Check Point Mobile Access adds extra security to existing appliances

Expert Karen Scarfone examines the Check Point Mobile Access Software Blade and explains how it encrypts communications between client computers and enterprise networks.

The Check Point Mobile Access Software Blade is an SSL VPN product. SSL VPN products safeguard the confidentiality and integrity of communications passing over networks, which is particularly important if any of those networks are unsecured or are outside the organization's control (e.g., a coffee shop Wi-Fi network).

Most SSL VPN products, including the Check Point Mobile Access Software Blade, are designed to support and secure remote access for desktops, laptops, smartphones and tablets.

Several Check Point appliances support Check Point Mobile Access software

There is only one version of the Check Point Mobile Access product. It is deployed on an existing Check Point Security Gateway. Models of Check Point appliances that support it include the following:

  • Check Point 2200 security gateway appliance (small office);
  • Check Point 4000 security gateway appliance (enterprise);
  • Check Point 12000 security gateway appliance (data center);
  • Check Point 21400 security gateway appliance (high end);
  • Check Point 61000 security gateway appliance (extreme high end);
  • Check Point Power-1 appliance (high performance);
  • Check Point UTM-1 desktop appliance (small and medium offices); and
  • Check Point Integrated Appliance Solution (medium and large offices).

Client and authentication support for Check Point Mobile Access

There are four approaches to SSL VPN client software: clientless, browser plug-in, stand-alone executable and mobile app. The Check Point Mobile Access Software Blade supports all of these, except stand-alone executable. However, Check Point provides two mobile apps for SSL VPN access, so there are four different client options:

  • Clientless, which works from virtually any desktop or laptop operating system.
  • SSL Network Extender, which is a browser plug-in for desktop and laptop operating systems. It allows for more access than the clientless option, such as to non-web applications.
  • Check Point Mobile app, which provides access to a portal from a mobile device web browser. This app is supported on iOS, Android and Windows mobile devices.
  • Check Point Mobile VPN app, which is for iOS and Android devices. It provides a greater degree of access to resources than the Check Point Mobile app.

The Check Point Mobile Access SSL VPN supports two-factor authentication, which is widely recommended for remote access users. Another authentication option is one-time passwords that are sent via text message to smartphones or tablets, which can help enable two-factor authentication, as well.

The Check Point Mobile Access software also supports linking a user and a device together, so that only authorized user/device combinations can use the remote access product. This is done through the use and verification of digital certificates. Single sign-on support is also provided, so users don't have to reauthenticate to access resources.

Enterprise security policy enforcement is provided by the Check Point Mobile Access product. For example, it can restrict which applications can be run within the user workspace established by the SSL VPN client.

Because the Check Point Mobile Access Software Blade is an add-on to existing appliances, there is a fee for enabling its use. There are no restrictions on the number of concurrent users, except for the limits naturally enforced by the hardware of the appliances. Trials of the blade software and the appliances themselves are available here.

The Check Point Mobile Access Software Blade product is supported by a wide range of Check Point appliances, so it can be a viable product for organizations of any size. It supports four types of clients, which enables virtually any desktop or laptop, as well as mobile devices running iOS, Android or Windows, to use the SSL VPN product. The product supports multiple authentication products and features, including single sign-on, and it allows for enforcement of enterprise security policies on client devices.

The Check Point Mobile Access Software Blade is an option for most organizations, especially those that already have a Check Point Security Gateway deployed.

Next Steps

Check out the other SSL VPN products covered in this series: Barracuda SSL VPN, Cisco IOS SSL VPN, Juniper Networks SA Series, Dell SonicWALL Secure Remote Access and OpenVPN Access Server.

Introduction to SSL VPN products in the enterprise

Learn about the three enterprise benefits of SSL VPN products

Comparing the top SSL VPN products

This was last published in March 2017

Dig Deeper on Network security