This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
IWildcard
Explorer
Tuesday

Deploy list of VPN sites for macOS

Hi all,

I am trying to deploy a list of VPN sites that users can choose from, along with the CheckPoint client on all our company Macs.
Is there any documentation that describes how to do that?

As far as I understood, the trac.config file needs to be edited adding the details of each vpn site, but how is that done? Is there a specific console?

Thank you.

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
Tuesday

The best way to “edit” trac.config file is to use the client to configure the required sites, then distribute trac.config.
On Windows at least this trac.config can be bundled into the installer.
Believe this is also possible on the Mac, but I’m not certain of the exact steps.

0 Kudos
IWildcard
Explorer
yesterday
In response to PhoneBoy

Hi @PhoneBoy,

Just to clarify, are you suggesting that I set up all the VPN sites that we need to push to the CheckPoint client on a test Mac, then export the final trac.config file and distribute it to all devices?
I have tried this, and it appears to work well.

However, I’m facing another issue and would appreciate your assistance with it:
Occasionally, we need to add or remove VPN sites and deploy the updated trac.config file to our Macs.
I followed the same procedure, added a couple of VPN sites, and attempted to distribute the updated file. However, when trying to replace the trac.config file on Macs that already had the client installed, I encountered an issue where the file could not be replaced.
What's the correct way to stop the service before deploying the updated trac.config file to ensure the replacement goes smoothly?

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to IWildcard

Yes, you have it correct, and yes you need to stop/start the relevant service to replace trac.config on a system with the VPN client running/installed.
The two commands to do this are:

  • sudo launchctl stop com.checkpoint.epc.service
  • sudo launchctl start com.checkpoint.epc.service
0 Kudos
IWildcard
Explorer
8 hours ago
In response to PhoneBoy

Thank you for the quick reply @PhoneBoy.

The commands that you mentioned in your previous message seem to work for stopping the vpn service (I was connected when I launched the first command, and got immediately disconnected).
However, I was still unable to replace the trac.config file in the folder /Library/Application Support/Checkpoint/Endpoint Security/Endpoint Connect, receiving an error message saying that the operation was not permitted.
My assumption is that the file is still locked by another CheckPoint service on the device.

0 Kudos
the_rock
Legend
Legend
Tuesday

Is this what you are looking for?

Best,

Andy

 

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_RemoteAccessVPN_AdminGuide/T...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events