Remote Access with Encrypted SSL VPN Technology
The Check Point Mobile Access Software Blade uses SSL VPNtechnologt to secure encrypted communication from unmanaged smartphones, tablets, PCs and laptops to your corporate IT infrastructure. Both web-based and network-level SSL-encrypted access can be delivered through most Internet browsers.
The Mobile Access Software Blade offers multiple end-user connection options, including:
- Check Point Mobile app (VPN client)
- SSL VPN portal through a browser
- SSL Network Extender (SNX) with light-weight, dissolvable client
The Mobile Access Software Blade offers:
- Secure SSL VPN access
- Two-factor authentication
- Device/end-user paring
- Mobile business portal
- Provisioning of security features and email profile
- Works cooperatively with additional gateway Software Blades, including the Check Point Intrusion Prevention System (IPS), Antivirus and Anti-malware and Firewall Software Blades.
SSL VPN Corporate Applications
SSL VPN provides the remote user with access to the various corporate applications, including, Web applications, file shares, Citrix services, Web mail, and native applications.
A Web application can be defined as a set of URLs that are used in the same context and that is accessed via a Web browser, for example inventory management, a Wiki or human resources management system.
A file share defines a collection of files, made available across the network by means of a protocol, such as SMB for Windows, that enables actions on files, such as opening, reading, writing and deleting files across the network.
SSL VPN supports Citrix client connectivity to internal XenApp servers.
SSL VPN supports Web mail services, including:
Built-in Web mail: Web mail services give users access to corporate mail servers via the browser. SSL VPN provides a front-end for any email server that supports the IMAP and SMTP protocols.
Other Web-based mail services, such as Outlook Web Access (OWA) and IBM Lotus Domino Web Access (iNotes). SSL VPN relays the session between the client and the OWA server.
SSL VPN allows mobile and remote workers to connect easily and securely to critical resources while protecting enterprise networks and endpoints from external threats.
Check Point Mobile Client
As one of the multiple end-user connection options, the Check Point Mobile client is best for simple and secure connectivity to corporate resources from smartphones and PCs and provides:
- One-touch access to your business web applications
- Secure sync of your e-mail, calendar and contacts
- Always-on security
- Easy setup with downloadable app
- Secure business portal customized for each user ensuring access to only authorized corporate resources
- Single sign-on to reduce login errors into corporate web applications
SSL VPN Portal
As one of the multiple end-user connection options, the SSL VPN portal is best for connecting securely to corporate resources through a portal from a web browser.
Secure Web-based Connectivity
Through an integrated Web portal, users can access web applications, web-based resources, shared files, and email. Administrators can customize the design of the web portal, including support for multiple languages.
Endpoint Security On Demand - optional endpoint compliance and malware scanner
- Ensures that connecting endpoints are compliant with corporate policy
- Out-of-compliance users are offered links to self-remediation resources
Check Point Secure Workspace
End-users can utilize the Check Point virtual desktop that enables data protection during user sessions and enables cache wiping after the sessions have ended. Secure Workspace protects all session-specific data accumulated on the client side, and:
- Creates a secure virtual environment, insulated from the host
- Encrypts and deletes browser and application caches, files, etc., when session ends
DynamicID Direct SMS Authentication
The Mobile Access Software Blade can be configured to send a One-Time Password (OTP) to an end-user communication device (such as a mobile phone) via an SMS message. SMS two-factor authentication provides an extra level of security while eliminating the difficulties associated with managing hardware tokens.
Integrated Intrusion Prevention
- Provides protection against malicious code transferred in Web-related applications
- Blocks worms, various attacks such as buffer overflows, SQL and command injections, cross-site scripting, customizable HTTP worm catcher, directory traversal, header rejection, malicious HTTP code
SSL Network Extender (On-demand client - SNX)
The SSL Network Extender (SNX) is used for remote users who need access to network (non-Web-based) applications. The SSL Network Extender offers a browser plug-in that provides remote access, while delivering full network connectivity for IP-based applications. It enables an on-demand SSL VPN Layer-3 tunnel to connect to your corporate resources. It supports any IP-based application, including ICMP, TCP and UDP, without requiring complex configuration to support each application. SSL Network Extender works on remote PCs without requiring administrator privileges.
SSL Network Extender is downloaded automatically from the SSL VPN portal to the endpoint machines, so that VPN client software does not have to be pre-installed and configured on users' PCs and laptops. SSL Network Extender tunnels application traffic using a secure, encrypted and authenticated SSL tunnel to the SSL VPN gateway.
Integrated into Check Point Software Blade Architecture
The Mobile Access Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways (Check Point appliances including UTM-1, Power-1, IP Appliances and IAS Appliances, or open server platforms) saving time and reducing costs by leveraging existing security infrastructure.