Unified Gateway with Central Management Secure Web-Based Connectivity Connectra is a Secure Remote Access Gateway that enables remote users to access corporate resources. It provides both Web-based and network-level access through the SSL encryption delivered in most Internet browsers. Through an integrated Connectra Web portal, users can access Web applications, Web-based resources, shared files, and email. For extra flexibility, administrators can customize the design of the Connectra Web portal, including support for multiple languages.
For non-Web, client/server applications, Connectra provides secure network-level access over the Web with SSL Network Extender™. Included with Connectra, SSL Network Extender is a browser plug-in that tunnels traffic from endpoint applications over SSL. It supports any IP-based application, including ICMP, TCP, and UDP, without requiring complex configuration to support each application. SSL Network Extender can even work on remote PCs without requiring administrator privileges.
Integrated Intrusion Prevention Integrated intrusion prevention provided by Connectra for SSL VPN access ensures the integrity of internal applications. Integrated Stateful Inspection, Web Intelligence™, and Application Intelligence™ technologies offer protection against malicious activities and attacks over SSL VPN. For example, Connectra can prevent users from accessing confidential data using directory traversal or SQL injection attacks—a particular concern in extranet environments. Connectra can ensure that worms cannot spread through SSL VPN when a remote user is tunneling native applications. In addition, Connectra comes with a one-year SmartDefense™ Services subscription to ensure that integrated application protections are up to date.
Comprehensive Endpoint Security With the integration of Check Point Endpoint Security On Demand™, Connectra secures network resources from remote PCs—regardless if they are used and/or owned by employees or partners, customers, or other network guests. It enforces network security policy for SSL VPN connections, ensures session confidentiality, and keeps the organization secure.
- Scans for spyware to ensure that malicious processes, keystroke loggers, and Trojan horses are not installed on remote endpoints, Connectra scans for these and other spyware through remote users’ browsers. By disabling spyware and enforcing baseline security requirements before it grants SSL VPN access, Connectra stops identity and password theft and prevents data loss.
- Ensures information confidentiality to enable secure access even in unmanaged environments like airport Internet kiosk PCs, Connectra provides Secure Workspace, an option that provides a totally secure environment and which encrypts all session files such as attachments, cookies, emails, and passwords on the remote endpoint. This prevents sensitive corporate information from being viewed or stolen even after a session ends and the user leaves the PC.
- Connectra can enforce access policies requiring antivirus software and/or firewall installation before granting users access. Out-of-compliance users are offered links to self-remediation resources. Once in compliance, they are allowed to log in.
- Restrict access to individual resources based on the trust level of the endpoint and user. For example, one set of resources may be defined with a “high” sensitivity level and access allowed only if a remote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running. Similarly, another set of resources can be accessed only when someone is using the Secure Workspace.
Protect Against New Threats Connectra is supported by SmartDefense Services, which maintain the most current preemptive security for the Check Point security infrastructure. To help you stay ahead of new threats and attacks, SmartDefense Services provide real-time updates and configuration advisories for defenses and security policies. These ensure that Connectra endpoint security and intrusion prevention capabilities have the latest protections available.
Powerful Centralized Management Connectra can be managed centrally with Check Point SmartCenter™ or standalone through a user-friendly interface. Centralized management offers unmatched leverage and control of security policies, and enables organizations to use a single repository for user and group definitions, network objects, access rights, and security policies across their entire security and remote access infrastructure. Unified access policies will be enforced automatically throughout their distributed environment, empowering them to securely provision access from anywhere.
Best End User Experience Endpoint Connect VPN Client Check Point Endpoint Connect™ is a new, lightweight IPSec VPN client for use with Connectra gateways. Designed for reliable connectivity with maximum usability, Endpoint connect delivers seamless and secure remote access to corporate network resources and is now included with every Connectra license.
Traditional VPN clients can frustrate mobile users and prevent them from accomplishing critical tasks. Endpoint Connect is built with today’s corporate professionals in mind. Traditional IPSec clients are too cumbersome, requiring reconnection and re-authentication with every move. Users must re-login in to the VPN every time their laptop wakes up, and also when they switch networks—from the corporate LAN to Wi-Fi to GPRS. Please see the Endpoint Connect product page for more information.
DynamicID™ Direct SMS Authentication Connectra can now be configured to send a one-time password (OTP) to an end-user communication device (such as a mobile phone) via an SMS message. SMS two-factor authentication provides an extra level of security while eliminating the difficulties associated with managing hardware tokens. Please see the DynamicID product page for more information.
Most Deployment Options Connectra is available as a turnkey appliance, as software for installation on open servers or as virtual appliance.
- Connectra appliances feature Connectra Software that has been preinstalled on dedicated Check Point or OPSEC™ certified appliances
- Connectra Software can also be installed on open servers and includes SecurePlatform™, a security hardened operating system from Check Point
- Connectra Software can be deployed as a virtual appliance and is certified on VMware ESX Server
Connectra can be deployed in a network DMZ or on a trusted LAN and is easy to install and simple to manage. It supports several authentication options including LDAP, RADIUS, SecurID/ACE, or an internal database.
Technical Features
- Flexible, Secure Remote Access
- Unmached Mobility
- Comprehencive Endpoint Security
- Integrated Intrusion Prevention
- High Performance
- Advanced Scalability
Flexible, Secure Remote Access Secure clientless SSL VPN connectivity for browser-based remote access to an extensive range of enterprise applications, as well as client-based mobile IPSec connectivity for corporate users “On the Go”
Browser-based remote access
- Internet Explorer, Mozilla and Safari browser support
- Windows, Windows Mobile, Mac, iPhone and Linux platform support
- SharePoint, SAP Portal and other Web applications
- Outlook Web Access, Lotus iNotes and other mail applications
- Built-in web front-end for Native POP3/IMAP servers
- Windows (SMB/CIFS) file servers for file sharing
Java-based browser plug-ins for on-demand application delivery
- Windows, Mac and Linux platforms
- FTP, Jabber IM, RDP, SSH, Telnet, terminal emulation
- TN3270, TN5250 extensible
Browser plug-ins for on-demand connectivity
- Windows, Mac and Linux platform support
- SSL Network Extender - included with Connectra
- Application mode: TCP based applications, including Citrix, MS RDP, Outlook, FTP clients etc.
- Network mode: All IP-based applications
Unmatched Mobility Roaming provides uninterrupted LAN-like IPSec access from laptops and Smartphones
- Endpoint Connect - VPN client for laptops and PCs
- SSL / IPSec client for Windows 2000, XP and Vista platforms
- Two-factor authentication with PKI, SecureID and SoftID
- Office Mode support
- Integrated endpoint compliance and malware scanner
- Dynamic transport (IPSec or SSL)
- Roaming, location awareness and Intelligent Auto-connect
- Supports IP-based applications
SecureClient Mobile - VPN client for Smartphones and PDAs
- Pocket PC 2003, Windows Mobile 5.x and 6.x platform support
- Two-factor authentication with PKI, SecureID, SoftID
- SSL-based VPN tunnel with personal firewall and roaming support
- Office Mode support
- Bluetooth, WAP and other peripheral control
- On-demand tunnel integration with Outlook Mobile to conserve power
- Supports IP-based applications
Comprehensive Endpoint Security Endpoint Security On Demand - optional endpoint compliance and malware scanner
- Ensures that connecting endpoints are compliant with corporate policy
- Detects keyloggers, trojans and other malware
- Out-of-compliance users are offered links to self-remediation resources
Secure Workspace – ensures VPN session confidentiality when using public computers
- Creates a secure virtual environment, insulated from the host
- Encrypts and deletes browser and application caches, files etc. when session ends
Integrated Intrusion Prevention Web Intelligence
- Provides protection against malicious code transferred in Web-related applications
- Blocks worms, various attacks such as buffer overflows, SQL and command injections, cross-site scripting, customizable HTTP worm catcher, directory traversal, header rejection, malicious HTTP code
Application Intelligence
- Extends further protection for non-web traffic transferred over VPN tunnels created by SNX, Endpoint Connect, and SecureClient Mobile
- Protections included for FTP, Mail and other IP protocols
High Performance ClusterXL (included with Connectra) offers full cluster capability for stateful high availability and load sharing
Advanced Scalability Connectra can scale to over 10,000 concurrent users on the Connectra 9072 appliance, as well as other high-end, single blade servers
Key Benefits
Unified Gateway with Central Management
- Consolidate SSL VPN and IPSec VPN connectivity in a best-of-breed unified secure remote access gateway
- Integrated intrusion prevention and comprehensive endpoint security block viruses, malware and malicious attacks
- Centralized management unifies policy deployment, client administration and event reporting
- Defend against the latest threats with automatic, real-time security updates with SmartDefense™ Services
Best End User Experience
- Ensure session security when connecting from public computers or Internet kiosks with Secure Workspace
- Uninterrupted connectivity even when roaming between wireless networks
- Automatic endpoint scanning prior to user authentication for additional level of security
- First and only vendor to provide direct SMS authentication eliminating need for Smartcards and tokens
Most Deployment Options
- Appliance - A full range of Connectra appliances are available to align with any enterprise remote access requirements for optimum price/performance
- Software - Connectra software can be installed on a wide variety of open server platforms certified by Check Point to run SecurePlatform™
- Virtual Appliance - Connectra is certified on VMware ESX Server as a virtual appliance, reducing operating costs for MSPs, ISPs and telcos
|