Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
billsb
Explorer
Jump to solution

Checkpoint for windows but in parallels using an M1 mac.

Hi,

I'm trying to get a VPN connection connected to our organisations VPN. I am using an M1 mac with Parallels running windows but the x64 version is not working (windows can emulate x64 instructions from what I understand). The windows don't open to the configuration menu items so I'm unable to configure it even though it runs and is running in the taskbar. So, is there a way to get it working or is there going to be a ARM version for windows for the software?

 

Cheers!

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority

Depends on how you set up the guest’s network adapter in Parallels. I haven’t used Parallels itself in quite a long time, but both VMware Fusion and VirtualBox have the ability to NAT outgoing connections behind the host’s network stack, so I assume Parallels does as well. With that configured and the host connected to the VPN, traffic from the guest should go over the tunnel just like traffic from any random application on the Mac does.

View solution in original post

0 Kudos
13 Replies
RamGuy239
Advisor
Advisor

The fact that you are running this on an Apple M1 Mac shouldn't really matter. What the Check Point VPN software sees and interacts with is a Windows x86-64 installation of Windows. The fact that this operating system is being emulated by Parallels shouldn't really be visible to the operating system and thus not affecting things in such a way.

What version of Windows are you running and what version of the Check Point VPN client are you deploying?

Certifications: CCSA, CCSE, CCSM, CCSM ELITE, CCTA, CCTE, CCVS, CCME
0 Kudos
Bob_Zimmerman
Authority
Authority

Windows in Parallels on an M1 Mac isn't amd64, it's aarch64. The instruction translation would be done within Windows. I don't think this is going to work, as Check Point's endpoint software does some lower-level things which probably involve instructions Windows doesn't translate.

What endpoint features are needed? If only VPN access is required, look into Check Point's L2TP-over-IPSec functionality. It works with the VPN client built into Windows, macOS, Android, iOS, and more.

0 Kudos
PhoneBoy
Admin
Admin

Windows itself can run in ARM.
Pretty sure our Windows clients will not, unless parallels is actually emulating an x86-64.

We do have native clients that run on the Mac and are supported with the M1 processor (albeit they require Rosetta2 currently).
Or if you need something in the Windows VM, you can use the Check Point Mobile client from the Windows Store.

0 Kudos
Bob_Zimmerman
Authority
Authority

Exactly. Parallels does not emulate a processor architecture, so Windows in Parallels on an M1 Mac would be the aarch64 version of Windows. Microsoft has its own amd64-to-aarch64 instruction translation layer like Apple's Rosetta 2, but I suspect it only works for userspace software (i.e., nothing ring 0 or below).

0 Kudos
billsb
Explorer

As far as I know it's x86-64 emulation in windows running under parallels. So windows does the emulation.

I don't know about the configuration on the organisations side, but I was told I am only able to use the checkpoint VPN client, so unless they specifically allow it I don't think the L2TP-over-IPSec is an option? 

Do you have any other suggestions?

0 Kudos
PhoneBoy
Admin
Admin

Yes, some specific configuration must be present to use L2TP over IPsec or the Check Point Mobile client in the Windows 10 store (which uses IKEv2).

Note that we had to make specific efforts to support M1 on Mac (using Rosetta2 currently).
Why is using the native Mac client not an option?

I assume we would have to make similar efforts on the Windows client to support...whatever Parallels is doing.
Which would make this currently unsupported.

0 Kudos
billsb
Explorer

There is specific functionality that I needed under windows. If the mac is able to route traffic from windows through to the mac VPN client that might be an option? Do you know if this will work?

0 Kudos
Bob_Zimmerman
Authority
Authority

Depends on how you set up the guest’s network adapter in Parallels. I haven’t used Parallels itself in quite a long time, but both VMware Fusion and VirtualBox have the ability to NAT outgoing connections behind the host’s network stack, so I assume Parallels does as well. With that configured and the host connected to the VPN, traffic from the guest should go over the tunnel just like traffic from any random application on the Mac does.

0 Kudos
Sajgon107
Explorer

Hey there,

Im facing similar problem, im running win10 in Parallels app on M1 macbook air. The problem is that I need to have my native os (macOSX) connected to corporate VPN while WIN10 connected to a client. I've installed Check Point mobile E86.80 and i can not even open the menu to configure sites. I see error -  connectivity with the vpn service is lost. Any thoughts how to solve this?

Thanks

 

 

0 Kudos
G_W_Albrecht
Legend
Legend
0 Kudos
(1)
Sajgon107
Explorer

Hello,

i'd like to ask you, one our client is using certificate + ldap password on the VPN remote access, I've successfully installed my certificate but still have error while connecting. Is there any way how to troubleshoot this erorr?

Screenshot_2023-10-03 15.43.06_31bVkS.png

0 Kudos
_Val_
Admin
Admin

Use username/password auth, ut us a GW side issue

0 Kudos
Bob_Zimmerman
Authority
Authority

It’s not something Parallels is doing. The computer is ARM. The host macOS is ARM. Parallels runs ARM VMs on ARM hosts. The guest instance of Windows is ARM.

The ARM version of Windows has instruction translation similar to Apple’s Rosetta 2. The translation in question is done entirely by Windows with zero involvement from Parallels or macOS.

I think the same problem would happen with the ARM version of Windows running directly on hardware like the Surface Pro X.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 23 Apr 2024 @ 08:00 AM (CDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Tue 23 Apr 2024 @ 08:00 AM (CDT)

    South US: HTTPS Inspection Best Practices

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events