Mobile Access

Check Point Mobile Access Software Blade provides simple and secure remote access to corporate applications over the Internet, via smartphones or PCs. The solution provides enterprise-grade remote access via SSL VPN for simple, safe and secure mobile connectivity to email, calendars, contacts and corporate applications

 

Tab 1

Mobile Access Benefits

Simply connect from mobile devices

  • Secure connectivity for smartphones, tablets, PCs and laptops
  • Provides client-based and web-based VPN connectivity
  • Easy access for mobile workers using managed or unmanaged devices

Keeps your data secure

  • Communicate security with proven encryption technology
  • Verify authorized users with two-factor authentication and User-Device pairing
  • Protect data on lost or stolen devices with device-lock and remote-wipe

Unified management for simple deployment and administration

  • Fully integrated with Check Point Security Policy Manager
  • Activate user-certificates with one click
  • Deploy and configure the Mobile Access Software Blade on your existing Security Gateway

Tab 2

Mobile Access Features

Remote Access with Encrypted SSL VPN Technology

The Mobile Access Software Blade uses SSL VPN technology to secure encrypted communication from unmanaged smartphones, tablets, PCs and laptops. Both web-based and network-level SSL-encrypted access can be delivered through most Internet browsers.

The Mobile Access Software Blade offers multiple end-user connection options, including:

  • Check Point Mobile app (VPN client)
  • SSL VPN portal through a browser
  • SSL Network Extender (SNX) with light-weight, dissolvable client

The Mobile Access Software Blade offers:

SSL VPN Corporate Applications

SSL VPN provides the remote user with access to the various corporate applications, including, Web applications, file shares, Citrix services, Web mail, and native applications.

  • A Web application can be defined as a set of URLs that are used in the same context and that is accessed via a Web browser, for example inventory management, a Wiki or human resources management system.
  • A file share defines a collection of files, made available across the network by means of a protocol, such as SMB for Windows, that enables actions on files, such as opening, reading, writing and deleting files across the network.
  • SSL VPN supports Citrix client connectivity to internal XenApp servers.
  • SSL VPN supports Web mail services, including:
    1. Built-in Web mail: Web mail services give users access to corporate mail servers via the browser. SSL VPN provides a front-end for any email server that supports the IMAP and SMTP protocols.
    2. Other Web-based mail services, such as Outlook Web Access (OWA) and IBM Lotus Domino Web Access (iNotes). SSL VPN relays the session between the client and the OWA server.
  • SSL VPN allows mobile and remote workers to connect easily and securely to critical resources while protecting enterprise networks and endpoints from external threats.

Check Point Mobile Client

The Check Point Mobile client is best for simple and secure connectivity to corporate resources from smartphones and PCs and provides a variety of security and ease-of-use features. As one of the multiple end-user connection options, the Check Point Mobile client is best for simple and secure connectivity to corporate resources from smartphones and PCs and provides:

  • One-touch access to your business web applications
  • Secure sync of your e-mail, calendar and contacts
  • Always-on security
  • Easy setup with downloadable app
  • Secure business portal customized for each user ensuring access to only authorized corporate resources
  • Single sign-on to reduce login errors into corporate web applications

SSL VPN Portal

As one of the multiple end-user connection options, the SSL VPN portal is best for connecting securely to corporate resources through a portal from a web browser and provides a variety of security features.

Secure Web-based Connectivity

Through an integrated Web portal, users can access web applications, web-based resources, shared files, and email. Administrators can customize the design of the web portal, including support for multiple languages.

Endpoint Security On Demand

  • Optional endpoint compliance and malware scanner
  • Ensures that connecting endpoints are compliant with corporate policy
  • Detects keyloggers, trojans and other malware
  • Out-of-compliance users are offered links to self-remediation resources

Check Point Secure Workspace

End-users can utilize the Check Point virtual desktop that enables data protection during user sessions and enables cache wiping after the sessions have ended. Secure Workspace protects all session-specific data accumulated on the client side, and:

  • Creates a secure virtual environment, insulated from the host
  • Encrypts and deletes browser and application caches, files, etc., when session ends

DynamicID Direct SMS Authentication

The Mobile Access Software Blade can be configured to send a One-Time Password (OTP) to an end-user communication device (such as a mobile phone) via an SMS message. SMS two-factor authentication provides an extra level of security while eliminating the difficulties associated with managing hardware tokens.

Integrated Intrusion Prevention

  • Provides protection against malicious code transferred in Web-related applications
  • Blocks worms, various attacks such as buffer overflows, SQL and command injections, cross-site scripting, customizable HTTP worm catcher, directory traversal, header rejection, malicious HTTP code

SSL Network Extender (On-demand client - SNX)

The SSL Network Extender (SNX) is used for remote users who need access to network (non-Web-based) applications. The SNX offers a browser plug-in that provides remote access, while delivering full network connectivity for IP-based applications. The SSL Network Extender (SNX) is used for remote users who need access to network (non-Web-based) applications. The SSL Network Extender offers a browser plug-in that provides remote access, while delivering full network connectivity for IP-based applications. It enables an on-demand SSL VPN Layer-3 tunnel to connect to your corporate resources. It supports any IP-based application, including ICMP, TCP and UDP, without requiring complex configuration to support each application. SSL Network Extender works on remote PCs without requiring administrator privileges.

SSL Network Extender is downloaded automatically from the SSL VPN portal to the endpoint machines, so that VPN client software does not have to be pre-installed and configured on users' PCs and laptops. SSL Network Extender tunnels application traffic using a secure, encrypted and authenticated SSL tunnel to the SSL VPN gateway.

Integrated into Check Point Software Blade Architecture

The Mobile Access Software Blade is fully integrated into the Software Blade architecture, saving time and reducing costs by allowing customers to quickly expand security protections to meet changing requirements. The Mobile Access Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways (Check Point appliances including UTM-1, Power-1, IP Appliances and IAS Appliances, or open server platforms) saving time and reducing costs by leveraging existing security infrastructure.

Tab 3

Mobile Access Specifications

Check Point Mobile Client

iPhone 3G, 3GS

3.1.3 and above

iPhone 4 4/4.01 and above

iPad

3.2.2 and above

Android Coming soon
Windows XP, Vista, Windows 7 - coming soon
Symbian Coming soon (available today through SecureClient Mobile)
Windows Mobile Available today through SecureClient Mobile

SSL VPN Portal

Internet Explorer

5.5 and above

Firefox 1.0.3 and above
Safari All
Gateway Specifications

Hardware

Suitable for R71.10 such as Check Point UTM-1 Appliances, Power-1 Appliances and Integrated Appliance Solutions (IAS)

Operating System SecurePlatform

Version

R71.10+iPhone HFA

Management Platform Specifications*

Check Point Secure Platform

Check Point

IPSO 6.2 disk-based
Windows Server 2003/2008- 32-bit
Linux RHEL 5.0/5.4 32-bit
Sun/Oracle (SPARC) Solaris 8, 9, 10

Client Device

Operating System

Browser

PC

  • Windows 7 32/64-bit
  • Vista 32/64-bit
  • XP 32-bit
  • Internet Explorer 5.5 and above
  • Firefox 1.0.3 and above
Mac Mac 10.4/5 (32-bit) Safari
Linux
  • Fedora 8
  • Ubuntu 7
  • RHEL 3.0
  • Suse 9 & above
  • Red Hat 7.3

Firefox 1.0.3 and above

*Security Management Server R71.10 required