SecuRemote for Windows 32-bit/64-bit

Similar documents
How To Import New Client MSI Files and Upgrade Profiles

Check Point GO R75. User Guide. 14 November Classification: [Public]

Remote Access Clients for Windows 32/64-bit

Check Point Mobile VPN for ios

Endpoint Security webrh

How to Connect with SSL Network Extender using a Certificate

Remote Access Clients for Windows 32-bit/64-bit

Endpoint Security Client

How To Configure OCSP

Endpoint Security. E80.30 Localized Version. Release Notes

Endpoint Security Release Notes

How to Configure ClusterXL for L2 Link Aggregation

Check Point GO R75. Release Notes. 21 December Classification: [Public]

SmartWorkflow R Administration Guide. 29 May Classification: [Restricted]

How To Troubleshoot VPN Issues in Site to Site

Endpoint Security Client

How To Configure IPSO as a DHCP Server

Endpoint Security webrh

Remote Access Clients for Windows 32-bit/64-bit

Endpoint Security Client. User Guide Version R71

Security Gateway Virtual Edition

R Release Notes. 6 March Classification: [Protected] [Restricted] ONLY for designated groups and individuals

How To Install SecurePlatform with PXE

Data Loss Prevention. R75.40 Hotfix. Getting Started Guide. 3 May Classification: [Protected]

Security Gateway for OpenStack

Check Point Document Security

How To Configure and Tune CoreXL on SecurePlatform

Security Gateway Virtual Edition

Data Loss Prevention R71. Release Notes

Security Acceleration Module

STRS OHIO F5 Access Client Setup for ChromeBook Systems User Guide

VSEC FOR OPENSTACK R80.10

MyFloridaNet-2 (MFN-2) Remote Access VPN Reference Guide

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Junos Pulse Installation (SSL VPN)

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

Remote Access User Guide for Mac OS (Citrix Instructions)

How To Install IPSO 6.2

Integration Guide. SafeNet Authentication Client. Using SAC CBA for VMware Horizon 6 Client

MyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide

Aventail Connect Client with Smart Tunneling

Software Token. Installation and User Guide. 22 September 2017

mystanwell.com Accessing using Apple devices Information and Business Systems

Instructions for Application Access via SecureCitrix

Managing the VPN Client

Pass4sure CASECURID01.70 Questions

FH Remote Access Last Updated: July 3, 2013

Using the Microsoft Remote Desktop on non-windows devices

Security Gateway 80 R Administration Guide

Remote Access VPN Setup

Installing and Connecting to DGL PM Server

Instructions for connecting to the FDIBA Wireless Network (Windows Vista)

Access Connections 5.1 for Windows Vista: User Guide

VPN-1 Power VSX VSX NGX R65 HFA 10. Release Notes

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

Integration Guide. SafeNet Authentication Client. Using SAC CBA with BitLocker

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

Supporting Networked Computers

VMware Horizon Client for Windows 10 UWP User Guide. Modified on 21 SEP 2017 VMware Horizon Client for Windows 10 UWP 4.6

EOH-SASOL - Setup Sasol Mobile Express (Client)

Embarcadero ToolBox. Product Documentation. User Guide

Security Cooperation Information Portal

SafeNet Authentication Client

Windows 8.1 and Windows 10 a) Connect to wireless network Click on the wireless icon in taskbar. Select detnsw and click on Connect.

Kerio VPN Client. User Guide. Kerio Technologies

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

How to Configure the RSA Authentication Manager

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

Accessing McKesson Radiology 12.3 PACS Remotely Over VPN

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Installation Guide. 3CX CRM Plugin for ConnectWise. Single Tenant Version

MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide

DBArtisan 8.6 Installation Guide

PS Suite EMR ASP Remote Access Setup Guide for Macintosh computers

OPC UA Configuration Manager Help 2010 Kepware Technologies

Hollins University VPN

OPC UA Configuration Manager PTC Inc. All Rights Reserved.

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

VMware Horizon Client for Chrome OS User Guide. 04 JAN 2018 VMware Horizon Client for Chrome OS 4.7

Connect to the Cambridge network

WINDOWS 64-BIT INSTALLATION NOTES VMWARE PLAYER Micro Planner X-Pert V3.5.1 Digital Download Edition

Remote Access Extended Office User Guide. Version 3.1

SafeNet Authentication Manager

AAD - ASSET AND ANOMALY DETECTION DATASHEET

VMware AirWatch Integration with RSA PKI Guide

Barron McCann Technology X-Kryptor

Secure Single Sign On with FingerTec OFIS

Pulse Secure Policy Secure

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

DRACONEM RGB Touch ID Gaming Mouse Pad with Fingerprint Security

STRS OHIO Telework F5 BIG-IP Edge Client for Mac Systems (Imac, Air, Macbook, Mini) User Guide

