Connectra
Unified Secure Remote Access Gateway
Overview
Check Point Connectra™ is the only secure remote access gateway that unifies best of breed SSL VPN, IPSec VPN, and integrated intrusion prevention for the most secure connectivity with unmatched centralized management and deployment flexibility.
Connectra allows mobile and remote workers to connect easily and securely to critical resources while protecting enterprise networks and endpoints from external threats. A broad range of connectivity scenarios coupled with integrated intrusion prevention and unified with powerful central management offer unprecedented control over remote access configurations and security policy administration. As a first line of defense, Connectra offers comprehensive endpoint security to protect networks and endpoints from debilitating viruses, malware and malicious attacks.
End users will appreciate Connectra’s streamlined access features and user-friendly portal interface. DynamicID™ SMS authentication eliminates the need to carry and manage tokens and Smartcards where two-factor authentication is required. In addition, roaming between networks without re-authentication is now possible with Check Point Endpoint Connect™. This lightweight client can be downloaded and installed directly from the Connectra portal. If data loss when connecting from public endpoints is a concern, session security can be ensured with Check Point Secure Workspace. Secure Workspace creates an encrypted virtual file-system, allowing complete destruction of all session data and activity logs when the session ends.
Key Benefits
Unified Gateway with Central Management
- Consolidate SSL VPN and IPSec VPN connectivity in a best-of-breed unified secure remote access gateway
- Integrated intrusion prevention and comprehensive endpoint security block viruses, malware and malicious attacks
- Centralized management unifies policy deployment, client administration and event reporting
- Defend against the latest threats with automatic, real-time security updates with SmartDefense™ Services
Best End User Experience
- Ensure session security when connecting from public computers or Internet kiosks with Secure Workspace
- Uninterrupted connectivity even when roaming between wireless networks
- Automatic endpoint scanning prior to user authentication for additional level of security
- First and only vendor to provide direct SMS authentication eliminating need for Smartcards and tokens
Most Deployment Options
- Appliance - A full range of Connectra appliances are available to align with any enterprise remote access requirements for optimum price/performance
- Software - Connectra software can be installed on a wide variety of open server platforms certified by Check Point to run SecurePlatform™
- Virtual Appliance - Connectra is certified on VMware ESX Server as a virtual appliance, reducing operating costs for MSPs, ISPs and telcos
Features
- Secure Web-Based Connectivity
- Integrated Intrusion Prevention
- Comprehensive Endpoint Security
- Protect Against New Threats
- Powerful Centralized Management
- Endpoint Connect VPN Client
- Direct SMS Authentication
- Most Deployment Options
- Technical Features
Unified Gateway with Central Management
Secure Web-Based Connectivity
Connectra is a Secure Remote Access Gateway that enables remote users to access corporate resources. It provides both Web-based and network-level access through the SSL encryption delivered in most Internet browsers. Through an integrated Connectra Web portal, users can access Web applications, Web-based resources, shared files, and email. For extra flexibility, administrators can customize the design of the Connectra Web portal, including support for multiple languages.
For non-Web, client/server applications, Connectra provides secure network-level access over the Web with SSL Network Extender™. Included with Connectra, SSL Network Extender is a browser plug-in that tunnels traffic from endpoint applications over SSL. It supports any IP-based application, including ICMP, TCP, and UDP, without requiring complex configuration to support each application. SSL Network Extender can even work on remote PCs without requiring administrator privileges.
Integrated Intrusion Prevention
Integrated intrusion prevention provided by Connectra for SSL VPN access ensures the integrity of internal applications. Integrated Stateful Inspection, Web Intelligence™, and Application Intelligence™ technologies offer protection against malicious activities and attacks over SSL VPN. For example, Connectra can prevent users from accessing confidential data using directory traversal or SQL injection attacks—a particular concern in extranet environments. Connectra can ensure that worms cannot spread through SSL VPN when a remote user is tunneling native applications. In addition, Connectra comes with a one-year SmartDefense™ Services subscription to ensure that integrated application protections are up to date.
Comprehensive Endpoint Security
With the integration of Check Point Endpoint Security On Demand™, Connectra secures network resources from remote PCs—regardless if they are used and/or owned by employees or partners, customers, or other network guests. It enforces network security policy for SSL VPN connections, ensures session confidentiality, and keeps the organization secure.
- Scans for spyware to ensure that malicious processes, keystroke loggers, and Trojan horses are not installed on remote endpoints, Connectra scans for these and other spyware through remote users’ browsers. By disabling spyware and enforcing baseline security requirements before it grants SSL VPN access, Connectra stops identity and password theft and prevents data loss.
- Ensures information confidentiality to enable secure access even in unmanaged environments like airport Internet kiosk PCs, Connectra provides Secure Workspace, an option that provides a totally secure environment and which encrypts all session files such as attachments, cookies, emails, and passwords on the remote endpoint. This prevents sensitive corporate information from being viewed or stolen even after a session ends and the user leaves the PC.
- Connectra can enforce access policies requiring antivirus software and/or firewall installation before granting users access. Out-of-compliance users are offered links to self-remediation resources. Once in compliance, they are allowed to log in.
- Restrict access to individual resources based on the trust level of the endpoint and user. For example, one set of resources may be defined with a “high” sensitivity level and access allowed only if a remote endpoint provides strong authentication like token-based authentication and has current antivirus software installed and running. Similarly, another set of resources can be accessed only when someone is using the Secure Workspace.
Protect Against New Threats
Connectra is supported by SmartDefense Services, which maintain the most current preemptive security for the Check Point security infrastructure. To help you stay ahead of new threats and attacks, SmartDefense Services provide real-time updates and configuration advisories for defenses and security policies. These ensure that Connectra endpoint security and intrusion prevention capabilities have the latest protections available.
Powerful Centralized Management
Connectra can be managed centrally with Check Point SmartCenter™ or standalone through a user-friendly interface. Centralized management offers unmatched leverage and control of security policies, and enables organizations to use a single repository for user and group definitions, network objects, access rights, and security policies across their entire security and remote access infrastructure. Unified access policies will be enforced automatically throughout their distributed environment, empowering them to securely provision access from anywhere.
Best End User Experience
Endpoint Connect VPN Client
Check Point Endpoint Connect™ is a new, lightweight IPSec VPN client for use with Connectra gateways. Designed for reliable connectivity with maximum usability, Endpoint Connect delivers seamless and secure remote access to corporate network resources and is now included with every Connectra license.
Traditional VPN clients can frustrate mobile users and prevent them from accomplishing critical tasks. Endpoint Connect is built with today’s corporate professionals in mind. Traditional IPSec clients are too cumbersome, requiring reconnection and re-authentication with every move. Users must re-login in to the VPN every time their laptop wakes up, and also when they switch networks—from the corporate LAN to Wi-Fi to GPRS. Please see the Endpoint Connect product page for more information.
DynamicID™ Direct SMS Authentication
Connectra can now be configured to send a one-time password (OTP) to an end-user communication device (such as a mobile phone) via an SMS message. SMS two-factor authentication provides an extra level of security while eliminating the difficulties associated with managing hardware tokens. Please see the DynamicID product page for more information.
Most Deployment Options
Connectra is available as a turnkey appliance, as software for installation on open servers or as virtual appliance. See www.opsec.com for detail on appliance and hardware options.
- Connectra appliances feature Connectra Software that has been preinstalled on dedicated Check Point or OPSEC™ certified appliances
- Connectra Software can also be installed on open servers and includes SecurePlatform™, a security hardened operating system from Check Point
- Connectra Software can be deployed as a virtual appliance and is certified on VMware ESX Server
Connectra can be deployed in a network DMZ or on a trusted LAN and is easy to install and simple to manage. It supports several authentication options including LDAP, RADIUS, SecurID/ACE, or an internal database.
