Configuration Overview
  • 10 Dec 2024
  • 3 Minutes to read
  • Contributors

    Configuration Overview


      Article summary

      Harmony SASE offers a suite of configuration profiles tailored to different operating systems and devices. 

      These profiles enable administrators to set unique configurations for specific user groups, ensuring that each group has access to the right resources and configurations tailored to their roles and responsibilities.

      General Configuration

      Disable Sign Out
      Once enabled, users can only sign out or exit the Harmony SASE Agent if their admin has granted them a 
      sign-out code.

      Automatically log out Client
      This value will dictate how long a user can stay connected to the agent before being automatically signed out. After this period has elapsed, the user will be signed out and have to sign back into the Harmony SASE agent to regain connectivity.

      Public VPN Locations
      Public VPN Locations are shared secured gateways spread worldwide that can encrypt data and allow anonymous browsing, which may be necessary in case you are connected to public Wi-Fi. Clicking on one of these will not allow you to connect to your internal resources nor provide your users with a static IP. 
      A complete list of Public VPN locations can be found here.

      Connect on Launch
      Once your operating system launches, you'll be connected to the last network you've used. 

      Connect/Disconnect Notification
      Easily monitor your device's connection status on the Harmony SASE agent with a pop-up notification alerting you of any disconnection or reconnection.

      Upgrade Application
      Enforce automatic application upgrades on all client applications when new versions become available.

      Snowplow Report
      This helps us monitor our services by sharing event and user tracking reports via Snowplow.


      Network Configuration

      Always on VPN
      Always-on VPN automatically connects the VPN when an Internet connection is available.

      Kill Switch
      This feature instantly cuts the Internet connection should the VPN disconnect, protecting data from brief exposure.

      Automatic Wi-Fi Security
      Your logins, passwords, messages, and other sensitive information can be intercepted unless VPN is connected. This feature automatically activates the VPN connection (if disconnected) when the Harmony SASE agent detects a connection to an "Unsecured" network. The information transferred through an unsecured network is not encrypted. 

      Trusted Wi-Fi Security
      Specify a list of one or more SSIDs of "unsecured" WiFi networks that you own or trust. These Wi-Fi networks will not trigger our Automatic Wi-Fi Security feature.

      Trusted Environments

      Automatic recognition of on-premises and trusted internal networks, where VPN is not needed. Specify one or more HTTPS web servers, or Routers, to automatically turn off VPN connection.

      • Trusted Web Servers 
        • Specify a list of one or more HTTPS web servers that are available only in your internal trusted network. 
        • A trusted web server can be defined by FQDN or IP Address.
        • Upload the public TLS certificate of the web server, to allow secure validation of the web server.
        • Supported on Windows and MacOS devices. Requires Agents of version 11.1 or higher.
      • Trusted Routers
        • Specify a list of one or more MAC addresses of a router you own or trust. 
        • Connecting to the internet via these routers will not trigger the Always on VPN Feature and will let you manually connect and disconnect from the network.

          Windows / Mac

      VPN Protocol
      You may want to set a default protocol depending on your local infrastructure, ISP, and internet connection type. While OpenVPN is an industry-standard, WireGuard is the highest performer in terms of speed and security.

      Use VPN Interface DNS
      Enabling this feature will set your machine's DNS server to the Harmony SASE DNS server while you are connected to the Harmony SASE agent. Disabling the feature will set the DNS resolver to the DNS used by your local adapter. This is useful when you need to work with other DNS providers.

      Notify Reconnect
      Display notification when the Windows application reconnects to the VPN.

      Automatic Silent Updates
      Allows the administrator to enable automated client version upgrades. When enabled, the VPN client is upgraded automatically and silently as new versions become available without the user's or administrator's involvement

      Recommendations

      • Regularly review and update configuration profiles to ensure they align with the evolving needs of your organization.
      • Utilize the general configurations for settings that apply to most users.
      • Prioritize configurations based on the importance and frequency of use to ensure users see the most relevant settings first.

      Support Contacts

      If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. 

      We're here to assist you and ensure your VPN tunnel setup is a success.


      Was this article helpful?