AT&T Global Network Client for Mac User s Guide Version 2.0.0

SafeNet Authentication Client

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft NPS Technical Manual Template

RU-VPN2 - GlobalProtect Installation for Windows

Cleo A+ for Windows Installation Guide November 2001

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Procedure for Connecting to OIL VPN

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

SonicWall Global VPN Client Getting Started Guide

Transcription:

SecuRemote for Windows 32-bit/64-bit E75.20 User Guide 13 September 2011

2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?id=12324 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the home page at the Check Point Support Center (http://supportcontent.checkpoint.com/solutions?id=sk65209). Revision History Date Description 13 September 2011 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on SecuRemote for Windows 32-bit/64- bit E75.20 User Guide).

Contents Important Information... 3 Introduction to SecuRemote... 5 The Installation Process... 5 Receiving an Automatic Upgrade... 5 Getting Started... 6 Defining a Site... 6 Basic Operations... 8 Connect Window... 9 Client Icon... 9 Setting up the Client... 10 Configuring Proxy Settings...10 Secure Domain Logon...10 Configuring VPN...10 Changing the Site Authentication Scheme...11 Certificate Enrollment and Renewal...12 Importing a Certificate into the CAPI Store...12 Authenticating with PKCS#12 Certificate File...12 SecurID...13 Challenge-Response...13 Secure Authentication API (SAA)...13 Collecting Logs... 15

Chapter 1 Introduction to SecuRemote SecuRemote is a remote access client for easy, secure connectivity to corporate resources over the internet, through a VPN tunnel. In This Chapter The Installation Process 5 Receiving an Automatic Upgrade 5 The Installation Process Important - To install a Remote Access client on any version of Windows, you need Administrator permissions. Consult with your system administrator. To install a Remote Access client: 1. Log in to Windows with a user name that has Administrator permissions. 2. Get the installation package from your system administrator, and double-click the installation package. 3. Follow the installation wizard. Note - On Windows Vista and Windows 7, there may be a prompt to allow access, depending on the UAC settings. 4. If your administrator did not include a specified Remote Access client in the installation package, you are prompted to choose a product to install. Your administrator might have instructed you which client to install. The options are: Endpoint Security VPN Check Point Mobile for Windows SecuRemote After installation, the Client icon appears in the system tray notification area. 5. Double-click the Client icon. If you are prompted to define a site, make a site with the IP address that your system administrator gave you. Receiving an Automatic Upgrade If you have a Check Point VPN Client, when you connect to a site you might receive an automatic upgrade to the latest version of Remote Access Clients. Follow instructions to complete the upgrade. Depending on the settings set by your administrator, you might not need to do anything. When you open your client from the client icon, you will see that it has a new name and looks different. Page 5

Chapter 2 Getting Started In This Chapter Defining a Site 6 Basic Operations 8 Connect Window 9 Client Icon 9 Defining a Site You must have at least one site to connect to a VPN. If your system administrator pre-configured the client package, you can connect to the VPN site immediately. If not, you must define the site. Before you start, make sure you know how you will authenticate to the VPN and that you have the credentials (for example, password or certificate file). You might also require the gateway fingerprint, to make sure that the client is connecting to the correct gateway. Get this from your system administrator. To define a site: 1. Right-click the client icon and select VPN Options. The Options window opens. The first time you open the window, no sites are listed. 2. On the Sites tab, click New. Page 6

Defining a Site The Site Wizard opens. 3. Click Next. 4. Enter the name or IP address of the Security Gateway and click Next. Wait for the Client to identify the site name. 5. After the client resolves the site, a security warning might open: The site's security certificate is not trusted! While verifying the site's certificate, the following possible security risks were discovered: Ask your system administrator for the fingerprint of the server. If the server fingerprint matches the fingerprint in the warning message, you can click Trust and Continue. If there is no match, consult with your system administrator. 6. The Authentication Method window opens. Select an authentication method according to your system administrator's instructions. 7. Click Next and follow the instructions to enter your authentication materials. Getting Started Page 7

Basic Operations If you selected Secure Authentication API (SAA), an SAA window opens to select the type of SAA and a DLL file to use. See Secure Authentication API (SAA) (on page 13). 8. Click Finish. The client opens a prompt to connect you to the newly created site. 9. Click Yes to connect to the site, or No to save the site details and connect at a different time. Basic Operations Right-click the Client icon in the system tray notification area to access basic operations. (Not all options appear for every client status and configuration.) If you are not connected to the VPN, to connect quickly to the last active site, double-click the Client icon. If you are connected to the VPN and you double-click on the Client icon, the Client Overview window opens. To access other basic operations, right-click the Client icon and select an option. Option Connect Connect to VPN Options Show Client Shutdown Client Function Opens the main connection window, with the last active site selected. If you authenticate with a certificate, the client immediately connects to the selected site. Opens the main connection window and lets you select which site to connect to. Opens the Options window to set a proxy server, choose interface language, enable Secure Domain Logon, and collect logs. Open the SecuRemote overview. Closes SecuRemote and the VPN connection. You can also access most of these options from the Client Overview. Getting Started Page 8

