Remote Access Clients for Windows 32/64-bit

Similar documents
Remote Access Clients for Windows 32-bit/64-bit

Endpoint Security Release Notes

Endpoint Security. E80.30 Localized Version. Release Notes

Remote Access Clients for Windows 32-bit/64-bit

How To Import New Client MSI Files and Upgrade Profiles

SecuRemote for Windows 32-bit/64-bit

Check Point GO R75. Release Notes. 21 December Classification: [Public]

Endpoint Security webrh

How to Connect with SSL Network Extender using a Certificate

Check Point Mobile VPN for ios

R Release Notes. 6 March Classification: [Protected] [Restricted] ONLY for designated groups and individuals

How to Configure ClusterXL for L2 Link Aggregation

How To Configure OCSP

Security Gateway Virtual Edition

How To Troubleshoot VPN Issues in Site to Site

Data Loss Prevention. R75.40 Hotfix. Getting Started Guide. 3 May Classification: [Protected]

SmartWorkflow R Administration Guide. 29 May Classification: [Restricted]

Security Gateway Virtual Edition

How To Configure IPSO as a DHCP Server

VPN-1 Power VSX VSX NGX R65 HFA 10. Release Notes

Security Gateway for OpenStack

How To Configure and Tune CoreXL on SecurePlatform

R Release Notes. 18 August Classification: [Public]

Endpoint Security webrh

Security Acceleration Module

Data Loss Prevention R71. Release Notes

Endpoint Security Client

VSEC FOR OPENSTACK R80.10

VPN R76. Administration Guide. 27 August Classification: [Protected]

How To Install SecurePlatform with PXE

Endpoint Security Management Server

How To Install IPSO 6.2

Check Point Document Security

23 July 2015 VPN. R77 Versions. Administration Guide. Classification: [Protected]

Security Gateway 80 R Administration Guide

Upgrading SecureClient to Endpoint Security VPN R75. on NGX R65 SmartCenter Server

Performance Pack. Administration Guide Version R70. March 8, 2009

R75.40VS. Release Notes. 20 January Protected

Checkpoint Vpn Domain Manually Defined

Endpoint Security. Gateway Integration Guide R72

Stonesoft VPN Client. for Windows Release Notes Revision A

Installation and Upgrade Guide

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

IPS R Administration Guide

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

VPN R Administration Guide. 28 March Classification: [Protected]

VMware AirWatch Content Gateway Guide for Linux For Linux

Check Point IPS R75. Administration Guide

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

SmartView Monitor R75. Administration Guide

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Check Point GO R75. User Guide. 14 November Classification: [Public]

Security Management Server. Administration Guide Version R70

Endpoint Security Client

Quality of Service R75.40VS. Administration Guide. 15 July Classification: [Protected]

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Check Point Security Gateway

Q&As Check Point Certified Security Administrator

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide. Sourcefire Sensor on Nokia v4.8

Syncplicity Panorama with Isilon Storage. Technote

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

SSL VPN R71. Administration Guide

Stonesoft Management Center. Release Notes Revision A

Configuring and Using Dynamic DNS in SmartCenter

NGFW Security Management Center

VMware AirWatch Content Gateway Guide for Windows

R71. Release Notes. 12 August Classification: [Public]

Connectra Virtual Appliance Evaluation Guide

HikCentral V1.3 for Windows Hardening Guide

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware AirWatch Content Gateway Guide For Linux

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

VMware AirWatch Content Gateway Guide for Windows

Special Hotfix for R75.40VS

AAD - ASSET AND ANOMALY DETECTION DATASHEET

Check Point for Nokia IPSO Getting Started Guide. Check Point NGX R62 Nokia IPSO 3.9, 4.1 and 4.2

Managing the VPN Client

Stonesoft Next Generation Firewall

ClusterXL R Administration Guide. 3 March Classification: [Protected]

Endpoint Security Client. User Guide Version R71

Pulse Secure Desktop Client

Stonesoft VPN Client. for Windows Release Notes Revision A

Pulse Policy Secure. Identity-Based Admission Control with Check Point Next-Generation Firewall Deployment Guide. Product Release 9.0R1 Document 1.

