Will the EA be coming to 80.40?  We're currently running 80.10 and planning to upgrade to 80.40, completely skipping 80.30.

Also, will the setup get simplified?  For example, the ability to run guacd on the gateway directly vs needing another Linux server?

If we will decide to port the HF to the GA, the configuration would be done from the SmartConsole.

The Guacd would still need to run as an external container.

Hi, 

1. On the first time the user clicks the RDP link, he is going to be asked if he wants to reuse the credentials he used to login to the           MAB portal or to provide different credentials, which would also be saved.

     You can see this behavior at the end of the video.

2. As this HF is currently an EA and we are evaluating customer satisfaction, we have developed it to support only on R80.30 with            Kernel 2.6 and Jumbo 155.

    Based on the feedbacks and the number of requests we would get, we would decide if we are going to put efforts on porting this       HF to the GA  version.

    Your request has been counted 🙂

Hi Shay, I'm trying to find out if this has moved into a supported mode in R81 or has been dropped.  I have a customer case where this would solve the problems they are having.

It is included in R81 mobile access admin guide. 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_MobileAccess_AdminGuide/Topics-MAB...

It was confirmed during one webiner this feature is now GA in R81.

Hi Shay,

per our discussion here are the questions that I have about this:

I do have some questions that I wanted to ask of you/developers.

1. Can Azure AD be utilized for Active Directory connection (currently it's not synched to local AD2003, AD 2008, AD 2016 - They are in the process of migrating up to AD 2016)
2. If clientless ssl and SNX are both configured, how does it differentiate when a user connects in as to which one they will use (assume it's based on the url)
3. For the Apache server (CentOS8.3) running guacd, they are expecting to have an average of 140 users connecting concurrently, and a max of 250.  Do you have any feeling of how much of a server they would need to support this (HyperV, dedicated to only the guacamole docker)
4. For the MFA(2FA)  they are looking at ( text message, Microsoft Authenticator, Duo)
5. Currently they are on R80.30 with a separate Management Server and Endpoint server. I plan on bringing both of those and the gateway cluster up to R81 hfa 13. Anything that I need to be aware of with the Endpoint server and this integration?

Any feedback would be appreciated.

1. MAB can be configured to authenticate users against Azure AD ,it supported from R80.40.

2. In MAB, browsing directly to a portal link uses the clientless option, while clicking the 'Connect' button invokes SNX.

    Clicking on a link within SNX's category initiates a layer-3 VPN connection.

3. Currently we don't have any sizing information for Guacamole.  ( if you deploy it on public cloud ,the solution is to use autoscale/vmss/mig)

4. SMS OTP ('DynamicID') is supported by MAB. The other two methods aren't directly integrated with MAB's portal, but MAB may support them if they can be configured as a             .  standard authentication server with multi-challenge authentication.

5. MAB's Guacamole support is fully integrated into R81 GA.

Hi Shay, thank you for the responses. It helps out with the implementation that I'm working on.

As part of this, I'm wondering about the configuration of the of the web application object itself (by the way, the very light blue header with white text makes it hard to read what it is).

In the authorized locations portion, multiple servers can be selected which could be very useful depending on configuration.

The question then becomes how do you specify the ip address for the multiple servers in the "Link in Portal" portion?

http://guacamole?host=*.*.*.*&port=22    ?

Appreciate some feedback on this.

As for any other application type (esp. Web applications), the management doesn't support setting multiple favorites.

End-users can set favorites for themselves if they'd like to.

If the goal is setting up a different machine for each user, which also enforces access control, you could use the '$custom' macro instead.

end users setting favorites themselves is not really a scalable solution. Workaround could be to push favorites to all of the users beforehand, but if I correctly remember favorites are stored in some database file, which probably cannot be modified or amended easily.

Hi Shay,

Can it be done on R80.40 ?
If it's still EA, where can I signup ?

P.S. the video also states that all the (install) commands will be posted somewhere, where can I find those ?

Try to play with the following attributes to see whether they have any effect:

If not, we could try tracing the connection, but if the crash is on the Windows 7 side, it sounds like it's Windows' fault.

R81 and above are officially supported.
See: https://support.checkpoint.com/results/sk/sk123842 
And the relevant version of the Mobile Access guide: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_MobileAccess_AdminGuide/Cont... 
Note this still requires installing a separate Guacamole server.

Is there a migration path going forward to another solution that provides the clientless RDP/SSH access in R82 or will this continue to be an 'acceptable solution' (which TAC does not seem to have good documentation for customer support).  I know there are customers using this, and being locked to an older version of guac is not real comforting.

Any info is appreciated.

Harmony Connect offers this functionality today and does not use Guacamole.
In terms of updating MAB with a different solution (or an updated Guacamole), not familiar with such plans.