VPN-1 Clients Datasheet
Transcript of VPN-1 Clients Datasheet
-
7/30/2019 VPN-1 Clients Datasheet
1/4
puresecurity
VPN-1
SecureClientDial-up
Wireless
SecureClient Mobile
VPN-1
SecureClient
VPN-1
Power Gateway
cp nwk
i
VPN-1
SecureClient
DSL or Cable Modem
Product descriPtion
VPN-1 SecureClient extends theVPN to remote users for safe networkaccess and communication andenables administrators to enforcedesktop policies for additional security.
Product features
n Secure remote connectionsto VPN-1 gateways
n User-friendly interface andeasy deployment
n Support for industry-standardVPN protocols
n Security policy enforcementextends to the desktop
Product benefits
n Enables local and remote usersto securely access resources onthe corporate network
n Provides authentication solutionsthat best meet your needs
n Defends remote PCs and handheld
devices from attacksn Protects against new threats
through SmartDefense Services
VPN-1 SecureClientEnhanced VPN-1 connectivity
YOUR CHALLENGEAs employees become more mobile and organizations continue to deploy
remote access VPNs, security and network managers face key security
challenges. These include providing appropriate levels of access to corporate
resources, protecting remote desktops or other client systems from compro-
mise, and efficiently managing security and policy updates for these diverse
remote access points.
OUR SOLUTIONCheck Point VPN gateways extend the VPN to remote users, enabling them to
communicate securely and access corporate networks. All data is encrypted
before it leaves the remote PC or mobile device, making connections com-
pletely secure. The VPN client transparently encrypts and authenticates
critical data to protect against eavesdropping and malicious data tampering.
VPN-1 SecureClient extends security to the desktop by allowing security
administrators to enforce desktop security policies for remote users. This
functionality is critical in protecting corporate networks from unauthorized
agents gaining access to the network by first gaining access to a remote user
machine. VPN-1 SecureClient is supported by SmartDefense Services, whichmaintain the most current preemptive security for the Check Point security infra-
structure. To help you stay ahead of new threats and attacks, SmartDefense
Services provide real-time updates and configuration advisories for defenses
and security policies.
The NGX platform delivers a unified
security architecture for Check Point.
VPN-1 SecureClient enables state-of-the-art remote access VPNs.
-
7/30/2019 VPN-1 Clients Datasheet
2/4
VPN-1 SecureClient
VPn-1 securecLientCheck Points VPN-1 SecureClient provides the following
features to help you take charge of your resources and
maintain integrity of remote systems.
fLeXibLe connectiVitY oPtionsVPN-1 clients support dynamic and fixed IP addressing fordial-up, cable modem, or digital subscriber line (DSL) con-
nections. This flexibility makes VPN clients the ideal solution
for telecommuters and mobile workers who need to access
their company networks via an Internet service provider (ISP),
wireless hot spot, or hotel Internet access connection.
ey plym
The tight integration of VPN-1 clients with VPN-1 gateway
solutions makes it easy to incorporate secure remote access
as part of an overall security policy. For easy deployment
of remote access VPNs, Check Point VPN technology
features a One-Click format. Remote access VPNs can be
created by simply placing all participating VPN-1 clients andusers into a VPN community, which enables organizations
to define the security parameters for an entire group of
remote users. As new members are added to the community,
they automatically inherit the appropriate properties and can
immediately establish secure remote access connections to
the corporate network.
flxl h
In addition to pre-shared secrets and X.509 digital certificates
natively supported by the IPSec standard, VPN-1 clients
support multiple authentication schemes such as SecurID
tokens, username and password, RADIUS, TACACS, and
other third-party authentication methods, such as biometrics.
This flexibility allows organizations to leverage existing
authentication technologies and infrastructure.
Organizations that want strong authentication without
incurring expensive PKI setup costs can use Check Points
Internal Certificate Authority (ICA), which is tightly integrated
with VPN-1 gateways, to issue X.509 digital certificates
to client users and gateways for secured communication.
Hgh avlly
Check Points VPN load distribution feature is a High-
Availability and load-sharing solution for remote access VPN
connections. Inbound VPN connections can be distributed
across a cluster of VPN-1 gateways. If one gateway fails,
new VPN connections will automatically connect to remaining
cluster members.
adVanced VPn-1 securecLient
VPN-1 SecureClient provides enhanced functionality for
supporting the security of remote clients.
dkp y ply
It protects remote client machines by enforcing desktop
security policies on the remote client. The administrator
can centrally define desktop security policy rules for users or
groups of users, enabling organizations with different types
of remote userssuch as sales or IT staffto tailor client
security policies to varying user needs. These policies not
only protect the data on client machines from unauthorized
access, but also eliminate vulnerability to attacks from fellow
users on shared networks. Unauthorized access attempts
can either be logged and viewed within VPN-1 SecureClient
or sent as alerts to a SmartCenter management server.
s g v
VPN-1 SecureClient strengthens enterprise security by
ensuring client machines cannot be configured to circumvent
the enterprise security policy. Using secure configurationverification (SCV), managers can specify SCV checksa
set of predefined conditions for a securely configured client
system. These checks are performed regularly to ensure
that remote client machines comply with the organizations
security policies.
