Updated 1/14/2014 CHECK POINT MOBILE ACCESS VPN SUMMARY Mobile Access is an SSL VPN service by Check Point. A VPN allows remote access to internally hosted services and applications using a web browser. There is an 8 hour time limit when using Mobile Access. After the 8 hour time period has expired, the user must re-connect to the VPN service. REQUIREMENTS a. Personal Certificate File (PKCS format). This certificate is based on the domain user who requires the VPN access. Contact the Help Desk to obtain the certificate and specify the domain user account in the request. b. Active Directory group permissions to access and use VPN services. Contact the Help Desk to request permission to use Mobile Access. c. Internet Explorer is the preferred web browser to use with Check Point Mobile Access. However, other browsers are compatible such as Mozilla Firefox and Chrome. Support for other browsers is limited. CCAS IT Services Check Point Mobile Access VPN 1
PRE-REQUIREMENTS 1. Add the URL for the Check Point Mobile Access service to the list of Trusted Sites. a. Open Internet Explorer, click Tools Internet Options b. Select Security c. Select Trusted Sites, click Sites. d. Type the URL https://access.lcred.net in the box provided, click Add. Click Close. 2. Install the Personal Certificate. See manual Import Personal Certificate from a File. 3. Configure Certificate-based credentials. This step must be done after completing Step #2. a. Open the Control Panel Credential Manager b. Find the section, Certificate-Based credentials, click Add a certificated-based credentials. c. In the Internet or network address box, type: access.lcred.net d. Click Select Certificate. The list of installed Personal Certificates will appear. Select your certificate, click OK. CCAS IT Services Check Point Mobile Access VPN 2
e. Review the information, click OK. 4. Remove any previously installed VPN software. This includes Check Point EndPoint Connect Client or Check Point Connectra SSL Extender. Uninstall the software via the Control Panel. a. Click Programs and Features (Windows XP: Add/Remove Programs). In the list of programs, find the VPN software, select it and click Uninstall or Remove. Follow the prompts. You may have to restart your computer after removing the VPN software. CCAS IT Services Check Point Mobile Access VPN 3
INSTALLATION 1. Open Internet Explorer. Type in the URL in the address box provided: https://access.lcred.net/sslvpn Add the URL to the Favorites for easy access. 2. The Mobile Access login will appear. Select Certificate Sign In, click Sign In. 3. [OPTIONAL] If all the Pre-Requirements were completed, this prompt will not appear. Select your certificate from the list, click OK. 4. When accessing Mobile Access for the first time, it is necessary to click connect manually. To do so, click the Connect button. See Appendix A to modify the Mobile Access settings to allow automatic connect. CCAS IT Services Check Point Mobile Access VPN 4
5. The Check Point Deployment Agent will install. Click Trust Server. 6. The Check Point SSL Network Extender Service will install. This may take a few minutes. When complete, a message will appear to confirm that you have reached the SSL Network Extender gateway. Click OK. 7. Once connected to the VPN, the status window will show the virtual IP and the remaining time available. When finished using the VPN, click Disconnect. CCAS IT Services Check Point Mobile Access VPN 5
APPENDIX A SUMMARY Follow the instructions below to configure Check Point Mobile Access to automatically connect after authenticating. 1. When connected to the Mobile Access VPN service, click Settings located in the Native Applications area. 2. In the section When signing-in launch SSL Network Extender, select Automatically, click OK. CCAS IT Services Check Point Mobile Access VPN 6
APPENDIX B SUMMARY In some instances corruption of the Check Point SSL Network Extender Service may occur when using Internet Explorer. The service is a critical component of the Mobile Access application. When corruption occurs, users may experience connection issues when attempting to connect to the VPN. Users may see the following error message: SSL Network Extender Server is down and could not be started. To date, issues using Mobile Access only occur on 64-bit operating systems (Windows 7 and MacOS). Perform the following steps to resolve this issue. Use the workaround solution if in a time sensitive situation. The Issue Resolution is the preferred method. WORKAROUND Connect to Mobile Access using another web browser. (ie: Chrome or Firefox) The preferred alternative is to use Chrome because it utilizes Internet Explorers security certificate stores. To use Firefox as an alternative, you must install the personal certificate in Firefox. Contact the Help Desk to obtain instructions on how to do this. RESOLUTION 1. Remove all instances of Check Point programs from the Control Panel Programs & Features. 2. Reset Internet Explorer by performing the following steps: o Open Internet Explorer Internet Options o Select Advanced tab o Click Reset. CCAS IT Services Check Point Mobile Access VPN 7
3. Click Reset. It IS NOT necessary to delete personal settings. Make sure Delete personal settings remains UNCHECKED. 4. Restart the computer. This is mandatory. Attempt to connect to Mobile Access. You will be prompted to reinstall the Check Point components for Mobile Access again. CCAS IT Services Check Point Mobile Access VPN 8
APPENDIX C CHECK POINT MOBILE ACCESS JAVA ISSUE A new version of Java was released (Version 7 Updated 51) which introduces a new security feature. This new feature causes an issue with the Check Point Mobile Access VPN service. If you use this service, please read on. Some employees use this service to access SAP. If you do not use this service, please ignore this message. If you are a Mobile Access VPN user, we kindly ask you to upgrade the version of Java installed on your computer to version 7 Update 51. The latest version of Java can be downloaded using this link. http://javadl.sun.com/webapps/download/autodl?bundleid=83383 After installing the latest version of Java, the following steps must be performed, otherwise an error will occur when trying to use Mobile Access. 1. Access the Control Panel Java. 2. The Java Control Panel will appear. Click on the Security Tab, then click Edit Site List. CCAS IT Services Check Point Mobile Access VPN 9
3. The Exception Site List will appear, click Add. 4. Add the following URLs https://access.lcred.net http://access.lcred.net After adding this URL, a message will appear, click Continue When both sites have been added, click OK. 5. Connect to the Mobile Access VPN service like normal. If you need assistance with configuring the new version of Java or continue to have an issue accessing the Mobile Access VPN service, please contact the Help Desk at helpdesk@serviciosrc.org CCAS IT Services Check Point Mobile Access VPN 10
How to verify what version of Java is installed. 1. Access the Control Panel Click Java. 2. In the General tab, click About. CCAS IT Services Check Point Mobile Access VPN 11