Remote Access with Encrypted SSL VPN Technology

SSL VPN technology is used for secure encrypted communication from unmanaged mobile devices and PCs to your corporate IT infrastructure. Both web-based and network-level access through the SSL encryption can be delivered through most internet browsers.

Multiple end-user connection options including:

• Check Point Mobile app
• SSL VPN Portal through a browser
• SSL Network Extender (SNX) with light-weight, dissolvable client

 Mobile Access Software Blade offers:

• Secure SSL VPN access
• Two-factor authentication
• Device/end-user paring
• Mobile business Portal
• Provisioning of security features and email profile
• Works cooperatively with additional Gateway Software Blades including IPS, Anti-malware and Firewall.  

SSL VPN Corporate Applications

SSL VPN provides the remote user with access to the various corporate applications, including, Web applications, file shares, Citrix services, Web mail, and native applications.

• A Web application can be defined as a set of URLs that are used in the same context and that is accessed via a Web browser, for example inventory management, a Wiki or HR management system.
• A file share defines a collection of files, made available across the network by means of a protocol, such as SMB for Windows, that enables actions on files, such as opening, reading, writing and deleting files across the network.
• SSL VPN supports Citrix client connectivity to internal XenApp servers.
• SSL VPN supports Web mail services including:
  • Built-in Web mail: Web mail services give users access to corporate mail servers via the browser. SSL VPN provides a front end for any email server that supports the IMAP and SMTP protocols.
  • Other Web-based mail services, such as Outlook Web Access (OWA) and IBM Lotus Domino Web Access (iNotes). SSL VPN relays the session between the client and the OWA server.
• SSL VPN allows mobile and remote workers to connect easily and securely to critical resources while protecting enterprise networks and endpoints from external threats.

Check Point Mobile Client

Best for simple and secure connectivity to corporate resources from smartphones and PCs.

• One-touch access to your business web applications 
• Secure sync of your e-mail, calendar and contacts
• Always-on security
• Easy setup with downloadable app 
• Secure business portal customized for each user ensuring access to only authorized corporate resources
• Single-sign-on reduces login errors into corporate web applications

SSL VPN Portal

Best for connecting securely to corporate resources through a portal from a web browser. Secure Web-Based Connectivity
Through an integrated web portal, users can access web applications, web-based resources, shared files, and email.  Administrators can customize the design of the web portal, including support for multiple languages.

 Endpoint Security On Demand - optional endpoint compliance and malware scanner

• Ensures that connecting endpoints are compliant with corporate policy
• Detects keyloggers, trojans and other malware
• Out-of-compliance users are offered links to self-remediation resources

Secure Workspace - End-users can utilize Check Point's virtual desktop that enables data protection during user sessions, and enables cache wiping, after the sessions have ended. Secure Workspace protects all session-specific data accumulated on the client side

• Creates a secure virtual environment, insulated from the host
• Encrypts and deletes browser and application caches, files etc. when session ends

DynamicID^TM Direct SMS Authentication
Mobile Access Software Blade can be configured to send a one-time password (OTP) to an end-user communication device (such as a mobile phone) via an SMS message. SMS two-factor authentication provides an extra level of security while eliminating the difficulties associated with managing hardware tokens.

Integrated Intrusion Prevention

• Provides protection against malicious code transferred in Web-related applications
• Blocks worms, various attacks such as buffer overflows, SQL and command injections, cross-site scripting, customizable HTTP worm catcher, directory traversal, header rejection, malicious HTTP code 

SSL Network Extender (On-demand client - SNX)

Best for secure connectivity to corporate resources using non-web-based applications via an on-demand, dissolvable client. The SSL Network Extender (SNX) is used for remote users who need access to network (non-web-based) applications.  The SSL Network Extender offers a browser plug-in that provides remote access, while delivering full network connectivity for IP-based applications.  It enables an on-demand SSL VPN Layer-3 tunnel to connect to your corporate resources. It supports any IP-based application, including ICMP, TCP, and UDP, without requiring complex configuration to support each application. SSL Network Extender works on remote PCs without requiring administrator privileges.

SSL Network Extender is downloaded automatically from the SSL VPN portal to the endpoint machines, so that client software does not have to be pre-installed and configured on users' PCs and laptops. SSL Network Extender tunnels application traffic using a secure, encrypted and authenticated SSL tunnel to the SSL VPN gateway.