Check Point VPN Solution

VPN
1

Hi Check Point Members,

I have some questions for you about VPN on Check Point, my customer have idea to buy other firewall as a VPN Concentrator, and now the choice is between Check Point and Sophos.

Because im new on Check Point solution, im sorry if i have basic or stupid question.

  1. Per this article, Check Point has many models and type of RA VPN. If the requirement are VPN solution can protect the endpoint + has capabilities such as Anti Virus for Mobile Devices (Android, iOS), can Check Point firewall achieve it? or need buy another license or solution?
    Because in the article said, that required “Mobile Access Software Blade on the Security Gateway” for Android and iOS, but no information about endpoint feature(Anti Virus).
  2. And for Corporate Devices (mostly Windows), i can go with “Harmony Endpoint” option based on the article, but my question is about the licensing, do you know guys about the SKU “Endpoint Policy Management Software Blade” and “Endpoint Security Container” in the catalog? I spent ~30 minutes but cant find those SKU.
  3. For simple VPN, mostly for the vendor to remote the firewall, switch or server in the office, can i offer "SecuRemote" to customer? because it’s free but have limited functionality, honestly i dont know what the limitation is haha
  4. Is "SecuRemote" and SSL Network Extender (SNX) can perform split or full tunneling?

Thank you guys, i hope get the best answer from this community. Appreciated your support and feedback! Thank you so much!

2

I believe they have something new called Harmony Connect. If you know someone at checkpoint, I would ask.

3

Hi. You’ll probably get more discussion and answers on checkmates community! :slight_smile:

What i can answer on top of my head;

  1. Protection for Endpoints incl. Mobile requires seperate licenses.

  2. If you can or prefer, use cloud version and you dont have to deal with additional management licenses & cost.

As someone else mentioned, check out Harmony Connect, you can provide easy access for users, byod and contractors

4

  1. Check Point Harmony Endpoint would scratch the itch here. There are three types of licensing: Basic, Advanced, and Complete. Each of these includes the VPN client built in. Gateways come with 5 mobile access licenses for mobile devices. Then, I believe 50 is the next level of licenses required to buy.

CPEP-SBA-BASIC-1Y

CPEP-SBA-ADVANCED-1Y

CPEP-SBA-COMPLETE-1Y

  1. I would just use the Check Point Remote access client. They would log in the same way the rest of your users do.

  2. Yes, I believe that is a global VPN setting though. Either all traffic is split-tunneled or it isn’t.