Check Point Endpoint Remote Access VPN Software
Simplifies endpoint security management

Overview:

Provide users with secure, seamless remote access to corporate networks and resources when traveling or working remotely. Privacy and integrity of sensitive information is ensured through multi-factor authentication, endpoint system compliance scanning and encryption of all transmitted data.

What is Remote Access VPN?

Remote Access VPN ensures that the connections between corporate networks and remote and mobile devices are secure and can be accessed virtually anywhere users are located.

A secure remote access solution promotes collaboration by connecting global virtual teams at headquarters, branch offices, remote locations, or mobile users on the go.

Each host typically has VPN client software loaded or uses a web-based client. Privacy and integrity of sensitive information is ensured through:

• Multi-factor authentication
• Endpoint system compliance scanning
• Encryption of all transmitted data

Benefits:

Secure access to corporate resources while traveling or working remotely

• Full IPsec VPN connectivity for strong authentication and data integrity
• Endpoint compliance scanning protects from malware and intrusions

Simple user experience

• Seamless roaming between networks and automatic session configuration
• Re-establishes lost connections by automatically switching connection modes

Integrated into Check Point Software Blade Architecture

• Activate endpoint remote access protection on any Check Point gateway
• Centrally-managed endpoint solution

Features:

VPN Auto-Connect

VPN auto-connect re-establishes lost connections by automatically switching connection modes. It eliminates the need for users to re-authenticate when roaming between different network types (LAN, WiFi, GPRS, etc.), using intermittent networks or resuming work from sleep mode.

Multi-Factor Authentication Support

The Endpoint Remote Access VPN Software Blade offers comprehensive authentication, including:

• Username and passwords (including cached passwords)
• SecurID
• Challenge / Response
• CAPI software and hardware tokens

Secure Hotspot Registration

With secure hotspot registration, administrators can selectively grant access to hotspot registration sites. Hotspot registration pages are loaded automatically for the user.

Integrated into Check Point Software Blade Architecture

The Endpoint Remote Access VPN Software Blade is integrated into the Software Blade Architecture. Endpoint Security Software Blades from Check Point bring unprecedented flexibility, control and efficiency to the management and deployment of endpoint security. Choose from six Software Blades to deploy only the protection you need, with the freedom to increase security at any time from a single central management console.

IPsec VPN

Check Point Endpoint Remote Access VPN Software Blades support full IPsec VPN connectivity for strong authentication, data integrity and confidentiality. NAT-T standard support enables traversing between static and dynamic Network Address Translation (NAT) devices.

Compliance Scanning

With compliance scanning, endpoints are automatically scanned for malware and suspicious activity to ensure compliance with corporate security policies. Failing endpoints can be directed to remediation.

As an example, administrators can ensure that endpoints are free of malware and have the latest service packs installed before granting access to corporate resources.

Central Management

The Endpoint Remote Access VPN Software Blade is centrally managed by the Endpoint Policy Management Software Blade, enabling central policy administration, enforcement and logging from a single, user-friendly console. Centralized management offers unmatched leverage and control of security policies and multiple deployment options offer easy installation and minimize user impact, for a reduced overall cost of operations.

Secure Remote Access:

Compliance Scanning

Endpoint compliance verifies the security level of the endpoint, and reports back to the Security Gateway. The gateway can allow connectivity to specific network resources, based on compliance level.

Deployment Options

Install our endpoint VPN client in one of three options.

1. Included in Endpoint Security (Windows, macOS)
   • Firewall
   • Application Control (not available on macOS)
   • Remote Access VPN
   • Compliance
2. Standalone Check Point Mobile for Windows
• Remote Access VPN
• Compliance
3. Standalone SecuRemote
   • Remote Access VPN

Central Management

Remote Access VPN is centrally managed, enabling central policy administration, enforcement and logging from a single, user-friendly console. Centralized management offers unmatched leverage and control of security policies.

Mobile Access Option

The Web Portal is best for connecting securely to corporate resources from a web browser. Through an integrated web portal, users can access native corporate applications including web-based resources, shared file and email. Administrators can customize the design of the web portal to match their corporate brand identity.

Specifications:

Specifications
Secure Access	Full IPsec VPN connectivity Compliance checks
Authentication Support	Username/Password (including cached passwords) SecurID RADIUS Challenge/Response CAPI software and hardware tokens P12 certificates
Seamless Tunnel Establishment, Teardown	Transparently establish a VPN tunnel upon demand Re-establishes connections when roaming Automatic tunnel tear down when on the corporate LAN
Remote Access Options
Connect Options	Hotspot detection, Office Mode IP, Split Tunneling, Hub Mode, automatic fallback from NAT-T to HTTPS
SSL VPN Portal	Mobile Access Web Portal SSL Network Extender for Mobile Access Blade Check Point Mobile for iOS and Android Capsule Workspace for iOS and Android
Layer 3 VPN Tunnel	Endpoint Security Remote Access VPN Check Point Mobile for Windows Capsule Connect for iOS and Android Check Point VPN Plugin for Windows 8.1 Check Point Capsule VPN for Windows 10

Documentation:

Download the Check Point Endpoint Remote Access Datasheet (PDF).