Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
valterj
Participant

Mobile Access Blade

Hi All. 

In my SGW Cluster configuration, in VPN Clients, I need to specify which clients is allowed to connect to GW. But, if I enable Mobile Access blade, the initial configuration has the exactly same options.

What is the difference about use or not this blade? Which additional options this blade should provide me? Should I accept remote client connections without use Mobile Access blade? It's not clear for me. 

With best regards. 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

Mobile Access Blade provides a web portal to access web-based applications.
If you’re just allowing remote access through VPN clients, that can be done via the VPN blade.

valterj
Participant

Hi Phoneboy. Thank you for your answer. 

That was exactly my doubt. Why I have to specify which clientes I'd like to use, if Mobile Access will provide a web portal access? So I'll use any browser, not a VPN Client. 

Regards. 

PhoneBoy
Admin
Admin

A client-based VPN and clientless VPN are completely different types of access that serve different use cases.
They also require very different configuration.
Also, not every web-based application will work with Mobile Access.
It really depends on what kind of users you have and what they will access as to which method you'll use.
You might use both.

If you're interested in Mobile Access, I'd start with the documentation: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_MobileAccess_AdminGuide/Defa... 

0 Kudos
valterj
Participant

Thank you again. 

My point is: considering that Mobile Access is a paid feature, which advantages should I have using them instead a regular VPN client (or clientless model)? I'm confused because, in terms of Cluster configuration, we need to specify which clients are allowed to connect to gateway, so I can't see the difference yet. 

Regards. 

0 Kudos
the_rock
Authority
Authority

Well, keep in mind also, you can use app on the phones called capsule VPN, which sort of acts like a vpn client from windows/mac machines. Users create a site, authenticate and they can access pretty much whatever internal resources they are allowed to access, based on gateway policy.

 

Is there something in particular you are concerned about?

0 Kudos
PhoneBoy
Admin
Admin

The only "free" option is SecuRemote which is fairly limited in terms of useful situations.
See: https://community.checkpoint.com/t5/Remote-Access-VPN/Quick-Primer-on-How-to-Configure-your-Gateway-...

Both "client" and "clientless" options require some sort of license, which is an extra cost.
I believe all modern gateway licenses come with a five user Mobile Access license, which enables both options.
SMB gateways include more than this (depends on the model).
For additional users, you will either need to buy one of:

  • A Mobile Access license (either 50, 200, or Unlimited users, licensed based on concurrent connections)
  • Harmony Endpoint licenses (buy as many as needed, but licensed based on number of clients installed)
  • CPEP-ACCESS licenses (not in the Product Catalog, but still orderable), which are "Endpoint Security VPN" (includes Desktop Firewall + Compliance). Licensed based on number of clients installed.

It depends on what kind of access you want to allow from what kind of device.
And, of course, what you have licenses for.