The solution leverages Check Point's unique bootstrap technology to establish zero-touch activation.

Zero Touch deployment is optional, if the organization does not want to force Harmony Mobile to activate itself automatically on employees' devices, please skip this chapter.

  • Zero Touch Deployment in Android Enterprise devices

    Zero-Touch Deployment for Android Enterprise devices is not available yet.

  • Zero Touch Deployment in iOS devices

    1. Create new User Credential Profile. Go to Policies and Profiles > Certificates > User credentials > Add new.

      Give it a name and choose Certification authority connection > Manually uploaded certificates > Add.

    2. Create a new VPN Profile. Go to Policies and Profiles > Networks and Connections > VPN > Add new.

      • Name: Check Point Local Tunnel

      • Chose only iOS.

      • Connection Type: Custom

      • VPN bundle ID: com.checkpoint.capsuleprotect

      • Server: www.checkpoint.com

      • Authentication Type: User Credentials

      • Associated user credential profile > the profile we created in the previous section.

      • Enabled VPN on demand.

        On demand rules:

        <array><dict><key>Action</key><string>Connect</string><key>InterfaceTypeMatch</key><string>WiFi</string></dict><dict> <key>Action</key><string>Connect</string><key>InterfaceTypeMatch</key> <string>Cellular</string></dict><dict><key>zero_touch</key><string>true</string></dict></array>

    3. Assign the credentials profile and the VPN configuration to your devices group. Go to Groups > User > your_group

      Select both profiles we created in the previous sections by clicking the (+) button.

    4. Download the certificate https://secureupdates.checkpoint.com/mobile/sbm/sbm_vpn_cert.p12

      And upload it to your Activation Profile.

      Password: Aa123456

CA certificate deployment using the UEM

In order to inspect the HTTPS traffic coming from your devices you can install a root CA certificate on the devices using the UEM capabilities.

You can use the same profiles that were created for Zero-Touch deployment but for this example we will create a new profile.

Follow these steps to generate certificate in Harmony Mobile dashboard that is dedicated to your policy.

  1. Go to Policies & Profiles > Managed devices > Certificates > CA Certificate > Add (+):

  2. In CA Certificate Profile, fill in the following:

    1. Name: CA Certificate SSLClosed Secure Sockets Layer. The standard security technology for establishing an encrypted link between a web server and a browser.

    2. Give it a description

    3. Upload the certificate that was downloaded from the policy in the Harmony Mobile dashboard (as mentioned above).

  3. Click Add

  4. Validate that the CA Certificate Profile you added exist:

  5. Click on the Certificate Profile and validate the details: