Exchange Mail Applications for Smartphones and Tablets

Secure Container Mail and Active Sync Applications are applications for smartphone and tablet users to connect to email through an Exchange server. Web applications and File shares can also be available on smartphones and tablets.

Secure Container Mail Applications

Secure Container Mail Applications work with Exchange servers to make business email available on mobile devices with a Check Point App. The application is in the Business Secure Container, a secure area on the Mobile Device that is usually protected with a passcode. All data in the Business Secure Container is encrypted.

During the Mobile Access Wizard, if you select Mobile Devices > Mobile, and enter an Exchange server, a Secure Container Mail Application is automatically created. Make sure that users have access to the Secure Container Mail Application in your Mobile Access policy.

To configure a Secure Container Mail application:

1. If it is a new application, in the Mobile Access tab > Applications > Secure Container Mail, click New.

   If it is an existing application, in the Mobile Access tab > Applications > Secure Container Mail, double-click the application.

   A Secure Container Mail window opens.

2. In the General Properties page:
   • Enter a Name for the application in SmartDashboard
   • Optional: Enter a comment
   • Enter the name of the Exchange Server that will communicate with the gateway and the Port. For example, ad. example.com.
3. In the Exchange Access page, in the Define access settings area:
   • Use encryption (https) - By default, traffic to the Exchange server works with HTTPS.
   • Use non-default path - If the Exchange Web Services path on the Exchange server to the application is not the default, enter the path here.
   • Use specific domain - If you want users to authenticate to a specified domain on the Exchange server, enter it here.
4. In the Exchange Access page, in the Proxy Settings area, if there is a proxy server between the Exchange Server and the gateway, configure the settings here.
   • Use gateway proxy settings - By default the proxy settings configured for the gateway are used.
   • Do not use proxy server - Select if no proxy server is required.
   • Use specific proxy server - Configure a proxy server that the gateway communicates with to reach the Exchange Server.
     1. Select the Host and Service.
     2. If credentials are required to access the proxy server, select Use credentials for accessing the proxy server and enter the Username and Password.
5. In the Display Link page:
   • Title - The name of the application that users will see on their mobile devices.
   • Description - The description of the application that users will see on their mobile devices.
6. In the Single Sign On page, select the source of the credentials used for Single Sign-On for this application:
   • Login to Exchange with the application credentials - By default, use the same credentials that users use to log in to the Business Secure Container. This only applies if the authentication method configured for them on the gateway is Username/Password (Gateway Properties > Mobile Access > Authentication).
   • Prompt for user credentials and store them locally for reuse - Use different credentials for the Business Secure Container.
     • Show the user the following message on the credentials prompt - Select this and enter a message that users see when prompted to enter the credentials required for the Business Secure Container.
7. In the Periodic Test page, select which tests are run regularly on the gateways to make sure they can connect to the Exchange server. If there is a connectivity problem, a System Alert log generated.
   • Run periodic test from gateways that have access to this application - A test makes sure there is connectivity between the gateway and Exchange server. The test runs at the interval that you enter.
   • Perform extensive test using the following account - Periodically run a test to make sure that a user can authenticate to the Exchange server. To run this test you must enter a valid Username and Password.

     Note - If the account password changes, you must enter the new password here.

ActiveSync Applications

An ActiveSync application is an email application that works with ActiveSync, which is native in most Mobile devices. Mobile devices that can use the ActiveSync protocol and connect to an Exchange server can access ActiveSync applications.

As opposed to Secure Container Mail applications, ActiveSync applications are not located in the Business Secure Container and are not protected. If you use the ActiveSync application, make sure that your mobile device is protected in other ways so that your sensitive business data and Exchange user credentials stay safe.

Make sure to give users access to the ActiveSync application in your Mobile Access policy.

To configure an ActiveSync application:

1. If it is a new application, in the Mobile Access tab > Applications > ActiveSync Applications, click New.

   If it is an existing application, in the Mobile Access tab > Applications > ActiveSync Applications, double-click the application.

   An ActiveSync Application window opens.

2. In the General Properties page:
   • Enter a Name for the application in SmartDashboard
   • Optional: Enter a comment
   • Enter the name of the Exchange Server that will communicate with the gateway and the Port. For example, ad. example.com.
3. In the Exchange Access page, in the Define access settings area:
   • Use encryption (https) - By default, traffic to the Exchange server works with HTTPS.
   • Use non-default path - If the ActiveSync path on the Exchange server to the application is not the default, enter the path here.
   • Use specific domain - If you want users to authenticate to a specified domain on the Exchange server, enter it here.
4. In the Exchange Access page, in the Proxy Settings area, if there is a proxy server between the Exchange Server and the gateway, configure the settings here.
   • Use gateway proxy settings - By default the proxy settings configured for the gateway are used.
   • Do not use proxy server - Select if no proxy server is required.
   • Use specific proxy server - Configure a proxy server that the gateway communicates with to reach the Exchange Server.
     1. Select the Host and Service.
     2. If credentials are required to access the proxy server, select Use credentials for accessing the proxy server and enter the Username and Password.
5. In the Display Link page:
   • Title - The name of the application that users will see on their mobile devices.
   • Description - The description of the application that users will see on their mobile devices.
6. In the Periodic Test page, select which tests are run regularly on the gateways to make sure they can connect to the Exchange server. If there is a connectivity problem, a System Alert log generated.
   • Run periodic test from gateways that have access to this application - A test makes sure there is connectivity between the gateway and Exchange server. The test runs at the interval that you enter.
   • Perform extensive test using the following account - Periodically run a test to make sure that a user can authenticate to the Exchange server. To run this test you must enter a valid Username and Password.

     Note - If the account password changes, you must enter the new password here.

Policy Requirements for ActiveSync Applications

• To access ActiveSync, users must belong to a user group that is allowed to access ActiveSync applications.
• Each user must have an email address defined the Email Address field in the properties of an internal user object, or on an LDAP server (for LDAP users).
• If users are internal, their Check Point client passwords must be the same as their Exchange passwords, otherwise ActiveSync will not work.