Feature Overview
The Remote Access Clients are installed on the desktop or laptop of the user and have enhanced connectivity, security, installation, and administration capabilities.
|
Primary Function |
Description |
|---|---|
|
Full IPSec VPN |
Internet Key Exchange (version 1) support for secure authentication. A Virtual Private Network (VPN) provides a secured, encrypted connection on the Internet to your organization's network. The VPN tunnel gives remote access users the same security that LAN users have. IPSec makes the tunnel apparently transparent because users can run an application or service that you do not block for the VPN. (Compare to SSL VPN, which operates through web applications only.) |
|
Location Awareness |
Remote Access clients intelligently detects if it is in the VPN domain (Enterprise LAN), and automatically connects or disconnects as required. If the client senses that it is in the internal network, the VPN connection is terminated. In Always-Connect mode, the VPN connection is established when the client exits the internal network. |
|
Multiple Login Options |
Multiple login options for each gateway, with multi-factor authentication schemes. |
|
Proxy Detection |
Proxy servers between the client and the Security Gateway are automatically detected and authenticated to if necessary. |
|
Dead Gateway Detection |
If the client fails to receive an encrypted packet in a specified time interval, it sends a tunnel test packet to the Security Gateway. If the tunnel test packet is acknowledged, the Security Gateway is considered on. If some back-to-back tunnel test packets stay unacknowledged, the Security Gateway is considered inactive, or dead. You can configure this capability. |
|
Multiple Entry Point |
Provides a gateway High Availability and Load Sharing solution for VPN connections. For Remote Access Clients, in an environment with MEP, more than one Security Gateway protects and gives access to the same VPN domain. MEP allows the Remote Access Clients connect to the VPN from multiple gateways. |
|
Secondary Connect |
Gives access to multiple VPN gateways at the same time, to transparently connect users to distributed resources. Users log in one time to a selected site and receive transparent access to resources on different gateways. |
|
Visitor Mode |
If the firewall or network limits connections to ports 80 or 443, encrypted (IPSec) traffic between the client and the gateway is tunneled through a regular TCP connection. |
|
NAT-T |
UDP Encapsulation of IPSec Traffic. Remote Access Clients can connect seamlessly through devices that do not allow native IPSec traffic (such as firewall and access points). |
|
Hub Mode |
Increases security. It routes all traffic through the VPN and your Security Gateway. At the Security Gateway, the traffic is inspected for malicious content before being passed to the client, and you can control client connectivity. |
|
VPN Tunneling |
Increases connectivity performance. Encrypts only traffic targeted to the VPN tunnel, and allows users go more easily to sites where security is not an issue (such as public portals and search engines). |
|
Desktop Firewall |
Endpoint Security VPN enforces a Desktop Firewall on SmartConsole-managed remote clients. The administrator defines the Desktop Security Policy in the form of a Rule Base. Rules can be assigned to specific user groups or all users; this permits the definition of flexible policies. SmartEndpoint-managed clients use the Endpoint Security Firewall blade. |
|
Compliance Policy - Secure Configuration Verification (SCV) |
SCV monitors the configuration of remote computers, to confirm that the configuration complies with organization Security Policy, and the Security Gateway blocks connectivity for computers that do not comply. It is available in Endpoint Security VPN and Check Point Mobile for Windows. In SmartEndpoint-managed clients, you can select to use SCV or the Endpoint Security Compliance blade. |
|
Secure Domain Logon (SDL) |
Establishes a VPN tunnel before a user logs in. |
|
Certificate enrollment, renewal, and auto Renewal |
Enrollment is the process of applying for, and receipt of, a certificate from a recognized Certificate Authority (CA), which here is Check Point's Internal CA. The system administrator creates a certificate and sends users the registration key. The client sends this key to Security Gateway, and in return receives the certificate. |
|
Machine Authentication |
Authentication with a machine certificate from the Windows system store. |