HikCentral V.1.1.x for Windows Hardening Guide

VPN-1 Power/UTM. Administration guide Version NGX R

Endpoint Security. Administrator Guide Version NGX 7.0 GA

Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

NGFW Security Management Center

SonicOS Release Notes

Check Point VPN-1 Pro NGX IPv6Pack for Nokia Getting Started Guide. Check Point VPN-1 Pro NGX IPv6Pack Nokia IPSO 3.9 or 4.0

Oracle Hospitality Simphony Post-Installation or Upgrade Guide. Release 18.2

Check Point 1100 Appliances Frequently Asked Questions

Oracle Hospitality Simphony Cloud Services Post-Installation or Upgrade Guide Release 2.10 E July 2018

SmartCenter. Version NGX R61

VMware AirWatch Content Gateway Guide for Windows

VMware AirWatch Content Gateway Guide for Windows

NGFW Security Management Center

NGFW Security Management Center

Appliance Comparison Chart

Transcription:

Remote Access Clients for Windows 32/64-bit E80.41 Release Notes 16 January 2013 Classification: [Protected]

2013 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?id=23361 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). Revision History Date Description 16 January 2013 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on Remote Access Clients for Windows 32/64-bit E80.41 Release Notes).

Contents Important Information... 3 Introduction... 5 What's New for Remote Access VPN... 5 Remote Access Clients Comparison... 6 Remote Access Client Upgrades... 9 Build Numbers... 9 VPN Blade Requirements... 9 Security Management Server and Security Gateway Requirements... 9 ATM Client Hardware Requirements...10 Additional Requirements...10 Remote Access Client Installation... 10 Upgrading SmartDashboard-Managed Clients... 10 Known Limitations... 11

Introduction Introduction The Remote Access VPN Software Blade provides a simple and secure way for endpoints to connect remotely to corporate resources over the Internet, through a VPN tunnel. Check Point offers multiple enterprise-grade clients to fit a wide variety of organizational needs. The clients offered in this release are: Security Management Console-managed - The Remote Access VPN blade as part of the Security Suite lets users connect securely from their Security-protected computer to corporate resources. Clients have the Firewall and Compliance blades managed by Security Management Console and other Security Software Blades that can be integrated include: Media Encryption & Port Protection, Full Disk Encryption, Anti-Malware, and WebCheck. SmartDashboard-managed clients: - Incorporates Remote Access VPN with Desktop Security in a single client. It is recommended for managed endpoints that require a simple and transparent remote access experience together with desktop firewall rules. Check Point Mobile for Windows - An easy to use IPsec VPN client to connect securely to corporate resources. Together with the Check Point Mobile clients for iphone and Android, and the Check Point SSL VPN portal, this client offers a simple experience that is primarily targeted for non-managed machines. SecuRemote - A secure, yet limited-function IPsec VPN client, primarily targeted for small organizations that require very few remote access clients. See Remote Access Clients Comparison (on page 6) for a detailed feature comparison. We recommend that you read this document before installing E80.41 Remote Access clients. Note - The E75 Remote Access Clients series was previously known as R75. What's New for Remote Access VPN OsMonitor for Windows 8 - The SCV OSMonitor compliance check supports Windows 8 validation. Certificate enrollment password enforcement - Lets administrators enforce password length for p12 certificate enrollment. New prepackaging tool for VPN configuration - Available for all Remote Access VPN deployments. SCV policy improvements local.scv file is obscured. Added optional SHA-1 function verification for running processes. Updated algorithms in IKE Diffie-Helman Group14 (2048) was added. Encrypted and protected username/password caching for ATM devices - Available through CLI. Remote Access Clients for Windows 32/64-bit Release Notes E80.41 5

