Remote Access Clients for Windows 32-bit/64-bit E75.20 Administration Guide

Remote Access Clients for Windows 32-bit/64-bit E75.20 Administration Guide 28 November 2011 © 2011 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: http://supportcontent.checkpoint.com/documentation_download?ID=12320 For additional technical information, visit the Check Point Support Center (http://supportcenter.checkpoint.com). For more about this release, see the home page (http://supportcontent.checkpoint.com/solutions?id=sk65209) at the Check Point Support Center. Revision History Date 28 November 2011 15 September 2011 Description Added Supported Algorithms and Protocols ("Supported Algorithms and" on page 60). Improved formatting and document layout. First draft of this document. Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on Remote Access Clients for Windows 32-bit/64-bit E75.20 Administration Guide). Contents Important Information.........................................................................................3 Introduction to Remote Access Clients..............................................................7 Endpoint Security VPN......................................................................................7 Check Point Mobile for Windows.......................................................................8 SecuRemote ....................................................................................................8 Features Overview............................................................................................8 Connectivity Features in Detail......................................................................9 Security Features in Detail..........................................................................10 Deployment Features .................................................................................10 General Features .......................................................................................11 Topology Architecture.....................................................................................11 Encryption Domains ...................................................................................11 External Resources in Encryption Domain...................................................12 Related Documentation...................................................................................12 Setting Up Remote Access Clients...................................................................14 Installing the Remote Access Clients Hotfix .....................................................14 Required Gateway Settings.............................................................................15 Configuring a Policy Server.............................................................................18 Remote Access Modes ...................................................................................19 Endpoint Security VPN for Unattended Machines (ATMs).................................19 Automatic Upgrade from the Gateway .............................................................19 Configuring Upgrades.................................................................................20 Distributing the Remote Access Clients from a package...................................21 Creating the Client Installation Package ......................................................21 Authentication Schemes and Certificates.....................................................23 Advanced Client Settings............................................................................29 Editing an MSI Package with CLI................................................................32 Installing an MSI Package with CLI.............................................................34 Updating User Sites withthe Update Configuration Tool...................................35 Usage for Update Configuration Tool ..........................................................35 Using the Update Configuration Tool...........................................................35 Helping Your Users...........................................................................................37 Simple Installation...........................................................................................37 Remote Access Clients Client Icon..................................................................37 Helping Users Create a Site............................................................................38 Preparing the Gateway Fingerprint..............................................................38 Using the SiteWizard.................................................................................38 Opening the SiteWizard Again...................................................................39 Helping Users with Basic Client Operations .....................................................40 Configuring Client Features..............................................................................41 Installing Desktop Security Policy....................................................................41 Managing Desktop Firewalls ...........................................................................41 The Desktop Firewall..................................................................................42 Rules.........................................................................................................42 Default Policy.............................................................................................43 Logs and Alerts..........................................................................................43 Wireless Hotspot/Hotel Registration............................................................43 Planning Desktop Security Policy................................................................44 Operations on the Rule Base......................................................................44 Making the Desktop Security Policy ............................................................44 Letting Users Disable the Firewall ...............................................................45 Secure Domain Logon (SDL)...........................................................................45 Configuring SDL.........................................................................................45 Configuring Windows Cached Credentials...................................................46 Using SDL inWindows XP..........................................................................46 SDL inWindows Vista andWindows 7........................................................46 Multiple Entry Point (MEP)..............................................................................47 Configuring Entry Point Choice...................................................................47 Defining MEP Method.................................................................................47 Implicit MEP...............................................................................................48 Manual MEP..............................................................................................49 Making a Desktop Rule for MEP .................................................................50 Configuring Geo-Cluster DNS Name Resolution..........................................50 Secondary Connect........................................................................................51 Configuring Secondary Connect..................................................................51 Secondary Connect for Users.....................................................................52 Global Properties for Remote Access Clients Gateways...................................52 Authentication Settings...............................................................................53 Connect Mode............................................................................................53 Roaming....................................................................................................53 Location Aware Connectivity.......................................................................54 Idle VPN Tunnel.........................................................................................56 Intelligent Auto-Detect................................................................................57 Smart Card Removal Detection...................................................................57 Configuring Hotspot Access........................................................................57 Split DNS .......................................................................................................58 Configuring Split DNS.................................................................................58 Enabling or Disabling Split DNS..................................................................59 Configuring Log Uploads.................................................................................59 Configuring Post Connect Scripts....................................................................60 Office Mode IP Address Lease Duration ..........................................................60 Supported Algorithms and...............................................................................60 Secure Configuration Verification (SCV)..........................................................61 Check Point SCV Checks................................................................................61 Configuring the SCV Policy.............................................................................62 Configuring SCV Enforcement.........................................................................62 Configuring SCV Exceptions ...........................................................................63 Traditional Mode.............................................................................................63 Installing and Running SCV Plugins on the Client.............................................63 SCV Policy Syntax..........................................................................................64 Sets and Sub-sets......................................................................................64 Expressions...............................................................................................64 Logical Sections.........................................................................................65 Expressions and Labels with Special Meanings...........................................66 The local.scv Sets......................................................................................67 SCV Parameters ........................................................................................68 SCV Global Parameters .............................................................................78 Enforcing the SCV Checks .........................................................................80 Sample local.scv Configuration File.............................................................80 Deploying a Third Party SCV Check................................................................86 The Configuration File ......................................................................................87 Editing the TTM File........................................................................................87 Centrally Managing the Configuration File........................................................87 Understanding the Configuration File...............................................................88 Configuration File Parameters.....................................................................89 Monitoring and Troubleshooting......................................................................91 SmartView Tracker and Remote Access Clients...............................................91 Collecting Logs...............................................................................................91 Remote Access Clients Files...........................................................................92 "Unsupported Services" Message....................................................................93 Configuring No-Router Environments ..............................................................94 ... - tailieumienphi.vn