7/30/2019 VPN-1 Clients Datasheet

1/4

puresecurity

VPN-1

SecureClientDial-up

Wireless

SecureClient Mobile

VPN-1

SecureClient

VPN-1

Power Gateway

cp nwk

i

VPN-1

SecureClient

DSL or Cable Modem

Product descriPtion

VPN-1 SecureClient extends theVPN to remote users for safe networkaccess and communication andenables administrators to enforcedesktop policies for additional security.

Product features

n Secure remote connectionsto VPN-1 gateways

n User-friendly interface andeasy deployment

n Support for industry-standardVPN protocols

n Security policy enforcementextends to the desktop

Product benefits

n Enables local and remote usersto securely access resources onthe corporate network

n Provides authentication solutionsthat best meet your needs

n Defends remote PCs and handheld

devices from attacksn Protects against new threats

through SmartDefense Services

VPN-1 SecureClientEnhanced VPN-1 connectivity

YOUR CHALLENGEAs employees become more mobile and organizations continue to deploy

remote access VPNs, security and network managers face key security

challenges. These include providing appropriate levels of access to corporate

resources, protecting remote desktops or other client systems from compro-

mise, and efficiently managing security and policy updates for these diverse

remote access points.

OUR SOLUTIONCheck Point VPN gateways extend the VPN to remote users, enabling them to

communicate securely and access corporate networks. All data is encrypted

before it leaves the remote PC or mobile device, making connections com-

pletely secure. The VPN client transparently encrypts and authenticates

critical data to protect against eavesdropping and malicious data tampering.

VPN-1 SecureClient extends security to the desktop by allowing security

administrators to enforce desktop security policies for remote users. This

functionality is critical in protecting corporate networks from unauthorized

agents gaining access to the network by first gaining access to a remote user

machine. VPN-1 SecureClient is supported by SmartDefense Services, whichmaintain the most current preemptive security for the Check Point security infra-

structure. To help you stay ahead of new threats and attacks, SmartDefense

Services provide real-time updates and configuration advisories for defenses

and security policies.

The NGX platform delivers a unified

security architecture for Check Point.

VPN-1 SecureClient enables state-of-the-art remote access VPNs.

7/30/2019 VPN-1 Clients Datasheet

2/4

VPN-1 SecureClient

VPn-1 securecLientCheck Points VPN-1 SecureClient provides the following

features to help you take charge of your resources and

maintain integrity of remote systems.

fLeXibLe connectiVitY oPtionsVPN-1 clients support dynamic and fixed IP addressing fordial-up, cable modem, or digital subscriber line (DSL) con-

nections. This flexibility makes VPN clients the ideal solution

for telecommuters and mobile workers who need to access

their company networks via an Internet service provider (ISP),

wireless hot spot, or hotel Internet access connection.

ey plym

The tight integration of VPN-1 clients with VPN-1 gateway

solutions makes it easy to incorporate secure remote access

as part of an overall security policy. For easy deployment

of remote access VPNs, Check Point VPN technology

features a One-Click format. Remote access VPNs can be

created by simply placing all participating VPN-1 clients andusers into a VPN community, which enables organizations

to define the security parameters for an entire group of

remote users. As new members are added to the community,

they automatically inherit the appropriate properties and can

immediately establish secure remote access connections to

the corporate network.

flxl h

In addition to pre-shared secrets and X.509 digital certificates

natively supported by the IPSec standard, VPN-1 clients

support multiple authentication schemes such as SecurID

tokens, username and password, RADIUS, TACACS, and

other third-party authentication methods, such as biometrics.

This flexibility allows organizations to leverage existing

authentication technologies and infrastructure.

Organizations that want strong authentication without

incurring expensive PKI setup costs can use Check Points

Internal Certificate Authority (ICA), which is tightly integrated

with VPN-1 gateways, to issue X.509 digital certificates

to client users and gateways for secured communication.

Hgh avlly

Check Points VPN load distribution feature is a High-

Availability and load-sharing solution for remote access VPN

connections. Inbound VPN connections can be distributed

across a cluster of VPN-1 gateways. If one gateway fails,

new VPN connections will automatically connect to remaining

cluster members.

adVanced VPn-1 securecLient

VPN-1 SecureClient provides enhanced functionality for

supporting the security of remote clients.

dkp y ply

It protects remote client machines by enforcing desktop

security policies on the remote client. The administrator

can centrally define desktop security policy rules for users or

groups of users, enabling organizations with different types

of remote userssuch as sales or IT staffto tailor client

security policies to varying user needs. These policies not

only protect the data on client machines from unauthorized

access, but also eliminate vulnerability to attacks from fellow

users on shared networks. Unauthorized access attempts

can either be logged and viewed within VPN-1 SecureClient

or sent as alerts to a SmartCenter management server.

s g v

VPN-1 SecureClient strengthens enterprise security by

ensuring client machines cannot be configured to circumvent

the enterprise security policy. Using secure configurationverification (SCV), managers can specify SCV checksa

set of predefined conditions for a securely configured client

system. These checks are performed regularly to ensure

that remote client machines comply with the organizations

security policies.

In addition to these predefined checks, security administra-

tors can define custom checks. For example, an SCV check

can be written to ensure that VPN-1 SecureClient users are

running the most current version of antivirus software.

Mlpl vy m

VPN-1 SecureClient provides various modes to address

a variety of connectivity and routing issues faced byremote users.

Office Mode addresses routing issues between the client

and the gateway by encapsulating IP packets with the

remote users original IP address, thereby enabling users

to appear as if they were in the office while connecting

remotely. Office Mode also provides enhanced anti-

spoofing by ensuring that the IP address encountered by

the gateway is authenticated and assigned to the user.

Visitor Mode enables employees to access resources

while they are working at a remote location such as a

hotel or a customer office, where Internet connectivity

may be limited to Web browsing using the standard

HTTP and HTTPS ports.

Hub Mode enables rigorous, centralized inspection of

all client traffic, removing the need to deploy security

functions to multiple offices, and giving employees secure

client-to-client communications such as Voice over IP

(VoIP) or Internet conferencing using applications like

Microsoft NetMeeting.

7/30/2019 VPN-1 Clients Datasheet

3/4

Enhanced VPN-1 connectivity

Continued on page 4

smpl m xp

VPN-1 SecureClient uses a rich, full-featured GUI that simpli-

fies the remote users connectivity experience. Installation

wizards guide the remote user through client installation and

site destination creation. In addition, multiple authentication

credentials can be stored so that users can seamlesslyconnect to sites with different access requirements without

having to reconfigure the settings each time they connect

to a site.

Users can enable Auto Connect mode, which prompts

them with a connection dialog box upon seeing a network

connection. Connection status messages alert users to the

progress of their connection attempts. Status View windows

detail connection status and troubleshooting indicators

such as network activity counters.

Integrated connection and authentication window.

Wizard to assist remote users with site destination creation.

Status View with detailed connection information.

7/30/2019 VPN-1 Clients Datasheet

4/4

Wlw Hq3A Jabotinsky Street, 24th FloorRamat Gan 52520, IsraelTel: 972-3-753-4555Fax: 972-3-575-9256Email: info@checkpoint.com

u.s. Hq800 Bridge ParkwayRedwood City, CA 94065Tel: 800-429-4391; 650-628-2000Fax: 650-654-4233www.checkpoint.com

20032007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Pointlogo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic ShieldingArchitecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT,INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management,

Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXLTurbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefenseAdvisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL NetworkExtender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarmAnti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarksof Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registeredtrademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected byother U.S. Patents, foreign patents, or pending applications.

February 28, 2007 P/N 502426

cmp vw v x vw

VPN-1 SecureClient can be configured to provide remote

users with an Extended View that has the full feature set.

Alternately, organizations with a single site and gateway

configuration may choose Compact View for maximum

remote ease-of-use. Because Compact View is preconfig-

ured, remote users do not need to perform site or profile

management. Connection and setting dialog boxes havealso been simplified to provide only essential features.

sml w mgm

It includes features to streamline the initial distribution and

ongoing maintenance of client software. These features

dramatically decrease end-user support costs associated

with VPN management and improve overall security by

ensuring that client software installations are always consis-

tent and current. VPN-1 SecureClient supports MSI and is

interoperable with all major software distribution packages.

cmpl m p

Integrity SecureClient combines the market leadingcapabilities of VPN-1 SecureClient and Integrity to deliver

the most advanced remote access connectivity, endpoint

protection, and network access policy enforcement in one

solution. Combining multiple safeguards into a single

package makes it easier to deploy and manage critical

endpoint defenses, from the same unified security platform

as other Check Point products.

s, p m ml v

SecureClient Mobile gives Windows Mobile device users

secure, uninterrupted remote access to resources protected

by Connectra and VPN-1 gateways. Mobile workers can

now roam across networks and change connection status

without losing their session or constantly reentering theircredentials. With an intuitive user interface and minimal

impact on device resources, SecureClient Mobile minimizes

administrative effort and provides central management from

the same platform used to manage PC remote access.

suPPorted PLatforMs

Windows 2000, 2003 Server, XP, XP Tablet PC Edition

Windows Pocket PC 2003/SE, Windows Mobile 5.0 Smartphone

Mac OS 10.3, 10.4.6, and higher (Universal Binary)

Advance Status View window.