Configuring SSL Network Extender Advanced Options
To configure SSL Network Extender advanced options:
-
In SmartConsole
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security Policies > Shared Policies > Mobile Access and click Open Mobile Access Policy in SmartDashboard.SmartDashboard
Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the Mobile Access tab. -
From the navigation tree click Additional Settings > VPN Clients.
-
From the Advanced Settings for SSL Network Extender section, click Edit.
-
Configure the applicable options.
-
Click OK.
-
Click Save.
-
Close SmartDashboard.
-
In SmartConsole, install the Access Control policy.
Deployment Options
-
Client upgrade upon connection
Specifies how to deploy a new version of the SSL Network Extender Network Mode client on endpoint machines, when it becomes available.
Note - Upgrading requires Administrator privileges on the endpoint machine.
-
Client uninstall upon disconnection
Specifies how to handle the installed SSL Network Extender Network Mode client on the endpoint machine when the client disconnects.
-
Do not uninstall - Allows the user to manually uninstall if they wish to.
-
Ask User - Allows the user to choose whether or not to uninstall.
-
Always uninstall - Does so automatically, when the user disconnects.
-
Encryption
-
Supported Encryption methods
Configures the strength of the encryption used for communication between SSL Network Extender clients and all Mobile Access
Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Security Gateways and Clusters that are managed by the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..-
AES, 3DES
This is the default setting. The 3DES encryption algorithm encrypts data three times, for an overall key length of 192 bits.
-
AES, 3DES or RC4
Configures the SSL Network Extender client to support the RC4 encryption method, as well as AES and 3DES. RC4 is a variable key-size stream cipher. The algorithm is based on the use of a random permutation. It requires a secure exchange of a shared key that is outside the specification. RC4 is a faster encryption method than 3DES.
-
Launch SSL Network Extender Client
These settings define the behavior of the SSL Network Extender clients when launched on the endpoint machines.
-
On demand, when user clicks 'Connect" on the portal
SSL Network Extender only opens when the user clicks "Connect" from the Mobile Access Portal.
-
Automatically, when user logs on
When users log in to the Mobile Access Portal, SSL Network Extender launches automatically.
-
Automatically minimize client window after client connects
For either of the options above, choose to minimize the SSL Network Extender window to the system tray on the taskbar after connecting. This provides better usability for non-technical users.