Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

Configure Login option endpoint security vpn

Configure Login option endpoint security vpn

How can i pre-configure this setting?

During a first time login , users are forced to click the blue link and choose the default option (we only support 1 option)

**the less things my users have to do themselves the better**

 

 

2022-06-16_10-28-45.png2022-06-16_10-18-41.png

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

Manually set the relevant settings in an installation of the VPN client.
Use the VPN Configuration Utility to package the relevant configuration files as part of the installation.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

nflnetwork29
Advisor

@PhoneBoy 

 

So i already did that to pre-populate my site address and rolled that out to a few test users . that worked. 

however the "login option" setting does not. Is there somewhere in the "trac.defaults" file i need to change manually before i export?

0 Kudos
nflnetwork29
Advisor

What option do i need to change?

Is this the correct file to edit?

located here : C:\Program Files (x86)\CheckPoint\Endpoint Connect

 

the trac.config file cannot be  edited - it's encrypted

 

here is the content of the trac.defaults file

 

OBSCURE_FILE INT 1 GLOBAL 0
is_abra STRING "false" GLOBAL 0
predefined_sites_only STRING "false" GLOBAL 0
hello_protocol_ver INT 100 GW_USER 0
client_enabled STRING "true" GW_USER 0
client_version INT 0 GW_USER 0
trac_upgrade_url STRING "/SNX/CSHELL/" GW_USER 0
speed_upgrade_url STRING "/CSHELL/" GW_USER 0
neo_upgrade_mode STRING "no_upgrade" GW_USER 0
speed_upgrade_mode STRING "force_upgrade" GW_USER 0
conn_type STRING "IPSec" GW_USER 0
transport STRING Auto-Detect GW_USER 0
vpnd_ipaddr STRING "" GW_USER 1
tcpt_transport_port INT 443 GW_USER 0
natt_transport_port INT 4500 GW_USER 0
certificate_url STRING "/clients/cert/" GW_USER 0
cookie_name STRING "" GW_USER 0
internal_ca_fingerprint VEC_STR "" GW_USER 0
internal_ca_sha1_hash STRING "" GW_USER 0
run_ics STRING "false" GW_USER 0
ics_base_url STRING "" GW_USER 0
ics_ver INT 0 GW_USER 0
ics_upgrade_url STRING "" GW_USER 0
ics_images_ver INT 0 GW_USER 0
ics_images_url STRING "" GW_USER 0
ics_cab_version INT 0 GW_USER 0
ics_cab_url STRING "" GW_USER 0
enable_firewall STRING "false" GW_USER 0
firewall_policy STRING "desktop_policy" GW_USER 0
client_firewall_ver INT 0 USER 1
gw_firewall_ver INT 0 GW_USER 0
fwpolicy_update_time STRING "" GW_USER 0
allow_disable_firewall STRING true GW_USER 0
fw_log_upload_enable STRING false GW_USER 0
number_of_tracker_log_files_limit INT 8 GW_USER 0
tracker_log_file_size_limit INT 250000 GW_USER 0
remove_log_files_after_sending STRING true GW_USER 0
write_pkt_alert_log_in_chunks STRING false GW_USER 0
enable_feedback STRING "false" GW_USER 0
enable_trac_fwpktlog STRING "true" GW_USER 0
fwpktlog_cach_interval_milliseconds INT "100" GW_USER 0
periodic_log_upload STRING false GW_USER 0
periodic_log_upload_interval INT 20 GW_USER 0
neo_route_all_traffic_through_gateway STRING false GW_USER 1
neo_remember_user_password STRING false GW_USER 0
neo_remember_user_password_timeout INT 1440 GW_USER 0
neo_implicit_disconnect STRING false GW_USER 0
neo_implicit_disconnect_timeout INT 2 GW_USER 0
neo_check_crl STRING false GW_USER 0
neo_disconnect_when_idle STRING false GW_USER 0
neo_disconnect_when_idle_timeout INT 5 GW_USER 0
neo_keep_alive_timeout INT 20 GW_USER 0
neo_always_connected STRING true GW_USER 1
neo_always_connected_retry INT 1 GW_USER 0
neo_always_connected_max_retry INT 0 GW_USER 0
neo_always_connected_delta_seconds INT 10 GW_USER 0
neo_user_re_auth_timeout INT 480 GW_USER 0
preliminary_reauthentication_enabled STRING true GW_USER 0
