2025

• Operational events and tunnel logs are now integrated to and available in Infinity Events.

• A new Device Posture Check (DPC) feature offers full device certificate validation. Administrators can now verify authenticity, validity, and private key matching to strengthen overall device security and compliance. This feature requires Windows agent version 12.0.

• SaaS API in Harmony SASE is now available in Australia and India.

• Introduced Tenant Restrictions to control user access to approved Office 365 and Google Workspace tenants. For more information, see Tenant Restrictions.

• Data Loss Prevention (DLP) Support for File Uploads

  Added Data Loss Prevention (DLP) support for file uploads to detect and block sensitive data exfiltration.

• Enhanced Application Control

  Enhanced granularity in Application Control with new actions to block file uploads to Box and Google Drive.

N/A

• Support for enterprise clients

  Admins can now manage members in large groups, exceeding 500 users.

• Support for device isolation

  (Available for Windows and macOS devices with agent version 11.6 and higher)

  Admins can now add an extra preventive security layer for devices by blocking all local network (LAN) traffic when the device is connected to the VPN. This isolates the device from nearby devices, reducing risks such as lateral movement or exposure to unsafe local traffic. Outbound communication to external resources and the public internet remains unaffected. For more information, see Device Isolation.

• Firewall logs location change

  Firewall logs have moved to the new Unified Logs/Security Events page in Infinity Events, which allows users to:

  • View logs across all Check Point products in a centralized location

  • Search, filter, and analyze events for faster threat detection and response

  • Automate workflows using Infinity Playblocks and Event Forwarding

  • Send automated notifications for Harmony SASE via email, SMS, Slack, and Microsoft Teams using Infinity Playblocks

  • Export events using Check Point Infinity's Event Forwarding

• Check Point Enterprise Browser with Surf Security Integration

  This release introduces SSO connectivity from Harmony SASE to the Surf Security admin platform, along with browser-level Zero Trust Access (ZTA) enforcement. Surf Security provides agentless protection for unmanaged devices, offering features such as session recording, screen capture prevention, and device posture checks.

  For more information, see:

  • Enterprise Browser

  • SASE_enterprise_browser_fov.pdf

  • SASE_enterprise_browser_wpr.pdf

• Internet Access - Tenant Restrictions

  Added support for tenant restrictions in Office 365 and Google Workspace. This feature allows access only to organization-approved tenants, blocking personal and unauthorized corporate accounts to prevent data leakage and unapproved external collaboration.

  For more information, see Tenant Restrictions.

N/A

• Increased Active Directory (AD) domain support in Device Posture Check (DPC) from 2 to 10 domains.

• Renamed the Unified Logs page to Security Events.

• New Point-of-Presence (PoP) in Taipei, expanding coverage and enhancing performance.

  For full list of cloud locations, see Regions and Point-of-Presence.

• Revised Members page - Added support for large-scale user management.

• A new panel for user and group selection is now available on the right side of the interface, providing better support for large directories and an enhanced search experience.

• You can now add up to 10 individual users per firewall rule. For larger groups, use user groups for easier management.

• Added New Data Residencies: Australia and India

  Harmony SASE is now available in the Infinity Portal in two new data residencies, Australia and India, in addition to the existing US and EU options. This expansion supports customers with regional data residency requirements and broadens our global reach. See the blog post.

• New iOS Agent with Harmony Mobile Protect available on the App Store

  The latest iOS agent is now live on the App Store and available from the Downloads page in Harmony SASE. The new version:

  • Integrates Harmony Mobile Protect security features with SASE Private Access connectivity.

  • Requires a Harmony Mobile Protect license.

• Internet Access – Allow Logs now available
  Administrators can now view Allow logs for Internet Access policies, in addition to existing block and alert logs. This enhancement improves visibility of permitted user activity and helps with auditing and troubleshooting. Available on agent version 11.5 or above.

  Note - This feature may generate a high volume of logs.

• Internet Access Logs integrated with Infinity Events and SIEM Export Support

  • All security engines in Internet Access, such as URL Filtering, Anti-Virus, and Anti-Bot, now send logs to Infinity Events, providing centralized and real-time visibility across your SASE deployment.

  • You can now export logs to your SIEM solution via Syslog from Infinity Events. This enables streamlined incident response, threat hunting, and compliance reporting by integrating SASE logs into your existing security workflows.

    Note - Configuration for SIEM export is available in the Infinity Portal. For more information, see the Infinity Portal Administration Guide.

• Agent Anti-Tampering

  Anti-tampering is now supported (available on agent version 11.5 and above). Uninstalling the agent requires a code, preventing unauthorized removal.

• Internet Access Transparent Installation
  A new transparent install capability allows Internet Access protection to be applied immediately upon agent installation, without requiring user login. This ensures instant security for internet traffic. For more information, see Transparent Internet Access Installation.

• Trusted Networks Enhancement

  Trusted networks can now be identified using an HTTPS server, providing more flexible and secure detection mechanisms.

