Create a Post
Showing results for 
Search instead for 
Did you mean: 

Remote Access VPN Solutions

Hi All,

I have some questions for you about VPN on Check Point, because im new on Check Point solution, im sorry if i have basic question.

  1. Per this article, Check Point has many models and type of RA VPN. If the requirement are VPN solution can protect the endpoint + has capabilities security capabilities like antivirus for Mobile Devices (Android, iOS), can Check Point firewall achieve it? or need buy another license or solution?
    Because in the article said, that required "Mobile Access Software Blade on the Security Gateway" for Android and iOS, but no information about endpoint feature(Anti Virus).

  2. And for Corporate Devices (mostly Windows), i can go with "Harmony Endpoint" option based on the article, but my question is about the licensing, do you know guys about the SKU "Endpoint Policy Management Software Blade" and "Endpoint Security Container" in the catalog? I spent ~30 minutes but cant find those SKU.

  3. For simple VPN, mostly for the vendor to remote the firewall, switch or server in the office, can i offer "SecuRemote" to customer? because it's free but have limited functionality, honestly i dont know what the limitation is haha

  4. Is "SecuRemote" and SSL Network Extender (SNX) can perform split or full tunneling?

Thank you guys, appreciated your support and feedback! Thank you so much!

0 Kudos
2 Replies

If you're wanting protection on Mobile Phones, you will want Harmony Mobile, which is a separate solution from Harmony Endpoint, which is for protecting PCs and Macs.

The licensing for the management of Harmony Endpoint can be achieved a couple of different ways:

  • Included with Network Security management (e.g. an NGSM-x or Smart-1 appliance)
  • Included cloud-based management (managed through Infinity Portal)
  • One of the following SKUs to run the management on Open Server or a VM: CPSM-P1003-E, CPSM-P2503-E, CPSM-P2503-E (for 1000 endpoints, 2500 endpoints, or unlimited respectively)

For simple VPN, your options are:

With any of the VPN solutions, you can either do split or full tunneling, but keep in mind it's a global setting.
You can allow users to choose or you can force a specific setting. 

Hope that helps.


A quote for license pricing and blades / containers needed is usually generated by your CP partner who knows about the sizing and blade selection options. Concerning pt. 3 + 4: SecuRemote is only usable in very special situations (especially by RA VPN clients with fixed IP) as it does not offer OfficeMode. SNX should be used with the MAB blade, but not legacy SNX.

CCSE CCTE SMB Specialist
0 Kudos