create

Section/Topic

Description

Description

Creates a new site and defines its authentication method.

 

Example:

"C:\Program Files (x86)\CheckPoint\Endpoint Connect\trac.exe" create

Syntax

trac create -s <site> [-di <display name>] [-a <auth method>] [-lo <login option>] [-f <fingerprint>]

Arguments

Args

Description

-s

(Mandatory)

The site's name (FQDN or IP Address).

 

You can use the gateway's Fully Qualified Domain Name or its IP address. This is the site's name, unless configured with -di.

 

Examples:

  • "C:\Program Files (x86)\CheckPoint\Endpoint Connect>trac.exe" create -s 192.168.1.1

  • "C:\Program Files (x86)\CheckPoint\Endpoint Connect>trac.exe" create -s example.com

-di

(Optional)

The site's display name.

 

This is used to change the display name of the site after its creation. By default, it takes the value of -s. The name must be in double quotes if the display name requires a space.

 

Examples:

  • "C:\Program Files (x86)\CheckPoint\Endpoint Connect>trac.exe" create -s 192.168.1.1 -di "Main Gateway"

  • "C:\Program Files (x86)\CheckPoint\Endpoint Connect>trac.exe" create -s 192.168.1.1 -di "Main Gateway" -lo "Username Password"

-a

(Optional)

If there are multiple possible authentication methods for the selected login option, for example, CAPI certificate vs. p12 certificate, then you can specify which method the site must use.

 

A list of valid values:

  • username-password

  • certificate (for a CAPI certificate)

  • p12-certificate

  • challenge-response

  • securIDKeyFob

  • securIDPinPad

  • SoftID

-lo

(Optional)

Used to select the login option for the site.

 

It is necessary to enter the display name as it is configured in SmartConsole in the Gateway Settings > VPN Clients > Authentication. If there is a space in the Authentication Method's display name, then it must be in double quotes. This argument is not necessary if there is only one login option configured on this gateway.

 

It is not possible to connect from the command line to a Security Gateway with a login option that has more than one authentication factor configured. If it was configured as such, then this error shows: unsupported notification id

 

Example:

"C:\Program Files (x86)\CheckPoint\Endpoint Connect>trac.exe" create -s 192.168.1.1 -lo Standard -a username-password

Note - If -lo and -a are not configured, the command line might request to know the login option or authentication method for the site (if there is more than one option).

If it is necessary to have the command line site creation continue without user input, then you must configure each of the arguments in the command.

-f

(Optional)

The expected site’s fingerprint.

-f is useful to skip a request for a Root CA fingerprint approval for newly created sites. -f is ignored if the Root CA fingerprint is already stored on the computer.

Examples

  • trac create -s mygateway.example.com -a certificate -lo Standard

  • trac create -s mygateway.example.com -di "My Gateway" -a certificate -lo Standard -f "LEFT SAN MEND SLAT MUTE STAB GURU BOLT FRET SAT CORE LA"