Harmony SASE offers a suite of configuration profiles tailored to different operating systems and devices.
These profiles enable administrators to set unique configurations for specific user groups, ensuring that each group has access to the right resources and configurations tailored to their roles and responsibilities.
General Configuration
Disable Sign Out
Once enabled, users can only sign out or exit the Harmony SASE Agent if their admin has granted them a sign-out code.
Automatically log out Client
This value will dictate how long a user can stay connected to the agent before being automatically signed out. After this period has elapsed, the user will be signed out and have to sign back into the Harmony SASE agent to regain connectivity.
Public VPN Locations
Public VPN Locations are shared secured gateways spread worldwide that can encrypt data and allow anonymous browsing, which may be necessary in case you are connected to public Wi-Fi. Clicking on one of these will not allow you to connect to your internal resources nor provide your users with a static IP. A complete list of Public VPN locations can be found here.
Connect on Launch
Once your operating system launches, you'll be connected to the last network you've used.
Connect/Disconnect Notification
Easily monitor your device's connection status on the Harmony SASE agent with a pop-up notification alerting you of any disconnection or reconnection.
Upgrade Application
Enforce automatic application upgrades on all client applications when new versions become available.
Snowplow Report
This helps us monitor our services by sharing event and user tracking reports via Snowplow.
Network Configuration
Always on VPN
Always-on VPN automatically connects the VPN when an Internet connection is available.
Kill Switch
This feature instantly cuts the Internet connection should the VPN disconnect, protecting data from brief exposure.
Automatic Wi-Fi Security
Your logins, passwords, messages, and other sensitive information can be intercepted unless VPN is connected. This feature automatically activates the VPN connection (if disconnected) when the Harmony SASE agent detects a connection to an "Unsecured" network. The information transferred through an unsecured network is not encrypted.
Trusted Wi-Fi Security
Specify a list of one or more SSIDs of "unsecured" WiFi networks that you own or trust. These Wi-Fi networks will not trigger our Automatic Wi-Fi Security feature.
Trusted Environments
Automatic recognition of on-premises and trusted internal networks, where VPN is not needed. Specify one or more HTTPS web servers, or Routers, to automatically turn off VPN connection.
- Trusted Web Servers
- Specify a list of one or more HTTPS web servers that are available only in your internal trusted network.
- A trusted web server can be defined by FQDN or IP Address.
- Upload the public TLS certificate of the web server, to allow secure validation of the web server.
- Supported on Windows and MacOS devices. Requires Agents of version 11.1 or higher.
- Trusted Routers
- Specify a list of one or more MAC addresses of a router you own or trust.
- Connecting to the internet via these routers will not trigger the Always on VPN Feature and will let you manually connect and disconnect from the network.
Windows / Mac
VPN Protocol
You may want to set a default protocol depending on your local infrastructure, ISP, and internet connection type. While OpenVPN is an industry-standard, WireGuard is the highest performer in terms of speed and security.
Use VPN Interface DNS
Enabling this feature will set your machine's DNS server to the Harmony SASE DNS server while you are connected to the Harmony SASE agent. Disabling the feature will set the DNS resolver to the DNS used by your local adapter. This is useful when you need to work with other DNS providers.
Notify Reconnect
Display notification when the Windows application reconnects to the VPN.
Automatic Silent Updates
Allows the administrator to enable automated client version upgrades. When enabled, the VPN client is upgraded automatically and silently as new versions become available without the user's or administrator's involvement
Recommendations
- Regularly review and update configuration profiles to ensure they align with the evolving needs of your organization.
- Utilize the general configurations for settings that apply to most users.
- Prioritize configurations based on the importance and frequency of use to ensure users see the most relevant settings first.
Support Contacts
If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com.
We're here to assist you and ensure your VPN tunnel setup is a success.