In This Section: |
Check Point Mobile Remote Access VPN Software Blade is the safe and easy solution to connect to corporate applications over the internet with your mobile device or PC. The solution provides enterprise-grade remote access with both Layer-3 VPN and SSL VPN. It gives you simple, safe and secure connectivity to your email, calendar, contacts and corporate applications. At the same time, it protects networks and endpoint computers from threats.
The Mobile Access Portal lets mobile and remote workers connect easily and securely to critical resources over the internet.
Check Point Mobile Apps enables secure encrypted communication from unmanaged smartphones and tablets to your corporate resources.
Mobile Access provides the remote user with access to the various corporate applications, including, Web applications, file shares, Citrix services, Web mail, and native applications.
Notes:
Remote users initiate a standard HTTPS request to the Mobile Access gateway. The gateway authenticates users based on one or more of the configured authentication methods, such as user name and password, certificates, or SecurID. Users have access to applications based on the Mobile Access policy.
For information about Web applications, file shares, Citrix services, Web mail see Applications for Clientless Access.
For information about native applications, see Native Applications for Client-Based Access.
This section briefly describes commonly used concepts that you will encounter when dealing with Mobile Access.
All remote users that access the Mobile Access portal must be authenticated by one or more of the supported authentication methods. Multiple login options for users and multi-factor authentication are supported. See User Authentication in Mobile Access.
Authorization determines how remote users access internal applications on the corporate LAN. If the remote user is not authorized, access to the services provided by the Mobile Access gateway is not granted.
After authentication, the user can open an application based on the Mobile Access policy.
The Check Point Endpoint Security On Demand scanner scans the endpoint machine to see if it complies with the endpoint compliance policy. For example, an endpoint compliance policy can make sure that the endpoint clients have updated Anti-Virus signatures and an active firewall. If the endpoint is compliant with the endpoint compliance policy, the user is allowed to access the portal.
End-users can utilize Check Point's proprietary virtual desktop that enables data protection during user-sessions, and enables cache wiping, after the sessions have ended. Secure Workspace protects all session-specific data accumulated on the client side. It uses protected disk space and file encryption to secure files created during the access session. Afterwards, it cleans the protected session cache, eliminating any exposure of proprietary data that would have been inadvertently left on public PCs.
Protection Levels maintain a balance between connectivity and security. The Protection Level is a security requirement that users must meet before they can access the resource. For example, an application can have a Protection Level that requires users to use a specified authentication method. Mobile Access has three pre-defined Protection Levels: Permissive, Normal, and Restrictive. You can edit Protection Level settings, and define new Protection Levels.
After authentication, remote users are assigned a Mobile Access session. The session is the period of communication with the gateway until the user logs out or the connection times out.
The SSL Network Extender client makes it possible to access native applications through Mobile Access.
SSL Network Extender is downloaded automatically from the Mobile Access portal to the endpoint machines, so that client software does not have to be pre-installed and configured on users' PCs and laptops. SSL Network Extender transports application traffic through a secure, encrypted, and authenticated SSL tunnel to the Mobile Access gateway.
Mobile Access enabled gateways are fully integrated with and benefit from the same security features as other Security Gateways. In addition, Mobile Access gateways have numerous security features to enable secure remote access. These are some of the security features available on Mobile Access gateways:
The Web Intelligence component of IPS enables protection against malicious code transferred in Web-related applications: worms, various attacks such as Cross Site Scripting, buffer overflows, SQL injections, Command injections, Directory traversal, and HTTP code inspection.
These are some of the security features available on the client side: