Check Point Harmony Endpoint

Posted Oct 3, 2024

By Sena Perdiana 3 min read

Check Point Harmony Endpoint (SmartEndpoint) is a security solution designed to protect endpoints such as laptops and mobile devices from advanced threats, including ransomware, malware, and phishing attacks. It offers threat prevention, detection, and response capabilities while integrating with centralized management through SmartEndpoint, allowing security teams to monitor and enforce policies across all endpoints.

Enabling Harmony Endpoint

On the local Management Server, enable “Endpoint Policy Management”

Then install the database for this to take effect

Accessing Endpoint Management Portal

Now the SmartEndpoint Console can be accessed, start with downloading initial client packages

Other than console, we can also access the Harmony Web GUI, which is the preferable way to manage the endpoints

Endpoint Client

On Policy » Endpoint Client, here we can manage the client packages like downloading the latest ones if we have internet connection or uploading a specific packages downloaded from Check Point Support page

On Deployment Policy, we can specify the policy to deploy the client version and the activated features

To actually install it on the client pc, download the client package

Then install it over on the client pc

On the Asset Management, we can see the pc with installed client shows up here

Active Directory Connection

Check Point Harmony integrates with Active Directory to easily manage security by using AD groups. It applies security policies based on users’ roles, making deployment and access control simpler and consistent across all devices in the network.

Here we can see the AD Groups have been retrieved

Now we can use these groups to better taylor our policies

Mixed Operation Mode

In Check Point Harmony, Computer Mode and Mixed Operation Mode determine how policies are applied to devices:

Computer Mode: Security policies are applied based on the device itself, regardless of the user. This is useful when multiple users share the same computer.
Mixed Operation Mode: Policies can be applied to both the device and the individual user. This allows for more flexibility, enabling specific policies for different users on the same device.

Now we can make 2 types of policies, for user specific or for the endpoint pc, where if there’s conflicts the user policies will take priority.

Applying Policies

There are many seetings and policies that we can configure here, for example we can enable File Protection to block malware being accessed by all computers

After installing the policy, we can see the audit logs for the install operation

Now when we try copying potentially malicious files, it’ll be blocked

We can see this specific block action on the Harmony Logs

Another example is to force a URL block rule, here we will block some URLs but for only the user “Ember Spirit”

Now if we access those URLs from “Ember Spirit” user, we wont be able to do so, while still letting other users to access it.

Push Operations

We can do multiple push operations to the endpoint PCs, for example here we will kickstart a malware scan

After a while to malware scan starts on the client pc

Other operation that we can do is unistalling the endpoint client, to do that create a new push operation with uninstall action

The uninstall action will show up on the targeted machine

High Availabilty

Here we added another management server as the secondary node

Accessing the SmartEndpoint shows that now we have 2 Endpoint Servers

And we can now also login to the Secondary Server, but with a Read Only permission because all operations are done from the active server

For the Harmony Web UI, its not accessible on the secondary server until it becomes active

On the Audit Logs we can see the sync traffic between these 2 endpoint servers, meaning the backup server will have the same configuration as the active