Enterprise Browser

The Enterprise Browser is a Chromium-based browser integrated with Check Point Harmony. It is built on the SURF Security application. It can be used independently or as an extension within the Harmony SASE environment. The browser provides enhanced security features, including support for Zero Trust Network Access (ZTNA) and Single Sign-On (SSO) integration with Check Point platforms.

Enterprise Browser supports both managed and unmanaged devices, providing more flexibility and capabilities.

To access the Enterprise Browser page, access the Harmony SASE Administrator Portal and click Enterprise Browser.

Note - This feature is in Early Access. For access, contact Check Point Support.

Key Capabilities

  • Data Isolation - Secure browser container isolates corporate data from device OS.

  • DLP Controls - Block uploads, downloads, copy and paste, print, and screen capture. Files can be encrypted and scanned before access. Watermarks deter screen capture. Password managers are blocked and credentials are never stored locally.

  • Agentless Device Posture Check - Validates AV, disk encryption, OS, and running processes without installing agents. Ideal for unmanaged devices.

  • Full Session Visibility and Auditing - Logs navigation, usage, keystrokes, and system metrics. Supports audit, compliance, and incident response. Monitoring is role-based and context-aware. Defends against MITM attacks on insecure networks.

Use Case

  • Third-Party Contractors - Grant temporary access with download restrictions, session termination, and activity monitoring.

  • BYOD Compliance - Enforce HIPAA, GDPR, and NIS2 compliance with data isolation and audit logging.

  • Short-Term Access - Enable secure access without provisioning devices for projects or Mergers and Acquisitions (M&A).

  • Privileged Users - Restrict tool usage and monitor activity for developers, admins, and support teams.

Prerequisites

Admin access to both the SURF Security platform and the Infinity Portal.

Configuring Enterprise Browser

Step 1: Creating an Application Access Policy

  1. Access the Harmony SASE Administrator Portal and click Private Access > Application Policies.

  2. Click Add Policy.

    The Add New Policy page appears.

  3. Enter these:

    1. Policy Name - Name of the policy.

    2. Logical Operator:

      • From the Policy Action list, select either of these:

        • Allow

        • Deny

      • From the list, select one of these:

        • When all match – The policy is considered compliant only if all defined rules are met.

        • When some match – The policy is considered compliant if at least one defined rule is met.

  4. To add the rules for the policy, click Add Rule and select Browser.

    The Rules section appears.

  5. From the Browser list, select Harmony Enterprise Browser.

  6. Click Save.

Step 2: Defining Application Policy

  1. Go to Private Access > Applications.

  2. Click Add Application.

    The Add application window appears.

  3. Specify these:

    1. Application Name

    2. Protocol

    3. Host

    4. Port

    5. Network

    6. Groups ad Members

    7. Policy Name - Select the policy name that you created in Step 3.a while Creating an Application Access Policy.

      For information on how to add an application, see Adding an Application.

  4. Click Apply.

    The system lists the application in the Applications page and enables it by default.

Step 3: Accessing the Admin Console of Enterprise Browser

  1. Access the Harmony SASE Administrator Portal and click Enterprise Browser.

  2. Click Open Console.

    The Enterprise Browser Admin Console is launched.

  3. Sign in through SSO.

    Note - Only users with admin role can access the console.

  4. To download the enterprise browser, go to Devices > Downloads > Enterprise Browser and then select the enterprise browser for your Operating System, and click Download.

    For more information, see Downloads.