Getting Started with SSL Network Extender (SNX)

Prerequisites

The SSL Network Extender client-side prerequisites for remote clients are:

  • The specific Security Gateway must have a valid license for the SSL Network Extender.

  • The specific Security Gateway must be configured as a member of the Remote Access Community, and configured to work with Visitor Mode.

    This does not interfere with Remote Access client functionality, but allows Remote Access client users to access internal resources with Visitor Mode.

  • The same access rules are configured for Remote Access client and SSL Network Extender users.

Getting Started with SNX for the Mobile Access Software Blade

  1. See SSL Network Extender (SNX) Versions and Requirements

  2. Connect with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. that manages the Mobile Access Gateway.

  3. From the left navigation panel, click Gateways & Servers.

  4. Double-click on the Security Gateway object.

  5. In the navigation tree, click General Properties.

  6. On the Network Security tab, enable the Mobile Access Software Blade.

    See the Mobile Access Administration Guide for your version > "Getting Started with Mobile Access" section.

  7. Configure the default SNX mode:

    1. In the navigation tree, click Mobile Access > SSL Clients.

    2. In the SSL Network Extender Operation Mode section, select the applicable option:

      • Automatically decide on client time according to endpoint machine capabilities (this is the default)

      • Application Mode only

      • Network Mode only

      For more information about Application Mode and Network Mode, see Introduction to SSL Network Extender (SNX).

  8. Click OK.

  9. In the Mobile Access Policy, create a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. for at least one Native Application.

    See the Mobile Access Administration Guide for your version > "Mobile Access Authorization and Access Control" chapter.

  10. Install the Access Control policy.

Getting Started with SNX for the IPsec VPN Software Blade

  1. See SSL Network Extender (SNX) Versions and Requirements.

  2. Connect with SmartConsole to the Management Server that manages the Mobile Access Gateway.

  3. From the left navigation panel, click Gateways & Servers.

  4. Double-click on the Security Gateway object.

  5. In the navigation tree, click General Properties.

  6. On the Network Security tab, enable the IPsec VPNClosed Check Point Software Blade on a Security Gateway that provides a Site to Site VPN and Remote Access VPN access. Software Blade.

    See the Remote Access VPN Administration Guide for your version > chapter "Getting Started with Remote Access VPN" > section "Basic Security Gateway Configuration".

  7. Enable SNX:

    1. In the navigation tree, click VPN Clients.

    2. In the VPN clients allowed to connect to this gateway section, select Other > SSL Network Extender.

  8. Click OK.

  9. In the Access Control policy, create the applicable rules.

  10. Install the Access Control policy.

Important - If you configured the SSL Network Extender settings in the Security Gateway for the IPsec VPN Software Blade, and then you enabled the Mobile Access Software Blade, then you must reconfigure the required rules in the Mobile Access policy.The SSL Network Extender rules in the Access Control Policy do not apply anymore.