How do I enable the Check Point Harmony Mobile integration in Applivery?

In the Applivery Dashboard, go to Workspace Settings > Integrations and enable Check Point Harmony Mobile. You'll need to enter your Harmony Mobile Portal Account ID.

Where do I find the Portal Account ID for Harmony Mobile?

The Portal Account ID can be found in the Harmony Mobile Portal under Settings > General > Account ID.

How are groups in Harmony Mobile related to Applivery?

In Harmony Mobile, groups correspond to tags in Applivery. Tags must be assigned to devices in Applivery for them to appear in the Harmony Mobile group list.

How do I configure Harmony Mobile for Android devices in Applivery?

In Applivery, go to Policies > Security and enable Check Point Harmony Mobile. Then configure Always On VPN with the package name com.lacoon.security.fox under Network → Always On VPN. Finally, add the Harmony Mobile Protection app and configure its managed properties.

Why do I need to configure Always On VPN for Check Point Harmony Mobile?

Always On VPN ensures the Harmony Mobile VPN tunnel remains continuously active so all device traffic is protected at all times. Set the Package Name to com.lacoon.security.fox in the Network → Always On VPN section of your policy.

What parameters are needed to configure the Harmony Mobile Protection app for Android in Applivery?

You'll need the MDM UUID, GW Address, Infinity Portal Account ID, and the Token from the Harmony Mobile integration.

What parameters are needed to configure the Harmony Mobile Protection app for Apple devices in Applivery?

First configure a VPN payload with User Defined Name "Check Point Local Tunnel", Authentication Method Certificate, VPN Subtype com.checkpoint.capsuleprotect, and enable VPN On Demand for Wi-Fi and Cellular. Then add the Harmony Mobile Protection app with Lacoon Server Address, Device Serial Number, token, ios_dep_notification_permission, and portalAccountId.

How do I configure the VPN payload for Check Point Harmony Mobile on Apple devices?

In your Applivery policy, click + Add Configuration and select the VPN payload. Set User Defined Name to "Check Point Local Tunnel", Account Username to {{device.serialNumber}}, Authentication Method to Certificate, Remote Address to www.checkpoint.com, VPN Subtype to com.checkpoint.capsuleprotect, Type to VPN, and Vendor Config to {"zero_touch":"true"}. Enable VPN On Demand with Connect rules for Wi-Fi and Cellular.

Where do I find the token to complete the Harmony Mobile and Applivery integration?

The token is provided in the final step of the integration process within the Harmony Mobile Portal, and you should paste it into the corresponding field in the Applivery Dashboard.

Integrate Check Point Harmony Mobile with Applivery

CheckPoint Harmony Mobile integrates seamlessly with Applivery to deliver advanced mobile threat defense and comprehensive Device security. This solution offers real-time malware detection, phishing protection, and network security monitoring, ensuring that corporate Devices are continuously safeguarded from emerging threats.

With Harmony Mobile and Applivery integration, administrators gain a unified console to monitor Device risk levels, categorize Devices dynamically into groups based on threat severity, and apply tailored security Policies accordingly. The integration supports Zero-touch deployment, enabling the automatic installation and activation of the Harmony Mobile Protect App across large fleets without user intervention.

In the Applivery Dashboard

Once in the Applivery Dashboard, go to your Workspace Settings 1 from the top dropdown menu, then open Integrations in the left-hand menu and enable Check Point Harmony Mobile 2.

To begin the integration, type or paste the Portal Account ID from the Harmony Mobile Portal. You can find this by going to Settings > General > Account ID. Once you’ve entered it, click Next step.

Applivery will display all the information you need to enable the integration on the Harmony Mobile Portal.

In the Harmony Mobile Portal

Go to Settings, select Integrations from the left-hand menu, and add a new integration (you can temporarily select Hexnode until Applivery appears as an option).

Alternatively, you can access it directly from this link. In the integration form, enter a Display Name of your choice, and fill in the Server Address, Username, and Password provided in your Applivery Dashboard.

Once done, click Verify, and after successful verification, click Next to continue.

Once the groups finish loading, those associated with your Devices will be added automatically. Note that in Harmony Mobile, groups correspond to tags in Applivery, so tags must be assigned to Devices in Applivery for them to appear in the Harmony Mobile group list.

Note

The Android Enterprise groups field in the UEM integration is used to manage and protect Android Devices that include both Work and Personal Profiles, allowing you to apply different Policies to each profile. This configuration is particularly useful when working with UEM solutions that support Android Enterprise. For more details, you can refer to the Using Android Enterprise with Harmony Mobile guide.

Next, copy the token provided in the final step of the integration and paste it into the corresponding field in the Applivery Dashboard.

Once this is completed, your Devices will start appearing in the Devices section of the Harmony Mobile Portal. Keep in mind that until a Device is fully provisioned, its information may appear empty.

Configuration for Android Devices

Enable Check Point Harmony Mobile

In the Applivery Dashboard, go to any of your Policies. From the left side menu, open the Security section and enable Check Point Harmony Mobile.

Configure Always On VPN

For Check Point Harmony Mobile to work correctly, you need to configure Always On VPN using the Harmony Protect app’s package name. This ensures the VPN remains continuously active and all device traffic is protected at all times.

Within the policy, go to the Network section from the left-hand menu and locate the Always On VPN configuration. In the Package Name field, enter:

com.lacoon.security.fox

Add the Harmony Mobile Protection app

Go to the Apps section and click the + Add App button. Add the Harmony Mobile Protection app. Once selected, its managed properties will automatically appear:

The MDM UUID (using interpolations, retrieved from the device’s network summary under UDID).
The GW Address and Infinity Portal Account ID (both found in the Harmony Mobile Portal settings).
The Token, which you’ll get from the last step of the integration, is usually added automatically.

Complete setup on the device

Open the app on the device and complete the setup process. Once the integration is active, any new alerts will appear in the portal as they occur.

Configuration for Apple Devices

Configure the VPN payload

Once in the Applivery Dashboard, go to any of your Policies. Click + Add configuration, select the VPN payload type, and configure the following fields:

Field	Value
User Defined Name	`Check Point Local Tunnel`
Account Username (under VPN)	`{{device.serialNumber}}`
Authentication Method (under VPN)	`Certificate`
Remote Address (under VPN)	`www.checkpoint.com`
VPN Subtype	`com.checkpoint.capsuleprotect`
Type	`VPN`
Vendor Config	`{ "zero_touch": "true" }`

Then Enable VPN On Demand (1) and add the following On Demand Rules:

On Demand Action	Interface Type Match
Connect	Wi-Fi
Connect	Cellular

Optionally, add a third rule with Connect + Ethernet to cover wired connections.

Add the Harmony Mobile Protection app

Add the Harmony Mobile Protection app to your Policy, ensuring you have enough VPP licenses available. Configure the required parameters in the configuration field:

Lacoon Server Address: eu-gw.locsec.net
Device Serial Number: {{device.serialNumber}}
token: Use your token here.
ios_dep_notification_permission: true
portalAccountId: Harmony Mobile Account ID.

Key Takeaways

Integration provides real-time mobile threat detection.

Administrators can manage device risk levels from a unified console.

Configuration involves both Applivery and Harmony Mobile portals.

Android and iOS devices require specific setup steps.

Tags in Applivery correspond to groups in Harmony Mobile.