Still studying for my CCSE... now I am at the point where I want to dig deeper into the Mobile Access solutions that Check Point offers. To be precise, I am just kind of confused regarding all the different client solutions. So I'd like to write down what I understood so far and be very glad if you guys could correct me if something is wrong. Also useful links to SKs that explain the differences in detail would be appreciated.
=> Check Point Mobile
- available for Windows, iOS, Android
- IPsec tunnel for Windows installations
- SSL tunnel for iOS/Android
- no further endpoint security - just a remote access client without any further features that would be used if the endpoint is not connected to the corporate network via the RA tunnel
- remote access client available for Windows only
- connects to the corporate gateway via an IPsec tunnel
- also no further features - it's just a remote access solution
- seems to be free (no license for the endpoint site required) [?]
=> Check Point Capsule [Workspace]
- remote access client available for Android and iOS only
- offers a SSL based tunnel solution
- comes together with the Capsule "package", meaning in detail you will also benefit from
> Capsule Docs (encrypts documents, controls who can access them...)
> Capsule Cloud (provides the possibility to enforce additional security settings to the endpoint that also apply when the endpoint is not connected to the corporate network)
> Capsule Workspace on its own not only provides the SSL RA solution but also the possibility (hand in hand with Capsule Docs) to access corporate documents remotely and also (on its own with AD integration) access exchange details like your calendar and mail
> also supports MDM enforcements (jailbreak/root detection / remote wipe possibility)
=> Check Point Capsule Connect
- remote access client available for iOS, Android and Windows
- completely based on a IPsec solution
- seems to be a permanent full tunnel that secures all applications (and not just a few like Capsule Workspace)
- also supports MDM enforcements (w/o jailbreak/root detection or remote wipes)
As you see most of my assumptions are probably wrong but I think I just drowned in the severity regarding all these solutions. Especially the fact which ones are permanent tunnels and which aren't confuses me. Seems the Capsule solutions are both permanent - but I am also not sure regarding this statement.
In addition, I am not able to understand the license model of each one (not related to SecuRemote which appears to be a license free solution on the client site). And what is the reason behind all of this solutions that kind of overlap in some areas?
Thanks for any advice, hopefully somebody is able to make a clear structure out of the mess that I currently have in my brain, haha.