Comparison of Remote Access Clients


Endpoint Security VPN for Windows

Check Point Mobile for Windows


Endpoint Security VPN for Mac


Client Purpose

Secure connectivity with Desktop Firewall & compliance checks

Secure connectivity & compliance checks

Basic secure connectivity

Secure connectivity with Desktop Firewall


Replaces Client

SecureClient NGX R60

Endpoint Connect R73

Endpoint Connect R73

SecuRemote NGX R60

SecureClient for Mac


IPsec VPN Tunnel

All traffic travels through a secure VPN tunnel.

Security Compliance Check (SCV)

Monitor remote computers to confirm that the configuration complies with organization's security policy.

Integrated Desktop Firewall

Integrated endpoint firewall managed centrally from a Security Management Server

Split Tunneling

Encrypt only traffic targeted to the VPN tunnel.

Hub Mode

Pass all connections through the Security Gateway.

Dynamic Optimization of Connection Method

When NAT-T connectivity is not possible, automatically connect over TCP port 443 (HTTPS port).

Multi Entry Point (MEP)

Manual only

Client seamlessly connects to an alternative site when the primary site is not available.

Secondary Connect

End-users can connect once and get transparent access to resources, regardless of their location.

Office Mode IP

Each VPN client is assigned an IP from the internal office network.

Back Connection Protocols

Support protocols where the client sends its IP to the server and the server initiates a connection back to the client using the IP it receives. These protocols include: Active FTP, X11, some VoIP protocols.

Auto Connect and Location Awareness

Intelligently detect if the user is outside the internal office network, and automatically connect as required. If the client senses that it is inside the internal network, the VPN connection is terminated.


Tunnel and connections remain active while roaming between networks.

Always Connected

VPN connection is established whenever the client exits the internal network.

Exclude Local Network

Exclude local network traffic when Hub mode (Route all traffic) is configured on the Security Gateway.

Secure Domain Logon (SDL)

VPN tunnel and domain connectivity is established as part of Windows login allowing GPO and install scripts to execute on remote machines.

Split DNS

Support for multiple DNS servers - a regular DNS server for resolving the external resources; an internal company DNS server assigned by the Office Mode for resolving the internal company resources.

Hotspot Detection and Registration

Detection only

Makes it easier for users to find and register with hot spots to connect to the VPN through local portals (such as in hotels or airports).

Secure Authentication API (SAA)

Allows third party-extensions to the standard authentication schemes. This includes 3-factor and biometrics authentication.

Required Licenses

On Security Gateway:

On Management Server:

Endpoint Container & Endpoint VPN for all installed endpoints

IPsec VPN and Mobile Access
(based on concurrent connections)

On Security Gateway:

IPsec VPN for an unlimited number of connections

On Security Gateway:

On Management Server:

Endpoint Container & Endpoint VPN for all installed endpoints