This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Perry_McGrew
Contributor
‎2021-12-10 05:00 AM

Capsule VPN (MS Store) / Remote Users

We apply a standard corporate image to PCs. 

Our End Users do NOT have local Admin Rights to any Corporate PC,  Prevents Malware and (most) unauthorized software installations.

We have many users now that do NOT return into the Corporate LAN.  

We have been using SSL Extender -- but supporting the client has become difficult.   It requires Admin Rights to install **and** update when a new version of CP Firewall is released.   This includes the "Check Point Mobile Certificate" that the SSL client apparently needs in the user's Trusted Root Certification Store - users can not update this Cert store.   Past Workaround has been modifying the text files on the gateways so that SSL VPN connection release does not try to update.   I can't express the huge disruption this causes for our Help Desk staff in the past after a Gateway upgrade and all our Remote users can no longer VPN using the SSL Extender.  There has to be a better way....

We found the Check Point Capsule VPN in the Microsoft Store.  We have been moving Remote Clients over to it as it does not require Admin rights.   I understand it is a "wrapper" for the native Windows VPN.   

Unfortunately I have an IT Tech that the Capsule client has stopped working  -- just times out.   There appears to be nothing in the Add / Remove programs to uninstall or in any MS KB that could lead us to resolving the issue.  Going back to MS Store and it detects it is already installed (just shows the "Open" button).   I have entered a ticket into support -- and I am hoping that we don't get caught into finger pointing situation between Check Point and Microsoft to try to fix it. 

Ideally, I'd prefer some more permanent solution where a CP VPN client can be installed / updated on any user PC without requiring Admin rights -- especially on PCs that never return inside the Corporate LAN.   Suggestions welcome!

TIA

0 Kudos
1 Reply
G_W_Albrecht
Legend
Legend
‎2021-12-10 05:56 AM

Honestly, i have never heard of SNX issues after upgrades. But to deploy EPS without user intervention and admin rights, we have Harmony EPSS and the corresponding clients.

CCSE CCTE SMB Specialist
0 Kudos