Print Download PDF Send Feedback

Previous

Next

Introduction to Mobile Access

In This Section:

Mobile Access

Mobile Access Applications

Mobile Access Management

Commonly Used Concepts

Server Side Security Highlights

Client Side Security Highlights

Mobile Access

Check Point Mobile Remote Access VPN Software Blade is the safe and easy solution to connect to corporate applications over the internet with your mobile device or PC. The solution provides enterprise-grade remote access with both Layer-3 VPN and SSL VPN. It gives you simple, safe and secure connectivity to your email, calendar, contacts and corporate applications. At the same time, it protects networks and endpoint computers from threats.

The Mobile Access Portal lets mobile and remote workers connect easily and securely to critical resources over the internet.

Check Point Mobile Apps enables secure encrypted communication from unmanaged smartphones and tablets to your corporate resources.

Mobile Access Applications

Mobile Access provides the remote user with access to the various corporate applications, including, Web applications, file shares, Citrix services, Web mail, and native applications.

Remote users initiate a standard HTTPS request to the Mobile Access gateway. The gateway authenticates users based on one or more of the configured authentication methods, such as user name and password, certificates, or SecurID. Users have access to applications based on the Mobile Access policy.

For information about Web applications, file shares, Citrix services, Web mail see Applications for Clientless Access.

For information about native applications, see Native Applications for Client-Based Access.

Mobile Access Management

Commonly Used Concepts

This section briefly describes commonly used concepts that you will encounter when dealing with Mobile Access.

Authentication

All remote users that access the Mobile Access portal must be authenticated by one or more of the supported authentication methods. Multiple login options for users and multi-factor authentication are supported. See User Authentication in Mobile Access.

Authorization

Authorization determines how remote users access internal applications on the corporate LAN. If the remote user is not authorized, access to the services provided by the Mobile Access gateway is not granted.

After authentication, the user can open an application based on the Mobile Access policy.

Endpoint Compliance Scanner

The Check Point Endpoint Security On Demand scanner scans the endpoint machine to see if it complies with the endpoint compliance policy. For example, an endpoint compliance policy can make sure that the endpoint clients have updated Anti-Virus signatures and an active firewall. If the endpoint is compliant with the endpoint compliance policy, the user is allowed to access the portal.

Secure Workspace

End-users can utilize Check Point's proprietary virtual desktop that enables data protection during user-sessions, and enables cache wiping, after the sessions have ended. Secure Workspace protects all session-specific data accumulated on the client side. It uses protected disk space and file encryption to secure files created during the access session. Afterwards, it cleans the protected session cache, eliminating any exposure of proprietary data that would have been inadvertently left on public PCs.

Protection Levels

Protection Levels maintain a balance between connectivity and security. The Protection Level is a security requirement that users must meet before they can access the resource. For example, an application can have a Protection Level that requires users to use a specified authentication method. Mobile Access has three pre-defined Protection Levels: Permissive, Normal, and Restrictive. You can edit Protection Level settings, and define new Protection Levels.

Session

After authentication, remote users are assigned a Mobile Access session. The session is the period of communication with the gateway until the user logs out or the connection times out.

SSL Network Extender

The SSL Network Extender client makes it possible to access native applications through Mobile Access.

SSL Network Extender is downloaded automatically from the Mobile Access portal to the endpoint machines, so that client software does not have to be pre-installed and configured on users' PCs and laptops. SSL Network Extender transports application traffic through a secure, encrypted, and authenticated SSL tunnel to the Mobile Access gateway.

Server Side Security Highlights

Mobile Access enabled gateways are fully integrated with and benefit from the same security features as other Security Gateways. In addition, Mobile Access gateways have numerous security features to enable secure remote access. These are some of the security features available on Mobile Access gateways:

Client Side Security Highlights

These are some of the security features available on the client side: