This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SriNarasimha005
Collaborator
Sunday

RDP server config for Clientless users

Hello Everyone,

We have a checkpoint firewall operating on R82 with mobile access VPN activated. It is set to 'application' mode.

In the native application -> endpoint applications, I am specifying the path for native RD (c:\windows\system32.mstsc.exe) where the mstsc application is installed on the endpoint machine and configuring the IP address in the parameter section.

When I click the link, I'm getting the login prompt to enter the creds tor Windows users. How are they able to log in to the destination server without the office mode IP address?

I'm neither using SNX to assign an IP address from office mode nor Apache guacamole server in this case.

Can someone please brief what's happening under the hood? Thank you.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
Monday

I presume we are using some variant of the techniques that already exist to reverse tunnel RDP over various HTTP Reverse Proxies (which is what MAB is, effectively).

0 Kudos
SriNarasimha005
Collaborator
Monday
In response to PhoneBoy

Hi @PhoneBoy 

Thank you for your response. It appears to be functioning well on Windows.

Is there an equivalent solution available for MAC users without utilizing the Apache Guacamole server?

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to SriNarasimha005

Presumably, the information necessary to achieve this is sent directly to the app in question (the Windows RDP app), either via the command line or an .rdp file.

You would have to create another Native Application that launches the macOS version of the Microsoft RDP app, which is called "Windows App" (used to be called Remote Desktop) and available from the App Store.
The path to the executable, when installed, appears to be: /Applications/Windows App.app
That advice is based on https://support.checkpoint.com/results/sk/sk105639 which suggests this is possible.

0 Kudos
SriNarasimha005
Collaborator
yesterday
In response to PhoneBoy

Hi @PhoneBoy 

Thanks for the info. While we're trying to get this tested, I've come across below one.

sk104008 - Mobile Access Blade SNX (Native Application) Application Mode does not work with Mac OS X

Is this still valid? Any idea on this.

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to SriNarasimha005

I suspect it is, given the date on the SK you found versus the one I found.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Fri 12 Jun 2026 @ 09:00 AM (CEST)

    Netzwerk- & Cloud-Workshop: Wien
    In-Person

    Tue 16 Jun 2026 @ 09:30 AM (BST)

    DDOS MasterClass in London!
    In-Person

    Tue 16 Jun 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    CheckMates Events