Harmony SASE Administration Guide

Deploying the Harmony SASE Agent

You can deploy the Harmony SASE Agent manually or using a Mobile Device Management (MDM) provider.

Deploying the Agent Manually

To deploy the agent manually:

Invite Members

The system sends an email to members with a link to accept the invite and download the Harmony SASE Agent. The invitation is valid for 30 days. If the invitation expires, you must resend the invitation.
Download the agent and distribute it manually, for example, through email.
Copy the agent download link and share it manually, for example, through email.

Deploying the Agent Using an MDM Application

You can deploy the agent using any of these popular Mobile Device Management (MDM) applications:

Cisco Meraki
JAMF Cloud
ManageEngine
Microsoft Intune
Microsoft System Center Configuration Manager (SCCM)
MobileIron
VMWare AirWatch

Common Commands

Operating System	Windows (.msi installation flags for versions 11.0 and above):	Windows (.msi installation flags for legacy versions (up to 11.0):	macOS
Command for			macOS
Silent Installation	`msiexec /quiet /i Harmony_SASE_x.x.x.xxx.msi` To know the installation status after the silent installation, run: `start /wait msiexec /quiet /i “Harmony_SASE_x.x.x.xxx.msi"` `echo %errorlevel%`	`msiexec /quiet /i Perimeter81_x.x.x.xxx.msi` To know the installation status after the silent installation, run: `start /wait msiexec /quiet /i “Perimeter81_x.x.x.xxx.msi"` `echo %errorlevel%`	`$ sudo installer -pkg Perimeter81_x.x.x.xxx.pkg -target /` To change the agent permissions after the installation, run: `$ sudo chown -R $(stat -f%Su /dev/console) "/Applications/Perimeter 81.app"` `$ chmod -R u=rwx "/Applications/Perimeter 81.app"`
Pre-populating the tenant or workspace name	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"`	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"`	`$ sudo defaults write com.perimeter81d workspace workspace_name` To remove pre-populated workspace/tenant name, run: `$ sudo defaults delete com.perimeter81d workspace` This is supported only with agent version 8.0.4.116 and higher.
Pre-populating the data residency region	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	`$ sudo defaults write com.perimeter81d region "EU or US"` For `region`, add `"EU"` for Europe and `"US"` for America.
Pre-populating the tenant or workspace name and data residency region	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	To pre-populating the tenant or workspace name, run: `$ sudo defaults write com.perimeter81d workspace workspace_name` To pre-populating the data residency region, run: `$ sudo defaults write com.perimeter81d region "EU or US"` For `region`, add `"EU"` for Europe and `"US"` for America.
Uninstallation	`msiexec /x "Harmony_SASE_x.x.x.xxx.msi"`	`msiexec /x "Perimeter81_x.x.x.xxx.msi"`	Run the uninstall script.

16 September 2024

© 2024 Check Point Software Technologies Ltd.