Connect Window Connect Window In the Connect window you authenticate to the VPN. Based on the settings that your administrator configures, you might have options to choose a Site and Gateway, or only a Site. In the Connect Window: 1. In Site, select the site to connect to. If you were not instructed differently by your administrator, connect to the default site. 2. You might have a Gateway field. If necessary select a gateway. If you were not instructed differently by your administrator, connect to the default gateway. 3. Enter authentication to connect to the VPN: If you have a Certificate, browse to the certificate file and enter the password. If you use SecurID, enter your PIN or passcode. If you get a key in response, copy it. If you use Username and Password, enter your username and password. If you use Challenge Response, enter the first key. When the challenge comes, enter the response. If you use SAA, click Connect and a new window opens for authentication. While you use the VPN resources, you might have to enter your authentication credentials again. This can occur if you try to access a resource that is on a different gateway and your credentials are not cached. Client Icon The Client icon in the system tray notification area shows the status of Remote Access Clients. Icon Status Disconnected Connecting Connected Encryption (encrypted data is being sent or received on the VPN) There is an issue that requires users to take action. You can also hover your mouse on the icon to show the client status. Getting Started Page 9

Chapter 3 Setting up the Client In This Chapter Configuring Proxy Settings 10 Secure Domain Logon 10 Configuring VPN 10 Changing the Site Authentication Scheme 11 Configuring Proxy Settings If you are at a remote site which has a proxy server, the client must be configured to go through the proxy server. Usually the client can find proxy settings automatically. If not, you can configure it. Before you begin, get the IP address of the proxy server from the local system administrator. Find out if the proxy needs a user name and password. To configure proxy settings: 1. Right-click the Client icon and select VPN Options. The Options window opens. 2. Open the Advanced tab. 3. Click Proxy Settings. The Proxy Settings window opens. 4. Select an option. No Proxy - Make a direct connection to the VPN. Detect proxy from Internet Explorer settings - Get the proxy settings from Internet Explorer > Tools > Internet options > Connections > LAN Settings. Manually define proxy - Enter the IP address port number of the proxy. If required, enter a user name and password for the proxy. 5. Click OK. Secure Domain Logon If the system administrator says that you must use SDL, enable Secure Domain Logon (SDL). To enable SDL on a client: 1. Right-click the Client icon and select VPN Options. 2. In Options > Advanced, select Enable Secure Domain Logon (SDL). 3. Click OK. 4. Restart the computer and log in. Configuring VPN You might have the option to go through the VPN for all your Internet traffic. This is more secure. Page 10

Changing the Site Authentication Scheme To configure VPN Tunneling: 1. Right-click the Client icon and select VPN Options. The Options window opens. 2. On the Sites tab, select the site to which you want to connect, and click Properties. The Properties window for the site opens. 3. Open the Settings tab. 4. In VPN tunneling, click Encrypt all traffic and route to gateway. 5. Click OK. Note - In SecuRemote, this option is disabled, If this option is disabled in Endpoint Security VPN or Check Point Mobile for Windows, consult your system administrator. Changing the Site Authentication Scheme If you have the option from your system administrator, you can change the method that you use to authenticate to the VPN. To change the client authentication method for a specific site: 1. Right-click the Client icon and select VPN Options. The Options window opens 2. On the Site tab, select the site and click Properties. The Properties window for the site opens. On the Settings tab, select an option from the Authentication Scheme drop-down menu. Username and password Certificate - CAPI Certificate - P12 SecurID - KeyFob SecurID - PinPad SecurID Software Token Challenge Response SAA - Username and Password SAA - Challenge Response Setting up the Client Page 11

