Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Exchange Mail Applications for Smartphones and Tablets

In This Section:

Capsule Workspace Mail Applications

ActiveSync Applications

Policy Requirements for ActiveSync Applications

Configuring a TLS/SSL Version for an Application

Capsule Workspace Mail and Active Sync Applications are applications for smartphone and tablet users to connect to email through an Exchange server. Web applications and File shares can also be available on smartphones and tablets.

Capsule Workspace Mail Applications

Capsule Workspace Mail Applications work with Exchange servers to make business email available on mobile devices with a Capsule Workspace App. The application is in a secure area on the Mobile Device that is usually protected with a passcode. All data in Capsule Workspace is encrypted.

During the Mobile Access Wizard, if you select Mobile Devices > Capsule Workspace, and enter an Exchange server, a Capsule Workspace Mail Application is automatically created. Make sure that users have access to the Capsule Workspace Mail Application in your Mobile Access policy.

To configure a Capsule Workspace Mail application:

  1. If it is a new application, in the Mobile Access tab > Applications > Capsule Workspace Mail, click New.

    If it is an existing application, in the Mobile Access tab > Applications > Capsule Workspace Mail, double-click the application.

    A Capsule Workspace Mail window opens.

  2. In the General Properties page:
    • Enter a Name for the application in SmartDashboard
    • Optional: Enter a comment
    • Enter the name of the Exchange Server that will communicate with the gateway and the Port. For example, ad. example.com.
  3. In the Exchange Access page, in the Define access settings area:
    • Use encryption (https) - By default, traffic to the Exchange server works with HTTPS.
    • Use non-default path - If the Exchange Web Services path on the Exchange server to the application is not the default, enter the path here.

      The default path is EWS/Exchange.asmx and the URL is https://<IP address of the Exchange Server>/EWS/Exchange.asmx.

    • Use specific domain - If you want users to authenticate to a specified domain on the Exchange server, enter it here.
  4. In the Exchange Access page, in the Proxy Settings area, if there is a proxy server between the Exchange Server and the gateway, configure the settings here.
    • Use gateway proxy settings - By default the proxy settings configured for the gateway are used.
    • Do not use proxy server - Select if no proxy server is required.
    • Use specific proxy server - Configure a proxy server that the gateway communicates with to reach the Exchange Server.
      1. Select the Host and Service.
      2. If credentials are required to access the proxy server, select Use credentials for accessing the proxy server and enter the Username and Password.
  5. In the Display Link page:
    • Title - The name of the application that users will see on their mobile devices.
    • Description - The description of the application that users will see on their mobile devices.
  6. In the Single Sign On page, select the source of the credentials used for Single Sign-On for this application:
    • Login to Exchange with the application credentials - By default, use the same credentials that users use to log in to the Business Secure Container. This only applies if the authentication method configured for them on the gateway is Username/Password (Gateway Properties > Mobile Access > Authentication).
    • Prompt for user credentials and store them locally for reuse - Use different credentials for the Business Secure Container.
      • Show the user the following message on the credentials prompt - Select this and enter a message that users see when prompted to enter the credentials required for the Business Secure Container.
  7. In the Periodic Test page, select which tests are run regularly on the gateways to make sure they can connect to the Exchange server. If there is a connectivity problem, a System Alert log generated.
    • Run periodic test from gateways that have access to this application - A test makes sure there is connectivity between the gateway and Exchange server. The test runs at the interval that you enter.
    • Perform extensive test using the following account - Periodically run a test to make sure that a user can authenticate to the Exchange server. To run this test you must enter a valid Username and Password.

      Note - If the account password changes, you must enter the new password here.

ActiveSync Applications

An ActiveSync application is an email application that works with ActiveSync, which is native in most Mobile devices. Mobile devices that can use the ActiveSync protocol and connect to an Exchange server can access ActiveSync applications.

As opposed to Capsule Workspace Mail applications, ActiveSync applications are not located in the Business Secure Container and are not protected. If you use the ActiveSync application, make sure that your mobile device is protected in other ways so that your sensitive business data and Exchange user credentials stay safe.

Make sure to give users access to the ActiveSync application in your Mobile Access policy.

To configure an ActiveSync application:

  1. If it is a new application, in the Mobile Access tab > Applications > ActiveSync Applications, click New.

    If it is an existing application, in the Mobile Access tab > Applications > ActiveSync Applications, double-click the application.

    An ActiveSync Application window opens.

  2. In the General Properties page:
    • Enter a Name for the application in SmartDashboard
    • Optional: Enter a comment
    • Enter the name of the Exchange Server that will communicate with the gateway and the Port. For example, ad. example.com.
  3. In the Exchange Access page, in the Define access settings area:
    • Use encryption (https) - By default, traffic to the Exchange server works with HTTPS.
    • Use non-default path - If the ActiveSync path on the Exchange server to the application is not the default, enter the path here.
    • Use specific domain - If you want users to authenticate to a specified domain on the Exchange server, enter it here.
  4. In the Exchange Access page, in the Proxy Settings area, if there is a proxy server between the Exchange Server and the gateway, configure the settings here.
    • Use gateway proxy settings - By default the proxy settings configured for the gateway are used.
    • Do not use proxy server - Select if no proxy server is required.
    • Use specific proxy server - Configure a proxy server that the gateway communicates with to reach the Exchange Server.
      1. Select the Host and Service.
      2. If credentials are required to access the proxy server, select Use credentials for accessing the proxy server and enter the Username and Password.
  5. In the Display Link page:
    • Title - The name of the application that users will see on their mobile devices.
    • Description - The description of the application that users will see on their mobile devices.
  6. In the Periodic Test page, select which tests are run regularly on the gateways to make sure they can connect to the Exchange server. If there is a connectivity problem, a System Alert log generated.
    • Run periodic test from gateways that have access to this application - A test makes sure there is connectivity between the gateway and Exchange server. The test runs at the interval that you enter.
    • Perform extensive test using the following account - Periodically run a test to make sure that a user can authenticate to the Exchange server. To run this test you must enter a valid Username and Password.

      Note - If the account password changes, you must enter the new password here.

Policy Requirements for ActiveSync Applications

  • To access ActiveSync, users must belong to a user group that is allowed to access ActiveSync applications.
  • Each user must have an email address defined the Email Address field in the properties of an internal user object, or on an LDAP server (for LDAP users).
  • If users are internal, their Check Point client passwords must be the same as their Exchange passwords, otherwise ActiveSync will not work.

Configuring a TLS/SSL Version for an Application

You can configure which SSL protocol to use on the internal server for Web applications and Exchange Mail applications. For example, you can configure that a Capsule Workspace Mail application always uses TLS 1.0. If you do not configure this, Mobile Access uses the default version that the organizational server recommends.

Configure the feature for each application in GuiDBedit.

This feature is supported in R77.20 and higher. To learn how to activate this feature, see sk101217.

To configure an SSL version for an application:

  1. Open GuiDBedit.
  2. Go to Other > network_applications APPLICATION NAME > internal_resource_ssl_version.
  3. Select a version. The options are:
    • auto (default) - Uses the version that the organizational server recommends
    • SSLv3 (SSL 3.0)
    • TLSv1 (TLS 1.0)
  4. Save the changes.
  5. Install policy.
 
Top of Page ©2015 Check Point Software Technologies Ltd. All rights reserved. Download PDF Send Feedback Print