Endpoint Security VPN for Mac



Similar documents
Endpoint Security VPN for Mac

Remote Access Clients for Windows

Endpoint Security VPN for Windows 32-bit/64-bit

Endpoint Security VPN for Mac

Endpoint Security Client for Mac

How To Backup a SmartCenter

R75. Installation and Upgrade Guide

Remote Access Clients for Windows 32-bit/64-bit

DIGIPASS Authentication for Check Point Security Gateways

Multi-Domain Security Management

Installing and Configuring vcenter Multi-Hypervisor Manager

Table of Contents. Cisco Cisco VPN Client FAQ

Mobile Access R Administration Guide. 13 August Classification: [Protected]

Check Point VPN-1 SecureClient for Mac OS X Release Notes November 1, 2004

Security Gateway R75. for Amazon VPC. Getting Started Guide

Security Gateway Virtual Appliance R75.40

Understanding the Cisco VPN Client

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

A Guide to New Features in Propalms OneGate 4.0

Remote Access Clients for Windows 32/64-bit

Check Point FW-1/VPN-1 NG/FP3

Release Notes for Websense Web Endpoint (32- and 64-bit OS)

WatchGuard Mobile User VPN Guide

How To Configure SSL VPN in Cyberoam

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

DDoS Protection on the Security Gateway

Introduction to Endpoint Security

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Endpoint Security Client

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Security Gateway for OpenStack

Remote Filtering Software

Managing Multi-Hypervisor Environments with vcenter Server

Configuration Guide BES12. Version 12.3

Configuration Guide. BES12 Cloud

Disaster Recovery White Paper

Proof of Concept Guide

RSA SecurID Ready Implementation Guide

Mobile Access. R77 Versions. Administration Guide. 6 May Classification: [Protected]

Guideline for setting up a functional VPN

vcloud Director User's Guide

Configuration Guide BES12. Version 12.2

Microsoft Windows Server System White Paper

BorderGuard Client. Version 4.4. November 2013

ez Agent Administrator s Guide

Easy and Secure Remote Access with Cisco QuickVPN

CA VPN Client. User Guide for Windows

SonicWALL strongly recommends you follow these steps before installing Global VPN Client (GVC) 4.0.0:

User Authentication. FortiOS Handbook v3 for FortiOS 4.0 MR3

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

NEFSIS DEDICATED SERVER

AnyConnect VPN Client FAQ

AT&T Global Network Client User s Guide

Ensuring the security of your mobile business intelligence

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Release Notes for Version

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

7.1. Remote Access Connection

HP IMC Firewall Manager

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Installing and Configuring vcloud Connector

Back to My Mac User s Guide

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Connecting an Android to a FortiGate with SSL VPN

Allworx Installation Course

VPN CLIENT USER S GUIDE

Release Version 4.1 The 2X Software Server Based Computing Guide

Kerio VPN Client. User Guide. Kerio Technologies

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Cisco AnyConnect Secure Mobility Solution Guide

CORE Enterprise on a WAN

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

WhatsUp Gold v16.3 Installation and Configuration Guide

How To Install Sedar On A Workstation

Cloud Attached Storage 5.0

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

VMware Virtual Desktop Manager User Authentication Guide

Chapter 3 LAN Configuration

Aqua Connect Load Balancer User Manual (Mac)

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Managing Remote Access

Barracuda SSL VPN Administrator s Guide

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

IBM Remote Lab Platform Citrix Setup Guide

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

SSL VPN Technology White Paper

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

Fireware XTM v is a maintenance release for XTM 21, XTM 22, and XTM 23 wired and wireless devices.

How To Manage Storage With Novell Storage Manager 3.X For Active Directory

Citrix Access Gateway Plug-in for Windows User Guide

RLP Citrix Setup Guide

Transcription:

Security VPN for Mac E75 Release Notes 8 April 2012 Classification: [Protected]

2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?id=14881 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the E75 home page (http://supportcontent.checkpoint.com/solutions?id=sk69622). Revision History Date 08 April 2012 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on Security VPN for Mac E75 Release Notes).

