difference between securemote and secureclient

[masun]

what is the difference between securemote and secureclient license ,is that the license of securemote is free but the license of secureclient is priced .

[Porter]

secureclient has a additional firewall buit in that's managed by the gateway that's the client connecting to, basicly you have enhanced security options compared to secureremote. You'll need a valid license to you use secureclient

[northlandboy]

Yes, Securemote is free, but SecureClient is licensed based on configured users (_not_ concurrently connected users). SecureClient also allows you to use Office Mode, which solves a bunch of problems you commonly encounter.

[dbedit]

Client application that extends the functionality of VPN-1 SecuRemote with personal firewall and security configuration control. VPN-1 SecureClient ensures that VPN clients cannot serve as "back doors" into corporate networks and is ideal for remote users with broadband services such as cable modems and DSL. Licensed per user, licensing is additive.
Features incluse also multiple connectivity modes: Office Mode, Visitor Mode, Hub Mode and the difference is $2300,- starting with 25 users :-)

[masun]

Thanks All ,but Securmote Also Supportes Office Mode .

[Porter]

you should keep in mind that you have addtional work to make your clients secure if you "only" work with secureremote, we wouldn't be able to handle hundreds of desktop firewalls without using secureclient

[northlandboy]

Quote:

Originally Posted by masun

Thanks All ,but Securmote Also Supportes Office Mode .

Are you sure about that? The docs I've read say that it is only supported with SecureClient. Look at sk16564:

Quote:

Even though SecuRemote and SecureClient share the same code for installation, the two products have very different capabilities. SecuRemote provides authentication and encryption only for the remote user. SecureClient provides all of that plus a personal firewall that can be centrally managed via the Smart Center or Smart Center Pro. SecureClient also includes several other features including, OfficeMode, Secure Configuration Verification, a Packaging Tool, etc.

or say the current VPN PDF, which includes this:

Quote:

Office Mode is supported with the following:
• SecureClient
• SNX
• Crypto
• L2TP

[CheckPointBrad]

I asked someone who uses checkpoint and they told me that you can turn on office mode with secureremote. Install secureclient on the clients and as long as you do not run "policy server" that there is no-cost. They also said depending on your provider that you can license 25 users for around $1000

Can anyone elaborate more on SecureRemote in Office Mode with SecureClient on the clients and not running Policy Server being a Free solution?

[RobertGraham]

According to my information based on conversations with Check Point employees both former and current, SecuRemote and SecureClient are actually different code bases. You can tell because they behavior a little differently when it comes to NAT traversal.

So, the following statement isn't exactly correct:

Quote:

Originally Posted by CheckPointBrad

I asked someone who uses checkpoint and they told me that you can turn on office mode with secureremote. Install secureclient on the clients and as long as you do not run "policy server" that there is no-cost.

SecuRemote doesn't support Office Mode. Test it out, if you get different results, please post them. This make the lives of at least four admins I know much easier.

While it's true that Check Point doesn't enforce licensing with the SecureClient applications, you're supposed to purchase licenses to use it.

This answers your question. Not running the policy server is indeed free of charge. In fact, you can not install any Check Point product for free. ;-) You can also install SecureClient without having any licenses (see above). SecureClient will then support office mode, at least it did when I was administering NG a couple years ago. I can't guarantee that the latest and greatest binaries will still do that. Bottom line is, this isn't really related to SecuRemote per se.

[RayPesek]

Someone noticed that Office Mode worked on SR quite awhile ago but the license says you need SC. I figure CP will eventually fix this.

Office Mode is included with Connectra as well.

Visitor Mode tunnels all of the IPSec traffic over HTTPS, which eliminated 100% of our connectivity problems due to lousy home routers and hotels that only allow surfing.

The SC firewall is managed from SmartCenter and it is very capable. We use it to really lockdown our laptops when off the LAN.

Secure Configuration Verification could be a lot easier to set up, but once you get it configured, it helps a lot in making sure the laptops clean when you connect.

The cost difference isn't that much compared to having to put another software firewall on and manage it. The annual software maintenance cost is less than what we pay for anti-virus and SC provides a lot more business benefit.

Ray

[chillyjim]

Quote:

Originally Posted by CheckPointBrad

I asked someone who uses checkpoint and they told me that you can turn on office mode with secureremote. Install secureclient on the clients and as long as you do not run "policy server" that there is no-cost. They also said depending on your provider that you can license 25 users for around $1000

Can anyone elaborate more on SecureRemote in Office Mode with SecureClient on the clients and not running Policy Server being a Free solution?

This does work (installing as SecureClient and using office mode) but it is agenest the license. Currently (through R60 anyway haven't tried R61) it works, but I've had people that should know at check point tell me that the licensing will be enforced at some point soon.

SecureClient lists for US$2,300 for 25 users. If you can get it at better than 50% off, that a good deal.

[RobertGraham]

Is the Office Mode functionality with unlicensed SCC new to NGX?

My testing with R54, showed that it didn't work. It could've been pathological though, since we knew we didn't have a license. What I did see was that a coworker configured SecuRemote DNS and called it OfficeMode.

[chillyjim]

Quote:

Originally Posted by RobertGraham

Is the Office Mode functionality with unlicensed SCC new to NGX?

My testing with R54, showed that it didn't work. It could've been pathological though, since we knew we didn't have a license. What I did see was that a coworker configured SecuRemote DNS and called it OfficeMode.

Until R55 there was no enforcement of the license for SC, just the policyserver. Now you get a policy server and the number of users that use the policy server (controled by user group) is the enforced user count. There is no client-side enforcement.

[sanjay388]

hi friends

i am not very much familiar of vpn concept pls let me know what is difference between securemote and secureclient.

thanks in advanced.

[RayPesek]

SecuRemote is a plain old VPN client. SecureClient also provides these features:

A client-side remotely configurable firewall, both inbound and outbound. You cna set it so the user cannot mess with it.

Office Mode, which allows you to specify precisely what IP address a client gets, what DNS and WINS servers it gets and the default DNS domain.

Visitor Mode, which is a way to encapsulate IPSec over HTTPS. It allows remote VPN connections to work where IPSec might have issues.

Secure Configuration Verification, a method where the SecureClient software checks various configuration parameters of the client and will not let it connect if it doesn't meet the required configuration.

Ray

[mcnallym]

I know a customer that was using SR with Office Mode under NG, however after upgrading to NGX then the Office Mode stopped working.

The customer wasn't happy, however as it isn't a supported feature of SR and is a mentioned feature of SC then Check Point wasn't really interested in getting the Office Mode working again.

I think this was just another one of those cases where it works, even though in theory in shouldn't and it is fixed in a later code.

[RayPesek]

I'm somewhat torn on this issue. On one hand, Office Mode is specifically called out as only licensed in SecureClient but it has worked in SecuRemote for as long as I can remember. Connectra, on the other hand, uses Office Mode for everyone. I think it would be good PR for Check Point to make Office Mode a standard feature of SecuRemote.

Ray

[mcnallym]

I know what you mean, however I find that most peoples reason for going to SecureClient is that they want Office Mode to resolve any NAT issues that they have.

The Firewall side they tend to leave fairly open.