Early Availability
Web RDP – NLA Authentication Support
End users accessing Web RDP applications with NLA security mode are now prompted to enter RDP credentials directly in the browser. Supports both Standard and Enhanced Networks.
Requires a new network or upgrade to the latest version.Enhanced Network IPSec Redundancy
Admins can now create dynamic IPSec tunnels with multiple terminations in the same region, enabling active-active HA setups.
Not supported with Quantum/Spark devices. Requires a new network or upgrade to the latest version.Block Websites with Invalid Certificates
Admins can enforce blocking of websites with expired, revoked, self-signed, or untrusted certificates, preventing end users from accessing potentially unsafe sites.
Minimum Agent Version: Windows/macOS v12.6Security Events Notification Control
Admins can now disable end-user security event notifications and enforce this setting across the organization. By default, users receive notifications and can toggle this setting individually until it is enforced.
Minimum Agent Version: Windows/macOS v12.6Updatable Objects Support for Internet Access
Updatable Objects, which are dynamically maintained and automatically updated objects managed by Check Point, are now supported in Internet Access policies. This extends Updatable Objects support beyond Split Tunneling (introduced February 2026).
Minimum Agent Version: Windows/macOS v12.6
New Features
Canada Data Residency
Check Point SASE now supports Canada as its fifth data residency region (joining US, EU, IN, and AU). Canadian organizations can process and store SASE data locally, including traffic inspection, session data, logs, metadata, and configuration. Full platform access includes Private Access (ZTNA), Internet Access (SWG), and SaaS Security.New Check Point SASE Point of Presence – Perth
Check Point SASE has expanded its regional coverage with a new Point of Presence (PoP) in Perth, Australia.SaaS + SASE Integration
Admins can now access a unified view of SaaS Security and SASE in a single location within the SASE platform, providing SaaS visibility and controls alongside Private Access and Internet Access.Unified Internet Access Policy with Quantum – General Availability (GA)
The unified Internet Access policy with Quantum is now generally available, enabling consistent web security policy enforcement across SASE and Check Point Quantum gateways from a single policy definition.
Enhancements
Enhanced Networks – Regional Expansion
Enhanced Networks are now available in Hong Kong, Istanbul, and Taipei.Check Point SASE Rebranding
The platform has been rebranded from Harmony SASE to Check Point SASE, aligning with the broader Check Point Portal rebranding.Tenant Restrictions – Failed Login Attempt Logging
Failed login attempts blocked by Tenant Restrictions rules are now logged, providing better visibility into unauthorized access attempts.
Minimum Agent Version: 12.7HTTPS Inspection – Bypass Traffic Logging
Admins can now view logs for traffic excluded from HTTPS inspection, providing visibility into bypassed traffic.
Minimum Agent Version: 12.7IOC – Infinity Portal Integration
IOC management is now supported through the Infinity Portal, enabling centralized handling of indicators of compromise across the SASE platform.
Minimum Agent Version: 12.7Security Profiles – Full Threat Emulation Event Logging
Admins can now log all Threat Emulation verdicts, including non-malicious files, providing full visibility into file inspection outcomes.
Minimum Agent Version: 12.7