Mobile Access requires a fixed IP address to operate.
If you configure the gateway with a Dynamic IP address, Mobile Access Blade is not available (see screenshot below).
Even with traditional IPsec VPN, the gateway IP is ultimately what is resolved in the local configuration.
When that IP changes, your clients will not be able to connect.
If the IP rarely changes, you can configure the gateway with a static IP and update the configuration when the local IP changes.
However, this will require manual intervention when the IP does change.
The Odo solution I mentioned previously has none of these issues.
An on-premise agent runs in an on-premise Docker container that initiates an outbound connection with the Check Point cloud.
Access to on-premise resources is mediated through a controller that operates in the cloud, where your end users connect.
No inbound access is needed (thus no need for remote users to know your local IP).
If you're interested in the above solution, I recommend connecting with your local Check Point office.