What's New for Remote Access VPN Remote Access Clients Comparison Feature Security Management Console-manag ed SmartDashboard -managed Check Point Mobile for Windows SecuRemote Description Client Purpose Secure connectivity integrated with variety of Security blades Secure connectivity with centrally managed desktop firewall & compliance checks Secure connectivity & compliance checks Basic secure connectivity Replaces Client SecureClient NGX R60 SecureClient NGX R60 Connect R73 SecuRemote NGX R60 Connect R73 Connect R73 IPSEC VPN Tunnel Security Compliance Check (SCV) Integrated Desktop Firewall Split Tunneling Hub Mode Dynamic Optimization of Connection Method Multi Entry Point (MEP) Can use SCV or Compliance blade Uses Firewall blade All traffic travels through a secure VPN tunnel. Monitor remote computers to confirm that the configuration complies with organization's security policy. Integrated endpoint firewall centrally managed from a Security Management Server Encrypt only traffic targeted to the VPN tunnel. Pass all connections through the gateway. When NAT-T connectivity is not possible, automatically connect over TCP port 443 (HTTPS port). Client seamlessly connects to an alternative site when the primary site is not available. Remote Access Clients for Windows 32/64-bit Release Notes E80.41 6

What's New for Remote Access VPN Feature Security Management Console-manag ed SmartDashboard -managed Check Point Mobile for Windows SecuRemote Description Secondary Connect End-users can connect once and get transparent access to resources, regardless of their location. Office Mode IP Each VPN client is assigned an IP from the internal office network. Back Connection Protocols Support protocols where the client sends its IP to the server and the server initiates a connection back to the client using the IP it receives. These protocols include: Active FTP, X11, some VoIP protocols. Auto Connect and Location Awareness Intelligently detect if the user is outside the internal office network, and automatically connect as required. If the client senses that it is inside the internal network, the VPN connection is terminated. Roaming Tunnel and connections remain active while roaming between networks. Always Connected VPN connection is established whenever the client exits the internal network. Secure Domain Logon (SDL) VPN tunnel and domain connectivity is established as part of Windows login allowing GPO and install scripts to execute on remote machines. Remote Access Clients for Windows 32/64-bit Release Notes E80.41 7

What's New for Remote Access VPN Feature Security Management Console-manag ed SmartDashboard -managed Check Point Mobile for Windows SecuRemote Description Split DNS Resolves internal names with the SecuRemote DNS Server configuration. Hotspot Detection and Registration Makes it easier for users to find and register with hot spots to connect to the VPN through local portals (such as in hotels or airports). Secure Authentication API (SAA) Allows third party-extensions to the standard authentication schemes. This includes 3-factor and biometrics authentication. Version E80.41 Required Licenses On the Gateway: IPsec VPN Blade On the Management: Container & VPN Blade for all installed endpoints On the Gateway: IPsec VPN Blade On the Management: Container & VPN Blade for all installed endpoints IPsec VPN Blade and Mobile Access Blade (based on concurrent connections) On the Gateway: IPsec VPN Blade for an unlimited number of connections Remote Access Clients for Windows 32/64-bit Release Notes E80.41 8

Remote Access Client Upgrades These upgrade paths are available for Remote Access VPN clients: From To See Remote Access Client Upgrades E75.x Remote Access Clients, SmartDashboard-managed E75.x Remote Access Clients, SmartDashboard-managed clients E80.40 Security suite with or without Remote Access VPN E80.41 Security Management Console-managed Remote Access VPN E80.41 SmartDashboard-managed Remote Access VPN E80.41 Security Management Console-managed Remote Access VPN Upgrading Security Clients in Security E80.40 Administration Guide (http://supportcontent.checkpoint.com /solutions?id=sk82100 ) See Upgrading SmartDashboard-Managed Clients (on page 10) Upgrading Security Clients in Security E80.40 Administration Guide (http://supportcontent.checkpoint.com /solutions?id=sk82100 ) For upgrades from SecureClient see the upgrade guide for your version in sk65209 (http://supportcontent.checkpoint.com/solutions?id=sk65209). Build Numbers The build number for this release is: 9860000037 VPN Blade Requirements If you use the Remote Access VPN blade, additional requirements apply. Security Management Server and Security Gateway Requirements For the most up-to-date list of supported operating systems, server and gateway requirements, see: sk79361 (http://supportcontent.checkpoint.com/solutions?id=sk79361). Note - Remote Access VPN requires a supported gateway version. If you use Automatic MEP, the Security Management Server or Multi-Domain Server must also be supported, with the required hotfixes. Remote Access Clients for Windows 32/64-bit Release Notes E80.41 9