Contents Important Information... 3 Introduction... 5 Summary of Included Features... 5 Connectivity Features... 6 Security Features... 6 Migrating from SecureClient... 7 Remote Access Clients Comparison... 8 System Requirements... 10 Client Requirements...10 Gateway Requirements...10 Build Numbers...10 Installation... 11 Installing the Security VPN Hotfix...11 Uninstalling a Hotfix...11 Installing the Client...12 Uninstalling the Client...12 Known Limitations... 12

Introduction Introduction Security VPN for Mac is a simple and secure way for endpoints to connect remotely to corporate resources over the Internet, through a VPN tunnel. It incorporates Remote Access VPN with Desktop Security in a single client. It is recommended for managed endpoints that require a simple and transparent remote access experience together with desktop firewall rules. This release replaces SecureClient for Mac. An integrated desktop firewall, is centrally managed from Security Management Server. It requires the IPsec VPN Software Blade on the gateway, an Container license, and the VPN Software Blade on the Security Management Server. Summary of Included Features Security VPN is installed on the desktop or laptop of the user. It has enhanced connectivity, security, installation, and administration capabilities. Main Capability Full IPSec VPN Dead Gateway Detection Multiple Entry Point Visitor Mode NAT-T Hub Mode VPN Tunneling Internet Key Exchange (version 1) support for secure authentication. A Virtual Private Network (VPN) provides a secured, encrypted connection over the Internet to your organization's network. The VPN tunnel gives remote access users the same security that LAN users have. IPSec makes the tunnel seem transparent because users can run any application or service that you do not block for the VPN. (Compare to SSL VPN, which works through web applications only.) If the client fails to receive an encrypted packet within a specified time interval, it sends a tunnel test packet to the gateway. If the tunnel test packet is acknowledged, the gateway is considered active. If several consecutive tunnel test packets remain unacknowledged, the gateway is considered inactive, or dead. You can configure this feature. Provides a gateway High Availability and Load Sharing solution for VPN connections. For Security VPN, in an environment with MEP, more than one gateway protects and gives access to the same VPN domain. MEP lets the Security VPN connect to the VPN from multiple gateways. If the firewall or network limits connections to ports 80 or 443, encrypted (IPSec) traffic between the client and the gateway is tunneled through a regular TCP connection. UDP Encapsulation of IPSec Traffic. Security VPN can connect seamlessly through devices that do not permit native IPSec traffic (such as firewalls and access points). Increases security. It routes all traffic through the VPN and your gateway. At the gateway, the traffic is inspected for malicious content before being passed to the client, and you can control client connectivity. Increases connectivity performance. Encrypts only traffic targeted to the VPN tunnel, and lets users browse more easily to sites where security is not an issue (such as public portals and search engines). Security VPN for Mac Release Notes E75 5

Summary of Included Features Main Capability Desktop Firewall Certificate Enrollment and Renewal Security VPN enforces a Desktop Firewall on remote clients. The administrator defines the Desktop Security Policy in the form of a Rule Base. Rules can be assigned to either specific user groups or all users; this permits the definition of flexible policies. Automatic enrollment and renewal of certificates issued by Check Point Internal CA server. Connectivity Features Feature Automatic Connectivity Detection Roaming Multiple Sites Hotspot Detection Office Mode Machine Idleness Keep-alive Proxy Detection and Replacement Tunnel Idleness Detection If the IPsec VPN network connection is lost, the client seamlessly reconnects without user intervention. If the IP address of a client changes, (for example, if the client on a wireless connection physically connects to a LAN that is not part of the VPN domain), interface roaming maintains the logical connection. Remote access users can define many gateways to connect to the VPN. If you have multiple VPN gateways, users can try another gateway if the previous one is down or overloaded. Automatically detects hotspots that prevent the client system from establishing a VPN tunnel. When a hotspot is detected users have the option to lower the firewall restrictions and register to the hotspot through a browser. Lets a remote client appear to the local network as if it is using a local IP address. Disconnects the VPN tunnel if the machine becomes inactive (because of lock or sleep) for a specified duration. Send keep-alive messages from the client to the VPN gateway to maintain the VPN tunnel. Proxy servers between the client and the gateway are automatically detected and authenticated to if necessary. Idle or inactive VPN tunnels are detected and shut down. Security Features Feature Strong Authentication Schemes: User names and passwords Challenge-Response Keychain software and hardware tokens Including cached passwords. This is an authentication protocol in which one party provides the first string (the challenge), and the other party verifies it with the next string (the response). For authentication to take place, the response must be validated. Security systems that rely on SecurID are based on challenge-response. You can use the keychain to store and access hardware and software tokens. Security VPN for Mac Release Notes E75 6

