https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-security-encryption-used-E87-50/m-p/211661#M3870 <P>Are you asking a question?<BR />For the initial connection, HTTPS is used.<BR />If the client can use IKE (UDP 500) and NAT-T (UDP 4500), they will be used, else Visitor Mode (on HTTPS) will be used.<BR />This applies to all VPN clients except for SNX (which uses Visitor Mode by design).</P> Wed, 17 Apr 2024 19:10:12 GMT PhoneBoy 2024-04-17T19:10:12Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-security-encryption-used-E87-50/m-p/211651#M3869 <P>Re&nbsp; We are using E87.50 right now.&nbsp;&nbsp; My understanding is that if the fat client (E87.50)can't get out on certain ports it will use sslvpn (443) to get out, but if it can get out on ports ____ - not sure what they are it will use an IPSEC vpn tunnel with encyrption based on Global Properties - Remote Access - VPN authentication and encryption - Encryption algorithms - Edit</P> <P>The cipher suites used if it goes the sslvpn route can be seen with cipher_uitl.</P> Wed, 17 Apr 2024 18:39:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-security-encryption-used-E87-50/m-p/211651#M3869 Daniel_Kavan 2024-04-17T18:39:31Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-security-encryption-used-E87-50/m-p/211661#M3870 <P>Are you asking a question?<BR />For the initial connection, HTTPS is used.<BR />If the client can use IKE (UDP 500) and NAT-T (UDP 4500), they will be used, else Visitor Mode (on HTTPS) will be used.<BR />This applies to all VPN clients except for SNX (which uses Visitor Mode by design).</P> Wed, 17 Apr 2024 19:10:12 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Endpoint-security-encryption-used-E87-50/m-p/211661#M3870 PhoneBoy 2024-04-17T19:10:12Z