Advanced Package Settings
This section includes advanced package settings:
- Configuring VPN sites
- Uploading and removing package versions from the package repository
- Selecting a file signing method for MSI files that will be deployed using an external distribution system
Defining a VPN Site
You can configure Endpoint Security clients to connect to a default VPN site. This is useful if your organization has an option to connect through VPNs, especially on laptops. You must include a VPN blade in the Software Blades Package to connect to the VPN site.
To configure a client package with a default VPN site:
- In the Software Deployment tab, go to > .
- Click .
- In the window, enter the VPN Site details:
- - Unique name for this VPN site
- - Site IP address
- Select an from the list:
- - Endpoint users authenticate using their VPN user name and password
- - Endpoint users authenticate using the applicable certificate
- - Endpoint users authenticate using the applicable certificate
- - Endpoint users authenticate using a KeyFob hard token
- -Endpoint users authenticate using the an SDTID token file and PIN
- - Endpoint users authenticate using an administrator supplied response string in response to the challenge prompt.
- Click .
Package Repository
Use the Package Repository to upload new client versions to the Endpoint Security Management Server.
To upload a client package to the repository:
- In a Software Deployment rule, in the Actions column, click and select .
- Click an option:
- - Downloads the most recent file from Check Point servers.
- - Select a folder that contains MSI packages from your network.
- - Select a single MSI file to upload
- - Select a package to delete and click this. Select . If a package is in use, a message shows that you cannot delete it.
Configuring Software Signatures
You can make sure that endpoints in your organization receive the correct client package by adding a signature to that package. The Endpoint Security Management Server keeps the certificate in the specified folder.
By default, the client uses an internal signature to authenticate.
To create a custom signature:
- Open the tab > page.
- In the area select one of these file signing methods:
If you select custom, do these steps:
- Click and get the certificate (P12 file).
- Enter a name and password for the certificate.
The certificate is created on the Endpoint Security Management Server.
- Send the p12 file to client computers before you install the client package.