This SK is also valid for Gaia embedded  right?

It's not explicitly listed, but it should apply there as well.
Note that the release notes for R82 EA explicitly lists IKEv2 support.
It also requires specific Endpoint client versions.

R82 is planned for Embedded Gaia also.

Interestingly, we find this in the release notes of R81.20 Take 70:

Yes, because some clients already use IKEv2:

• Capsule VPN clients, which are largely wrappers around the built-in supplicants in the underlying OS, e.g. Windows).
• Strongswan for Linux, which has been supported since R81.

R82 will add support for IKEv2 for our native (Windows, macOS) VPN clients.

Whether you will be able to configure IKEv2 in e.g. Windows without Capsule VPN is a separate question.

Is there any update to this? I tried last week at CPX 2025 to get a definitive answer about this and hit a brick wall.

I am using R82 in a lab environment. IKE v2 is enabled. Capsule Connect for IOS connects and uses IKE v2, but the latest Windows Remote Access VPN Client (Check Point Mobile) E88.60 Build 986105801 still does not support IKE v2.

VPN connection is only possible when: "Prefer IKE v2, support IKE v1" is selected.

Capsule Connect for IOS connects and uses IKE v2 perfectly, but if "IKE 2 only" is selected, then the Windows VPN Client cannot connect.  The documentation says it is supported.  

My R82 Gateway is using the following settings for Remote Access VPN:

Phase 1: AES-256. SHA256, DH Group 21 (521-BIT ECP)
Phase 2: AES-256. SHA256.

The above works perfectly, but only when IKE v1 is supported.
I've tried low encryption settings, but it makes no difference to the IKE issue.

Hello PhoneBoy,

Thanks very much for publishing the solution.

I can confirm that IKE v2 is now working with my R82 Lab setup using the Windows Remote Access VPN Client [E88.60] using the Registry modification 😃.

I'm assuming a future release of the Windows Remote Access VPN Client will remove the need to make a manual Registry change?

I assume so, yes.

Since testing the disable_ikev2 Registry workaround with Remote Access VPN Client for Windows version E88.60 Build 986105801, and confirming IKEv2 did actually work, Check Point have now released the the Remote Access VPN Client for Windows version E88.63 Build 986105843 - and unfortunately the disable_ikev2 Registry workaround no longer works.

Update: 2025-03-11: The Remote Access VPN Client for Windows version E88.70 Build 986105912 doesn't work with the Registry workaround either. The only option is to re-enable the setting: Prefer IKEv2, support IKEv1 in Global Properties.

(The Remote Access VPN Client for Windows is installed in Check Point Mobile Mode)

The VPN connection fails with the message: The gateway does not support IKEv1.

This is really disappointing.

Can Check Point's official roadmap be shared as to when IKEv2 will be fully supported in the Remote Access VPN Client for Windows?

Also, just my observation, but why does the Remote Access VPN Client for Apple Mac seem to be getting all the attention, with major feature enhancements being released far sooner than the Windows version? In my experience, businesses have far greater dependencies on corporate Windows machines needing VPN access to the network, Mac's are rarely a priority in the corporate landscape.

I would report the issue with IKEv2 not working in the newer clients via TAC.

We paused our normal Harmony Endpoint releases on Windows for a period of time to address some performance, stability, and resource utilization issues, which should be fixed in E88.70 (see also the upcoming TechTalk: https://checkpoint.zoom.us/webinar/register/7716236883663/WN_H8rPnR5ETkOxoDh9kEdnag ) 
This impacts the standalone VPN clients also, which use the same code.
Meanwhile, we've had a couple of Harmony Endpoint releases on macOS (E89.01 being the most current).

I expect the Windows version will "catch up" to the Mac version in the coming weeks.