This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
loic_76
Explorer
‎2024-10-06 08:05 AM

vpnconfig alternative

Hi

Since my new job (a few years ago), my company used to create pre-configured Endpoint Security packages with trac.config (an encrypted file that contains the VPN site config) included using AdminMode.bat.

Then we migrated to managed VPN clients by using SmartEndpoint (because of the firewall included)

Then we had to use vpnconfig (https://support.checkpoint.com/results/sk/sk122574) because we also edited trac.defaults file

But it was a difficult task to provide a new VPN client because of the steps amount:

  • Generate a package from SmartEndpoint
  • Install it (to generate trac.defaults new version)
  • Connect one time (to generate trac.config)
  • Change several settings in trac.defaults and get trac.config
  • Use vpnconfig to create a new msi
  • Uninstall Endpoint Security
  • Install the newly vpnconfig generated msi to verify everything works as expected.

The main goal of the script I developed is to re-create a vpnconfig alternative that can automate all steps. Dynamic packages are also managed by this script (because since they upgraded the antimalware blade, now the MSI minimum size is 900MB...). Dynamic packages are also minimized to remove useless things, if like us, you only use VPN and firewall (with the script I generate a 100MB VPN client).

The script needs to be configured with json files. Don't forget to edit all json files as the files in the input folder are examples.

The whole project is here: https://github.com/qqt-lo4/CheckPoint_CustomizePackage

Documentation here: https://github.com/qqt-lo4/CheckPoint_CustomizePackage/blob/main/DOC.md

Regards,

Loïc

3 Replies
_Val_
Admin
Admin
‎2024-10-07 05:11 AM

Looks like a nice addition to our ToolBox. I will contact you directly to process it.

0 Kudos
loic_76
Explorer
4 weeks ago

Hi

New release of the script (version 2.2)

Changed :
- selecting the right file (EPS.msi or install.exe) was not working
- a 2.1 version was not using the good sfxConfig.txt
- EXE extraction is done on a temp subdirectory which change each time
- output folder contains now selectedBlades (if dynamic package is selected)
Added :
- now you can download a package from your management server using this script
- opening file explorer at the end of package generation

 

Regards,

Loïc Ade

(1)
the_rock
Legend
Legend
4 weeks ago
In response to loic_76

Super interesting...I will forward this to my colleague that used such utility in the past I believe.

Thank you!

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events