Checkpoint SNX Office mode – MBA – Linux – JAVA FREE!

I’ve doing this PoC for a customer, and it’s been such a long case I just need to share the essentials. It looks like a lot of people are getting there help from http://kenfallon.com/checkpont-snx-on-ubuntu-14-04-lts-trusty-tahr/

This works find if you use the IPSec VPN blade. But NOT if your using the Mobile Access Blade.
And I see a lot questions about the SNX CLI version 80007075 build, this you can get from sk90240.

Well if you ever gonna try getting SNX CLI up and running with the Mobile Access Blade. Here is quick walktrough.

  • Add a user
  • Add a user group and and the newly created user
  • Activate the Mobile Access Blade (Wizzard style)
    • Activate (See picture bellow)
      • WEB (SSL VPN Portal)
      • Mobile Devices -> Capsule VPN / Connect (This fix the auth problems)
      • Desktop / Laptops -> Checkpoint mobile for Windows (This fixes the office mode issues)
    • Change your portal to your public ip or dnsname
    • Keep the world clock demo app
    • Skip active directory setup
    • Add UserGroup you created earlier.
  • Create a rule in the normal firewall policy with source “CP_default_Office_Mode_Addresses_pool”
  • Save and push

Get your SNX client from  sk90240.
Chmod and install

 

Time to connect! 🙂

If you do getting something like this:

Check Point’s Linux SNX
build 800007075
Please enter your password:
error ‘expected open paren’ in state 1 depth 0

This means you have not activated the correct checkbox on the Mobile Access Blade

If your getting “Failed to decrypt password”

You are probably using another client then 800007075, get the correct from sk90240.

Quick and dirty post, just to get the essentials and for future reference.

And happy dance, since we now have a linux vpn client for Checkpoint without JAVA! 😀

Leave a Comments