Protection Levels

Protection Levels are predefined sets of security settings that offer a balance between connectivity and security. Protection Levels allow Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. administrators to define application protections for groups of applications with similar requirements.

Mobile Access comes with three default Protection Levels - Normal, Restrictive, and Permissive. You can create additional Protection Levels and change the protections for existing Protection Levels.

Using Protection Levels

You can include Protection Levels in the definition of most Mobile Access application types. Each application can have a Protection Level associated with it. A single Protection Level can be assigned for all native applications.

When you define an application, in the Protection Level page of the application object, you can choose:

Security Requirements for Accessing this Application:

Defining Protection Levels

To access the Protection Level page from the Mobile Access tab:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > Mobile Access and click Open Mobile Access Policy in SmartDashboard.

    SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the Mobile Access tab.

  2. From the navigation tree click Additional Settings > Protection Levels page from the navigation tree.

  3. Click New to create a new Protection Level or double-click an existing Protection Level to modify it.

    The Protection Levels window opens, and shows the General Properties page.

To access the Protection Level page from a Mobile Access application:

  1. In SmartConsole, click Objects > Object Explorer (Ctrl+E). Or in SmartDashboard, Mobile Access tab, go to Applications > Application type.

  2. Search for the Mobile Access application.

  3. Double-click the application.

  4. From the navigation tree, select Additional Setting > Protection Level.

  5. To create a new Protection Level, select Manage > New.

  6. To edit the settings of a Protection Level, select the Protection Level from the drop down list and then select Manage > Details.

    The Protection Levels window opens, and shows the General Properties page.

To configure the settings for a Protection Level:

  1. From the General Properties page in the Protection Level window, enter the Name for the Protection Level (for a new Protection Level only).

  2. In the navigation tree, click Authentication and select one or more authentication methods from the available choices. Users accessing an application with this Protection Level must use one of the selected authentication schemes.

  3. If necessary, select User must successfully authenticate via SMS.

  4. In the navigation tree, click Endpoint Security and select one or both of these options:

    • Applications using this Protection Level can only be accessed if the endpoint machine complies with the following Endpoint compliance policy. Also, select a policy. This option gives access to the associated application only if the scanned client computer complies with the selected policy.

    • Applications using this Protection Level can only be accesses from within Secure Workspace. This option requires Secure Workspace to be running on the client computer.

  5. Click OK to close the Protection Level window.

  6. Install the policy.