location_awareness_enabled STRING false GW_USER 1
location_awareness_wlan_networks_are_outside STRING false GW_USER 0
location_awareness_dns_suffixes_not_outside VEC_STR "" GW_USER 0
display_firewall_disable_warning_message STRING "true" GW_USER 0
display_allow_disable_firewall_menu STRING "true" GW_USER 0
location_awareness_dc_check STRING false GW_USER 0
location_awareness_cache_locations STRING false GW_USER 0
location_awareness_cache_internal_locations STRING false GW_USER 0
location_awareness_wlan_network_names_not_outside VEC_STR "" GW_USER 0
split_dns_entry OBJECT "" GW_USER 0
policy_version STRING "" GW_USER 0
send_client_logs VEC_STR "" GW_USER 0
enable_capi STRING true GW_USER 0
range STRING "" GW_USER 0
mep STRING "" GW_USER 0
scv STRING "" GW_USER 0
dns STRING "" GW_USER 0
desktop STRING "" GW_USER 0
user_groups STRING "" GW_USER 0
trac_client_1 STRING "" GW_USER 0
certificate_key_length INT 2048 GW_USER 0
certificate_strong_protection STRING false GW_USER 0
certificate_provider STRING "MicrosoftEnhancedRSAandAESCryptographicProvider" GW_USER 0
certificate_auto_renewal_threshold INT 60 GW_USER 0
certificate_renewal_warning_only STRING false GW_USER 0
internal_ca_site STRING "" GW_USER 0
internal_ca_dn STRING "" GW_USER 0
tunnel_idleness_timeout INT 0 GW_USER 0
tunnel_idleness_ignored_tcp_ports VEC_STR "" GW_USER 0
tunnel_idleness_ignored_udp_ports VEC_STR 53&#137&#138&# GW_USER 0
tunnel_idleness_ignore_icmp STRING true GW_USER 0
hotspot_detection_enabled STRING true GW_USER 1
hotspot_registration_enabled STRING false GW_USER 1
disconnect_on_smartcard_removal STRING false GW_USER 0
run_isw STRING "false" GW_USER 0
flush_dns_cache STRING "false" GW_USER 1
readonly_binding_order_monitoring STRING "false" GW_USER 1
do_proxy_replacement STRING "true" GW_USER 1
ike_connect_timeout INT 70000 GW_USER 0
extended_ike_connect_timeout_for_idp INT 115000 GW_USER 0
automatic_mep_topology STRING true GW_USER 0
mep_mode STRING "dns_based" GW_USER 0
ips_of_gws_in_mep VEC_STR "" GW_USER 0
auto_mep_mode STRING "first_to_respond" GW_USER 0
auto_ips_of_gws_in_mep VEC_STR "" GW_USER 0
suspend_tunnel_while_locked STRING "false" GW_USER 0
url_to_show_upon_connect STRING "" GW_USER 0
rss_feed_url STRING "" GW_USER 0
rss_feed_check_interval STRING "" GW_USER 0
allow_clear_traffic_while_disconnected STRING "true" GW_USER 0
fw_enable_hotspot STRING "true" GW_USER 0
fw_hotspot_ports VEC_STR 80&#8080&#443&# GW_USER 0
fw_hotspot_connect_timeout INT 600 GW_USER 0
fw_hotspot_log STRING "false" GW_USER 0
om_extended_dhcp_params STRING "false" GW_USER 0
gw_ipaddr STRING "" GW_USER 1
gw_internal_ip STRING "" GW_USER 1
gw_hostname STRING "" GW_USER 1
authentication_method STRING certificate GW_USER 1
default_authentication_method STRING client_decide GW_USER 1
certificate_path STRING "" GW_USER 1
username STRING "" GW_USER 1
securID_type STRING pin_pad USER 1
softid_auth_info STRING "" GW_USER 1
display_name STRING "" GW_USER 1
active_site STRING "" USER 1
enforced_scv_hash STRING "" USER 1
load_scv_policy STRING "false" USER 1
client_ics_ver INT 0 GW_USER 0
client_ics_images_ver INT 0 GW_USER 0
client_ics_cab_ver INT 0 GW_USER 0
proxy_settings STRING "DETECT_PROXY" USER 1
proxy_ipaddr STRING "" USER 1
proxy_port INT 8080 USER 1
proxy_username STRING "" USER 1
proxy_password STRING "" USER 1
user_upgrade_mode STRING "ASK_USER" GW_USER 1
last_connect_time STRING "" GW_USER 1
last_connect_time_interval INT 0 GW_USER 1
auth_expiration_time INT 0 GW_USER 1
ccc_fingerprint STRING "" GW_USER 0
server_cn STRING "" GW_USER 0
debug_mode STRING basic USER 1
sdl_enabled STRING false USER 1
implicit_sdl_enabled STRING true GW_USER 0
implicit_sdl_state INT 0 USER 1
language_index INT 0 USER 1
langpack_filename STRING "LangPack1.xml" USER 0
last_om_ip STRING "" GW_USER 0
previous_user STRING "" GW_USER 1
ics_report_name STRING "ics_report.html" GW_USER 0
ics_timeout INT 360000 GW_USER 0
client_policies VEC_STR trac_client_1&#range&#mep&#desktop&#user_groups&#scv&#dns&#extended_ranges&# GLOBAL 0
gw_bc_mode STRING false GW_USER 1
enable_natt_probing STRING true GW_USER 1
dgd_burst_timeout INT 2000 GLOBAL 0
max_retrans_attempts INT 10 GLOBAL 0
retransmit_interval INT 250 GLOBAL 0
nat_t_handshake_timeout INT 2500 GLOBAL 0
ccc_port INT 443 GW_USER 1
ccc_timeout INT 60000 GW_USER 0
ccc_download_files_timeout INT 180000 GW_USER 0
transport_connect_timeout INT 40000 GW_USER 0
ccc_idle_timeout INT 30000 GW_USER 0
product_name STRING "TRAC" GW_USER 0
client_setting_expiration INT 120 GW_USER 0
roaming_timeout_interval INT 1000 GW_USER 0
enable_dead_gw_detection STRING true GW_USER 1
enable_gw_resolving STRING true GW_USER 0
scuiapi_connect_time INT 0 GW_USER 0
cert_expiration_time INT 0 GW_USER 0
ICA_cert INT 0 GW_USER 0
post_connect_script STRING "" GW_USER 0
post_connect_script_show_window STRING false GW_USER 0
post_disconnect_script STRING "" GW_USER 0
post_disconnect_script_show_window STRING false GW_USER 0
post_disconnect_mode INT 0 GW_USER 0
next_log_file_to_upload_index INT -1 GW_USER 0
max_receive_poke_https_data_kb INT 1024 GW_USER 0
split_dns_enabled STRING false GW_USER 0
is_cert_piv_indication_enabled STRING true GW_USER 1
is_saa STRING false GW_USER 1
saa_dll_path STRING "" USER 1
saa_enabled STRING "false" USER 1
route_conflict_resolution_method STRING "delete_create" GLOBAL 1
gws_in_mep VEC_STR "" GW_USER 0
backup_gws VEC_STR "" GW_USER 0
gw_encdom_id INT -1 GW_USER 0
num_of_encdomains INT 0 GW_USER 0
preferred_gw STRING "" GW_USER 0
primary_gw STRING "" GW_USER 0
secondary_tunnel_debug_enabled STRING false USER 1
included_encdom_ids OBJECT "" GW_USER 0
direct_superset_encdom_id INT -1 GW_USER 0
enable_secondary_connect STRING true GW_USER 0
mep_prefer_chosen_gw_grace_period INT 0 GW_USER 0
original_gw STRING "" GW_USER 0
gw_certs OBJECT "" GW_USER 0
ica_cert_object STRING "" GW_USER 0
ica_dn STRING "" GW_USER 0
is_secondary_connect_enabled_and_supported_on_gw STRING false GW_USER 0
save_cli_credentials_for_ATM STRING false GW_USER 0
enable_intel_aoac STRING false GW_USER 0
automatic_capi_reauthentication STRING false GW_USER 0
disconnected_in_house_fw_policy_enabled STRING false GW_USER 0
disconnected_in_house_fw_policy_mode STRING "encrypt_to_allow" GW_USER 0
do_re_authentication_while_session_is_locked STRING true GW_USER 0
ignore_sdl_in_encdomain STRING true GW_USER 0
use_cache_credentials_for_auto_p12_renewal STRING "true" GW_USER 0
firewall_idle_connection_timeout_seconds INT 1200 GW_USER 0
allow_ipv6 STRING true GW_USER 0
min_P12_password_length INT 4 GW_USER 0
min_P12_password_lower_case INT 0 GLOBAL 0
min_P12_password_upper_case INT 0 GLOBAL 0
min_P12_password_special_characters INT 0 GLOBAL 0
min_P12_password_numbers INT 0 GLOBAL 0
login_options_list OBJECT "" GW_USER 0
selected_realm_id STRING "" GW_USER 1
site_uses_login_options STRING false GW_USER 0
gui_bc_mode STRING false GW_USER 0
gw_uses_login_options STRING true GW_USER 1
display_capi_friendly_name INT 1 GLOBAL 0
display_expired_certificates INT 0 GLOBAL 0
display_client_auth_certificates_only INT 0 GLOBAL 0
link_sel_interface OBJECT "" GW_USER 0
calc_gwip_based_on_topology STRING false GW_USER 0
first_ext_gw_ip STRING "" GW_USER 0
def_gw_ipaddr STRING "" GW_USER 0
keep_alive STRING false GW_USER 0
restart_dns_service_on_vna_init STRING false GW_USER 1
exclude_local_networks_in_hub_mode STRING false GW_USER 0
keep_alive_interval INT 0 GW_USER 0
desktop_security_send_warning STRING true GW_USER 0
is_accessible_client INT 0 GLOBAL 0
enable_server_alternative_names STRING true GW_USER 0
close_TCP_connections_on_VPN_connect STRING false GW_USER 0
fail_VPN_connect_on_closing_TCP_Connections_failure STRING false GW_USER 0
certificate_trust_legacy_mode STRING false GW_USER 0
upgrade_accept_customized_packages STRING false GW_USER 0
log_tunnel_errors_to_helpdesk INT 1 GW_USER 0
global_hotspot_detection_enabled STRING true GW_USER 0
enable_create_site_from_link STRING true GLOBAL 0
enable_diagnostic_reports INT 1 GW_USER 1
multi_realms STRING true GLOBAL 1
disconnect_on_om_failure STRING true GW_USER 0
open_default_browser_for_hotspot STRING false GW_USER 1
is_multi_site_enabled INT 0 GLOBAL 1
enable_site_topology_auto_update INT 0 GLOBAL 1
minimum_time_interval_required_since_last_auto_update_attempt_min INT 5 GLOBAL 1
last_auto_update_attempt_time_stamp INT 0 USER 1
last_successful_update_time_stamp INT 0 GW_USER 1
multi_site_update_interval_minutes INT 1440 GW_USER 1
multi_site_update_only_upon_service_startup INT 1 GW_USER 1
multi_site_max_update_time_seconds INT 300 GW_USER 1
auto_update_ask_user_timeout_sec INT 120 GW_USER 1
enable_machine_auth STRING true GLOBAL 1
machine_tunnel_site STRING "" GLOBAL 1
machine_tunnel_before_logon STRING true GLOBAL 1
machine_tunnel_after_logon STRING false GLOBAL 1
machine_use_CNG_as_default STRING false GW_USER 1
machine_disable_CNG STRING false GW_USER 1
enable_wsa_transport INT 1 GLOBAL 1
enable_connect_button_user_response_empty STRING false GW_USER 0
save_vpn_user_per_sid STRING false GW_USER 0
max_num_of_users_to_save INT 10 GW_USER 0
curr_num_of_saved_users INT 0 GW_USER 1
user_last_connect_time INT 0 GW_USER 1
mod_enabled STRING "" GW_USER 0
mod_title STRING "" GW_USER 0
mod_text STRING "" GW_USER 0
use_utf8 STRING true GW_USER 0
disable_ui_shutdown_button STRING false GW_USER 0
cert_filter_issuer VEC_STR "" GW_USER 0
cert_filter_subject VEC_STR "" GW_USER 0
cert_filter_template VEC_STR "" GW_USER 0
cert_filter_enhanced_key_usage VEC_STR "" GW_USER 0
cert_filter_condition STRING and GW_USER 0
cert_filter_check INT 0 GW_USER 0
save_last_user STRING true GW_USER 0
language_auto_detect STRING false GW_USER 0
language_auto_detect_disabled_by_user STRING false USER 1
pre-connect_warning_enabled STRING "" GW_USER 0
pre-connect_warning_title STRING "" GW_USER 0
pre-connect_warning_text STRING "" GW_USER 0
send_saml_support_in_client_hello STRING true GW_USER 1
idp_browser_mode STRING embedded GW_USER 1
idp_show_browser_primary_auth_flow STRING true GW_USER 0
suppress_policy_warning_if_no_scv STRING false GW_USER 0
trust_certificate_button_enabled STRING true GW_USER 0
trust_certificate_custom_warning_message STRING "" GW_USER 0
is_multiuser STRING "false" GLOBAL 0
excluded_log_topics VEC_STR SALSOCKET&#tunnel>=3&#transport>=4&#TrComInf&#messaging&#IKE>=5&#DIAGNOSTIC&#negs&#MessageLoop>=5&#tcpserver>=5&#TR_SCVPOLICY>=5&# GLOBAL 0
extended_ranges STRING "" GW_USER 0
split_tunnel STRING false GW_USER 0
reconnect_when_exclude_local_networks_in_hub_mode STRING false GW_USER 0

 

 

0 Kudos
the_rock
Legend
Legend

I know if you configure that on gateway properties to generic option, they wont have a choice...something like below. vpn clients -> authentication

 

Screenshot_1.png

nflnetwork29
Advisor

what is considered an older client?

we are using "Enterprise Endpoint Security E86.40 Windows Clients"

sk178665

0 Kudos
the_rock
Legend
Legend

Not sure, but I guess older clients as in anything E84 and before.

PhoneBoy
Admin
Admin

It can be unobscured.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

Sorry, I don't know the precise option offhand, or if it is an option.
You may need to consult with the TAC here.