BMD Cloud: Installing the VPN client (macOS)

1. Installing the VPN client – Check Point Mobile
    1.1. Installing the program
2. Setting up the Check Point connection
3. Check Point client troubleshooting
    3.1. Firewall ports
    3.2. Renew VPN certificate
    3.3. Other reasons why you might not be able to establish the VPN connection

Detailansicht Technik1.    INSTALLING THE VPN CLIENT – CHECK POINT MOBILE

Detailansicht Technik1.1. Installing the program

Under Settings → Security & Privacy, allow applications from identified developers.

Download the VPN client from our FTP server:
https://ftp.bmd.com/BMD-Cloud/mac-osx/

Unpack the DMG files and start the installation:

If a warning with regard to the security settings appears, allow applications from identified developers once more under Settings → Security & Privacy. If the software is blocked explicitly, click Open Anyway.

Confirm the next security prompt by clicking Allow as well. Also install the Check Point Firewall.

When the window for the firewall settings appears, open the System Preferences and allow “Check Point Firewall”. Click on “Allow” in the next prompt as well.

Finally, check whether the applications have Full Disk Access.

If the programs are not listed, add them as explained below:

Sort by Date Added. Usually, this is the most helpful option.

Detailansicht Technik2. SETTING UP THE CHECK POINT CONNECTION

In the menu bar, you can now find the lock icon of Check Point Mobile.
Click on the icon and select “Connect to...”.

Next, this window will appear:

Confirm with “Yes” and click on “Next” in the next window.

Enter the data corresponding to the BMD Cloud environment and press “Next”.

Austria
shield-linz.bmd.com

Germany
vpn.bmdcloud.de

Switzerland
shield-aspch.bmd.com

Choose the highlighted settings on the following pages and confirm them by pressing “Next”.

The main window of the Check Point Mobile client:

PLEASE NOTE! The certificate must be stored on a local drive—not on a network drive and not in the iCloud! When changing the computer, you can copy the certificate to the new computer and delete it from the old one.

If several Mac users want to use the VPN connection, this is best practice: Save it to the Shared folder. After establishing the VPN connection, different users can enter the cloud in the Parallels Client. The username of the certificate is irrelevant!

Now, you must grant TracSrvWrapper Full Disk Access.

Enter your password again in the main window of Check Point Mobile and click “Connect”.

Once the lock icon of Check Point Mobile in the menu bar is displayed with a permanent green circle, an active VPN connection to the login servers of BMD Cloud has been established.
 

Detailansicht Technik3. CHECK POINT CLIENT TROUBLESHOOTING

Detailansicht Technik3.1. Firewall ports

If you have any issues creating or renewing the certificate, please check the following outgoing ports to shield-steyr.bmd.com and the port of the firewall of your choice (see section 2. Setting up the Check Point connection).

UDP 500 – IKE
TCP 500 – IKE over TCP
TCP 264 – topology download was used by SecureClient
TCP 18264 – ICA certificate registration
UDP 2746 – UPD encapsulation

Detailansicht Technik3.2.    Renew VPN certificate

To renew the certificate, click on “Renew” and enter the Check Point certificate password.

Detailansicht Technik3.3.    Other reasons why you might not be able to establish the VPN connection

• Another VPN connection is already active.
• The certificate is synchronised with a cloud storage (Google Drive, OneDrive, etc.) or located on a network drive.
• The Check Point Mobile client is too old: simply carry out the current setup. This will update the client.