Create a Post
Showing results for 
Search instead for 
Did you mean: 

Mobile Access License and VPN License


I have something to ask about mobile access license and vpn. [Cluster HA Mode]
1. I have enable mobile access and ipsec vpn blade.
2. I know that maximum for mobile access concurrent is 5 concurrents.
3. I configure policy about all and it work properly.(use vpn check point endpoint security vpn)
4. I use eval license to test. In monitoring I see number of users[more than 100 users in remote user tunnel] on IPsec vpn blade but there is 0 number of active session in mobile access. Why ?
5. I need 200 concurrent. Then I buy CPSB-MOB-200-HA license.
6. I don't understand about concurrent in license. If my eval license end and use CPSB-MOB-200-HA, will my vpn concurrent connection work ?
7. Please clarify about limitation vpn concurent connection in license, remote access[IPsec], Mobile access.


Thank you.

0 Kudos
5 Replies

as been discussed here a lot recently, but i will do a short survey:

CP has two kinds of RA blades and licenses, see sk67820: Check Point Remote Access Solutions for all details! Also helpful is sk166032: Remote Access FAQ covering IPSec and HTTPS portal based VPN solutions.

First way is Endpoint Security IPSec VPN client, that is Endpoint Security VPN (also included in Endpoint Security Suite) licensed per seat (GW remembers the client).

Second is Mobile Access Blade SSL VPN, containing MAB Portal, SNX client, Capsule Workspace for iOS / Android and Check Point Mobile for Windows (also doing IPSec but can do SSL if needed). All these are licensed by concurrent users and do not remember clients. In Clusters, main node has a CPSB-MOB-200, other CPSB-MOB-200-HA.


Thank you for the information.

0 Kudos

If you're using an IPSEC VPN client, it will terminate on VPN blade (not Mobile Access).
However Endpoint Security VPN/SBA and Mobile Access licenses can be used for IPSEC VPN clients.
0 Kudos

I have one more question:

I use eval license and I disable IPsec VPN blade and only enable mobile access blade on gateway but I can connect vpn via check point endpoint security vpn.

As follow in an answer in sk166032

16. Can I connect an Endpoint Security VPN client to a gateway having only a Mobile Access Blade license attached?

No, only Check Point Mobile for Windows, SNX, Linux and Capsule Connect clients can be connected.


Why can I connect vpn on mobile access mode via endpoint security vpn?


Thank you

0 Kudos

The only functional difference between Check Point Mobile and Endpoint Security VPN is the inclusion of a Desktop Policy.
If you don't have a Policy Server defined in your environment, the client will act like Check Point Mobile.
Not sure if that's the intended behavior or not, but that appears to be how it operates.