Support Center > Search Results > SecureKnowledge Details
');$("#keyWordsInput").autocomplete("widget").appendTo("#ac-holder");$("#sc-select-holder").appendTo(document.body);}}).data( "ui-autocomplete" )._renderItem = function( ul, item) {var re = new RegExp("^" + this.term) ;var t = item.label.replace(re,"" + this.term + "");var classname = "ac_even";if (item.index % 2 == 0)classname = "ac_odd";if (item.label == "")return;return $( "
" ).data( "ui-autocomplete-item", item ).append( "" + t + "" ).appendTo( ul );}; $.ui.autocomplete.prototype._renderMenu = function( ul, items ) {var self = this;$.each( items, function( index, item ) {item.index=index;self._renderItem( ul, item );});$(ul).css("border-color","rgb(227, 227, 227)");$(ul).css("z-index","10");}};var selectedProduct = "";var productId = $('#productId').val();selectedProduct = productId;var productName = productMap[productId];if (productId==null || productId=='' || productName == null || productName=='')return;$('#productSearchField').text('Search within '+productName); $('#customSearch div').click( function(e){$('#customSearch div').each( function(index, Element){ $(Element).removeClass('searchSelected'); });$(this).addClass('searchSelected');if ($(this).attr('id')=='productSearchField')$('#productId').val(selectedProduct);else $('#productId').val("");});$('#customSearch').click(function(e){keepOpen=true;e.stopPropagation();});$(document).click(function(e){keepOpen=false; $("#customSearch").hide(); $("#keyWordsInput").autocomplete("close");});$("#keyWordsInput,.scSearchInputWrap").click(function(e){if ($("#keyWordsInput").autocomplete("widget").css("display")=='none'){$("#customSearch").show();$("#customSearch").position({my: "left top",at: "left bottom",of: $("#keyWordsInput"),offset:"-1",collision: "none"});}$('#keyWordsInput').autocomplete('search'); e.stopPropagation();});});$.ajax({ url: 'autocomplete?init=1', success: function(data) { console.log('init ok'); }});
| Check Point Remote Access Solutions - Gateway-Based Access | Technical Level |
| Solution ID | sk67820 |
Technical Level  | |
| Product | Endpoint Security VPN, SecuRemote, Capsule Workspace, Mobile Access / SSL VPN, Endpoint Security Client |
| Version | R80.30 (EOL), R80.40, R81, R81.10, R81.20, E83.x (EOL), E84.x (EOL), E85.x (EOL), E86.x, E87.x |
| OS | Windows, macOS, iOS, Android |
| Platform / Model | All |
| Date Created | 2013-12-25 00:00:00.0 |
| Last Modified | 2022-12-18 05:27:49.0 |
Solution
This SK covers Check Point's remote access solution that terminate on Quantum Gateways. For cloud-based/ZTNA remote access service, see Harmony Connect – Check Point’s SASE Solution.
Table of Contents
Providing Secure Remote Access
Types of Remote Access Solutions
SSL VPN Portal for published business application
Layer-3 VPN Tunnel
Layer-3 VPN Tunnel integrated with Endpoint Security
Additional Remote Access Solutions
Summary of Remote Access Options
Remote Access VPN Blade and Supported OS
Endpoint Security Server versions and supported Endpoint Security Client versions
Related Solutions
(I) Providing Secure Remote Access
In today's business environment, it is clear that workers require remote access to sensitive information from a variety of locations and a variety of devices. Organizations must also make sure that their corporate network remains safe and that remote access does not become a weak point in their IT security.
This article will:
- Help you decide which remote access client or clients best match your organization's requirements.
- Give you information about Check Point's secure remote access options.
(II) Types of Remote Access Solutions
All of Check Point's Remote Access solutions provide:
- Enterprise-grade, secure connectivity to corporate resources.
- Strong user authentication.
- Granular access control.
