Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abihsot__
Advisor

Secure workspace browser support

Hello,

I just wanted to clarify if I understand correctly the documents. So sk113410 states that:

The Check Point Mobile Access Portal offers a variety of on-demand client technologies, including SSL Network Extender, Compliance Scan and Secure Workspace.

Which means I can start workspace from any modern browser, but once I am there I am bound to the list of apps defined here - sk114454, which in turn have the following browsers listed:

  • IE
  • firefox
  • netscape (who uses that???)

Are there any plans to have modern browsers working inside secure workspace? Maybe there is an alternative product in Checkpoint portfolio with same functionalities?

10 Replies
PhoneBoy
Admin
Admin

Firefox isn’t a modern browser?
Maybe @AndreiR can comment on supporting other browsers in Secure Workspace.
My guess, and this is only a guess, is that Chrome and browsers based on Chromium cannot be properly sandboxed.
As a result, we don't allow them in Secure Workspace. 

What’s your precise use case for Secure Workspace and a browser?

0 Kudos
abihsot__
Advisor

Hello,

Thanks for reply. Yes, firefox is modern, but that's the only choice - not much of an alternative. Seeing such list I was wondering if this is some kind of technical limitation or the product just didn't get enough love lately. 

Anyway, at the moment we use IE, but that will disappear in not too distant future, therefore I was thinking what is the future of this product. The use case is to be able to work with a website remotely in a secure environment, where data cannot leave it. Once work is done and session is closed, data stored in that workspace is wiped out.

0 Kudos
abihsot__
Advisor

Any ideas? Wanted to bump the thread. 

0 Kudos
AndreiR
Employee
Employee

@PhoneBoy is correct. Chrome as well as majority of other modern browsers can't be properly sandboxed by Secure Workspace. This is the reason why we support IE only inside SWS.

0 Kudos
abihsot__
Advisor

In this case, may I ask what is the future of this product (Secure Workspace)? Is there any other product in Checkpoint portfolio which gives something similar features?

0 Kudos
PhoneBoy
Admin
Admin

The more modern approach is to remotely access a desktop that is hosted elsewhere that includes the necessary applications/access.
This eliminates many of the issues with attempting to sandbox a desktop operating system and allows the use of many more applications.
It also keeps the data on-premise.
It requires the use of RDP, which can be done securely using Mobile Access Blade and a web browser (using Guacamole or similar HTML5 proxy).
We also offer this as part of Harmony Connect as well.

0 Kudos
abihsot__
Advisor

Sure, usage of RDP is very clear, however it requires to setup machine in a such way that you can't take anything from it. Disabling copy-paste, etc. Hence I was looking for a complete product in this case.

0 Kudos
PhoneBoy
Admin
Admin

With direct RDP (which is not recommended), you are correct.
If you configure using Mobile Access Blade + Guacamole, file transfers are prohibited by design and I believe you can control clipboard access to/from the local PC.
With Harmony Connect, you configure it when you establish the definition for the RDP server.

Screen Shot 2021-03-16 at 9.31.31 AM.png

 

Antonis_Hassiot
Contributor

We are also wondering whether SSL Network extender will still work after IE gets entirely removed from windows 10. We use SNX and Secure Workspace in our environment.

SNX automatically launches IE from within SWS for our users to connect to the Application they need, in our case RDP. 

My guess is that this wouldn't be possible using firefox or other browser is that correct? 

I see that support for SWS is still there, since Checkpoint is updating the MABDA for 80.30 and later releases, but can we have an official statement on how this is supposed to work without IE?

0 Kudos
PhoneBoy
Admin
Admin

Unfortunately, modern browsers operate in a way that can't easily be sandboxed.
If the main application is RDP, there are ways to provide access to that via HTML5.
It does require setting up Guacamole or another similar HTML5 to RDP proxy, which can control copy/paste and file transfer between the local and remote desktop.
This is supported natively with Mobile Access Blade with R81 gateways. 

0 Kudos