Print Download PDF Send Feedback

Previous

Next

Advanced Package Settings

This section includes advanced package settings:

Defining a VPN Site

You can configure Endpoint Security clients to connect to a default VPN site. This is useful if your organization has an option to connect through VPNs, especially on laptops. You must include a VPN Software Blade in the Software Blades Package to connect to the VPN site.

To configure a client package with a default VPN site:

  1. In the Deployment tab, go to Advanced Package Settings > VPN Client Settings.
  2. Click New.
  3. In the Endpoint Secure Configuration window, enter the VPN Site details:
    • Display Name - Unique name for this VPN site
    • Site address - Site IP address
  4. Select an Authentication Method from the list:
    • Username-password - Endpoint users authenticate using their VPN user name and password
    • CAPI certificate - Endpoint users authenticate using the applicable certificate
    • P12 certificate - Endpoint users authenticate using the applicable certificate
    • SecurID KeyFob - Endpoint users authenticate using a KeyFob hard token
    • SecurID PinPad -Endpoint users authenticate using the an SDTID token file and PIN
    • Challenge-response - Endpoint users authenticate using an administrator supplied response string in response to the challenge prompt.
  5. Click OK.

Package Repository

Use the Package Repository to upload new client versions to the Endpoint Security Management Server.

To upload a client package to the repository:

  1. In a Deployment rule, in the Actions column, click Endpoint Client Version and select Manage Client Versions.
  2. Click an option:
    • Load the latest supported client version from the internet - Downloads the most recent file from Check Point servers.
    • Load a folder containing client installers - Select a folder that contains MSI packages from your network.
    • Load client installer file - Select a single MSI file to upload
    • Delete package - Select a package to delete and click this. Select Save. If a package is in use, a message shows that you cannot delete it.

Configuring Software Signatures

You can make sure that endpoints in your organization receive the correct client package by adding a signature to that package. The Endpoint Security Management Server keeps the certificate in the specified folder.

By default, the client uses an internal signature to authenticate.

To create a custom signature:

  1. Open the Deployment tab > Advanced Package Settings > Software Signature page.
  2. In the Certificate Settings area select one of these file signing methods:
    • None
    • Internal
    • Custom

    If you select custom, do these steps:

    1. Click Browse and get the certificate (P12 file).
    2. Enter a name and password for the certificate.

      The certificate is created on the Endpoint Security Management Server.

    3. Send the p12 file to client computers before you install the client package.