Deploying the Harmony Mobile Protect app automatically (Zero Touch Deployment) [Optional]
UEM
Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. solutions traditionally prompt the mobile device user to install the application once it is registered. In addition, to get full protection, the user needs to approve the required permissions and profiles. Many users are vigilant about installing new mobile applications or granting different permissions, and as a Security company, Check Point even encourages that. Most of them don’t know that the Harmony Mobile Protect app is focused on device characteristics and behaviors and not the content stored on or flowing through the device. Furthermore, some users are incompliant with the company’s security policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection., especially when they use their own devices. Therefore, users often decide not to install the app or approve the required configuration. On top of that, users who do agree to install and accept the configuration will not often do it immediately and it will take time until the application is activated. As a result, many devices remain exposed to potential cyber-attacks.
Harmony Mobile’s innovative zero-touch technology allows the Protect app to be installed and activated automatically without any user interaction. The solution leverages Check Point’s unique bootstrap technology to establish zero-touch activation.
It is important to note that the following steps of zero-touch deployment are optional. If the organization does not want to force Harmony Mobile to activate itself on employees devices, please skip this chapter.
-
Zero Touch Deployment in Android Enterprise devices
-
Create new Device Policy. Go to Configure > Device Policies > Add.
-
Select Endpoint Management Options.
-
Select a name for the policy and click Next.
-
In Platforms > leave only Android Enterprise > Select Enabled always-on VPN for VPN package: com.lacoon.security.fox
-
Deployment Rules > Advanced > New Rule: Limit by known device property name - CHKP_Status - isn't equal to – Active, and click the “+” sign:
-
Click on Next.
-
On the Assignment screen, select the Delivery Group you created in ''Creating a Delivery Group'', in our example: Users_Group_SBM
-
Also, under Deployment Schedule, toggle the button Deploy for always-on connections to be ON.
-
Click Save:
-
-
Zero Touch Deployment in iOS devices
-
Create new Device Policy. Go to Configure > Device Policies > Add.
-
Select iOS > Policies most often used > VPN.
-
Leave only iOS checked and select a name for the policy.
-
Click Next.
-
Under iOS fill in the following:
-
Connection name: Check Point Local Tunnel
-
Connection Type: Custom SSL
Secure Sockets Layer. The standard security technology for establishing an encrypted link between a web server and a browser. -
Custom SSL Identifier: com.checkpoint.capsuleprotect
-
Server name or IP address: www.checkpoint.com
-
Authentication Type for the connection: Password
-
Auth Password: (type an optional authentication password)
-
-
On Custom XML > Add three rules:
-
Parameter name: OnDemandRules
Value (copy-paste the below):
<array> <dict><key>Action</key> <string>Connect</string><key>InterfaceTypeMatch</key><string>WiFi</string></dict> <dict> <key>Action</key><string>Connect</string><key>InterfaceTypeMatch</key><string>Cellular</string></dict></array>
-
Parameter name: OnDemandEnabled
Value: 1
-
Parameter name: zero_touch
Value: true
-
-
Click Next
-
On the Assignment screen, select the Delivery Group you created in ''Creating a Delivery Group'', in our example: Users_Group_SBM
-
Also, under Deployment Schedule, toggle the button Deploy for always-on connections to be ON.
-
Click Save:
-
