The Client runs on Windows CE devices, Mobile 5 and Mobile 6 also supported. Any wireless networks can be used as communication media: The Internet, WiFi, GSM, GPRS, UMTS.

An integrated dynamic personal firewall shields the device against attacks in any communication environment. All security mechanisms are active as soon as the system starts and stay active until the Entry Client is deactivated.

IP-NAT, Stateful Packet Inspection, defined filter rules, Friendly Net Detection, and secure hotspot logon are part of the firewall. The user can optionally authenticate to the destination gateway via OTP (RSA SecurID Ready), or certificates (soft certificates, smart cards, MMC) in a PKI.

The latest encryption algorithms protect sensitive data in transit: 3-DES 112, 168 bits, Blowfish 128, 448 bits, AES 128, 192, 256 bits, RSA 1024, 2048 bits. The Entry Client can also be implemented in IT environments without permanent IP addresses.

DynDNS is used for dial-in to the central VPN gateway with changing public IP addresses (prerequisite: the destination gateway must support DynDNS).