Factors to consider when choosing remote access solutions for your organization:
- L3 VPN tunnel vs. Secure Business portal: Do you need a full VPN tunnel to protect the access from any installed application to the business, or do you need a simpler business portal that provides simple and secure access for published business applications?
- Client-Based vs. Clientless: Does the solution require an agent to be installed on the endpoint computer, or is it clientless, for which only a web browser is required?
- Secure Connectivity vs. Endpoint Security: Does the solution provide only secure connectivity, or also additional endpoint security functionalities, when the device is not connected via a VPN tunnel to the business?
(II-1) Types of Remote Access Solutions - SSL VPN Portal for published business application
- Allows simple and secure usage of business resources from any PC, Mac, Smartphones and tablets.
- Access business resources such as web-applications
- Two factor user authentication
- Secure access to published apps via any supported Internet Browser or a dedicated Smartphone/tablet app
- Best fit for unmanaged-devices and "BYOD"
- License required: Check Point Mobile on the Security Gateway. License count per concurrent connected devices.
| Name | Supported OS | Client or Clientless | Encryption Protocol | Latest Version & Relevant Linkfor downloads | Security Verification for Endpoint Devices | Desktop Firewall on Endpoint Devices | IPv6 Support |
Mobile Access Web Portal | Windows Linux macOS X iOS Android | Clientless | SSL | R81.20 | No | Yes | |
SSL Network Extender for Mobile Access Blade | Windows Linux macOS X | On-demand Client through Mobile Access Portal | SSL | R81.20 | Yes | No | |
Capsule Workspace for iOS | iOS | Client | SSL | sk92552 | Yes Jailbreak & Root Detection MDM Cooperative Enforcement | No | Yes |
Capsule Workspace for Android | Android | Client | SSL | sk93775 | Yes Jailbreak & Root Detection MDM Cooperative Enforcement | No | Yes |
Notes:
- Check Point Mobile for iPhone and iPad and Check Point Mobile for Android have been deprecated and replaced by Capsule Workspace.
- Capsule Workspace waspreviously named Mobile Enterprise.
(II-2) Types of Remote Access Solutions - Layer-3 VPN Tunnel
- Secure access to the business from any installed application via a Layer-3 VPN tunnel
- Check Point Mobile for Windows,Check Point VPN Plugin for Windows 8.1 andCheck Point Capsule VPN for Windows 10 do not support "two factor user authentication". (The limitation applies only to E80.64 and earlier in the context ofCheck Point Mobile for Windows.)
- Requires a VPN agent/app installation
- Best fit for both managed or unmanaged-devices
- License required: Check Point Mobile on the Security Gateway. License count per concurrent connected devices.
| Name | Supported Operating Systems | Client or Clientless | Encryption Protocol | Latest Version & Relevant Linkfor downloads | Security Verification for Endpoint Devices | Desktop Firewall on Endpoint Devices | IPv6 Support |
Check Point Mobile for Windows | Windows Endpoint Security | Client | IPsec | Endpoint Security Homepage | Yes | No | No |
Capsule Connect (for iOS) (previously Mobile VPN) | iOS | Client | IPsec / SSL | sk69540 | MDM Cooperative Enforcement | No | No |
Capsule VPN (for Android) (previously Mobile VPN) | Android 4+ Chrome OS (* below for supported devices) | Client | IPsec / SSL | sk84141 | MDM Cooperative Enforcement | No | No |
Check Point VPN Plugin / Check Point Capsule VPN | Windows 8.1 | Preinstalled client | SSL | sk96006 | No | No | No |
| Windows 10 | Download app from Windows store. | sk107536 |
* Chrome OS Systems Supporting Android Apps
(II-3) Types of Remote Access Solutions - Layer-3 VPN Tunnel integrated with Endpoint Security
- A full Layer-3 VPN tunnel integrated with enterprise grade endpoint security software blades.
- Two factor user authentication.
- Additional Endpoint Security functionalities, from Desktop Firewall to full Endpoint Security software blades, such as Disk Encryption, Media Encryption, Anti Malware, and more.