In addition to these predefined checks, security administra-
tors can define custom checks. For example, an SCV check
can be written to ensure that VPN-1 SecureClient users are
running the most current version of antivirus software.
Mlpl vy m
VPN-1 SecureClient provides various modes to address
a variety of connectivity and routing issues faced byremote users.
Office Mode addresses routing issues between the client
and the gateway by encapsulating IP packets with the
remote users original IP address, thereby enabling users
to appear as if they were in the office while connecting
remotely. Office Mode also provides enhanced anti-
spoofing by ensuring that the IP address encountered by
the gateway is authenticated and assigned to the user.
Visitor Mode enables employees to access resources
while they are working at a remote location such as a
hotel or a customer office, where Internet connectivity
may be limited to Web browsing using the standard
HTTP and HTTPS ports.
Hub Mode enables rigorous, centralized inspection of
all client traffic, removing the need to deploy security
functions to multiple offices, and giving employees secure
client-to-client communications such as Voice over IP
(VoIP) or Internet conferencing using applications like
Microsoft NetMeeting.
-
7/30/2019 VPN-1 Clients Datasheet
3/4
Enhanced VPN-1 connectivity
Continued on page 4
smpl m xp
VPN-1 SecureClient uses a rich, full-featured GUI that simpli-
fies the remote users connectivity experience. Installation
wizards guide the remote user through client installation and
site destination creation. In addition, multiple authentication
credentials can be stored so that users can seamlesslyconnect to sites with different access requirements without
having to reconfigure the settings each time they connect
to a site.
Users can enable Auto Connect mode, which prompts
them with a connection dialog box upon seeing a network
connection. Connection status messages alert users to the
progress of their connection attempts. Status View windows
detail connection status and troubleshooting indicators
such as network activity counters.
Integrated connection and authentication window.
Wizard to assist remote users with site destination creation.
Status View with detailed connection information.
-
7/30/2019 VPN-1 Clients Datasheet
4/4
Wlw Hq3A Jabotinsky Street, 24th FloorRamat Gan 52520, IsraelTel: 972-3-753-4555Fax: 972-3-575-9256Email: [email protected]
u.s. Hq800 Bridge ParkwayRedwood City, CA 94065Tel: 800-429-4391; 650-628-2000Fax: 650-654-4233www.checkpoint.com
20032007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Pointlogo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic ShieldingArchitecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT,INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management,
Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXLTurbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefenseAdvisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL NetworkExtender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarmAnti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarksof Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registeredtrademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected byother U.S. Patents, foreign patents, or pending applications.
February 28, 2007 P/N 502426
cmp vw v x vw
VPN-1 SecureClient can be configured to provide remote
users with an Extended View that has the full feature set.
Alternately, organizations with a single site and gateway
configuration may choose Compact View for maximum
remote ease-of-use. Because Compact View is preconfig-
ured, remote users do not need to perform site or profile
management. Connection and setting dialog boxes havealso been simplified to provide only essential features.
sml w mgm
It includes features to streamline the initial distribution and
ongoing maintenance of client software. These features
dramatically decrease end-user support costs associated
with VPN management and improve overall security by
ensuring that client software installations are always consis-
tent and current. VPN-1 SecureClient supports MSI and is
interoperable with all major software distribution packages.
cmpl m p
Integrity SecureClient combines the market leadingcapabilities of VPN-1 SecureClient and Integrity to deliver
the most advanced remote access connectivity, endpoint
protection, and network access policy enforcement in one
solution. Combining multiple safeguards into a single
package makes it easier to deploy and manage critical
endpoint defenses, from the same unified security platform
as other Check Point products.
s, p m ml v
SecureClient Mobile gives Windows Mobile device users
secure, uninterrupted remote access to resources protected
by Connectra and VPN-1 gateways. Mobile workers can
now roam across networks and change connection status
without losing their session or constantly reentering theircredentials. With an intuitive user interface and minimal
impact on device resources, SecureClient Mobile minimizes
administrative effort and provides central management from
the same platform used to manage PC remote access.
suPPorted PLatforMs
Windows 2000, 2003 Server, XP, XP Tablet PC Edition
Windows Pocket PC 2003/SE, Windows Mobile 5.0 Smartphone
Mac OS 10.3, 10.4.6, and higher (Universal Binary)
Advance Status View window.