This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
itmoelln
Explorer
13 hours ago
Jump to solution

VPN Setup for Clientless Mobile Devices (R82)

All the different VPN options and its namings are quite confusing with Checkpoint and make research harder. We want to enable iOS and Android devices to use native "Always On" VPN with our Checkpoint Gateway. From what I found IKEv2 is required by iOS to be able to setup "Always On VPN" and manage it by an MDM. From what I read IPSec and IKEv2 was improved with R82.

What do I have to configure to enable the mobile clients to connect clientless to our Gateway? (We're also using Endpoint Security VPN for the Windows Clients in parallel, as Clientless VPN under Windows doesn't seem to be an option yet.) The information from the manual wasn't really helpful yet. A guide for where and what to configure would be helpful. Found the general VPN settings under global properties -> VPN and Remote Access and cluster properties -> IPSec VPN and VPN Clients but don't really know what are the relevant aspects for that usecase.

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
5 hours ago
Jump to solution

The only truly "clientless" option supported is L2TP over IPsec, which also works on Windows. 
According to this thread, you need "Allow older clients to connect to this gateway" checked: https://community.checkpoint.com/t5/General-Topics/Allow-older-clients-to-connect-to-this-gateway-di... 

View solution in original post

the_rock
MVP Diamond
MVP Diamond
5 hours ago
Jump to solution

Yes, what Phoneboy mentioned is what you need to do. I actually had TAC case about this few months ago and they advised me the same.

Best,
Andy

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
5 hours ago
Jump to solution

The only truly "clientless" option supported is L2TP over IPsec, which also works on Windows. 
According to this thread, you need "Allow older clients to connect to this gateway" checked: https://community.checkpoint.com/t5/General-Topics/Allow-older-clients-to-connect-to-this-gateway-di... 

the_rock
MVP Diamond
MVP Diamond
5 hours ago
Jump to solution

Yes, what Phoneboy mentioned is what you need to do. I actually had TAC case about this few months ago and they advised me the same.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 24 Feb 2026 @ 04:30 PM (EST)

    Las Vegas: MDR/XMDR
    In-Person

    Wed 25 Feb 2026 @ 04:30 PM (MST)

    Tempe, AZ: MDR/MXDR
    CheckMates Events