- Requires a VPN agent/app installation.
- Best fit for managed devices.
- The Endpoint Security VPN for Windows ATM msi is appropriate for ATM solutions.
- License required: Endpoint Security Container on Endpoint Security Management Server and Endpoint Security VPN on Network Management Server. License count per installed devices.
| Name | Supported Operating Systems | Client or Clientless | Encryption Protocol | Security Verification for Endpoint Devices | Desktop Firewall on Endpoint Devices | IPv6 Support |
Endpoint Security VPN for Windows | Windows Endpoint Security | Client | IPsec | Yes | Yes | No |
Endpoint Security VPN for Mac | macOS X | Client | IPsec | No | Yes | No |
Endpoint Security Suite Remote Access VPN Blade | Windows | Client | IPsec | Yes | Yes | No |
Endpoint Security Suite Remote Access VPN Blade | macOS X | Client | IPsec | No | Yes | No |
(II-4) Types of Remote Access Solutions - Additional Remote Access Solutions
- SecuRemote is a secure, but limited-function IPsec VPN client.
- Two factor user authentication
| Name | Supported Operating Systems | Client or Clientless | Encryption Protocol | Latest Version & Relevant Linkfor downloads | Security Verification for Endpoint Devices | Desktop Firewall on Endpoint Devices | IPv6 Support |
SecuRemote | Windows Endpoint Security | Client | IPsec | E84.40 (sk171419) | No | No | No |
(III) Summary of Remote Access Options
Below is a summary of each Remote Access option that Check Point offers. All supply secure remote access to corporate resources, but each has different features and meets different organizational requirements.
Important: Remote Access clients communicate with the Security Gateway through a single VPN tunnel. The VPN tunnel is not bound to a specific logged in user, and its remote access capabilities will be the same for any user/application on the client host. Multiple users on the same host are not supported, and thus Check Point does not support/recommend allowing VPN tunnels on multi-user machines such as Terminal Services.
Note: Refer to "Support Life Cycle Policy".
| Remote Access Option | Topic | Description |
| Harmony Endpoint (former Endpoint Security Suite) | Introduction | The Endpoint Security Suite simplifies Endpoint Security Management by unifying all endpoint security capabilities in a single console and a single client. Endpoint Security Software Blades include: Desktop Firewall and Security Verification, Full Disk Encryption, Media Encryption and Port Protection, Anti-Malware and Program Control, WebCheck browser virtualization and Remote Access VPN. Starting from Endpoint Security E80.41, Remote Access VPN Clients are part of the Endpoint Security offering, providing the next release of E75.30, including all flavors. |
| Required Licenses | Management: Endpoint Policy Management Software Blade. Client: Endpoint Security Container and Endpoint Security Software Blades - for any protected endpoint. | |
| Supported Platforms | Windows, macOS X | |
| Where to get the Client | Check Point Support Center | |
| Endpoint Security VPN | Introduction | Endpoint Security VPN is an IPsec VPN client that replaces SecureClient. It is best for medium to large enterprises. It provides:
Note: Endpoint Security VPN for macOS X includes a Desktop Firewall, but not Security Verification. |
| Required Licenses | The IPsec VPN Software Blade on the Security Gateway, an Endpoint Container license, and an Endpoint VPN Software Blade license on the Security Management Server. | |
| Supported Platforms | Windows, macOS X | |
| Where to get the Client | Check Point Support Center | |
| Check Point Mobile for Windows | Introduction | Check Point Mobile for Windows is an IPsec VPN client. It is best for medium to large enterprises that do not require an Endpoint Security policy. It provides:
|
| Required Licenses | IPsec VPN and Mobile Access Software Blades on the Security Gateway. | |
| Supported Platforms | Windows | |
| Where to get the Client | Check Point Support Center | |
