This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CP-Shark
Collaborator
16 hours ago

Initial client including VPN site

Hello everyone,

I’ve recently switched our deployment strategy to use the Check Point Initial Client to ensure our endpoints always fetch and install the latest available version.

However, because the initial client package is generic, it installs without our custom VPN site pre-configured.

Could anyone share the best practices or scripts to automate the VPN site configuration locally on the endpoint immediately after the initial client installs?

Note: We are not motivated to use a centralized push operation from the portal.

Any hints, scripts, or documentation references would be highly appreciated!

Cheers, Olli

 

CCES / CCSA / CCSE
0 Kudos
2 Replies
PhoneBoy
Admin
Admin
14 hours ago

While the paths are different, you should be able to use the CLI to add a site: https://support.checkpoint.com/results/sk/sk55620 
The other option would be to replace trac.config on the client: https://support.checkpoint.com/results/sk/sk183469 

0 Kudos
Duane_Toler
MVP Silver
MVP Silver
14 hours ago

Are you using the Endpoint Security / Harmony Endpoint suite? Or just the VPN-only client?  You can't use the Initial Client with the VPN-only client (the unmanaged client).

With the Harmony Endpoint suite, the Initial Client is created with the address of the Endpoint/Harmony Security server defined when you export the package from the package deployment.  Initial Client is to be used when users are already on your network somewhere and have direct access to the Endpoint server (assuming you're not using the cloud service).  If your users are remote-only, then you need to send them a full package with the VPN site and feature blades pre-defined.

When you do this, be sure you have a Software Deployment rule configured that will match the blades and components of the exported package; otherwise, when the client installs, the first thing it does is check the Software Deployment rules for any blade updates (install/remove blades) before it tries to load a policy.  This may result in multiple reboots while the client is trying to align itself with the server.

Hope that helps!

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events