Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point VPN-1 Support for Apple iPhone

When deploying any device for corporate use, IT faces the challenge of safeguarding the traffic in and out of the private network. Check Point VPN-1, the market-leading security gateway with firewall, VPN, and intrusion prevention, supports the embedded iPhone L2TP client, giving customers IPsec virtual private network (VPN) access to corporate servers. Customers can receive email and utilize company resources without the need for additional software on the iPhone.

Benefits

  • Easy, secure remote access for iPhone users
    End users can use their iPhones to securely access corporate networks, enabling them to get the information needed for their jobs
  • Simple Configuration
    iPhone usage can be enabled with 3 easy steps, with minimal IT configuration of end user phones.
  • No Client Installation
    IT departments can provide iPhone access without incurring the cost of installing and maintaining additional client software.

iPhone Support Configuration in Three Steps

For detailed instructions, please download the release notes.

Step 1: Download and Install (For Administrators Only)

Backup
Before beginning the update, it is important to back up critical files on the gateway being updated.  The following directories should be backed up:

  • $FWDIR/bin
  • $FWDIR/lib
  • $FWDIR/boot/modules

Download
Once the files are backed up, visit the Check Point Support Center search for iPhone and download the appropriate file for the operating system of the gateway being updated. Extract and run the executable file. After the installation routine, execute a CPSTOP and CPSTART command on the gateway.

The table below details the filenames for each Operating System. Customers should login to their Usercenter account in order to download the appropriate files. If you do not have an account you may create one on our Create an Account.

Operating System File Name
SecurePlatform/Linux VPN-1_R65_HFA_02_L2TP_Supplement.linux.tgz
Solaris VPN-1_R65_HFA_02_L2TP_Supplement.solaris.tgz
Windows VPN-1_R65_HFA_02_L2TP_Supplement.windows.tgz
IPSO Check_Point_VPN-1_R65_HFA02_L2TP_Supplement.ipso.tgz

Install
Extract the downloaded file and run the executable file that is contained within it. Execute a CPSTOP and CPSTART command on the gateway following the installation.  After completing this step, please move to Step 2.

Step 2: Configure The VPN-1 Gateway

After installing the L2TP supplement, administrators must configure the Gateway Properties of the gateway providing access.

  • Find the name of the appropriate VPN-1 gateway in the Objects Tree of SmartDashboard. For example, in the picture below, the gateway name is 'Your_Gateway_Name'.
  • Right-click on it and choose Edit. This will bring up the Gateway Properties for the gateway.
  • Choose Remote Access from the left hand tree.
  • Check the box for Support L2TP (relevant only when Office Mode is active). Below this, make sure the appropriate authentication method is chosen.

  • VPN-1 L2TP support requires that Office Mode be activated.
  • Choose Office Mode from the Remote Access tree.
  • Select  Allow Office Mode to All Users.

For more details on configuring Office Mode, please see the VPN Administrator Guide, Chapter 15.

Administrators need to create a shared secret password.

To maintain information confidentiality, there must be a shared secret between the gateway and the iPhone.

  • The shared secret is placed in the l2tp.conf file that can be found in the $FWDIR/conf directory on the gateway providing access.
  • If it is not found, create it as an empty text file using the appropriate text editor for your operating system.  Place the shared secret in the file and then save it in the $FWDIR/conf directory.  The shared secret, which is placed in this file, should be at least 8 characters long with a mixture of numerals and letters.

The gateway is now ready for iPhone VPN access. Administrators should provide iPhone users the information in Step 3 for configuring their iPhones:

Step 3: Configure and use the iPhone VPN (End User)

To configure your iPhone for remote access, you will need to get the following information from your network administrator:

  • Either the IP address or DNS name of the VPN-1 gateway
  • Your appropriate user name for VPN access
  • The global shared secret for information confidentiality provided by your administrator

After receiving these:

  • Go to the iPhone home page.
  • From there, go to Settings > General > Network > VPN > Settings.
  • Enter the IP address or DNS name for Server, the user name for Account, and the shared secret for secret.

Your iPhone is now configured to access the corporate network.

To use the iPhone VPN, go to Settings and turn the VPN switch to on.

The password screen will then appear.  At this point, you will need to authenticate.  Your administrator will have informed you which password you should use.  Generally, it will be the same password you use when accessing the network remotely with your laptop or it will be a one time password from a token such as a SecurID token.

You now have access to the network.