| SecuRemote | Introduction | SecuRemote is a secure, but limited-function IPsec VPN client. It provides secure connectivity. |
| Required Licenses | IPsec VPN Software Blade on the Security Gateway. It is a free client and does not require additional licenses. | |
| Supported Platforms | Windows | |
| Where to get the Client | Check Point Support Center | |
| Mobile Access Web Portal | Introduction | The Mobile Access Portal is a clientless SSL VPN solution. It is recommended for users who require access to corporate resources from home, an internet kiosk, or another unmanaged computer. The Mobile Access Portal can also be used with managed devices. It provides:
The Mobile Access Portal supplies access to web-based corporate resources. You can use the on-demand client, SSL Network Extender (SNX), via the Portal to access all types of corporate resources. |
| Required Licenses | Mobile Access Software Blade on the Security Gateway. Note:For VSX, you need only one MAB license per node, which will be replicated to all VSs. For example, if you have 10 VSs and one MAB license for 50 concurrent users then you will have 50 concurrent users per VS. | |
| Supported Platforms | Windows, macOS X, Linux, iOS and Android | |
| Where to get the Client | Included with the Security Gateway | |
| SSL Network Extender (SNX) | Introduction | SSL Network Extender (SNX) is a thin SSL VPN on-demand client installed automatically on the user's machine via a web browser. It supplies access to all types of corporate resources. SSL Network Extender (SNX) has two modes:
|
| Required Licenses | Mobile Access Software Blade and IPSec VPN Blade on the Security Gateway | |
| Supported Platforms |
| |
| Where to get the Client | Included with the Security Gateway | |
| Check Point Capsule VPN for Windows | Introduction | Check Point VPN Plugin for Windows 8.1 is an L3 VPN client. It supplies secure connectivity and access to corporate resources using L3 SSL VPN Tunnel. Check Point Capsule VPN on Windows 10 uses SSL. |
| Required Licenses | Mobile Access Software Blade on the Security Gateway | |
| Supported Platforms | Windows 8.1, Windows 10 | |
| Where to get the Client | Windows 8.1 - Preinstalled Windows 10 - download an app from Windows store | |
| Capsule Workspace (former Check Point Mobile for iPhone and iPad) | Introduction | Check Point Mobile for iPhone and iPad is an SSL VPN client. It supplies secure connectivity and access to web-based corporate resources and Exchange ActiveSync. Check Point Mobile for iPhone and iPad is ideal for mobile workers who have iPhone or iPad devices. |
| Required Licenses | Mobile Access Software Blade on the Security Gateway | |
| Supported Platforms | iOS | |
| Where to get the Client | Apple App Store | |
| Capsule Workspace for iOS | Introduction | Capsule Workspace for iOS is an SSL VPN client. It supplies secure connectivity and access to web-based corporate resources and Microsoft Exchange services. It also gives secure access to Capsule Docs protected documents. Capsule Workspace is ideal for mobile workers who have privately-owned smart phones or tablets. It protects only the business data inside the App and does not require device-level security measures, such as device-lock or device-wipe. |
| Required Licenses | Capsule license on the Security Management | |
| Supported Platforms | iOS | |
| Where to get the Client | Apple App Store | |
| Capsule Workspace for Android | Introduction | Capsule Workspace for Android is an SSL VPN client. It supplies secure connectivity and access to web-based corporate resources and Microsoft Exchange services. It also gives secure access to Capsule Docs protected documents. It was previously called Mobile Enterprise. Capsule Workspace for Android is ideal for mobile workers who have privately-owned smart phones or tablets. It protects only the business data inside the App and does not require device-level security measures, such as device-lock or device-wipe. |
| Required Licenses | Capsule license on the Security Management | |
| Supported Platforms | Android | |
| Where to get the Client | Google Play Store | |
