Installing SecuRemote Client Software

Previous page
Table of content
Next page

The SecuRemote client software must be installed on all the users workstations or laptops to which you as an administrator would like to give mobile access to your VPN domain. SecuRemote currently supports Windows 2000, NT, 98 SE, XP, and ME and typically requires 32MB to 64MB of RAM and about 6MB of disk space to install. It cannot be installed alongside FireWall-1. There is also a Linux version as well as a Macintosh version that supports OS 8 and OS 9 and a version for Windows PocketPC PDAs.

The client software works by inserting a driver between the client s physical network interface and the TCP/IP stack in the operating system kernel, in the same method used by the firewalls you have been working with to this point. This kernel module monitors both inbound and outbound TCP/IP traffic and intercepts any packet destined for a VPN domain (from topology downloaded during site creation or update). The packet is then handed off to a user-space daemon, which handles user authentication and key exchange with the SecuRemote server, as well as encryption, should authentication succeed.

Installation is handled by a fairly straightforward graphical setup program; however, there are some points worth noting:

  • You need to install Desktop Security Support only if you are using SecureClient (see Figure 10.19 and Chapter 11, Securing Remote Clients ). This is a piece of software that must be licensed separately from Check Point for a fee. If cost is a concern or you are using another desktop firewall solution, you may opt for SecuRemote.

    click to expand
    Figure 10.19: SecuRemote Desktop Security Prompt During Installation

  • If you do not install Desktop Security, you will be asked on which adapters to bind the SecuRemote kernel module (see Figure 10.20). You can choose Install on all network adapters (which would include Ethernet and dialup adapters) or Install on dialup adapters only. The latter would be appropriate for remote users with a dialup ISP who would never use their Ethernet interface to access the VPN domain from the outside. Mobile salespeople often fall into this category; they use dialup access when on the road and use Ethernet to plug into the LAN when they are in the office. However, for this configuration, other options would work just as well.

    click to expand
    Figure 10.20: SecuRemote Adapter Configuration Screen During Installation

  • You can install over an older version of SecuRemote. You will be asked if you want to update the previous version (which saves site and configuration information), or if you would like to overwrite the existing version.

  • Although the client software is available for free download, a license is still required on the management station to use SecuRemote with Check Point NG AI.

  • The SecureClient Packaging Tool can also be used to create self-extracting, preconfigured packages to distribute to client systems. This requires you to obtain a SecureClient license from Check Point, but it quickly pays for itself in decreased help desk calls.



Previous page
Table of content
Next page
Check Point NG[s]AI
Check Point NG[s]AI
ISBN: 735623015
EAN: N/A
Year: 2004
Pages: 149
BUY ON AMAZON
VBScript Programmers Reference
A+ Fast Pass
Adobe After Effects 7.0 Studio Techniques
Postfix: The Definitive Guide
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy