Call a Specialist Today! 855-958-0756

NCP Secure VPN Enterprise Client for Mac
Universal, Centrally Managed VPN Client Suite for Mac OS X

NCP Secure VPN Enterprise Client for Mac

NCP Products
NCP Managed VPN Client Suite
NCP Managed Secure Enterprise Mac Client, 1 to 99 users
*Price per user. Quantity must be 1 or greater
#BWMPC1
Get a Quote!
NCP Managed Secure Enterprise Mac Client, 100 to 249 users
*Price per user. Quantity must be 100 or greater
#BWMPC2
Get a Quote!
NCP Managed Secure Enterprise Mac Client, 250 to 499 users
*Price per user. Quantity must be 250 or greater
#BWMPC3
Get a Quote!
NCP Managed Secure Enterprise Mac Client, 500 to 1499 users
*Price per user. Quantity must be 500 or greater
#BWMPC4
Get a Quote!

More pricing below, click here!

Overview:

Compared to other VPN clients, the NCP Secure Enterprise Client Suite features – in addition to IPsec VPN functionality – a Personal Firewall. IT departments can centrally manage all components of the solution. For users this means that upon clicking (one-click solution), the VPN client software automatically sets up the VPN tunnel, selects the transmission network and selects the appropriate firewall policy

Features:

Secure

Rely on high-quality IT security software made in Germany

  • IPv6 supported dynamic personal firewall
  • data encryption
  • strong authentication
  • multi-certificate support
  • parameter locks
  • FIPS Inside
  • automatic adaption of firewall rules

Efficient

Mindful of one of the biggest challenges organizations face – cost savings

  • Budget Manager for full cost control
  • support for 3G/4G hardware (LTE)
  • Custom Branding Option
  • Central Management

Ease of use

Reduced IT complexity

  • a single and easy-to-use user interface (one click) for the connection setup
  • integrated support for 3G/4G hardware
  • a reliable, uninterrupted VPN connection
  • automatic, location-aware adaption of firewall rules through the NCP VPN Client
  • automatic media recognition
  • seamless Roaming
  • easy domain registration

Mobile

The best mobile device user experience

  • Working without dropped connections or interruptions even when switching between networks, i.e. seamless roaming
  • auto-connect to your corporate network
  • reliable and uninterrupted VPN connections
  • quick and secure hotspot logon
  • Remote Access even behind firewalls, whose port settings typically deny IPsec based communication, i.e. NCP Path Finder® Technology

Technical Data:

Secure VPN Enterprise Client for Mac: Technical Data
Operating Systems OS X 10.10 Yosemite, OS X 10.9 Mavericks, OS X 10.8 Mountain Lion
Central Management As the “Single Point of Management”, NCP’s Secure Enterprise Management (SEM) provides functionality and automation for the rollout, commissioning and efficient use of Secure Enterprise Clients.
Using the VPN connection or the LAN (when on the company network), the Secure Enterprise Management (SEM) provides Enterprise Clients automatically with:
  • configuration updates
  • certificate updates
  • updates to the Update Client
Network Access Control The policies for Endpoint Security (Endpoint Policy Enforcement)) are created centrally at the Secure Enterprise Management (SEM) and each Enterprise Client is permitted access to the company network according to the corresponding rules.
High Availability Services The NCP Secure Enterprise Client supports the NCP HA Services. These services are client server based and can be used in two different operating modes: load balancing or failsafe mode. Regardless of the load on the server or whether a server has failed, the VPN connection to the company network is established reliably, in the background and without any delay for the user of the Enterprise Client
Security Features The NCP Secure Enterprise MAC Client supports the Internet Society's Security Architecture for the Internet Protocol (IPsec) and all the associated RFCs.
Personal Firewall
  • Stateful Packet Inspection
  • IP-NAT (Network Address Translation)
  • Friendly Net Detection (Firewall rules adapted automatically if connected network recognized based on its IP subnet address, the DHCP server’s MAC address or an NCP FND server*)
  • Supports secure hotspot logon feature
  • Differentiated filter rules relative to:
    • Protocols, ports or IP addresses
    • LAN adapter protection
Virtual Private Networking
  • RFC conformant IPsec (Layer 3 Tunneling)
    • IPsec Tunnel Mode
    • IPsec proposals are negotiated via the IPsec gateway (IKE Phase 1, IPsec Phase 2)
    • Communication only in the tunnel
    • Message Transfer Unit (MTU) size fragmentation and reassembly
    • Network Address Translation-Traversal (NAT-T)
    • Dead Peer Detection (DPD)
Encryption and Encryption Algorithms Symmetrical: AES 128, 192, 256 Bit; Blowfish 128, 448 Bit; Triple-DES 112 /168 Bit
Asymmetrical: RSA bis 2048 Bit, dynamic processes for key exchange
Seamless Rekeying
Hash / Message Authentication Algorithms:
  • SHA1, SHA-256, SHA-384, SHA-512, MD5
  • Diffie Hellman groups 1, 2, 5, 14 used for asymmetric key exchange and PFS
FIPS Inside The Secure Client incorporates cryptographic algorithms conformant to the FIPS standard. The embedded cryptographic module incorporating these algorithms has been validated as conformant to FIPS 140-2 (certificate #1051)
FIPS conformance will always be maintained when any of the following algorithms are used for establishment and encryption of the IPsec connection:
  • Diffie Hellman Group: Group 2 or higher (DH starting from a length of 1024 Bit)
  • Hash Algorithms: SHA1, SHA 256, SHA 384, or SHA 512 Bit
  • Encryption Algorithms: AES with 128, 192 or 256 Bit or Triple DES
Authentication Internet Key Exchange (IKE):
  • Aggressive Mode and Main Mode
  • Quick Mode
  • Perfect Forward Secrecy (PFS)
  • IKE Config. Mode for dynamic allocation of private IP (virtual) address from address pool
  • Pre-shared secrets or RSA Signatures (with associated Public Key Infrastructure)
User authentication:
  • XAUTH for extended user authentication
  • One-time passwords and challenge response systems
  • Access details from certificate (prerequisite PKI)
Support for certificates in a PKI:
  • Multi Certificate Configurations for PKCS#11 and PKCS#12 interfaces
Seamless rekeying (PFS)

IEEE 802.1x:
  • Extensible Authentication Protocol – Message Digest 5 (EAP-MD5):
  • Extended authentication relative to switches and access points (layer 2)
  • Extensible Authentication Protocol – Transport Layer Security (EAP-TLS): - relative to switches and access points on the basis of certificates (layer 2)
RSA SecurID ready
Public Key Infrastructure (PKI) - Strong Authentication
  • X.509 v.3 Standard
  • Support for certificates in a PKI via the following interfaces:
    • PKCS#11 interface for 3rd party authentification solutions (Tokens / Smartcards)
    • PKCS#12 interface for private keys (soft certificates)
  • PIN policy: administrative specification of PIN entry to any level of complexity
  • Revocation:
    • End-entity Public-key Certificate Revocation List (EPRL formerly CRL)
    • Certification Authority Revocation List, (CARL formerly ARL)
    • Online Certificate Status Protocol (OCSP)
    • Certificate Management Protocol (CMP)
Networking Features
Secure Network Interface Interface Filter
  • NCP Interface Filter interfaces to all standard Network Interfaces from the PPP and Ethernet families.
  • Wireless Local Area Network (WLAN) support
  • Wireless Wide Area Network (WWAN) support
Network Protocol IP
Line Management
  • Dead Peer Detection with configurable time interval
  • Short Hold Mode
  • Inactivity Timeout (send, receive or bi-directional)
Communications Media
  • LAN
  • Communications media supported using Apple or 3rd party media interfaces and management tools:
    • LAN / Ethernet
    • Wi-Fi
    • GPRS / 3G and GSM
    • ISDN
    • Modem
  • iPhone tethering via USB or Bluetooth
VPN Path Finder
  • NCP Path Finder Technology
    • Fallback to HTTPS (port 443) from IPsec if neither port 500 nor UDP encapsulation are available**
IP Address Allocation
  • Dynamic Host Control Protocol (DHCP)
  • Domain Name Service (DNS) : gateway selection using public IP address allocated by querying DNS server
  • When using Split-Tunneling, those domains whose DNS packets are to be routed via the VPN Tunnel can be specified exactly
Data Compression IPsec Compression: LZS, deflate
Additional Features
  • VoIP prioritization
  • UDP encapsulation
  • PPP over Ethernet
Standards Conformance
Internet Society RFCs and drafts
Security Architecture for the Internet Protocol and assoc. RFCs (RFC2401 - 2409),
Internet Key Exchange Protocol (includes IKMP/Oakley) (RFC 2406),
Negotiation of NAT-Traversal in the IKE (RFC 3947),
UDP encapsulation of IPsec Packets (RFC 3948),
Encapsulating Security Payloads (ESP)
IKE Ext. Authentication (XAUTH), IKE configure (IKECFG) and Dead Peer Detection (DPD)
Client Monitor
Intuitive, Graphical User Interface
Multiple language support (English, German)
  • Monitor & Setup:
  • Online Help and License
Icon indicates connection status
Configuration, connection statistics, log-book (color coded, easy copy&paste function)
Password protected configuration and profile management
Trace tool for error diagnosis
Options for starting the Monitor automatically after system reboot: either maximized; or as an icon in the menu bar
* Prerequisite: NCP Secure Enterprise Management
** Prerequisite: NCP Secure Enterprise Server V 8.0 and later

Documentation:

Download the NCP Secure VPN Enterprise Client for Mac Datasheet (PDF).

Pricing notes:

NCP Products
NCP Managed VPN Client Suite
NCP Managed Secure Enterprise Mac Client, 1 to 99 users
*Price per user. Quantity must be 1 or greater
#BWMPC1
Get a Quote!
NCP Managed Secure Enterprise Mac Client, 100 to 249 users
*Price per user. Quantity must be 100 or greater
#BWMPC2
Get a Quote!
NCP Managed Secure Enterprise Mac Client, 250 to 499 users
*Price per user. Quantity must be 250 or greater
#BWMPC3
Get a Quote!
NCP Managed Secure Enterprise Mac Client, 500 to 1499 users
*Price per user. Quantity must be 500 or greater
#BWMPC4
Get a Quote!
NCP Managed VPN Client Suite Update
NCP Managed Secure Enterprise Mac Client, Update 1 Version
#UBWMPC135
Get a Quote!
NCP Managed Secure Enterprise Mac Client, Update 2 Versions
#UBWMPC150
Get a Quote!