Harmony Connect Agent Known Limitations

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk173605
Technical Level
Product	Harmony Connect
Version	Cloud
Date Created	18-May-2021
Last Modified	08-Mar-2023

Solution

Platforms

Limitation	Comment	Last Update
Harmony Connect Agent is available for Windows 10.	Mac app is currently at early availability. For access, contact your local sales rep.	May 18, 2021

Settings

Limitation	Comment	Last Update
Some applications are accessed outside of Harmony Connect Agent by default.	See the full list of such apps in sk170299.	May 18, 2021

End User Experience

Limitation	Comment	Last Update
For ADFS, G Suite, and OneLogin identity providers, in some scenarios, end users can see an occasional pop-up window with the corporate single sign-on page.		May 18, 2021
Harmony Connect Agent automatically installs the default HTTPS Inspection certificate that gets assigned to the portal of the end user. Known limitations of this feature: Firefox browser of version 68 and above is supported. For Firefox browser of previous versions, the end user should import the certificate manually. If admin replaced the HTTPS Inspection Certificate to their own CA, the admin should deploy that CA at the remote users.		May 18, 2021
Customers that use an identity provider might require their end users to manually activate the app for the first time by signing in with corporate credentials.	The zero-touch first-time activation only works if the end user has an open connection to their identity provider, for example if they are connected over existing VPN to the identity provider server or if they reside at a corporate network. For other scenarios, or for other identity providers, the administrator should see the status Pending activation in Assets > Users & Devices page. When adding users over email, after installation, the app self activates without requiring intervention by the end user.	May 18, 2021
Installing Harmony Connect Agent multiple times, without uninstalling the app first, does not remove previous settings, and, as a result, some Internet connections may not respond.	Harmony Connect Agent automatically updates itself and does not require a re-installation for content updates. In case a re-installation is needed from various reasons, make sure to complete an uninstallation of Harmony Connect Agent prior to a re-installation. Uninstallation is available manually or using corporate enforcement tools such as Microsoft SCCM, Jamf Pro and others.	May 18, 2021
After the user right-clicks Harmony Connect Agent and selects Exit, for about 1 minute the app is not available on the Start menu. When Harmony Connect Connect App becomes available again to re-launch, it appears in the Start menu.		May 18, 2021
Revoking the end user app results in not sending the end user device traffic to the Check Point cloud. The user sees a general message "Could not reach Check Point services" instead of a specific message "Secure access has been revoked for this device".		May 18, 2021

Managing Harmony Connect Agent from Infinity Portal

Limitation	Comment	Last Update
Users can log in: with Azure AD, ADFS, Okta, OneLogin, PingID, and G Suite integrations by accepting manually sent email invitations to use the app		May 18, 2021

Policy

Limitation	Comment	Last Update
Some applications are accessed outside of Harmony Connect Agent by default.	See the full list of such apps in sk170299.	May 18, 2021
For ADFS, G Suite and OneLogin identity providers, selecting users and groups in the access control policy requires creating a new user or group object and specifying the user identifier (either email or username depending the identity provider) or group identifier (either group name or GUID depending on the identity provider)		May 18, 2021
When using Azure AD as identity provider, in case a single user belongs to more than 150 groups, then security rules with any of these user groups may not match for this particular user's traffic.		June 1, 2021
In case an administrator manages the remote users manually using email invites, selecting groups of users in the access control policy is not supported.		May 18, 2021
PowerShell script execution policy should be enabled in the GPO and can be set to any value the recommended policy is 'AllSigned'.		Oct 28, 2021

Logs & Events

Limitation	Comment	Last Update
Google searches in Chrome do not use Check Point HTTPS Inspection. As a result, if this is the first page that the user goes to, the user name does not appear in the logs.	Chrome uses Quik protocol which cannot be inspected by HTTPS Inspection. The end user can change this. For more information, see sk111754.	May 18, 2021

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating