Remote Access Clients Comparison

Feature

Endpoint Security VPN for Windows

Check Point Mobile for Windows

Secu- Remote

Endpoint Security VPN for Mac

Description

Client Purpose

Secure connectivity with desktop firewall & compliance checks

Secure connectivity & compliance checks

Basic secure connectivity

Secure connectivity with desktop firewall

 

Replaces Client

Secure- Client NGX R60

Endpoint Connect R73

Endpoint Connect R73

SecuRemote NGX R60

Secure- Client for Mac

 

IPSEC VPN Tunnel

All traffic travels through a secure VPN tunnel.

Security Compliance Check (SCV)

 

 

Monitor remote computers to confirm that the configuration complies with organization's security policy.

Integrated Desktop Firewall

 

 

Integrated endpoint firewall centrally managed from a Security Management Server

Split Tunneling

Encrypt only traffic targeted to the VPN tunnel.

Hub Mode

 

Pass all connections through the gateway.

Dynamic Optimization of Connection Method

When NAT-T connectivity is not possible, automatically connect over TCP port 443 (HTTPS port).

Multi Entry Point (MEP)

Manual only

Client seamlessly connects to an alternative site when the primary site is not available.

Secondary Connect

 

End-users can connect once and get transparent access to resources, regardless of their location.

Office Mode IP

 

Each VPN client is assigned an IP from the internal office network.

Back Connection Protocols

 

Support protocols where the client sends its IP to the server and the server initiates a connection back to the client using the IP it receives. These protocols include: Active FTP, X11, some VoIP protocols.

Auto Connect and Location Awareness

 

 

Intelligently detect if the user is outside the internal office network, and automatically connect as required. If the client senses that it is inside the internal network, the VPN connection is terminated.

Roaming

 

Tunnel and connections remain active while roaming between networks.

Always Connected

 

VPN connection is established whenever the client exits the internal network.

Exclude Local Network

 

 

Exclude local network traffic when Hub mode (Route all traffic) is configured.

Secure Domain Logon (SDL)

 

VPN tunnel and domain connectivity is established as part of Windows login allowing GPO and install scripts to execute on remote machines.

Split DNS

Support for multiple DNS servers - a regular DNS server for resolving the external resources; an internal company DNS server assigned by the Office Mode for resolving the internal company resources.

Hotspot Detection and Registration

 

Detection only

Makes it easier for users to find and register with hot spots to connect to the VPN through local portals (such as in hotels or airports).

Secure Authentication API (SAA)

 

Allows third party-extensions to the standard authentication schemes. This includes 3-factor and biometrics authentication.

Required Licenses

On Gateway: IPsec VPN
On Manage-
ment: Endpoint Container & Endpoint VPN for all installed endpoints

IPsec VPN and Mobile Access
(based on concurrent connections)

On Gateway: IPsec VPN for an unlimited number of connections

On Gateway: IPsec VPN
On Manage-
ment: Endpoint Container & Endpoint VPN for all installed endpoints

 

Supported Upgrade Paths to E82.00 Mac

  • E80.89

Client Requirements

E82.00 can be installed on these platforms in 64-bit:

  • macOS Catalina (10.15)

  • macOS Mojave (10.14)

VPN Server and Gateway Requirements

E82.00 Client Type

Supported Security Management Server

Supported VPN Gateway

Endpoint Security Suite with Remote Access VPN Blade

R77.30.03

R77.20 EP6.0

R80 and higher
R77 and higher

Standalone Endpoint Security VPN for OS X

R80 and higher
R77 and higher

For the most up-to-date list of supported operating systems, server and gateway requirements, see: sk67820.

Installation and Configuration

Before you install this release, make sure that you have supported gateways.

If Visitor mode is configured on port 443 and WebUI is enabled on the Security Gateway, the WebUI must listen on a port other than 443. Otherwise,ill be Endpoint Security VPN cannot connect.

Installing the Client

Install the client on a supported Mac platform booted in 64-bit mode.

To install Endpoint Security VPN for Mac on a client computer:

  1. Download the Endpoint Security VPN for Mac E82.00 - Disc Image file to the client computer.

  2. Double-click the file.

    After the disk image mounts to the file system, a Finder window opens with the contents of the package.

  3. Double-click the Endpoint_Security_VPN.dmg file to start the installation.

  4. Follow the on-screen instructions.

Note -In the E82.00 Release, the Endpoint Security Installer.app bundle is not notarized.

To avoid macOS security warnings, make sure the installer does not have the com.apple.quarantine attribute at the time of the installation.

  1. macOS does not add the com.apple.quarantine attribute when downloading from shared network folders or from the removal disk.

  2. If the com.apple.quarantine attribute is added, it is possible to remove it manually using the xattr command.

Uninstalling the Client

If necessary, you can uninstall the Endpoint Security VPN client.

To install Endpoint Security VPN for Mac from a client computer:

  1. Double-click the Endpoint_Security_VPN.dmg file.

    After the disk image mounts to the file system, a Finder window opens with the contents of the package.

  2. Double-click the Uninstaller to start the uninstall process.

  3. Do the on-screen instructions.

Automatic Upgrade from the Gateway

You can configure your Security Gateway to automatically upgrade Remote Access VPN clients the next time that they connect. When this occurs, the Security Gateway downloads the applicable package to the client. Endpoint users must have administrator permissions to install an upgrade.

You can have packages for different versions of the VPN client for Windows and Mac OS X on your Security Gateway at the same time. For example, you can have E80.60 for Mac and E80.62 for Windows at the same time.

To set up a gateway to automatically install client upgrades:

  1. Download Endpoint Security VPN for MacE82.00 Signature for Automatic Upgrade.

  2. Rename the Endpoint_Security_VPN.pkg, Endpoint_Security_VPN.pkg.signature and ver.ini files to TRAC.pkg, TRAC.pkg.signature and trac_ver_osx.txt respectively.

  3. Upload these files to this directory on the gateway:
    $FWDIR/conf/extender/CSHELL

    • For version R71.x only, copy the TRAC.pkg and TRAC.pkg.signature files also to:
      $CVPNDIR/htdocs/SNX/CSHELL.

  4. On a non-Windows gateway, run:

    • chmod 750 TRAC.pkg

    • chmod 750 TRAC.pkg.signature

    • chmod 750 trac_ver_osx.txt

  5. In SmartDashboard, go to Policy> Global Properties > Remote Access > Endpoint Connect.

  6. Select one of these Client upgrade mode options:

    • Do not upgrade- This option disables automatic upgrades from the gateway. Automatic upgrades are not available for endpoint users.

    • Ask user - The user receives a prompt and can install immediately or at a later time.

      If the user does not install the upgrade immediately, the prompt will show again in one week.

    • Always upgrade - The new package installs silently without user intervention. The user receives a notification once the upgrade completes successfully.

  7. Install the policy.