The Check Point Mobile Access Portal offers a variety of on-demand client technologies, including Compliance Scan and Secure Workspace. Use the Mobile Access Portal Agent to download and invoke the technologies. This article lists all released automatic updates for Mobile Access Portal Clients. If you allow automatic updates (see sk94508), the latest updates are installed automatically on all relevant Check Point machines.
Important: This article does not replace sk113410. The Portal Agent package support only R80.40 and higher Security gateways. For R80.10, R80.20 or R80.30 Security gateway, you should install the hotfix from sk113410 to work with the Mobile Access portal from the supported browser.
Availability
Client
Update
Release Date
Package Download
Portal Agent
Update 2 - Take 17
18 Oct 2021
(TAR)
Compliance Scanner
Update 1 - Take 9
29 Sep 2020
(TAR)
Secure Workspace
Update 1 - Take 14
29 Sep 2020
(TAR)
To check what Take is currently installed, run this command: # cpinfo -y cpupdates
The Mobile Access Portal Agent downloads and operates on-demand Mobile Access Portal clients, such as SSL Network Extender, Compliance Scan and Secure Workspace.
Pre-conditions
Install this package on Security Gateways running R80.20 and higher with the Mobile Access blade enabled.
This package cannot be installed on Scalable Platforms.
This package cannot be installed together with MABDA hotfix (sk113410)
Manual installation
Make sure that your environment meets the pre-conditions.
To download the package, go to the Package Download link in the Availability section. Copy this package to the /home/admin directory on the Security Gateway.
Connect to the Security Gateway via SSH and run this command: # autoupdatercli install /home/admin/<package file> Note: The installation does not require cpstop; cpstart or a reboot. Once installed, no further action is required, the update will be applied immediately.
Revert update
To revert update of the Portal Agent, connect to the Security Gateway via SSH and run this command: # autoupdatercli revert esod_cshell
Disable update
To disable automatic Portal Agent update, connect to the Security Gateway via SSH and run the following command: # autoupdatercli disable esod_cshell
List of Resolved Issues per Update for Mobile Access Portal Agent
ID
Description
Update 2 - Take 17 (18 October 2021)
MACL-913
CShell sends request to the host before user confirms to trust it.
MACL-964
SNX runs Native Applications from arbitrary locations
Update 1 - Take 13 (29 September 2020)
MACL-900
In some scenarios, users cannot reconnect to SNX after active cluster member change.
PMTR-53528
In some scenarios, SNX tunnel may unexpectedly disconnect.
The Check Point Endpoint Security On Demand scanner scans the endpoint machine to see if it complies with the endpoint compliance policy. If the endpoint is compliant, the user can access the portal.
Pre-conditions
Install this package on Security Gateways running R80.10 and higher with the Mobile Access blade enabled.
Package cannot be installed on Scalable platforms.
Manual installation
Make sure that your environment meets the pre-conditions
To download the package, go to the Package Download link in the Availability section. Copy this package to the /home/admin directory on the Security gateway.
Connect to the Security Gateway via SSH and run the following command: # autoupdatercli install /home/admin/<package file> Note: The installation does not require cpstop; cpstart or a reboot. Once installed, no further action is required, the update will be applied immediately.
Revert update
To revert update of Compliance Scanner, connect to the Security Gateway via SSH and run this command: # autoupdatercli revert esod_compliance_scanner
Disable update
To disable automatic Compliance Scanner update, connect to the Security Gateway via SSH and run this command: # autoupdatercli disable esod_compliance_scanner
List of Resolved Issues per Update for Compliance Scaner
ID
Description
Update 1 - Take 9 (29 September 2020)
PMTR-56705
NEW: Added support of New Mobile Access Portal UI.
MACL-854
NEW: Added support of Trend Micro Maximum Security.
Secure Workspace is the Check Point proprietary virtual desktop that enables data protection during user-sessions, and enables cache wiping after the sessions end. It protects all session-specific data accumulated on the client side.
Pre-conditions
Install this package on Security Gateways running R80.10 and higher with the Mobile Access blade enabled.
Package cannot be installed on Scalable platforms.
Manual installation
Make sure that your environment meets the pre-conditions
To download the package, go to the Package Download link in the Availability section. Copy this package to the /home/admin directory on the Security gateway.
Connect to the Security Gateway via SSH and run this command: # autoupdatercli install /home/admin/<package file> Note: The installation does not require cpstop; cpstart or a reboot. Once installed, no further action is required, the update will be applied immediately.
Revert update
To revert update of Secure Workspace, connect to the Security Gateway via SSH and run this command: # autoupdatercli revert esod_secure_workspace
Disable update
To disable automatic Secure Workspace update, connect to the Security Gateway via SSH and run this command: # autoupdatercli disable esod_secure_workspace
List of Resolved Issues per Update for Secure Workspace
ID
Description
Update 1 - Take 14 - (29 September 2020)
PMTR-53429
NEW: Added R81 support in Secure Workspace (SWS) update script.
PRHF-1295
Allow Server-to-Client to work with external service.
