Support Center > Search Results > SecureKnowledge Details
Harmony Connect Application Access Setup Requirements Technical Level
Solution
With the Application Sites you can manage the sites that hold corporate applications to provide end users with Application-Level access to the applications.

This continuously updating page contains:
  1. Requirements for deploying a Connector - a lightweight software that acts as the only network interface in your data center.
  2. End-user domain whitelisting list - If this is needed as a part of your organizational policy.
    example - when end user machine internet access is restricted

To learn how to set up a site for Application-Level access, see Setting up an Application Site.

1. Connector Setup

Computer Requirements

  • 4 vCPUs (for Hyper-Threading support)
  • 16 GB RAM
  • 1 Gbps network throughput
  • Supported Operating Systems
    • Amazon Linux 2
    • CentOS 7.7.1908, 7.9
    • Red Hat Linux 7.9
    • Ubuntu Server 18.04 Long Term Support (LTS) and Ubuntu Server 20.04 LTS
  • On AWS environment deployment
    • t2-micro for testing
    • t3-xlarge for non-production or low traffic sites
    • c5-xlarge for production or high traffic sites
  • Latest Docker Engine installed. To learn more about Docker installation, see Install Docker on Ubuntu Linux.
  • port 53 is opened (allow DNS resolving)
  • Port 444 is opened for the relevant IPs from the table below


Network Requirements

Account Region Control Plane Control Plane IP Address
Data Plane
Data Plane IP Address FQDN
EMEA

grpc-prod-eu.connect.checkpoint.com

cm-prod-eu.connect.checkpoint.com

3.126.203.189
3.124.53.177

13.248.181.20,
76.223.40.239

Bahrain 52.223.17.16
35.71.174.226
gw-me-1-a.odosecurity.io
3.33.244.232
15.197.240.4
gw-me-1-b.odosecurity.io
Frankfurt 13.248.205.57
76.223.68.209
gw-eu-2-a.odosecurity.io
gw-eu-2-b-a.odosecurity.io
75.2.61.4
99.83.183.217
gw-eu-2-b.odosecurity.io
gw-eu-2-b-b.odosecurity.io
Mumbai 3.33.223.250 gw-apac-5-a.odosecurity.io
15.197.219.47 gw-apac-5-b.odosecurity.io
Singapore 15.197.154.33
3.33.150.198
gw-apac-3-a.odosecurity.io
15.197.234.9
3.33.219.207
gw-apac-3-b.odosecurity.io
Sydney 13.54.182.47
3.33.184.238
15.197.181.32
gw-apac-4-a.odosecurity.io
54.66.92.228
3.33.211.241
15.197.228.33
gw-apac-4-b.odosecurity.io
Oregon 52.223.1.21
35.71.134.195
gw-us-5-a.odosecurity.io
15.197.177.60
3.33.176.207
gw-us-5-b.odosecurity.io
Seoul 15.197.183.31
3.33.179.202
gw-apac-6-a.odosecurity.io
15.197.201.23
3.33.243.239
gw-apac-6-b.odosecurity.io
Ireland 3.33.218.254
15.197.228.41
gw-eu-4-a.odosecurity.io
13.248.200.18
76.223.78.245
gw-eu-4-b.odosecurity.io
Americas

grpc-prod-us.connect.checkpoint.com

cm-prod-us.connect.checkpoint.com

54.203.237.188
35.164.242.69

15.197.212.38,
3.33.196.224

North Virginia 13.248.137.3
76.223.13.201
gw-us-4-a.odosecurity.io
15.197.227.18
3.33.235.236
gw-us-4-b.odosecurity.io
Oregon 75.2.18.30
99.83.156.243
gw-us-2-a.odosecurity.io
75.2.96.62
99.83.133.205
gw-us-2-b.odosecurity.io
Sao Paulo 75.2.125.32
76.233.111.229
gw-sa-1-a.odosecurity.io
15.197.251.48
3.33.245.214
gw-sa-1-b.odosecurity.io
APAC

grpc-prod-apac.connect.checkpoint.com

cm-prod-apac.connect.checkpoint.com

15.165.101.61
13.124.32.124

15.197.188.53,
3.33.167.222

Seoul 75.2.36.44
99.83.147.235
gw-prod-apac-a.odosecurity.io
75.2.23.48
99.83.254.251
gw-prod-apac-b.odosecurity.io

2. End-User Domain Whitelisting 

In case your organizational policy requires domain whitelisting from the end-user perspective, you can use these domains -

Control plane:

US Region EU Region
  • admin.odo.io
  • admin-eu.odo.io
  • admin-us.odo.io
  • api.odo.io
  • api-eu.odo.io
  • api-gw-prod-us-saas.checkpoint.security
  • api-private.atlassian.com
  • api-prod-us.connect.checkpoint.com
  • api-us.odo.io
  • assets.odo.io
  • assets-prod-us.odo.io
  • auth-prod-us.connect.checkpoint.com
  • auth-prod-us.odo.io
  • auth-us.odo.io
  • axcdn.bootstrapcdn.com   
  • cdn.auth0.com
  • cdn.eu.auth0.com
  • cdn.us.auth0.com
  • checkpoint.com
  • checkpointcloudsec.com
  • cloudinfra-gw.portal.checkpoint.com
  • cloudinfra-gw-eu.portal.checkpoint.com
  • cloudinfra-gw-us.portal.checkpoint.com
  • digitalocean.com
  • docs.odo.io
  • engage.useriq.com
  • feed.useriq.com
  • fonts.googleapis.com
  • fonts.gstatic.com
  • google-analytics.com
  • googletagmanager.com
  • image.freepik.com
  • jsd-widget.atlassian.com
  • maps.googleapis.com
  • maps.gstatic.com
  • maxcdn.bootstrapcdn.com
  • metrics.useriq.com
  • nsaas-bundle-prd.s3.amazonaws.com
  • odo-access-assets.s3.eu-central-1.amazonaws.com
  • odoprod.auth0.com
  • odoprod.us.auth0.com
  • p.typekit.net
  • portal.checkpoint.com
  • portal.odo.io
  • portal-eu.odo.io
  • portal-us.odo.io
  • sc1.checkpoint.com
  • secure.gravatar.com
  • static.assets.checkpoint.com
  • stream.useriq.com
  • supportcenter.checkpoint.com
  • us.connect.checkpoint.com
  • connect.checkpoint.com
  • use.typekit.net
  • admin.odo.io
  • admin-eu.odo.io
  • admin-us.odo.io
  • api.odo.io
  • api-eu.odo.io
  • api-gw-prod-eu-saas.checkpoint.security
  • api-private.atlassian.com
  • api-prod-eu.connect.checkpoint.com
  • api-us.odo.io
  • assets.odo.io
  • assets-prod-eu.odo.io
  • auth-prod-eu.connect.checkpoint.com
  • auth-prod-eu.odo.io
  • auth-eu.odo.io
  • axcdn.bootstrapcdn.com   
  • cdn.auth0.com
  • cdn.eu.auth0.com
  • cdn.us.auth0.com
  • checkpoint.com
  • checkpointcloudsec.com
  • cloudinfra-gw.portal.checkpoint.com
  • cloudinfra-gw-eu.portal.checkpoint.com
  • cloudinfra-gw-us.portal.checkpoint.com
  • digitalocean.com
  • docs.odo.io
  • engage.useriq.com
  • eu.connect.checkpoint.com
  • connect.checkpoint.com
  • feed.useriq.com
  • fonts.googleapis.com
  • fonts.gstatic.com
  • google-analytics.com
  • googletagmanager.com
  • image.freepik.com
  • jsd-widget.atlassian.com
  • maps.googleapis.com
  • maps.gstatic.com
  • maxcdn.bootstrapcdn.com
  • metrics.useriq.com
  • nsaas-bundle-prd.s3.amazonaws.com
  • odo-access-assets.s3.eu-central-1.amazonaws.com
  • odoprod.auth0.com
  • odoprod.eu.auth0.com
  • p.typekit.net 
  • portal.checkpoint.com
  • portal.odo.io
  • portal-eu.odo.io
  • portal-us.odo.io
  • sc1.checkpoint.com
  • secure.gravatar.com
  • static.assets.checkpoint.com
  • stream.useriq.com
  • supportcenter.checkpoint.com
  • use.typekit.net


Data plane:

Allow all the bellow domains according to the relevant dataplane ID (as appears in the table below):
  • ssh.<dataplane ID>.checkpoint.security
  • psql.<dataplane ID>.checkpoint.security
  • mysql.<dataplane ID>.checkpoint.security
  • tunnel.<dataplane ID>.checkpoint.security
  • rdp.<dataplane ID>.checkpoint.security
  • rdp-native.<dataplane ID>.checkpoint.security
In addition, allow the below DNS according to the customer application sites:
Control Plane region Site location Data plane ID URLs
EU Bahrain me-1 *.me-1.checkpoint.com
Germany eu-2 *.eu-2.checkpoint.com

Ireland eu-4 *.eu-4.checkpoint.com
Singapore apac-3 *.apac-3.checkpoint.com
Sydney apac-4 *.apac-4.checkpoint.com
Mumbai apac-5 *.apac-5.checkpoint.com
Seoul apac-6 *.apac-6.checkpoint.com
Oregon us-3 *.us-3.checkpoint.com
Americas Oregon us-2 *.us-2-new.checkpoint.com
North Virginia us-4 *.us-4.checkpoint.com
Sao Paulo sa-1 *.sa-1.checkpoint.com
APAC Seoul apac-1 *.apac-1.checkpoint.com


For Example:

Customer who use Singapore site should allow:
  • ssh.apac-3.checkpoint.security
  • psql.apac-3.checkpoint.security
  • mysql.apac-3.checkpoint.security
  • tunnel.apac-3.checkpoint.security
  • rdp.apac-3.checkpoint.security
  • rdp-native.apac-3.checkpoint.security
  • *.apac-3.checkpoint.security
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment