This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jennyado
Collaborator
Wednesday
Jump to solution

Creating a Preconfigured PKG for macOS (Similar to VPN Utility MSI Generator)

Hi everyone,

I’m wondering if anyone has managed to create a preconfigured PKG installer for macOS, similar to how the VPN Utility tool lets us generate preconfigured MSI installers for Windows.

My goal is to:

 

  • Deploy the Check Point VPN client for macOS

  • Have it automatically include a predefined VPN site

  • So that the user can just install the package and connect — without having to manually add the site or configure anything

 

But for macOS, I haven’t found an equivalent way to embed configuration files or prepopulate settings during installation.

So, questions:

  • Is there any official or supported method for building a preconfigured .pkg installer?

Thanks in advance!

Labels
0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
Wednesday
In response to the_rock
Jump to solution

Assuming you're using a third party tool to deploy the VPN client, you can also invoke CLI commands to add the necessary VPN sites after installation or at any point in the future.
https://community.checkpoint.com/t5/Endpoint/Deploy-list-of-VPN-sites-for-macOS/m-p/237278#M9899 

View solution in original post

the_rock
MVP Gold
MVP Gold
Thursday
In response to the_rock
Jump to solution

Hey Jenn,

My colleague just responded, said he had case with esc. team and below was response:

 

Basically, the trac.config upload as not working.

So it got escalated all the way to R&D. Then they said:

 

After investigating this issue with R&D, they found that the option to import/provide a trac.config in the Harmony Endpoint Web Management Portal should have not been shown and enabled since this feature is not yet ready and supported. R&D has disabled this option, and you should no longer seen it.

For now, your only option is to use the Smart Endpoint Console until we cut access to it at the end of the year. If this is a feature you would like to have in the Harmony Endpoint Web Management Portal and would like for it to be prioritized, please open an RFE with your Check Point Sales Team.

 

So not a supported deployment anymore.

Best,
Andy

View solution in original post

0 Kudos
5 Replies
the_rock
MVP Gold
MVP Gold
Wednesday
Jump to solution

Yes, I believe so. Let me ask one of my colleagues, Im fairly sure he did this for one of our customers.

Andy

Best,
Andy
(1)
the_rock
MVP Gold
MVP Gold
Wednesday
In response to the_rock
Jump to solution

@jennyado I might message later tonite or tomorrow, depends when he responds...time difference too 🙂

Andy

Best,
Andy
0 Kudos
(1)
the_rock
MVP Gold
MVP Gold
Thursday
In response to the_rock
Jump to solution

Hey Jenn,

My colleague just responded, said he had case with esc. team and below was response:

 

Basically, the trac.config upload as not working.

So it got escalated all the way to R&D. Then they said:

 

After investigating this issue with R&D, they found that the option to import/provide a trac.config in the Harmony Endpoint Web Management Portal should have not been shown and enabled since this feature is not yet ready and supported. R&D has disabled this option, and you should no longer seen it.

For now, your only option is to use the Smart Endpoint Console until we cut access to it at the end of the year. If this is a feature you would like to have in the Harmony Endpoint Web Management Portal and would like for it to be prioritized, please open an RFE with your Check Point Sales Team.

 

So not a supported deployment anymore.

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
Wednesday
Jump to solution

In the meantime, while I wait for my colleague, here is what AI gave. And now, since rain stopped, will go enjoy the heat lol

Andy

 

***********

Creating a preconfigured .pkg installer for macOS to deploy a Check Point VPN client with predefined settings is a common need for IT teams looking to automate the VPN setup process. While there isn't a direct equivalent of the MSI generator for macOS, you can still achieve your goal by packaging the VPN client and embedding configuration files or settings in a way that macOS recognizes and applies during installation.

Here's a high-level process you can follow to create a preconfigured .pkg installer for the Check Point VPN client on macOS:

1. Prepare the Configuration Files

  • Check Point VPN stores its configuration settings in specific directories, typically within ~/Library/Application Support/ or ~/Library/Preferences/.

