Remote Access Clients for Windows



Similar documents
Endpoint Security VPN for Mac

Endpoint Security VPN for Mac

Endpoint Security VPN for Windows 32-bit/64-bit

How To Backup a SmartCenter

Endpoint Security VPN for Mac

R75. Installation and Upgrade Guide

Multi-Domain Security Management

Mobile Access R Administration Guide. 13 August Classification: [Protected]

Remote Filtering Software

Installing and Configuring vcenter Multi-Hypervisor Manager

Security Gateway R75. for Amazon VPC. Getting Started Guide

Remote Access Clients for Windows 32-bit/64-bit

Citrix Access Gateway Plug-in for Windows User Guide

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

NEFSIS DEDICATED SERVER

DameWare Server. Administrator Guide

Embarcadero Performance Center 2.7 Installation Guide

Security Gateway Virtual Appliance R75.40

Remote Application Server Version 14. Last updated:

2X SecureRemoteDesktop. Version 1.1

Verizon Remote Access User Guide

A Guide to New Features in Propalms OneGate 4.0

ez Agent Administrator s Guide

DDoS Protection on the Security Gateway

Getting Started with ESXi Embedded

Remote Application Server Version 14. Last updated:

Mobile Access. R77 Versions. Administration Guide. 6 May Classification: [Protected]



Networking Best Practices Guide. Version 6.5

Pearl Echo Installation Checklist

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

DIGIPASS Authentication for Check Point Security Gateways

Installation and Deployment

How To Install Sedar On A Workstation

Proof of Concept Guide

Mediasite EX server deployment guide

LifeSize Control Installation Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Release Notes for Websense Web Endpoint (32- and 64-bit OS)

Release Notes for Websense Security v7.2

Global VPN Client Getting Started Guide

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Installation Notes for Outpost Network Security (ONS) version 3.2

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

HP Business Availability Center

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Introduction to Mobile Access Gateway Installation

Check Point FW-1/VPN-1 NG/FP3

Core Protection for Virtual Machines 1

Web Filter. SurfControl Web Filter 5.0 Installation Guide. The World s #1 Web & Filtering Company

SSL Network Extender R71. Release Notes

Endpoint Security Client for Mac

Setting Up Scan to SMB on TaskALFA series MFP s.

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

Kerio VPN Client. User Guide. Kerio Technologies

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

VPN CLIENT ADMINISTRATOR S GUIDE

How To Set Up Checkpoint Vpn For A Home Office Worker

RSA SecurID Ready Implementation Guide

Sage Grant Management System Requirements

BorderGuard Client. Version 4.4. November 2013

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

HP IMC Firewall Manager

Installation Guide for Pulse on Windows Server 2008R2

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Kaseya Server Instal ation User Guide June 6, 2008

Remote Filtering Software

Version 3.8. Installation Guide

ZyWALL OTPv2 Support Notes

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

HP Vulnerability and Patch Manager 6.0 software Installation and Configuration Guide

Pre-Installation Instructions

Symantec System Recovery 2013 Management Solution Administrator's Guide

Propalms TSE Deployment Guide

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

TANDBERG MANAGEMENT SUITE 10.0

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

SMART Vantage. Installation guide

1 Introduction to Microsoft Enterprise Desktop Virtualization (MED-V) Terminology Key Capabilities... 4

intertrax Suite resource MGR Web

Endpoint Security Console. Version 3.0 User Guide

LogMeIn Hamachi. Getting Started Guide

How To Connect Checkpoint To Gemalto Sa Server With A Checkpoint Vpn And Connect To A Check Point Wifi With A Cell Phone Or Ipvvv On A Pc Or Ipa (For A Pbv) On A Micro

Abila MIP Mobile. System Requirements

Operating System Installation Guide

FileMaker Pro 11. Running FileMaker Pro 11 on Citrix XenApp

Who s Endian?

Security Gateway for OpenStack

Remote Filtering. Websense Web Security Websense Web Filter. v7.1

Enterprise Manager. Version 6.2. Installation Guide

NetWrix USB Blocker Version 3.6 Quick Start Guide

Kaspersky Lab Mobile Device Management Deployment Guide

HP A-IMC Firewall Manager

FileMaker. Running FileMaker Pro 10 on Citrix Presentation Server

Transcription:

Remote Access Clients for Windows E80.60 Release Notes 3 December 2014 Classification: [Protected]

2014 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses.

Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: (http://supportcontent.checkpoint.com/documentation_download?id=36187) To learn more, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the E80.60 home page (http://supportcontent.checkpoint.com/solutions?id=sk102651 ). Revision History Date Description 03 December 2014 Updated What's New 16 November 2014 Improved layout and formatting 28 October 2014 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=feedback on Remote Access Clients for Windows E80.60 Release Notes).

Contents Important Information... 3 Introduction... 5 What's New... 5 Remote Access Clients Comparison... 6 Remote Access Client Upgrades... 8 Build Numbers... 8 Remote Access VPN Requirements... 8 Security Management Server and Security Gateway Requirements... 8 Client Requirements... 9 ATM Client Hardware Requirements... 9 Additional Requirements... 9 Remote Access Client Installation for Windows... 10 Upgrading SmartDashboard-Managed Clients... 10 Known Limitations... 11

Introduction Introduction Check Point offers multiple enterprise-grade VPN clients to fit a wide variety of organizational needs. The Remote Access VPN stand-alone clients provide a simple and secure way for endpoints to connect remotely to corporate resources over the Internet, through a VPN tunnel, and are all SmartDashboard-managed. These are the stand-alone clients offered in this release: Security VPN - Incorporates Remote Access VPN with Desktop Security in a single client. It is recommended for managed endpoints that require a simple and transparent remote access experience together with desktop firewall rules. Check Point Mobile for Windows - An easy to use IPsec VPN client to connect securely to corporate resources. Together with the Capsule Workspace clients for iphone and Android, and the Check Point SSL VPN portal, this client offers a simple experience that is primarily targeted for non-managed machines. SecuRemote - A secure, yet limited-function IPsec VPN client, primarily targeted for small organizations that require very few remote access clients. See Remote Access Clients Comparison (on page 6) for a detailed feature comparison. Security VPN is also the Remote Access VPN client in the Security Suite. We recommend that you read this document before installing E80.60 Remote Access clients. What's New New in this release: SHA-256 (SHA-2) IPSEC support for Remote Access Clients Data Integrity encryption. Certificate Enhancements: Display the Friendly Name for a certificate. Filter certificates according to the Enhanced Key Usage attribute (certificates without client authentication are not shown). Choose not to show expired certificates in the certificate selection list. Automatic upgrades from the gateway with a customized package. Support for the visually impaired with MSAA (Microsoft active accessibility component) integration. Ability to close open session before you make configuration changes. Improved server certificate verification for less browser warnings. Added support for Certificate Subject Alternative Name (DNS entries only) as part of certificate verification (previously only based on CN). Policy Compression for gateways that support it to enable policy compression for faster topology download. UTF-8 support in all user input fields (user names, passwords, CN). P12 certificate paths still must have only ASCII characters. Dual hotspot detection mechanism. Hotspot registration and mini-browser in Security Suite (was previously in standalone client only). Improved stability, and bug fixes. Remote Access Clients for Windows Release Notes E80.60 5

Remote Access Clients Comparison Remote Access Clients Comparison Feature Security VPN for Windows Check Point Mobile for Windows SecuRemote Security VPN for Mac Description Client Purpose Secure connectivity with desktop firewall & compliance checks Secure connectivity & compliance checks Basic secure connectivity Secure connectivity with desktop firewall Replaces Client SecureClient NGX R60 Connect R73 SecuRemote NGX R60 SecureClient for Mac Connect R73 IPSEC VPN Tunnel Security Compliance Check (SCV) Integrated Desktop Firewall Split Tunneling Hub Mode Dynamic Optimization of Connection Method Multi Entry Point (MEP) Secondary Connect Office Mode IP Manual only All traffic travels through a secure VPN tunnel. Monitor remote computers to confirm that the configuration complies with organization's security policy. Integrated endpoint firewall centrally managed from a Security Management Server Encrypt only traffic targeted to the VPN tunnel. Pass all connections through the gateway. When NAT-T connectivity is not possible, automatically connect over TCP port 443 (HTTPS port). Client seamlessly connects to an alternative site when the primary site is not available. End-users can connect once and get transparent access to resources, regardless of their location. Each VPN client is assigned an IP from the internal office network. Remote Access Clients for Windows Release Notes E80.60 6

Remote Access Clients Comparison Feature Security VPN for Windows Check Point Mobile for Windows SecuRemote Security VPN for Mac Description Back Connection Protocols Support protocols where the client sends its IP to the server and the server initiates a connection back to the client using the IP it receives. These protocols include: Active FTP, X11, some VoIP protocols. Auto Connect and Location Awareness Intelligently detect if the user is outside the internal office network, and automatically connect as required. If the client senses that it is inside the internal network, the VPN connection is terminated. Roaming Tunnel and connections remain active while roaming between networks. Always Connected VPN connection is established whenever the client exits the internal network. Secure Domain Logon (SDL) VPN tunnel and domain connectivity is established as part of Windows login allowing GPO and install scripts to execute on remote machines. Split DNS Resolves internal names with the SecuRemote DNS Server configuration. Hotspot Detection and Registration Detection only Makes it easier for users to find and register with hot spots to connect to the VPN through local portals (such as in hotels or airports). Secure Authentication API (SAA) Allows third party-extensions to the standard authentication schemes. This includes 3-factor and biometrics authentication. Required Licenses On Gateway: IPsec VPN Blade On Management: Container & VPN Blade for all installed endpoints IPsec VPN Blade and Mobile Access Blade (based on concurrent connections) On Gateway: IPsec VPN Blade for an unlimited number of connections On Gateway: IPsec VPN Blade On Management: Container & VPN Blade for all installed endpoints Remote Access Clients for Windows Release Notes E80.60 7

Remote Access Client Upgrades These upgrade paths are available for Remote Access VPN clients: From To See Remote Access Client Upgrades Connect R73.x, E75.x, or E80.x Remote Access Clients, SmartDashboard-managed Connect R73.x, E75.x, or E80.x Remote Access Clients, SmartDashboard-managed clients E80.4x or E80.5x Security suite with or without Remote Access VPN E80.60 Smartmanaged Remote Access VPN E80.60 SmartDashboardmanaged Remote Access VPN E80.60 Smartmanaged Remote Access VPN Upgrading Security Clients in Security E80.60 Administration Guide (http://supportcontent.checkpoint.com /documentation_download?id=24673) See Upgrading SmartDashboard- Managed Clients (on page 10) Upgrading Security Clients in Security E80.60 Administration Guide (http://supportcontent.checkpoint.com /documentation_download?id=24673) Smart-managed Remote Access VPN clients are part of the Security Suite. SmartDashboard-managed Remote Access VPN clients are standalone, without the Security Suite. For upgrades from SecureClient see the Upgrading to Remote Access VPN Clients from SecureClient Guide (http://supportcontent.checkpoint.com/documentation_download?id=24854). Build Numbers The build number for this release is: 986000125 Remote Access VPN Requirements Security Management Server and Security Gateway Requirements For the most up-to-date list of supported operating systems, server and gateway requirements, see: sk67820 (http://supportcontent.checkpoint.com/solutions?id=sk67820). Note - Remote Access VPN requires a supported gateway version. If you use Automatic MEP, the Security Management Server or Multi-Domain Server must also be supported, with the required hotfixes. Remote Access Clients for Windows Release Notes E80.60 8

Client Requirements Remote Access Clients E80.60 can be installed on these Windows platforms: Windows Version Editions Architecture Remote Access VPN Requirements 8.1 with or without Update 1 Enterprise, Pro 32/64 bit BIOS/UEFI 8 Enterprise, Pro 32/64 bit BIOS/UEFI 7 Enterprise, Professional, Ultimate, with or without SP1 32/64 bit Vista Enterprise, Professional, SP1 or higher 32/64 bit XP Professional, SP3 32-bit ATM Client Hardware Requirements These are the minimum hardware requirements for client computers that run the SmartDashboard-based Security VPN ATM package. Component Memory Free disk space CPU Minimum Requirement 256 MB RAM 500 MB Intel Pentium 4 CPU 3.20 GHz or equivalent Additional Requirements To enable Secondary Connect, see the requirements in sk65312 (http://supportcontent.checkpoint.com/solutions?id=sk65312). To enable automatic, implicit MEP (Multiple Entry Points), you must install the Remote Access Clients Hotfix on the Security Management Server and on all Security Gateways. This procedure is not necessary for manual MEP. The Security Management Server and Security Gateway can be installed on open servers or appliances. On UTM-1 appliances, you cannot use the WebUI to install Remote Access Clients. Remote Access Clients cannot be installed on the same device as Check Point Security R73 or R80. If ZoneAlarm is installed on a device, you can install Check Point Mobile for Windows and SecuRemote but not Security VPN. All Security Gateways used as primary MEP connections must support this release, with the Remote Access Clients Hotfix installed. NGX R65.70 Security Gateways must be managed by NGX R65.70 Security Management Servers. The servers must also have the Remote Access Clients Hotfix installed. Remote Access Clients for Windows Release Notes E80.60 9

Remote Access Client Installation for Windows Remote Access Client Installation for Windows You can create packages of the Remote Access Clients with pre-defined settings, such as which client to install, a VPN site and authentication methods. When you deploy the package to users, it is easier for them to connect quickly. See the Remote Access Clients E80.60 Administration Guide (http://supportcontent.checkpoint.com/documentation_download?id=24673) for how to create deployment packages. To install a Remote Access client: 1. Download the Windows Remote Access Clients E80.60 MSI file (http://supportcontent.checkpoint.com/solutions?id=sk102651 ). 2. Double-click the MSI and follow the on-screen instructions. Upgrading SmartDashboard- Managed Clients Get all files from the Security Client E80.60 homepage (http://supportcontent.checkpoint.com/solutions?id=sk102651 ). To automatically update clients to this release of Remote Access Clients or a future release, upgrade the client package on the gateway. Then all clients receive the new package when they next connect. If you have a gateway version that requires the Remote Access Clients Hotfix, make sure that the Hotfix is installed before you put an upgraded package on the gateway. There are two packages: one for ATM installation and one for non-atm installation. Each package has: TRAC_ATM.cab or TRAC.cab ver.ini CheckPointSecurityForATM.msi (packaged in the cab file) CheckPointVPN.msi If you have R71.x with SSL VPN enabled, put the TRAC.cab file in a different directory, as shown in the instructions. Users must have administrator privileges to install an upgrade with an MSI package. Administrative privileges are not required for automatic upgrades from the gateway. Unattended (ATM) Clients You cannot upgrade regular Remote Access Clients and unattended (ATM) Security VPN clients from the same gateway. Important - If you download the Automatic Upgrade for ATM file, you get a file called TRAC_ATM.cab. You must rename it to TRAC.cab before you put it on the gateway. To distribute the Remote Access Clients from the gateway: 1. On the gateway, in the $FWDIR/conf/extender/CSHELL directory, back up the TRAC.cab and trac_ver.txt files. For R71.x, back up the TRAC.cab file in: $CVPNDIR/htdocs/SNX/CSHELL 2. Download the Remote Access Clients E80.60 Automatic Upgrade file from the sk homepage. Remote Access Clients for Windows Release Notes E80.60 10

Known Limitations 3. Put the new TRAC.cab and ver.ini files in the same directory on the gateway: $FWDIR/conf/extender/CSHELL For R71.x, put the TRAC.cab file also in: $CVPNDIR/htdocs/SNX/CSHELL 4. On a non-windows gateway, run: chmod 750 TRAC.cab 5. Edit the trac_ver.txt file in the directory and change the version number to the number in the new ver.ini. 6. Make sure the client upgrade mode is set: a) Open the SmartDashboard. b) Open Policy > Global Properties > Remote Access > Connect. c) Set the Client upgrade mode to Ask user (to let user confirm upgrade) or Always upgrade (automatic upgrade). d) Click OK. 7. Install the policy. When the client connects to the gateway, the user is prompted for an automatic upgrade of the newer version. If users had Security VPN R75, it keeps the existing settings. If users had Connect R73, it automatically upgrades to Security VPN. 8. When the ATM client is installed with No Office Mode, those attributes will not change during upgrade. If the client is automatically upgraded, it is an ATM client with No Office Mode. In this release you can distribute a customized package from the gateway. See Upgrading with a Customized Package in the E80.60 Remote Access Clients Administration Guide. Known Limitations For known limitation that apply to this release, see sk102652 (http://supportcontent.checkpoint.com/solutions?id=sk102652). Remote Access Clients for Windows Release Notes E80.60 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information