| Capsule Connect for iOS (former Mobile VPN) | Introduction | Capsule Connect is a full L3 tunnel App that gives users network access to all mobile applications. It supplies secure connectivity and access to all types of corporate resources. |
| Required Licenses | Mobile Access Software Blade on the Security Gateway | |
| Supported Platforms | iOS 6.0 + | |
| Where to get the Client | Apple App Store | |
Check Point Mobile for Android (Check Point Mobile is deprecated and replaced by Capsule Workspace) | Introduction | Check Point Mobile for Android is an SSL VPN client. It supplies secure connectivity and access to web-based corporate resources and Exchange ActiveSync. Check Point Mobile for Android is ideal for mobile workers who have Android devices. |
| Required Licenses | Mobile Access Software Blade on the Security Gateway | |
| Supported Platforms | Android | |
| Where to get the Client | Google Play Store | |
| Capsule VPN for Android (former Mobile VPN) | Introduction | Capsule VPN for Android devices is an L3 VPN client. It supplies secure connectivity and access to corporate resources using L3 IPSec/SSL VPN Tunnel. |
| Required Licenses | Mobile Access Software Blade on the Security Gateway | |
| Supported Platforms | Android 4 + (ICS+) | |
| Where to get the Client | Google Play Store |
Which license is required to allow L2TP VPN tunnels
- Question: In order to allow L2TP VPN tunnels, if the customer already has the Endpoint VPN Remote Access Blade - is this enough, or is there a Mobile Access Blade license required? Meaning, for L2TP, do we need a Endpoint VPN Client license or a Mobile Access License?
- Answer: In order to allow L2TP VPN tunnels, you would just need the IPSec VPN license on the Security Gateway. There is no need for the Mobile Access License.
Check Point products support for Windows 7, 8 and 10:
- For information about Check Point products support for Windows 7, see:
- sk43446 - Check Point products support for Windows 7
- For information about Check Point products support for Windows 8, see:
- sk87980 - Windows 8 support by Check Point
- For information about Check Point products support for Windows 10, see:
- sk108375 - Check Point Capsule Docs, Endpoint Security and Remote Access VPN E80.62 / R77.30.01
- sk107132 - Check Point Mobile Access support for Windows 10
- sk107036 - Windows 10 Support Plan for Check Point Products
(IV) Remote Access VPN Blade and Supported OS
Notes:
- Refer to "Support Life Cycle Policy".
- Remote Access VPN Blade does not support Windows Server OS.
| Remote Access VPN Blade and Supported OS | ||
| Client Version and Flavor | Client OS | Client OS Version and Flavor |
| Starting from E80.71 - monthly releases | Windows | sk117536 - Endpoint Security Homepage |
| MacOS X | ||
| Check Point Mobile for iPhone and iPad | iOS | iOS 6.0 + See AppStore |
| Capsule Workspace | iOS | iOS 10.0 + See AppStore |
| Android | Android 4.0 + See Google Play | |
| Check Point Mobile VPN for iOS | iOS | iOS 6+ See AppStore |
| Check Point Mobile for Android | Android | Android 4.0 + See Google Play |
| Check Point Mobile VPN for Android | Android | Android 4.0 + (Android ICS+) See Google Play |
| Check Point VPN Plugin for Windows 8.1 | Windows 8.1 | Preinstalled with Windows 8.1. |
(V) Endpoint Security Server versions and supported Endpoint Security Client versions
Refer to sk107255 - Endpoint Security Server versions and supported Endpoint Security Client versions.
- sk107255 - Endpoint Security Server versions and supported Endpoint Security Client versions
- sk65210 - SSL Network Extender
- sk65314 - Check Point Mobile for Android devices
- sk84141 - Check Point Mobile VPN for Android devices
- sk69540 - Check Point Mobile VPN application - Layer-3 VPN for Apple iPhone and iPad
- sk86884 - Check Point Clients' support on Windows 8
- sk87460 - Endpoint Security Client On Demand - ESOD - Windows 8 support
- sk87980 - Windows 8 support by Check Point
- sk96006 - Check Point VPN client is now part of Windows 8.1 - including Windows RT 8.1
| Give us Feedback | |