- Flexible, Secure Remote Access
- Unmatched Mobility
- Comprehensive Endpoint Security
- Integrated Intrusion Prevention
- High Performance
- Advanced Scalability
Flexible, Secure Remote Access
Secure clientless SSL VPN connectivity for browser-based remote access to an extensive range of enterprise applications, as well as client-based mobile IPSec connectivity for corporate users “On the Go”
Browser-based remote access
- Internet Explorer, Mozilla and Safari browser support
- Windows, Windows Mobile, Mac, iPhone and Linux platform support
- SharePoint, SAP Portal and other Web applications
- Outlook Web Access, Lotus iNotes and other mail applications
- Built-in web front-end for Native POP3/IMAP servers
- Windows (SMB/CIFS) file servers for file sharing
Java-based browser plug-ins for on-demand application delivery
- Windows, Mac and Linux platforms
- FTP, Jabber IM, RDP, SSH, Telnet, terminal emulation
- TN3270, TN5250 extensible
Browser plug-ins for on-demand connectivity
- Windows, Mac and Linux platform support
- SSL Network Extender - included with Connectra
- Application mode: TCP based applications, including Citrix, MS RDP, Outlook, FTP clients etc.
- Network mode: All IP-based applications
- Application mode: TCP based applications, including Citrix, MS RDP, Outlook, FTP clients etc.
Unmatched Mobility
Roaming provides uninterrupted LAN-like IPSec access from laptops and Smartphones
- Endpoint Connect - VPN client for laptops and PCs
- SSL / IPSec client for Windows 2000, XP and Vista platforms
- Two-factor authentication with PKI, SecureID and SoftID
- Office Mode support
- Integrated endpoint compliance and malware scanner
- Dynamic transport (IPSec or SSL)
- Roaming, location awareness and Intelligent Auto-connect
- Supports IP-based applications
SecureClient Mobile - VPN client for Smartphones and PDAs
- Pocket PC 2003, Windows Mobile 5.x and 6.x platform support
- Two-factor authentication with PKI, SecureID, SoftID
- SSL-based VPN tunnel with personal firewall and roaming support
- Office Mode support
- Bluetooth, WAP and other peripheral control
- On-demand tunnel integration with Outlook Mobile to conserve power
- Supports IP-based applications
Comprehensive Endpoint Security
Endpoint Security On Demand - optional endpoint compliance and malware scanner
- Ensures that connecting endpoints are compliant with corporate policy
- Detects keyloggers, trojans and other malware
- Out-of-compliance users are offered links to self-remediation resources
Secure Workspace – ensures VPN session confidentiality when using public computers
- Creates a secure virtual environment, insulated from the host
- Encrypts and deletes browser and application caches, files etc. when session ends
Integrated Intrusion Prevention
Web Intelligence
- Provides protection against malicious code transferred in Web-related applications
- Blocks worms, various attacks such as buffer overflows, SQL and command injections, cross-site scripting, customizable HTTP worm catcher, directory traversal, header rejection, malicious HTTP code
Application Intelligence
- Extends further protection for non-web traffic transferred over VPN tunnels created by SNX, Endpoint Connect, and SecureClient Mobile
- Protections included for FTP, Mail and other IP protocols
High Performance
ClusterXL (included with Connectra) offers full cluster capability for stateful high availability and load sharing
Advanced Scalability
Connectra can scale to over 10,000 concurrent users on the Connectra 9072 appliance, as well as other high-end, single blade servers
Specifications
Connectra can be deployed as a turnkey appliance, software on an open server, or as a virtual appliance.
Connectra 270 |
Connectra 3070 |
Connectra 9072 |
|
|---|---|---|---|
| Connectra version | R66 | R66 | R66 |
| Performance | |||
| Maximum concurrent SSL users | 100 | 1,000 | 10,000 |
| Maximum Concurrent IPSec users | 100 | 1,000 | 10,000 |
| SSL/IPSec hardware acceleration | No | No | Yes |
| Interfaces | |||
| Built-in Interfaces | 4 Copper GbE | 10 Copper GbE | 10 Copper GbE |
| Optional interfaces | N/A | N/A | 4 x 1 GbE copper |
| VLANs | 256 | 256 | 256 |
| Storage | |||
| Size | 160 GB | 160 GB | 2 x 160 GB |
| Type | Built-in | Built-in | Removable, hot-swappable |
| Enclosure | |||
| Enclosure | 1U | 1U | 2U |
| Dimensions (standard) |
16.8 x 10 x 1.73 in. | 17.4 x 15 x 1.73 in. | 17 x 20 x 3.46 in. |
| Dimensions (metric) |
429 x 255 x 44mm | 443 x 381 x 44mm | 431 x 509.5 x 88mm |
| Weight | 3.7kg (8.1 lbs) | 6.5kg (14.3 lbs) | 16.5 kg (36.3) lbs |
| Power | |||
| Dual, hot-swappable power supplies | No | No | Yes |
| Power Input | 100-240V 50-60Hz | ||
| Power Supply Spec (Max) | 65W | 250W | 400W |
| Power Consumption (Max) | 26.2W | 77.5W | 200.7W |
| Operating environment range | Temperature: 5° to 40° C, Humidity: 10%-85% non-condensing, Altitude: 2,500m | ||
| Compliance | UL 60950; FCC Part 15, Subpart B, Class A; EN 55024; EN 55022; VCCI V-3AS/NZS 3548:1995; CNS 13438 Class A (test passed; country approval pending); KN22KN61000-4 Series, TTA; IC-950; ROHS | ||
Software Technical Specifications
Connectra software is a software solution for open servers. It installs SecurePlatform™ 2.6, a hardened operating system, and Connectra software in less than 10 minutes.
Connectra software and SecurePlatform are tested for compatibility with a wide variety of currently shipping and pre-release hardware platforms. Please see the Connectra Hardware Compatibility List.
Minimum hardware requirements for installing Connectra software |
|
|---|---|
| CPU | Intel Celeron 2.4 GHz or equivalent |
| Memory | 512 MB |
| Disk space | 10 GB hard disk drive |
Virtual Appliance Technical Specifications
Connectra is supported as a virtual appliance on VMware ESX Server
The following configuration is certified by Check Point and is recommended for use with SecurePlatform
| Minimum Memory Allocation | 512 MB |
| Guest Operating System | RHEL 5.0 (32-bit) |
| SCSI Adapter Supported With Guest OS | LSI Logic |
| Minimum Disk space required | 12 GB |
Note: For a full list of limitations please refer to the "Connectra Virtual Appliance for VMware Getting Started Guide"
Support and Warranty
Check Point offers a range of support programs for customers using our appliances covering both software and hardware issues.
Check Point offers support online, by phone and onsite directly or via its network of partners. Opening a ticket online with Check Point Support via Check Point User Center.
Support Programs for Appliances
Check Point's Appliance Support programs provide technical support, software updates and upgrades, and the replacement of faulty hardware.
Please visit our Support Programs for more information or Compare Programs for a summary of features.
Hardware Warranty
Check Point warrants that hardware components of its appliances shall be free from material defects and will function according to the documentation provided for a period of one year from the date of appliance activation by Check Point. If the unit has a hardware failure during this warranty period, customer can begin a RMA process. Please visit Hardware Warranty for more information.
Check Point Enterprise Support Lifecycle Policy
Check Point Enterprise Support Lifecycle Policy outlines the product support guidelines for a product's lifecycle. The objective of this policy is to standardize and normalize product lifecycle practices, thereby enabling Check Point customers to make more informed purchase, support and upgrade decisions.
All Check Point products (except third-party products sold by Check Point) are covered by this policy. Customers who are operating Check Point products under a valid Support & Maintenance Agreement are entitled to the benefits associated with this policy.
Next Steps
- Try Connectra Virtual Appliance
- DynamicID Eval
- Contact Us
- Call US Sales
1-866-488-6691 - Find a Reseller
Resources
- FAQ
- Customer Success Stories
- Secure Remote Access White Paper [PDF]
- White Paper [PDF]
Connectra Link Translation - Enterprise Mobility: Out-of-the-Cube Lifestyles
- Rise of SSL VPNs: Growth Accelerates Due to Improved Security
- What's Next for SecurePlatform and IPSO
- Special Promotion: Entrust SSL certificates for Connectra
Related Products
