With the Application Sites
you can manage the sites that hold corporate applications to provide end users with Application-Level access to the applications.
This continuously updating page contains:
- Requirements for deploying a Connector - a lightweight software that acts as the only network interface in your data center.
- End-user domain whitelisting list - If this is needed as a part of your organizational policy.
example - when end user machine internet access is restricted
To learn how to set up a site for Application-Level access, see Setting up an Application Site
1. Connector Setup
- 4 vCPUs (for Hyper-Threading support)
- 16 GB RAM
- 1 Gbps network throughput
- Supported Operating Systems
- Amazon Linux 2
- CentOS 7.7.1908, 7.9
- Red Hat Linux 7.9
- Ubuntu Server 18.04 Long Term Support (LTS) and Ubuntu Server 20.04 LTS
- On AWS environment deployment
- t2-micro for testing
- t3-xlarge for non-production or low traffic sites
- c5-xlarge for production or high traffic sites
- Latest Docker Engine installed. To learn more about Docker installation, see Install Docker on Ubuntu Linux.
- port 53 is opened (allow DNS resolving)
- Port 444 is opened for the relevant IPs from the table below
2. End-User Domain Whitelisting
In case your organizational policy requires domain whitelisting from the end-user perspective, you can use these domains -
Allow all the bellow domains according to the relevant dataplane ID (as appears in the table below):
- ssh.<dataplane ID>.checkpoint.security
- psql.<dataplane ID>.checkpoint.security
- mysql.<dataplane ID>.checkpoint.security
- tunnel.<dataplane ID>.checkpoint.security
- rdp.<dataplane ID>.checkpoint.security
- rdp-native.<dataplane ID>.checkpoint.security
In addition, allow the below DNS according to the customer application sites:
Customer who use Singapore site should allow:
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.