• Unified Log View

  Harmony SASE introduces a redesigned log screen that aligns with Infinity Events, delivering a unified and consistent log experience across platforms to enhance visibility and simplify analysis.

Improved security visibility by capturing only events blocked by firewall rules

Key features:

• Improved Visibility - Only events that are blocked by firewall rules are logged, helping you quickly identify and troubleshoot unauthorized access attempts.

• Network-Level Control - Logging can be enabled or disabled at the network level directly from the Firewall configuration page, allowing for granular logging based on specific network needs.

• Log Access - You can view the logged events in:

  • SASE Unified Logs

  • Infinity Events page

  To enable firewall logs, contact Check Point Support.

• Added API support for managing Zero Trust applications. For more information, refer to the API documentation.

• Updated the default bypass rules in Harmony SASE to align with the standard configuration used in Check Point Quantum Security Gateway. See sk163595.

• Harmony SASE network or user managers inherit their role from Check Point Infinity Portal. We now support service roles for network and user managers.

• Firewall events are now presented in the Infinity Events application in the Infinity Portal (Early Availability). This enables customers to consolidate logs from all Infinity Portal applications in a single location.

• Harmony SASE strengthens security for locally defined users by enabling two-factor authentication (2FA) by default for newly created tenants.

• Group naming becomes more flexible now, allowing names to include special characters for groups synced via SCIM.

• Firewall policy action names and images are aligned with Check Point’s terminology and standards, using Drop and Accept, instead of Deny and Allow.

Early availability programs for upcoming Harmony SASE enhancements:

1. Agent 11.5 – Enhanced Security, Control, and Usability

   The latest Agent 11.5 update introduces multiple improvements to security, policy enforcement, and user experience.

   What's New:

   • New Threat Prevention Policy – Includes threat emulation, anti-bot, and malware protection, with the flexibility to enable or disable as needed.

   • Trusted Networks via HTTPS Server – Define trusted networks based on an HTTPS server, enhancing security posture.

   • URL Filtering Log Support – Enables logging for better visibility and analysis of URL filtering actions (Allow or Deny).

   • Application Control Enhancements – Administrators can now regulate the use of SaaS applications, ensuring compliance and security by allowing, blocking, or restricting specific applications based on policies. This helps prevent unauthorized access, control bandwidth usage, and enforce corporate security guidelines.

   • Transparent Internet Access Installation – This is a simplified deployment with seamless internet access configuration. For more information, see Deploying the Harmony SASE Agent.

   • Enhanced Anti-Tampering Protection – Agent exit code protection now also applies to uninstallation, preventing unauthorized removal.

   • These updates enhance security, visibility, and ease of management for administrators.

2. Site Security - Strengthening protection and policy enforcement for remote locations.

3. Next-Generation Networking (NGN) – Advancing network performance and security for modern enterprise needs. Admins can now gain early access to NGN capabilities and provide feedback before the general release. To participate, contact your Check Point representative.

   What's New:

   • Single Public IP per Region – Simplifies management by eliminating the need to handle individual gateway IPs.

   • Enhanced IPSec Tunnels – Supports up to eight parallel tunnel legs for improved redundancy, link aggregation, and streamlined IPSec configuration.

• New Point-of-Presence (PoP) in Zurich, Switzerland, expanding coverage and enhancing performance.

• Harmony SASE now features a redesigned log screen that matches the look and feel of Infinity Events. This update provides a seamless and consistent experience across platforms, enhancing visibility and simplifying log analysis.

• New PoP in Brussels - Launched a new Point of Presence (PoP) in Brussels, Belgium, expanding coverage and enhancing performance.

• Hybrid-Split Tunneling Enhancement - Administrators are now guided to configure automatic split tunneling for optimal traffic routing. Existing configurations are migrated automatically with no impact on current networks.

• Microsoft Outlook is now excluded by default from Internet Access bypass rules.

• Administrators can now manage the multi-monitor settings for ZTA RDP applications.

• Improved security warning when disabling 2FA for local users. Administrators can now see a clear notification highlighting the security risks before confirming the action.

• The new Hybrid Split Tunneling functionality automates tunneling of private traffic only, ensuring an optimized end-user experience along with full connectivity (Currently available in Early Availability)

• Added two new predefined member roles, Network Manager and User Manager, for simplified management. These roles simplify permissions setup, enhance security, and improve access control. For more information, see Member Roles and Permissions.

• Added the new Explore Harmony SASE page that helps customers discover and understand Harmony SASE features. It guides them to enhance their security posture, manage SASE effectively, and follow best practices with video guides and tips.

• Harmony SaaS is now accessible through Harmony SASE, offering enhanced security for your SaaS applications. Make sure you have the appropriate license to fully utilize Harmony SaaS. For more information, refer to the Harmony SaaS solution brief (Currently available in Early Availability)
  

• Wildcard support is now available for URL Filtering rules, offering greater flexibility and efficiency. Use the * wildcard to match multiple URLs with similar patterns (for example, *.example.com covers all subdomains and paths under example.com). For more information, see the blog post.

N/A