Support Center > Search Results > SecureKnowledge Details
Check Point VPN License Guide
Solution

Check Point offers the following licenses for VPN products:

  1. IPSec VPN (CPSB-VPN)
  2. Endpoint Security Remote Access VPN (CPSB-EP-VPN)
  3. Mobile Access (CPSB-MOB)
  4. Capsule Workspace (CP-CPSL-WORK or CP-CPSL-TOTAL)

IPSec VPN (CPSB-VPN)


The IPSec VPN Software Blade enables Check Point Security Gateways to allow encrypted traffic to traverse the enforcement point in general. This encrypted traffic passes over Site-to-Site VPN tunnels, as well as, over VPN tunnels established by SecuRemote.

Note: The IPSec VPN blade enables encrypted traffic to traverse the Security Gateway; this is not limited to IPSec VPN traffic. For exmaple, SSL traffic is also enabled. Additional licensing may still be required depending on the client license requirements as well. See below for more information.

 

Endpoint Security Remote Access VPN (CPSB-EP-VPN)


The Remote Access VPN Software Blade enables remote clients to connect to the network and to obtain an Office Mode IP address. The VPN clients enabled by this license include:

  1. Endpoint Security E80.x
  2. Endpoint Security VPN E75
  3. Endpoint Connect R73 (this product has officially reached end of life)
  4. SecureClient NGX R60 (this product has officially reached end of life)

This license is enforced based on installed endpoint clients. Both online (actively connected via VPN) and offline (not currently actively connected via VPN) endpoint clients require a license. An Endpoint is defined as a computer instance in the Check Point secured environment.


Mobile Access (CPSB-MOB)


The Mobile Access Software Blade enables both client and clientless remote users to connect to the network. These users may or may not receive an Office Mode IP address, and this depends on the type of connection that the user is making. The VPN connections permitted by this license include the following:

  1. Mobile Access (also known as SSL VPN, and formerly known as Connectra; not supported for use with the IPSO operating system)
  2. SSL Network Extender (also knows as SNX; 'Network Mode' provides an Office Mode IP address; 'Application Mode' does not offer an Office Mode IP address)
  3. Check Point Mobile for Windows

This license is enforced based on concurrent connections. Users connecting with one of these solutions will consume a license for the duration of the connection only; the license will be released for use by another user upon termination of the current connection.


Capsule Workspace (CP-CPSL-WORK or CP-CPSL-TOTAL)

 

The Mobile Enterprise Software Blades enables remote applications installed on SmartPhones and tablets to connect to a network and access limited network resources.

This license is enforced by user; each user can register up to 3 devices (for example, iPhone and iPad). Users connecting with this solution are issued a registration key for each device, which remain valid for a period of time determined by the Security Administrator.

 


Which license is required to allow L2TP VPN tunnels

Question: In order to allow L2TP VPN tunnels, if the customer already has the Endpoint VPN Remote Access Blade - is this enough, or is there a Mobile Access Blade license required? Meaning, for L2TP, do we need a Endpoint VPN Client license or a Mobile Access License?

Answer: In order to allow L2TP VPN tunnels, you would just need the IPSec VPN license on the Security Gateway. There is no need for the Mobile Access License.


For more information about Check Point VPN products, refer to sk67820 (Check Point Remote Access Solutions).

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment