Endpoint Native Applications
A native application is any IP-based application that is hosted on servers within the organization, and requires an installed client on the endpoint. The client is used to access the application and encrypt all traffic between the endpoint and Mobile Access
Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB..
SSL Network Extender automatically works with Mobile Access to support native applications.
Microsoft Exchange, Telnet, and FTP, are all examples of native application servers. Authorized users can use their native clients (for example, telnet.exe, ftp.exe, or Outlook) to access these internal applications from outside the organization.
A native application is defined by the:
-
Server hosting applications.
-
Services used by applications.
-
Connection direction (usually client to server, but can also be server to client, or client to client).
-
Applications on the endpoint (client) machines.
These applications are launched on demand on the user machine when the user clicks a link in the user portal.
They can be one of these:
-
Already installed on the endpoint machine
-
Run via a default browser
-
Downloaded-from-Mobile Access
-
When defining a Native Application, you can define applications on endpoint machines. These applications launch on the endpoint machine when the user clicks a link in the Mobile Access Portal. You do not have to configure endpoint applications for users using SSL Network Extender in Network Mode, as they will be able to access them using their native clients.
Application Installed on Endpoint Machine
These endpoint applications are already installed on the endpoint machines.
Application Runs Via a Default Browser
Run via default browser is used to define a link to any URL. The link appears in the Mobile Access Portal, and launches the current Web browser (the same browser as the Mobile Access Portal). The link can include $$user, which represents the user name of the currently logged-in user.
This option has a user experience similar to a Web Application with a URL: The application is opened in a Web browser. However, Mobile Access Web applications perform Link Translation on the URL and encrypt the connection over SSL, while the "Run via default browser" option with SSL Network Extender does not perform link translation, and encrypts using SSL Network Extender. You may prefer to define a Native Application rather than a Web Application for convenience, or because some websites have problems working with Link Translation.
Applications Downloaded-from-Gateway
Downloaded-from-Gateway applications let you select applications that download from Mobile Access to the endpoint computer when the user clicks a link in the Mobile Access Portal. The list of available applications depends on the version of the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..
These applications allow end users to securely use client-server applications, without requiring a native client to be installed on their machines.
Mobile Access has built-in applications that the administrator can configure. Downloaded-from-Gateway applications are either Java-based applications or single-executable applications (including batch files). All the applications that are available by default, other than the Terminal (PuTTY) client, are Java based applications, and are therefore multi-platform applications. The PuTTY client can only be used on Windows machines.
You can add Native Applications for Client-Based Access, in addition to the built-in applications.
The Downloaded-from-Gateway applications are third-party applications, which are supplied as-is, and for which Check Point provides limited support.
Some of these packages are not signed by Check Point, and when they are downloaded by end- users a popup warning informs the user that the package is not signed.
Downloaded-from-Gateway Applications
|
Application |
Description |
|---|---|
|
|
Downloaded-from-Gateway Client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services. Communicates using Remote Desktop Protocol (RDP) in order to present the user's NT desktop. Unlike Citrix ICA |
|
|
An implementation of Telnet and SSH for Win32 platforms, including an Xterm terminal emulator. |
|
|
Downloaded-from-Gateway Jabber Client is an instant messenger based on the Jabber protocol. Runs on every computer with at least Java 1.4. |
|
|
Graphical Java network and file transfer client. Supports FTP using its own FTP API and various other protocols like SMB, SFTP, NFS, HTTP, and file I/O using third party APIs, includes many advanced features such as recursive directory up/download, browsing FTP servers while transferring files, FTP resuming and queuing, browsing the LAN for Windows shares, and more. |
|
|
Telnet terminal. Provides user oriented command line login sessions between hosts on the Internet. |
|
|
Secure Shell (SSH) is designed for logging into and executing commands on a networked computer. It provides secure encrypted communications between two hosts over an insecure network. An SSH server, by default, listens on the standard TCP port 22. |
|
|
IBM 3270 terminal emulator tailored to writing screen-scraping applications. TN3270 is the remote-login protocol used by software that emulates the IBM 3270 model of mainframe computer terminal. |
|
|
IBM 5250 terminal emulator that interprets and displays 5250 data streams. |
|
|
Notes:
|
Configuring Authorized Locations per User Group
The authorized locations (hosts or address ranges) of a Native application are defined in the Authorized Locations page of the Native Application. However, it is also possible to configure authorized locations per user group. Users who belong to two or more groups can access the union of the authorized locations of the groups.
For configuration details, see sk32111.