hi there,

is there any update regarding support for linux users for VPN MFA?

The situation is the same as previously stated.
I recommend engaging with your local Check Point office with this requirement.

@PhoneBoy Thank you. I read in other posts that SNX client is not working with recent Ubuntu versions, nor with MFA. I don't know really is what is. From what I read on this site, it is something that the Endpoint admin has to setup, but unfortunatelly I doubt they will do it.

@G_W_Albrecht Thank you for your reply. It's R84.30 or newer. I tried to follow and adapt the tutorials of @Soeren_Rothe on this site (on Ubuntu desktops 22.04 and 21.10), but it didn't work for me because I didn't know how to adapt to the differences (Soeren is using pre-shared secret; our server seems to use a certificate).
In the Windows client, I just create a new connection (by entering the host name), confirm the server certificate fingerprint (because its root CA is self-signed) and then it's ready to use (I just enter username/password and confirm in Authenticator App).
By reading the Windows client extended logs, I saw that our config uses username+password authentication, but I didn't find info about the server certificate (I do have the root CA certificate).

It's R84.30 or newer. --> I mean the Gateway you connect to must be at least R81 to use strongSwan.

Thank you for you quick reply. How can I check what version is my Gateway?

That depends on your level of access:

- ask the FW admin

- connect to GWs GAiA portal, you do not need to login

- start SmartDashboard and look at the GW version

- connect to GW using SSH and issue # fw ver

There is nothing you can do as an end user to enable Remote Access via a Linux system.
You will need to work with your admins directly on this.

Could you please be some more specific? Maybe give some hints on which are the main configuration elements that admins and user should take into account to make connection from Linux possible?

See VPN Client for Linux

In order to give more specific details, I would need to know what precisely what versions are involved.
In general, though, there are two clients supported from Linux: SNX and StrongSWAN.

SNX is generally configured as part of Mobile Access Blade.
Refer to the relevant product documentation for your version: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_MobileAccess_AdminGuide/Cont... 
The MAB Deployment Agent is used to deploy/activate SNX from the Mobile Access Portal.
This requires JDK to be installed on client computers.
See also (for requirements): https://support.checkpoint.com/results/sk/sk114267 

StrongSWAN requires gateways running R81 and above and specific configuration.
Refer to the product documentation:
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C... 

Couldn't agree more.  As a developer on Linux, I've suffered for multiple years trying to access our checkpoint system, having to use an old an insecure version of SNX to connect.  Once we went to 2FA, IT had to setup an AWS entrypoint since Checkpoint no longer worked for me.

Checkpoint uses Linux but doesn't provide a Linux client.  Shameful.