Hello, thanks for the reply.
It's working fine on Windows.
I enabled the options for MacOS, but if I don't enable the compliance option on the MAC endpoint, it won't allow clients that don't verify SVC to log in.
These are unmanaged MACs and I can't guarantee that they will enable the compliance option, so I wanted to block VPN access from any MAC. Would that be possible?
Attached is the SVC file I'm testing.

Tks

It shouldn't matter if you enable Compliance on the Mac endpoint or not.
You've included Mac-specific checks in your local.scv file (the SCVPolicyMac abd SCVNamesMac sections).
These should be removed if you do not want Macs to connect.

Even after removing sessions (the SCVPolicyMac abd SCVNamesMac), the MAC remains connected normally to the VPN.

New svc file

Please check that SCV is actually enabled in Global Properties and the option to ignore when the client doesn't support it is NOT checked as shown below.
Otherwise, I suggest engaging with TAC.

Hello, thanks for the reply.
But I need to completely block MAC users from accessing the site, not even letting them log into the VPN.

Tks

K, understood. I dont know for sure how SCV would work in such instance (never really tested it), but maybe worth check with TAC. let me do some tests in the lab and see how far I get.

Best,

Andy

This is what AI Copilot provided, though to me, seems very similar to the sk you mentioned.

Andy

****************************

To block macOS access to the VPN client, you can stop the Check Point VPN service and GUI process. Here are the steps to do this:

1. Open the Terminal on the macOS endpoint computer.

2. Stop the GUI process:

   sudo launchctl bootout gui/$(id -u) /Library/LaunchAgents/com.checkpoint.eps.gui.plist
   

3. Stop the Check Point VPN service:

   sudo launchctl bootout system /Library/LaunchDaemons/com.checkpoint.epc.service.plist
   

These commands will stop the Check Point VPN client from running on the macOS endpoint computer. If you need to start the services again, you can use the following commands:

1. Start the GUI process:

   sudo launchctl bootstrap gui/$(id -u) /Library/LaunchAgents/com.checkpoint.eps.gui.plist
   

2. Start the Check Point VPN service:

   sudo launchctl bootstrap system /Library/LaunchDaemons/com.checkpoint.epc.service.plist
   

This will re-enable the Check Point VPN client on the macOS endpoint computer.

Beowulff_ and Andy,

Have you been able to make any progress on blocking MacOS users? I have a similar scenario and sk182226 also did not resolve.

Thanks

Dan

Hey Dan,

I might try it this Sunday in R82 lab.

Btw, did you ever end up opening TAC case about it?

No sir, I just started looking into this as a new issue for me. I think it was Phone Boy who suggested that the original post owner  Beowulff_engage TAC.

Dont worry, I got you. Sorry, just came back from Africa and Canary Islands, no lab access there lol

Once Im back from my folks in Totonto to my home in Ottawa on Sunday, will definitely give this a go.

Hey Dan,

What version are you on? Please let me know, so I can try it on the right one. I have either R81.20 or R82

Hey Dan,

Sorry, was going to try this today, but tired after long drive, so will give it a go tomorrow.

Hey Dan,

Just to update you, tried this on R81.20 and R82, no joy, sorry mate : - (. I wont give up though.

Thanks Andy.

Per your message on Saturday this is R81.20 for Mgmt and Gateways. Did we ever hear from Beowulff_to see if a TAC case was opened?.

Had not seen any confirmation on that, sorry.

Always awesome to find the solution.

You can also use Access Roles with a Remote Access Clients configuration.  For your users in your existing access roles, update those to include specific client versions as well.  That ought to take care of it.