2025

April

New Features

  • Added API support for managing Zero Trust applications. For more information, refer to the API documentation.

  • Updated the default bypass rules in Harmony SASE to align with the standard configuration used in Check Point Quantum Security Gateway. See sk163595.

  • Harmony SASE network or user managers inherit their role from Check Point Infinity Portal. We now support service roles for network and user managers.

  • Firewall events are now presented in the Infinity Events application in the Infinity Portal (Early Availability). This enables customers to consolidate logs from all Infinity Portal applications in a single location.

Feature Enhancements

  • Harmony SASE strengthens security for locally defined users by enabling two-factor authentication (2FA) by default for newly created tenants.

  • Group naming becomes more flexible now, allowing names to include special characters for groups synced via SCIM.

  • Firewall policy action names and images are aligned with Check Point’s terminology and standards, using Drop and Accept, instead of Deny and Allow.

 
  • P81-64882 - Resolved an issue where enabling two-factor authentication (2FA) for Azure IDP disrupted the login flow.

  • P81-63630 - Firewall events log page fails from time to time.

  • P81-66970 - Admin user deletion is audited on the admin activity log.

  • P81-67091 - Resolved an issue affecting groups synchronized from Azure, where users were not being added to groups as expected, and existing group memberships were removed.

March

Early Availability Programs

Early availability programs for upcoming Harmony SASE enhancements:

  1. Agent 11.5 – Enhanced Security, Control, and Usability

    The latest Agent 11.5 update introduces multiple improvements to security, policy enforcement, and user experience.

    What's New:

    • New Threat Prevention Policy – Includes threat emulation, anti-bot, and malware protection, with the flexibility to enable or disable as needed.

    • Trusted Networks via HTTPS Server – Define trusted networks based on an HTTPS server, enhancing security posture.

    • URL Filtering Log Support – Enables logging for better visibility and analysis of URL filtering actions (Allow or Deny).

    • Application Control Enhancements – Administrators can now regulate the use of SaaS applications, ensuring compliance and security by allowing, blocking, or restricting specific applications based on policies. This helps prevent unauthorized access, control bandwidth usage, and enforce corporate security guidelines.

    • Transparent Internet Access Installation – This is a simplified deployment with seamless internet access configuration. For more information, see Deploying the Harmony SASE Agent.

    • Enhanced Anti-Tampering Protection – Agent exit code protection now also applies to uninstallation, preventing unauthorized removal.

    • These updates enhance security, visibility, and ease of management for administrators.

  2. Site Security - Strengthening protection and policy enforcement for remote locations.

  3. Next-Generation Networking (NGN) – Advancing network performance and security for modern enterprise needs. Admins can now gain early access to NGN capabilities and provide feedback before the general release. To participate, contact your Check Point representative.

    What's New:

    • Single Public IP per Region – Simplifies management by eliminating the need to handle individual gateway IPs.

    • Enhanced IPSec Tunnels – Supports up to eight parallel tunnel legs for improved redundancy, link aggregation, and streamlined IPSec configuration.

New Features

  • New Point-of-Presence (PoP) in Zurich, Switzerland, expanding coverage and enhancing performance.

  • Harmony SASE now features a redesigned log screen that matches the look and feel of Infinity Events. This update provides a seamless and consistent experience across platforms, enhancing visibility and simplifying log analysis.

Feature Enhancements

N/A

Resolved Issues

  • P81-61595 - Learn More text was truncated when duplicating a custom URL.

February

New Features

  • New PoP in Brussels - Launched a new Point of Presence (PoP) in Brussels, Belgium, expanding coverage and enhancing performance.

Feature Enhancements

  • Hybrid-Split Tunneling Enhancement - Administrators are now guided to configure automatic split tunneling for optimal traffic routing. Existing configurations are migrated automatically with no impact on current networks.

  • Microsoft Outlook is now excluded by default from Internet Access bypass rules.

  • Administrators can now manage the multi-monitor settings for ZTA RDP applications.

  • Improved security warning when disabling 2FA for local users. Administrators can now see a clear notification highlighting the security risks before confirming the action.

Resolved Issues

  • P81-55537 - Bypassed URLs are now case-insensitive, ensuring consistent enforcement regardless of letter casing.

January

New Features

  • The new Hybrid Split Tunneling functionality automates tunneling of private traffic only, ensuring an optimized end-user experience along with full connectivity (Currently available in Early Availability)

  • Added two new predefined member roles, Network Manager and User Manager, for simplified management. These roles simplify permissions setup, enhance security, and improve access control. For more information, see Member Roles and Permissions.

  • Added the new Explore Harmony SASE page that helps customers discover and understand Harmony SASE features. It guides them to enhance their security posture, manage SASE effectively, and follow best practices with video guides and tips.

  • Harmony SaaS is now accessible through Harmony SASE, offering enhanced security for your SaaS applications. Make sure you have the appropriate license to fully utilize Harmony SaaS. For more information, refer to the Harmony SaaS solution brief (Currently available in Early Availability)

  • Wildcard support is now available for URL Filtering rules, offering greater flexibility and efficiency. Use the * wildcard to match multiple URLs with similar patterns (for example, *.example.com covers all subdomains and paths under example.com). For more information, see the blog post.

Feature Enhancements

N/A

Resolved Issues

N/A