Create a Post
Showing results for 
Search instead for 
Did you mean: 

SSL Network Extender Application mode + office mode


I've got a question regarding the diffrence between SSL Network Extender Application mode and Network mode.

I have configured Mobile Access to allow access to a internal server on RDP via VPN SSL.

When CheckPoint Mobile Access Portal Agent is installed with admin local rights on client computer, office mode is used. IP is assigned and connection to RDP client works.

When CheckPoint Mobile Access Portal Agent is installed without admin privileges, office mode is not used. There is no IP assign to client. I can see in logs after the mobile access log entry a connection log from internal IP of the gateway to internal server on RDP service.

So, I need to add a rule to allow gateway to join server on RDP to make it works from VPNSSL client.

Is it a normal behaviour ?

I checked the NAT part and there is no NAT rule apply.

Hardware is 5200 appliance cluster HA and version is R80.40 Gaia.


Thank you for your help.

Best regards,

Le ber



0 Kudos
1 Reply

If the client isn’t using an Office Mode IP, what IP would you expect the communication to originate from?
The need for an explicit rule seems weird in this case, but it it also doesn’t seem like an unreasonable workaround if it solves your issue.
Might be worth a TAC case.

0 Kudos