Exchange Mail Applications for Smartphones and Tablets
Capsule Workspace Mail and Active Sync Applications are applications for smartphone and tablet users to connect to email through an Exchange server. Web applications and File shares can also be available on smartphones and tablets.
Capsule Workspace Mail Applications
Capsule Workspace Mail Applications work with Exchange servers to make business email available on mobile devices with a Capsule Workspace App. The application is in a secure area on the Mobile Device that is usually protected with a passcode. All data in Capsule Workspace is encrypted.
During the Mobile Access Wizard, if you select , and enter an Exchange server, a Capsule Workspace Mail Application is automatically created. Make sure that users have access to the Capsule Workspace Mail Application in your Mobile Access policy.
To configure a Capsule Workspace Mail application:
- If it is a new application, in the tab > > , click .
If it is an existing application, in the tab > > , double-click the application.
A window opens.
- In the page:
- Enter a for the application in SmartDashboard
- Optional: Enter a comment
- Enter the name of the that will communicate with the gateway and the . For example, ad. example.com.
- In the page, in the area:
- In the page, in the area, if there is a proxy server between the Exchange Server and the gateway, configure the settings here.
- - By default the proxy settings configured for the gateway are used.
- - Select if no proxy server is required.
- - Configure a proxy server that the gateway communicates with to reach the Exchange Server.
- Select the and .
- If credentials are required to access the proxy server, select and enter the and.
- In the page:
- - The name of the application that users will see on their mobile devices.
- - The description of the application that users will see on their mobile devices.
- In the page, select the source of the credentials used for Single Sign-On for this application:
- - By default, use the same credentials that users use to log in to the Business Secure Container. This only applies if the authentication method configured for them on the gateway is Username/Password ( > > ).
- - Use different credentials for the Business Secure Container.
- - Select this and enter a message that users see when prompted to enter the credentials required for the Business Secure Container.
- In the page, select which tests are run regularly on the gateways to make sure they can connect to the Exchange server. If there is a connectivity problem, a System Alert log generated.
- - A test makes sure there is connectivity between the gateway and Exchange server. The test runs at the interval that you enter.
- - Periodically run a test to make sure that a user can authenticate to the Exchange server. To run this test you must enter a valid and
|
Note - If the account password changes, you must enter the new password here.
|
ActiveSync Applications
An ActiveSync application is an email application that works with ActiveSync, which is native in most Mobile devices. Mobile devices that can use the ActiveSync protocol and connect to an Exchange server can access ActiveSync applications.
As opposed to Capsule Workspace Mail applications, ActiveSync applications are not located in the Business Secure Container and are not protected. If you use the ActiveSync application, make sure that your mobile device is protected in other ways so that your sensitive business data and Exchange user credentials stay safe.
Make sure to give users access to the ActiveSync application in your Mobile Access policy.
To configure an ActiveSync application:
- If it is a new application, in the tab > > , click .
If it is an existing application, in the tab > > , double-click the application.
An window opens.
- In the page:
- Enter a for the application in SmartDashboard
- Optional: Enter a comment
- Enter the name of the that will communicate with the gateway and the . For example, ad. example.com.
- In the page, in the area:
- - By default, traffic to the Exchange server works with HTTPS.
- - If the ActiveSync path on the Exchange server to the application is not the default, enter the path here.
- - If you want users to authenticate to a specified domain on the Exchange server, enter it here.
- In the page, in the area, if there is a proxy server between the Exchange Server and the gateway, configure the settings here.
- - By default the proxy settings configured for the gateway are used.
- - Select if no proxy server is required.
- - Configure a proxy server that the gateway communicates with to reach the Exchange Server.
- Select the and .
- If credentials are required to access the proxy server, select and enter the and.
- In the page:
- - The name of the application that users will see on their mobile devices.
- - The description of the application that users will see on their mobile devices.
- In the page, select which tests are run regularly on the gateways to make sure they can connect to the Exchange server. If there is a connectivity problem, a System Alert log generated.
- - A test makes sure there is connectivity between the gateway and Exchange server. The test runs at the interval that you enter.
- - Periodically run a test to make sure that a user can authenticate to the Exchange server. To run this test you must enter a valid and
|
Note - If the account password changes, you must enter the new password here.
|
Policy Requirements for ActiveSync Applications
- To access ActiveSync, users must belong to a user group that is allowed to access ActiveSync applications.
- Each user must have an email address defined the field in the properties of an internal user object, or on an LDAP server (for LDAP users).
- If users are internal, their Check Point client passwords must be the same as their Exchange passwords, otherwise ActiveSync will not work.
Configuring a TLS/SSL Version for an Application
You can configure which SSL protocol to use on the internal server for Web applications and Exchange Mail applications. For example, you can configure that a Capsule Workspace Mail application always uses TLS 1.0. If you do not configure this, Mobile Access uses the default version that the organizational server recommends.
Configure the feature for each application in GuiDBedit.
This feature is supported in R77.20 and higher. To learn how to activate this feature, see sk101217.
To configure an SSL version for an application:
- Open GuiDBedit.
- Go to > > > .
- Select a version. The options are:
- auto (default) - Uses the version that the organizational server recommends
- SSLv3 (SSL 3.0)
- TLSv1 (TLS 1.0)
- Save the changes.
- Install policy.
|
|