Remote Access Client Installation ATM Client Hardware Requirements These are the minimum hardware requirements for client computers that run the SmartDashboard-based ATM package. Component Memory Free disk space CPU Minimum Requirement 256 MB RAM 500 MB Intel Pentium 4 CPU 3.20 GHz or equivalent Additional Requirements To enable Secondary Connect, see the requirements in sk65312 (http://supportcontent.checkpoint.com/solutions?id=sk65312). To enable automatic, implicit MEP (Multiple Connections), you must install the Remote Access Clients Hotfix on the Security Management Server and on all Security Gateways. This procedure is not necessary for manual MEP. The Security Management Server and Security Gateway can be installed on open servers or appliances. On UTM-1 appliances, you cannot use the WebUI to install Remote Access Clients. Remote Access Clients cannot be installed on the same device as Check Point Security R73 or R80. If Zone Alarm is installed on a device, you can install Check Point Mobile for Windows and SecuRemote but not. All Security Gateways used as primary MEP connections must support this release, with the Remote Access Clients Hotfix installed. NGX R65.70 Security Gateways must be managed by NGX R65.70 Security Management Servers. The servers must also have the Remote Access Clients Hotfix installed. Remote Access Client Installation You can create packages of the Remote Access Clients with pre-defined settings, such as which client to install, a VPN site and authentication methods. When you deploy the package to users, it is easier for them to connect quickly. See the Remote Access Clients E80.41 Administration Guide for how to create deployment packages. To install a Remote Access client: 1. Download the Remote Access Clients (for Windows) MSI file. 2. Double-click the MSI and follow the on-screen instructions. Upgrading SmartDashboard-Managed Clients To automatically update clients to this release of Remote Access Clients or a future release, upgrade the client package on the gateway. Then all clients receive the new package when they next connect. If you have a gateway version that requires the Remote Access Clients Hotfix, make sure that the Hotfix is installed before you put an upgraded package on the gateway. There are two packages: one for ATM installation and one for non-atm installation. Each package has: TRAC_ATM.cab or TRAC.cab ver.ini Remote Access Clients for Windows 32/64-bit Release Notes E80.41 10

Known Limitations CheckPointSecurityForATM.msi (packaged in the cab file) CheckPointVPN.msi If you have R71.x with SSL VPN enabled, put the TRAC.cab file in a different directory, as shown in the instructions. Users must have administrator privileges to install an upgrade with an MSI package. Administrative privileges are not required for automatic upgrades from the gateway. Unattended (ATM) Clients You cannot upgrade regular Remote Access Clients and unattended (ATM) clients from the same gateway. Important - If you download the Automatic Upgrade for ATM file, you get a file called TRAC_ATM.cab. You must rename it to TRAC.cab before you put it on the gateway. To distribute the Remote Access Clients from the gateway: 1. On the gateway, in the $FWDIR/conf/extender/CSHELL directory, back up the TRAC.cab and trac_ver.txt files. For R71.x, back up the TRAC.cab file in: $CVPNDIR/htdocs/SNX/CSHELL 2. Download the Remote Access Clients E80.41 Automatic Upgrade file (http://supportcontent.checkpoint.com/solutions?id=sk65209). 3. Put the new TRAC.cab and ver.ini files in the same directory on the gateway: $FWDIR/conf/extender/CSHELL For R71.x, put the TRAC.cab file also in: $CVPNDIR/htdocs/SNX/CSHELL 4. On a non-windows gateway, run: chmod 750 TRAC.cab 5. Edit the trac_ver.txt file in the directory and change the version number to the number in the new ver.ini. 6. Make sure the client upgrade mode is set: a) Open the SmartDashboard. b) Open Policy > Global Properties > Remote Access > Connect. c) Set the Client upgrade mode to Ask user (to let user confirm upgrade) or Always upgrade (automatic upgrade). d) Click OK. 7. Install the policy. When the client connects to the gateway, the user is prompted for an automatic upgrade of the newer version. If users had R75, it keeps the existing settings. If users had Connect R73, it automatically upgrades to. 8. When the ATM client is installed with No Office Mode, those attributes will not change during upgrade. If the client is automatically upgraded, it is an ATM client with No Office Mode. Known Limitations For known limitations for this release see sk91183 (http://supportcontent.checkpoint.com/solutions?id=sk91183). Remote Access Clients for Windows 32/64-bit Release Notes E80.41 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback