Basic Configuration of SSL Network Extender for Mobile Access

Configuring a Simple Native Application

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., click Objects > Object Explorer (Ctrl+E).

  2. Click New Custom Application/Site > Mobile Application > Native Applications.

  3. Click New.

    The Native Application window opens.

General Properties

In the General Properties page, define the name of the Native Application.

Authorized Locations

  1. Go to the Authorized Locations page.

    An authorized location ensures users of the Native Application can only access the specified locations using the specified services.

  2. Fill in the fields:

    • Host or Address Range is the machine or address range on which the application is hosted.

    • Service is the port on which the machine hosting the application listens for communication from application clients.

Applications on the Endpoint Computer

  1. Go to the Endpoint Applications page.

  2. Fill in the fields:

    • Add link in the Mobile Accessportal must be selected if you want to make endpoint application(s) associated with the Native Applications available to users.

    • Link text can include $$user, a variable that represents the user name of the currently logged-in user.

    • Tooltip for additional information. Can include $$user, which represents the user name of the currently logged-in user.

    • Path and executable name must specify one of these:

      • Full path of the application on the endpoint machines. For example: c:\WINDOWS\system32\ftp.exe

      • The location of the application by means of an environment variable.

        This allows the location of the application to be specified in a more generalized way.

        For example: %windir%\system32\ftp.exe

      • If the application is listed in the Windows Start > Programs menu, only the application name need be entered, as it appears to the user in the Start menu.

        For example HyperTerminal.

      • If the location of the application is in the path of the endpoint computer, only the application name need be entered.

        For example: ftp.exe

      Note - If the endpoint application is not available on the endpoint machine, the link to the application will not be shown in the end user's browser.

    • Parameters are used to pass additional information to applications on the endpoint computer, and to configure the way they are launched.

Using the $$user Variable in Native Applications

You can use the "$$user" variable to define customized login parameters for native applications (in the Parameters field).

To do this, enter the $$user variable wherever you need to specify a user name.

For example, you can use the "$$user" variable to return the user name as a part of the login string for Remote Desktop.

In the parameter "$$user.example.com", the value resolves to the login string:

  • For the username "Ethan", it resolves to: ethan.example.com

  • For the username "Richard", it resolves to: richard.example.com

Completing the Native Application Configuration

To complete the configuration, add the Native application to a policy ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. and install policy from SmartConsole.

If necessary, configure the Native Applications for Client-Based Access.

For Unified Access Policy, see the Mobile Access Administration Guide for your version > chapter "Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. and the Unified Access Policy"

For legacy policy, see Mobile Access Administration Guide for your version > chapter "Getting Started with Mobile Access" > section "Sample Mobile Access Workflow".

Ensuring the Link Appears in the End-User Browser

If an endpoint application is defined by the administrator, but is not available on the endpoint machine, the link to the application does not appear in the Mobile Access Portal.

For example, the link does not appear:

  • An endpoint application that is pre-installed on the endpoint machine (of type "Already Installed") is configured, and the application is not installed on the endpoint machine.

  • A Downloaded-from-Gateway (Embedded) application requires Java, but Java is not installed on the endpoint machine.