2025

• Added New Data Residencies: Australia and India

  Harmony SASE is now available in the Infinity Portal in two new data residencies, Australia and India, in addition to the existing US and EU options. This expansion supports customers with regional data residency requirements and broadens our global reach. See the blog post.

• New iOS Agent with Harmony Mobile Protect available on the App Store

  The latest iOS agent is now live on the App Store and available from the Downloads page in Harmony SASE. The new version:

  • Integrates Harmony Mobile Protect security features with SASE Private Access connectivity.

  • Requires a Harmony Mobile Protect license.

• Internet Access – Allow Logs now available
  Administrators can now view Allow logs for Internet Access policies, in addition to existing block and alert logs. This enhancement improves visibility of permitted user activity and helps with auditing and troubleshooting. Available on agent version 11.5 or above.

  Note - This feature may generate a high volume of logs.

• Internet Access Logs integrated with Infinity Events and SIEM Export Support

  • All security engines in Internet Access, such as URL Filtering, Anti-Virus, and Anti-Bot, now send logs to Infinity Events, providing centralized and real-time visibility across your SASE deployment.

  • You can now export logs to your SIEM solution via Syslog from Infinity Events. This enables streamlined incident response, threat hunting, and compliance reporting by integrating SASE logs into your existing security workflows.

    Note - Configuration for SIEM export is available in the Infinity Portal. For more information, see the Infinity Portal Administration Guide.

• Agent Anti-Tampering

  Anti-tampering is now supported (available on agent version 11.5 and above). Uninstalling the agent requires a code, preventing unauthorized removal.

• Internet Access Transparent Installation
  A new transparent install capability allows Internet Access protection to be applied immediately upon agent installation, without requiring user login. This ensures instant security for internet traffic. For more information, see Transparent Internet Access Installation.

• Trusted Networks Enhancement

  Trusted networks can now be identified using an HTTPS server, providing more flexible and secure detection mechanisms.

• Unified Log View

  Harmony SASE introduces a redesigned log screen that aligns with Infinity Events, delivering a unified and consistent log experience across platforms to enhance visibility and simplify analysis.

Improved security visibility by capturing only events blocked by firewall rules

Key features:

• Improved Visibility - Only events that are blocked by firewall rules are logged, helping you quickly identify and troubleshoot unauthorized access attempts.

• Network-Level Control - Logging can be enabled or disabled at the network level directly from the Firewall configuration page, allowing for granular logging based on specific network needs.

• Log Access - You can view the logged events in:

  • SASE Unified Logs

  • Infinity Events page

  To enable firewall logs, contact Check Point Support.

• Added API support for managing Zero Trust applications. For more information, refer to the API documentation.

• Updated the default bypass rules in Harmony SASE to align with the standard configuration used in Check Point Quantum Security Gateway. See sk163595.

• Harmony SASE network or user managers inherit their role from Check Point Infinity Portal. We now support service roles for network and user managers.

• Firewall events are now presented in the Infinity Events application in the Infinity Portal (Early Availability). This enables customers to consolidate logs from all Infinity Portal applications in a single location.

• Harmony SASE strengthens security for locally defined users by enabling two-factor authentication (2FA) by default for newly created tenants.

• Group naming becomes more flexible now, allowing names to include special characters for groups synced via SCIM.

• Firewall policy action names and images are aligned with Check Point’s terminology and standards, using Drop and Accept, instead of Deny and Allow.

Early availability programs for upcoming Harmony SASE enhancements:

1. Agent 11.5 – Enhanced Security, Control, and Usability

   The latest Agent 11.5 update introduces multiple improvements to security, policy enforcement, and user experience.

   What's New:

   • New Threat Prevention Policy – Includes threat emulation, anti-bot, and malware protection, with the flexibility to enable or disable as needed.

   • Trusted Networks via HTTPS Server – Define trusted networks based on an HTTPS server, enhancing security posture.

   • URL Filtering Log Support – Enables logging for better visibility and analysis of URL filtering actions (Allow or Deny).

   • Application Control Enhancements – Administrators can now regulate the use of SaaS applications, ensuring compliance and security by allowing, blocking, or restricting specific applications based on policies. This helps prevent unauthorized access, control bandwidth usage, and enforce corporate security guidelines.

   • Transparent Internet Access Installation – This is a simplified deployment with seamless internet access configuration. For more information, see Deploying the Harmony SASE Agent.

   • Enhanced Anti-Tampering Protection – Agent exit code protection now also applies to uninstallation, preventing unauthorized removal.

   • These updates enhance security, visibility, and ease of management for administrators.

2. Site Security - Strengthening protection and policy enforcement for remote locations.

3. Next-Generation Networking (NGN) – Advancing network performance and security for modern enterprise needs. Admins can now gain early access to NGN capabilities and provide feedback before the general release. To participate, contact your Check Point representative.

   What's New:

   • Single Public IP per Region – Simplifies management by eliminating the need to handle individual gateway IPs.

   • Enhanced IPSec Tunnels – Supports up to eight parallel tunnel legs for improved redundancy, link aggregation, and streamlined IPSec configuration.

• New Point-of-Presence (PoP) in Zurich, Switzerland, expanding coverage and enhancing performance.

• Harmony SASE now features a redesigned log screen that matches the look and feel of Infinity Events. This update provides a seamless and consistent experience across platforms, enhancing visibility and simplifying log analysis.

• New PoP in Brussels - Launched a new Point of Presence (PoP) in Brussels, Belgium, expanding coverage and enhancing performance.

• Hybrid-Split Tunneling Enhancement - Administrators are now guided to configure automatic split tunneling for optimal traffic routing. Existing configurations are migrated automatically with no impact on current networks.

• Microsoft Outlook is now excluded by default from Internet Access bypass rules.

• Administrators can now manage the multi-monitor settings for ZTA RDP applications.

• Improved security warning when disabling 2FA for local users. Administrators can now see a clear notification highlighting the security risks before confirming the action.

• The new Hybrid Split Tunneling functionality automates tunneling of private traffic only, ensuring an optimized end-user experience along with full connectivity (Currently available in Early Availability)

• Added two new predefined member roles, Network Manager and User Manager, for simplified management. These roles simplify permissions setup, enhance security, and improve access control. For more information, see Member Roles and Permissions.

• Added the new Explore Harmony SASE page that helps customers discover and understand Harmony SASE features. It guides them to enhance their security posture, manage SASE effectively, and follow best practices with video guides and tips.

• Harmony SaaS is now accessible through Harmony SASE, offering enhanced security for your SaaS applications. Make sure you have the appropriate license to fully utilize Harmony SaaS. For more information, refer to the Harmony SaaS solution brief (Currently available in Early Availability)
  

• Wildcard support is now available for URL Filtering rules, offering greater flexibility and efficiency. Use the * wildcard to match multiple URLs with similar patterns (for example, *.example.com covers all subdomains and paths under example.com). For more information, see the blog post.

N/A