  • To preconfigure the VPN client, you’ll want to prepare a configuration file (such as a .pcf file) that contains the VPN site information.

  • Identify the location where Check Point VPN stores these settings, or look into the app’s documentation for configuration file specifics.

    • For example, Check Point’s VPN client might store settings in ~/Library/Application Support/CheckPoint/VPN1/ or ~/Library/Preferences/com.checkpoint.vpn.plist.

2. Create a Script to Deploy the Configuration

  • Write a simple shell script (install-vpn.sh) that:

    • Copies the VPN configuration files to the correct directories.

    • Optionally, adjusts file permissions to ensure proper access.

    • Installs the Check Point VPN client itself.

  • Example:

     
    #!/bin/bash # Path to Check Point VPN Client VPN_CLIENT_PATH="/Applications/CheckPoint VPN" # Path to the configuration file you want to deploy CONFIG_FILE_PATH="/path/to/your/vpn_config.pcf" CONFIG_DESTINATION="~/Library/Application Support/CheckPoint/VPN1/" # Copy the VPN config file cp $CONFIG_FILE_PATH $CONFIG_DESTINATION # Set permissions if necessary chmod 600 $CONFIG_DESTINATION/vpn_config.pcf # Optionally, run additional setup commands (e.g., launching VPN client) open $VPN_CLIENT_PATH

3. Package the VPN Client + Script

  • You can use a tool like pkgbuild (Apple's command-line utility) to create the .pkg installer that includes the VPN client, configuration files, and script.

    • First, create a directory structure for the package:

       
      mkdir -p /tmp/vpn-package/Applications mkdir -p /tmp/vpn-package/usr/local/bin

    • Copy the VPN client app and configuration files into the appropriate directories:

       
      cp -r /path/to/CheckPointVPN.app /tmp/vpn-package/Applications/ cp /path/to/install-vpn.sh /tmp/vpn-package/usr/local/bin/

    • Make the script executable:

       
      chmod +x /tmp/vpn-package/usr/local/bin/install-vpn.sh

    • Create the .pkg file using pkgbuild:

       
      sudo pkgbuild --root /tmp/vpn-package --identifier com.yourcompany.vpn --version 1.0 --install-location / --scripts /tmp/vpn-package/usr/local/bin/install-vpn.sh /tmp/vpn-client.pkg

4. Testing

  • After building the .pkg installer, test it by installing it on a clean macOS machine to verify:

    • The Check Point VPN client is installed correctly.

    • The VPN configuration is automatically applied.

    • The VPN client launches with the preconfigured settings.

5. Distribute the PKG

  • Once everything works, you can distribute the .pkg installer to users via tools like Jamf, Munki, or Apple Remote Desktop, or directly through any other macOS deployment mechanism you use.

6. Alternative Methods

  • Profiles: Another approach could be creating a configuration profile (using Profiles in System Preferences) that includes VPN settings. However, this might not be supported by Check Point, so you'd need to verify compatibility with the Check Point VPN client. Configuration profiles are often used for Wi-Fi, VPN, and other network settings.

  • Customizing .plist files: In some cases, you might be able to edit .plist files (usually found in ~/Library/Preferences/) to insert predefined settings directly into the configuration.

Summary

Creating a preconfigured PKG installer for Check Point VPN on macOS isn't as straightforward as the MSI approach for Windows, but using a combination of shell scripts and the pkgbuild tool, you can automate the deployment of the VPN client along with preconfigured settings. You may also want to explore configuration profiles if Check Point supports it, but using shell scripts provides more flexibility.

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
Wednesday
In response to the_rock
Jump to solution

Assuming you're using a third party tool to deploy the VPN client, you can also invoke CLI commands to add the necessary VPN sites after installation or at any point in the future.
https://community.checkpoint.com/t5/Endpoint/Deploy-list-of-VPN-sites-for-macOS/m-p/237278#M9899 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events