[RayPesek]

abusharif probably nailed it with his/her NAT comment. Somewhere you should have a NAT setting. For instance, if you have a network object for your LAN, check it's NAT tab and see if you have it checked and set to "hide" behind the gateway. This is similar to Cisco's PAT functionality. You can run a Cisco VPN client from behind FW-1 without needing a static IP address or static NAT.

Or look at the NAT tab on the security policy and see if anything there looks like it would be handling this for you.

Also note that the pre-defined service named "RDP" is NOT Remote Desktop Protocol. It's a Check Point protocol where remote access clients can probe the gateway to figure out which interfaces it can reach.

I create a new TCP protocol named Terminal_Services for TCP 3389 for Microsoft RDP.

Note that when you make changes, you must push the policy for it to take effect. At this stage of your learning, you absolutely want to make sure you create database revisions when pushing a policy.

Ray