Migrating from SecureClient Feature SecurID Certificate Enrollment and Renewal Two-factor authentication. An example of a type of SecurID configuration requires a password and a token code. SecurID authentication methods supported by Security VPN: Key Fob, and PIN Pad. Enrollment refers to the process of application for, and receipt of, a certificate from a recognized Certificate Authority (CA), in this case Check Point's Internal CA. In the enrollment process, you create a certificate and send the registration key to users. The client sends this key to the gateway, and in return receives the certificate. Renewal lets the client renew a certificate that is going to expire. Migrating from SecureClient Security VPN for Mac is not compatible with SecureClient for Mac. You must uninstall SecureClient before you install Security VPN. Security VPN for Mac Release Notes E75 7

Remote Access Clients Comparison Remote Access Clients Comparison Feature Security VPN for Windows Check Point Mobile for Windows SecuRemote Security VPN for Mac Client Purpose Secure connectivity with desktop firewall & compliance checks Secure connectivity & compliance checks Basic secure connectivity Secure connectivity with desktop firewall Replaces Client SecureClient NGX R60 Connect R73 SecuRemote NGX R60 SecureClient for Mac Connect R73 IPSEC VPN Tunnel Security Compliance Check (SCV) Integrated Desktop Firewall Split Tunneling Hub Mode Dynamic Optimization of Connection Method Multi Entry Point (MEP) Secondary Connect Office Mode IP Manual only All traffic travels through a secure VPN tunnel. Monitor remote computers to confirm that the configuration complies with organization's security policy. Integrated endpoint firewall centrally managed from a Security Management Server Encrypt only traffic targeted to the VPN tunnel. Pass all connections through the gateway. When NAT-T connectivity is not possible, automatically connect over TCP port 443 (HTTPS port). Client seamlessly connects to an alternative site when the primary site is not available. End-users can connect once and get transparent access to resources, regardless of their location. Each VPN client is assigned an IP from the internal office network. Security VPN for Mac Release Notes E75 8

Remote Access Clients Comparison Feature Security VPN for Windows Check Point Mobile for Windows SecuRemote Security VPN for Mac Back Connection Protocols Support protocols where the client sends its IP to the server and the server initiates a connection back to the client using the IP it receives. These protocols include: Active FTP, X11, some VoIP protocols. Auto Connect and Location Awareness Intelligently detect if the user is outside the internal office network, and automatically connect as required. If the client senses that it is inside the internal network, the VPN connection is terminated. Roaming Tunnel and connections remain active while roaming between networks. Always Connected VPN connection is established whenever the client exits the internal network. Secure Domain Logon (SDL) VPN tunnel and domain connectivity is established as part of Windows login allowing GPO and install scripts to execute on remote machines. Split DNS Resolves internal names with the SecuRemote DNS Server configuration. Hotspot Detection and Registration Detection only Makes it easier for users to find and register with hot spots to connect to the VPN through local portals (such as in hotels or airports). Secure Authentication API (SAA) Allows third party-extensions to the standard authentication schemes. This includes 3-factor and biometrics authentication. Required Licenses On Gateway: IPsec VPN Blade On Management: Container & VPN Blade for all installed endpoints IPsec VPN Blade and Mobile Access Blade (based on concurrent connections) On Gateway: IPsec VPN Blade for an unlimited number of connections On Gateway: IPsec VPN Blade On Management: Container & VPN Blade for all installed endpoints Security VPN for Mac Release Notes E75 9

