@PhoneBoy Thank you. I read in other posts that SNX client is not working with recent Ubuntu versions, nor with MFA. I don't know really is what is. From what I read on this site, it is something that the Endpoint admin has to setup, but unfortunatelly I doubt they will do it.

@G_W_Albrecht Thank you for your reply. It's R84.30 or newer. I tried to follow and adapt the tutorials of @Soeren_Rothe on this site (on Ubuntu desktops 22.04 and 21.10), but it didn't work for me because I didn't know how to adapt to the differences (Soeren is using pre-shared secret; our server seems to use a certificate).
In the Windows client, I just create a new connection (by entering the host name), confirm the server certificate fingerprint (because its root CA is self-signed) and then it's ready to use (I just enter username/password and confirm in Authenticator App).
By reading the Windows client extended logs, I saw that our config uses username+password authentication, but I didn't find info about the server certificate (I do have the root CA certificate).

It's R84.30 or newer. --> I mean the Gateway you connect to must be at least R81 to use strongSwan.

Thank you for you quick reply. How can I check what version is my Gateway?

That depends on your level of access:

- ask the FW admin

- connect to GWs GAiA portal, you do not need to login

- start SmartDashboard and look at the GW version

- connect to GW using SSH and issue # fw ver

There is nothing you can do as an end user to enable Remote Access via a Linux system.
You will need to work with your admins directly on this.

Couldn't agree more.  As a developer on Linux, I've suffered for multiple years trying to access our checkpoint system, having to use an old an insecure version of SNX to connect.  Once we went to 2FA, IT had to setup an AWS entrypoint since Checkpoint no longer worked for me.

Checkpoint uses Linux but doesn't provide a Linux client.  Shameful.