Changing the Site Authentication Scheme Certificate Enrollment and Renewal A. To enroll a certificate: 1. Right-click the client icon in the system tray, and select VPN Options. 2. On the Sites tab, select the site from which you will enroll a certificate and click Properties. The site Properties window opens. 3. Select the Settings tab. 4. Choose the setting type you want, CAPI or P12, and click Enroll. The CAPI or P12 window opens. 5. For CAPI, choose the provider to which you will enroll the certificate. 6. For P12, choose a new password for the certificate and confirm it. 7. Enter the Registration Key that your administrator sent you. 8. Click Enroll. The certificate is enrolled and ready for use. B. To renew a certificate: 1. Right-click the client icon in the system tray, and select VPN Options. 2. On the Sites tab, select the site from which you will renew a certificate and click Properties. The site Properties window opens. The authentication method you chose is set and the certificate will be renewed accordingly. 3. Select the Settings tab. 4. Click the Renew button. The CAPI or P12 window opens. 5. For CAPI, choose the certificate you want to renew from the drop-down list. For P12, choose a P12 file and enter its password. 6. Click Renew. The certificate is renewed and ready for use. Importing a Certificate into the CAPI Store Before you can use the certificate to authenticate your computer, you must get: The certificate file. The password for the file. The name of the site (each certificate is valid for one site). If the system administrator instructed you to save the certificate on the computer, import it to the CAPI store. If not, the administrator will give you the certificate file on a USB or other removable media. Make sure you get the password. To import a certificate file to the CAPI store: 1. Right-click the client tray icon, and select VPN Options. 2. On the Sites tab, select the site and click Properties. 3. Open the Settings tab. 4. Make sure that Certificate - CAPI is selected in the Method list. 5. Click Import. 6. Browse to the P12 file. 7. Enter the certificate password and click Import. Authenticating with PKCS#12 Certificate File For security reasons, your system administrator might require you to authenticate directly with the PKCS#12 certificate and not from the certificate stored in the CAPI. For example, if you use several desktop workstations and laptops, you might not want to leave your certificate on different computers. If the PKCS#12 certificate is in the CAPI store and someone steals your laptop, they can use the client to connect Setting up the Client Page 12

Changing the Site Authentication Scheme to the site. For increased security, your administrator might instruct you to save the PKCS#12 certificate to a USB stick or other storage device.. To authenticate with a PKC#12 certificate file: 1. Configure the site to use "Certificate P12" for authentication. 2. Connect to the site. The Connect window opens. 3. In the Certificate File area, browse to the certificates stored on the floppy or USB disk. 4. In the Password field, enter the certificate password. 5. Click Connect. Note - If you selected the Always-Connect option, whenever communication between the site and client is closed, the user will be prompted to enter the certificate password. SecurID The RSA SecurID authentication mechanism consists of either hardware (FOB, USB token) or software (softid) that generates an authentication code at fixed intervals (usually one minute), with a built-in clock and encoded random key. The most common form of SecurID Token is the hand-held device. The device is usually a key FOB or slim card. The token can have a PIN pad, onto which a user enters a personal identification number (PIN) to generate a passcode. When the token does not have a PIN pad, a tokencode is displayed. A tokencode is the changing number displayed on the key FOB. The Remote Access Clients site wizard supports both methods, as well as softid. Remote Access Clients uses both the PIN and tokencode, or just the passcode, to authenticate to the gateway. Challenge-Response Challenge-response is an authentication protocol in which one party provides the first string (the challenge), and the other party verifies it with the next string (the response). For authentication to take place, the response is validated. Secure Authentication API (SAA) Secure Authentication API (SAA) lets you use third- party authentication technologies with your Remote Access client. To work, it requires a DLL file that is installed on your client. If your administrator instructs you to select Secure Authentication API (SAA) as the authentication method when you create a site, you need this information: The type of SAA authentication that you must select - one of these: Username and Password - Users enter a username and password. Challenge Response - Users enter a response to a challenge. You might need a DLL file. If your administrator already configured this, then you do not need it. Note - Only users with administrator permissions can replace the DLL. Setting up the Client Page 13

Changing the Site Authentication Scheme If you select SAA as the authentication in the site wizard, a new page opens where you select the type of SAA authentication and a DLL file, if required. Replacing the SAA DLL File Your administrator might instruct you to replace the DLL file on your client. Note - Only users with administrator permissions can replace the DLL. To replace the local DLL file: 1. Right-click the client icon and select Options. 2. In the Advanced tab, next to Use a Secure Authentication API File, browse to select the new DLL file. This file is used for SAA authentication. Connecting to a Site with SAA Usually, when you connect to a site, a login window opens and you enter your authentication information directly in that window. If SAA is the authentication method for the site, there are no fields for authentication information in the login window. You must click the Connect button in the window and a new window opens for authentication information. Setting up the Client Page 14

Changing the Site Authentication Scheme Collecting Logs If your system administrator or help desk asks for logs to resolve issues, you can collect the logs from your client. To collect logs: 1. Right-click the Client icon and select VPN Options. 2. Open the Advanced tab. 3. Click Enable Logging. 4. Reproduce the problem. 5. Click Collect Logs. Note - The logs are saved to %TEMP%\trac\trlogs_timestamp.cab. It opens after the logs are collected. This folder is sometimes hidden. If you need to locate this folder, in Control panel > Folder Options > View, select Show hidden files and folders. Collecting Logs Page 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback