Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abihsot__
Advisor

Secure workspace browser support

Hello,

I just wanted to clarify if I understand correctly the documents. So sk113410 states that:

The Check Point Mobile Access Portal offers a variety of on-demand client technologies, including SSL Network Extender, Compliance Scan and Secure Workspace.

Which means I can start workspace from any modern browser, but once I am there I am bound to the list of apps defined here - sk114454, which in turn have the following browsers listed:

  • IE
  • firefox
  • netscape (who uses that???)

Are there any plans to have modern browsers working inside secure workspace? Maybe there is an alternative product in Checkpoint portfolio with same functionalities?

12 Replies
PhoneBoy
Admin
Admin

Firefox isn’t a modern browser?
Maybe @AndreiR can comment on supporting other browsers in Secure Workspace.
My guess, and this is only a guess, is that Chrome and browsers based on Chromium cannot be properly sandboxed.
As a result, we don't allow them in Secure Workspace. 

What’s your precise use case for Secure Workspace and a browser?

0 Kudos
abihsot__
Advisor

Hello,

Thanks for reply. Yes, firefox is modern, but that's the only choice - not much of an alternative. Seeing such list I was wondering if this is some kind of technical limitation or the product just didn't get enough love lately. 

Anyway, at the moment we use IE, but that will disappear in not too distant future, therefore I was thinking what is the future of this product. The use case is to be able to work with a website remotely in a secure environment, where data cannot leave it. Once work is done and session is closed, data stored in that workspace is wiped out.

0 Kudos
abihsot__
Advisor

Any ideas? Wanted to bump the thread. 

0 Kudos
AndreiR
Employee
Employee

@PhoneBoy is correct. Chrome as well as majority of other modern browsers can't be properly sandboxed by Secure Workspace. This is the reason why we support IE only inside SWS.

0 Kudos
abihsot__
Advisor

In this case, may I ask what is the future of this product (Secure Workspace)? Is there any other product in Checkpoint portfolio which gives something similar features?

0 Kudos
PhoneBoy
Admin
Admin

The more modern approach is to remotely access a desktop that is hosted elsewhere that includes the necessary applications/access.
This eliminates many of the issues with attempting to sandbox a desktop operating system and allows the use of many more applications.
It also keeps the data on-premise.
It requires the use of RDP, which can be done securely using Mobile Access Blade and a web browser (using Guacamole or similar HTML5 proxy).
We also offer this as part of Harmony Connect as well.

0 Kudos
abihsot__
Advisor

Sure, usage of RDP is very clear, however it requires to setup machine in a such way that you can't take anything from it. Disabling copy-paste, etc. Hence I was looking for a complete product in this case.

0 Kudos
PhoneBoy
Admin
Admin

With direct RDP (which is not recommended), you are correct.
If you configure using Mobile Access Blade + Guacamole, file transfers are prohibited by design and I believe you can control clipboard access to/from the local PC.
With Harmony Connect, you configure it when you establish the definition for the RDP server.

Screen Shot 2021-03-16 at 9.31.31 AM.png

 

Antonis_Hassiot
Contributor

We are also wondering whether SSL Network extender will still work after IE gets entirely removed from windows 10. We use SNX and Secure Workspace in our environment.

SNX automatically launches IE from within SWS for our users to connect to the Application they need, in our case RDP. 

My guess is that this wouldn't be possible using firefox or other browser is that correct? 

I see that support for SWS is still there, since Checkpoint is updating the MABDA for 80.30 and later releases, but can we have an official statement on how this is supposed to work without IE?

0 Kudos
PhoneBoy
Admin
Admin

Unfortunately, modern browsers operate in a way that can't easily be sandboxed.
If the main application is RDP, there are ways to provide access to that via HTML5.
It does require setting up Guacamole or another similar HTML5 to RDP proxy, which can control copy/paste and file transfer between the local and remote desktop.
This is supported natively with Mobile Access Blade with R81 gateways. 

0 Kudos
Antonis_Hassiot
Contributor

We tested Secure Workspace on Windows 11. We noted that Secure Workspace fails to launch properly. 

We get a black screen as soon as the desktop switches over. 

Still wondering whether Checkpoint intends to continue support for Secure Workspace + SSL Network Extender solution on Windows 11 with IE not being present anymore. 

On another note, is the Guacamole solution supported on R.80.40? We see that there is support for Integrated Guacamole on R80.30 with Guacamole hotfix and R81 on this page: 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_MobileAccess_AdminGuide/Topics-MAB...

Also, does this mean that the user will experience an RDP session through a web browser? We have found this type of solution to not be very good for the user. The problem is the working window becomes very small when running through a browser and the user experience doesn't improve with running the browser in full screen. 

0 Kudos
PhoneBoy
Admin
Admin

Guacamole support was added to maintrain in R81 and was not made available in R80.40.

At the moment, we don’t have finalized dates for when we will add support for Windows 11 and Secure Workspace/SNX.
If this is critical for you, I recommend working with your local Check Point office on the requirement.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events