I have configured two access rules for vpn clients with Check Point Mobile for the remote access community. One to allow access to a legacy user goup and the other to give access to an ldap group work very well.
But in office mode I had to give access to all users since I cannot specify a group since it does not allow me to create a group that includes legacy and ldap users. This means that all my AD users (whether or not they are in the rule's ad group) can connect to the Check Point mobile client and give them ip, even though the rules later block their traffic because they are not in the allowed group .
I wish that users who are not in the specific group of AD are not given the office mode, without affecting my legacy users.
I have my management and my gateway in R80.10.