System Requirements System Requirements Read all requirements carefully. Client Requirements Security VPN E75 can be installed on these Mac platforms in 32 and 64 bit: Mac OS X 10.6 Snow Leopard Mac OS X 10.7 Lion Gateway Requirements These Check Point versions support E75 Security VPN: Check Point Version Security Gateway NGX R65 Version Supported for Security VPN R65.70 and the Security VPN Hotfix for your platform. Security Gateway R70 R70.40 and the Security VPN Hotfix for your platform. R70.50 (no Hotfix required) Security Gateway R71 R71.30 R71.40 R71.50* Security Gateway R75 VSX R65 R75 R75.10 R75.20 R75.30 R75.40* Not Supported VSX R67 R67.10 UTM-1 Edge 8.2.33 *Not yet released. If a Hotfix is required, get it from sk69622 (http://supportcontent.checkpoint.com/solutions?id=sk69622). Build Numbers The build number of the Security VPN for E75 is 835017012. To see the build on your computer, click the client and select Help > About. Security VPN for Mac Release Notes E75 10

Installation Installation Before you install this release, make sure that you have supported gateways, and if necessary, a required Hotfix. If Visitor mode is configured on port 443 and WebUI is enabled on the gateway, the WebUI must listen on a port other than 443. Otherwise, Security VPN cannot connect. Installing the Security VPN Hotfix Install the Security VPN E75 Hotfix on gateways or standalone, self-managed gateway deployments. In a Multi-Domain Security Management environment install the Hotfix on the Multi-Domain Server. If you have R71.30 and higher or R75 and higher installed on a gateway, Security Management Server, or Multi-Domain Server, it can support Security VPN. It is not necessary to install a Hotfix. See the System Requirements section of the Release Notes for exact details. For other supported gateway versions, install the Hotfix. (http://supportcontent.checkpoint.com/solutions?id=sk69622) Before you install the Hotfix: This Hotfix has possible conflicts with other installed Hotfixes. If you can, it is safest to uninstall all Hotfixes installed on the Security Management Server or gateways. See Uninstalling a Hotfix (on page 11). If you cannot uninstall a Hotfix, contact Check Point Technical Support. To install the Hotfix on a Security Gateway or Security Management Server: 1. Download the Hotfix. 2. Copy the Hotfix package to the Security Gateway or Security Management Server. 3. Run the Hotfix: On SecurePlatform, Disk-based IPSO, and Solaris: a) tar -zxvf <name_of_file>.tgz b)./unixinstallscript On Windows platforms: double-click the installation file and follow the instructions. 4. Reboot the Security Gateway or Security Management Server. To install the Hotfix on a Multi-Domain Server: 1. On the Multi-Domain Server, run: mdsenv. 2. Download the Security VPN Hotfix (http://supportcontent.checkpoint.com/solutions?id=sk69622) to the Multi-Domain Server. 3. Run the Hotfix on SecurePlatform and Solaris: a) tar -zxvf <name_of_file>.tgz b)./unixinstallscript 4. Follow the on-screen instructions. 5. Reboot the Multi-Domain Server. Uninstalling a Hotfix If you need to uninstall a Hotfix, use this procedure. To uninstall a Hotfix from a gateway: 1. Go to the installation directory: cd /opt/cpsuite-version/ For example, the installation directory on an R70.40 gateway is: /opt/cpsuite-r70/ 2. Run:./uninstall_<name_of_original_Hotfix_file> Security VPN for Mac Release Notes E75 11

Known Limitations The name of the Hotfix is different for gateway version and for Hotfix functionality. 3. Enter y at the prompt. 4. Reboot the Security Gateway. Installing the Client Install the client on a supported Mac platform booted in 64-bit or 32-bit mode. To install Security VPN for Mac on a client computer: 1. Download the _Security_VPN.dmg file to the client computer. 2. Double-click the file. After the disk image mounts to the file system, a Finder window opens with the contents of the package. 3. Double-click the _Security_VPN.pkg file to start the installation. 4. Follow the on-screen instructions. Uninstalling the Client If necessary, you can uninstall the Security VPN client. To install Security VPN for Mac from a client computer: 1. Double-click the _Security_VPN.dmg file. After the disk image mounts to the file system, a Finder window opens with the contents of the package. 2. Double-click the Uninstaller to start the uninstall process. 3. Follow the on-screen instructions. Known Limitations For known limitations, see sk69623 (http://supportcontent.checkpoint.com/solutions?id=sk69623). Security VPN for Mac Release Notes E75 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information