This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
crescentwire
Employee
Employee
‎2025-04-11 06:25 AM

Flowchart for choosing the right Remote Access VPN option

Update (June 2025):

I've made the original, editable version of this flowchart publicly available on GitHub for anyone who wants to contribute, fork it, or help improve it going forward.

You can find it here: https://github.com/crescentwire/cp-ra-vpn-flowchart

I do not plan to maintain this document personally, but I hope this makes it easier for the community to build on the original work and keep it current over time. Contributions are welcome!

---

Hey everyone, as a long-time customer and now-employee of Check Point, it's not always been easy to navigate our remote access VPN solutions. There are a lot of them, and while they have specific use cases and relevance, it can sometimes feel overwhelming to sift through them and choose the right one.

I've put together a flow chart that details all options (as of April 2025) in hopes this makes your life easier. Even though I'm on the vendor side now, the customer side of the table is only arms' length--and I want to help and empower wherever I can.

Thanks so much for your time and I hope this is helpful to you.

(Image below is a preview; the attached PDF has active hyperlinks--please download and use this instead of the image.)

CP_RAVPN_Options_Flowchart_MIbarra.png

Preview file
1517 KB
(3)
13 Replies
the_rock
Legend
Legend
‎2025-04-11 06:30 AM

EXCELLENT!

Danny
Champion Champion
Champion
‎2025-04-13 03:19 AM

Thank you! Please:

  • keep this overview up-to-date
  • put it into an official Check Point SK article
  • add a column that details if IPv6 is supported
  • add a column about the supported crypto suites
  • add a column to describe how to monitor those specific users in the GUI and on CLI
  • add version information to your PDF document
  • add more info about the SASE client
  • add info regarding capsule workspace as it's not supported anymore
  • add info regarding RAS-VPN login options to SMB appliances
  • share the draw.io chart with us so we can extend the document as a community
the_rock
Legend
Legend
‎2025-04-13 06:06 AM
In response to Danny

Great ideas @Danny 

0 Kudos
crescentwire
Employee
Employee
a week ago
In response to Danny

Hi @Danny , thanks for all these suggestions. You are welcome to add as much as you like within the public GitHub repository I've made available for community contributions. Please see my update in the original post's body above.

0 Kudos
Oliver_Fink
Advisor
Advisor
‎2025-04-14 11:04 PM

Great work. I would like to mention that Capsule Workspace is discontinued – EoS 12/2024.

0 Kudos
crescentwire
Employee
Employee
‎2025-04-15 07:09 AM
In response to Oliver_Fink

Thanks, @Oliver_Fink . The Capsule Workspace row does actually indicate it's end of support as of December 2024. Maybe I need to make that more bold/clearer.

Appreciate your support and feedback.

0 Kudos
Danny
Champion Champion
Champion
‎2025-04-15 08:59 AM
In response to crescentwire

@crescentwire : It's already clearly marked as discontinued but your title says "choosing the right Remote Access VPN option" and then your flowchart mentions a discontinued product which cannot be the right solution by its status. As you're a Check Point employee, we would appreciate official guidance for users who need mobile device support, which was previously provided by Mobile Workspace. If there isn't a successor or supported alternative, it might be better not to include it as a RAS VPN option.

0 Kudos
crescentwire
Employee
Employee
‎2025-04-15 09:07 AM
In response to Danny

Thanks, Danny. I appreciate your perspective.

I was trying to document all possible solutions, which historically has included Capsule Workspace. Because I used our SKs as a guide for building this flowchart--and because CW is still mentioned in these SKs (see sk67820 - Check Point Remote Access Solutions - Gateway-Based Access and sk84560 - Check Point VPN License Guide)--I wanted to draw attention to it here. 

But, you are right that it shouldn't be available as an option since it's been discontinued. I've removed it from the diagram and will reupload the fixed version shortly.

Thanks again.

0 Kudos
Ted_Serreyn
Collaborator
‎2025-04-28 09:00 AM
In response to crescentwire

well if we are going with all possible solutions, the linux support should mention the snx client for linux.

 

In addition, it may be a good place to mention the snx-rs client.  I've been using this to do some automated testing.

(1)
the_rock
Legend
Legend
‎2025-04-28 09:09 AM
In response to Ted_Serreyn

Im pretty sure it will be fully updated.

Andy

0 Kudos
Steven_Sultana
Contributor
‎2025-04-30 02:20 AM

It maybe useful to elaboration on the first decision - do you want traditional VPN or SASE?

Eg. if you want compliance on mobile devices, SASE is the way to go. If you have multiple sites and/or multi-cloud, SASE is possibly "better/preferred/more streamlined/less complex" than traditional MEP/Secondary Connect technology. Etc.

0 Kudos
the_rock
Legend
Legend
‎2025-04-30 05:00 AM
In response to Steven_Sultana

Super valid point Steven.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
a week ago

The listed sk171419 is not found...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events