Support Center > Search Results > SecureKnowledge Details
Creating a QR Code using CPQRGen for Check Point Mobile, Mobile Enterprise and Mobile VPN applications Technical Level
Solution

Table of Contents:

  • Background
  • Creating QR Code
  • Related solutions
  • Related documentation

 

Background

A QR Code is a URL that is encoded in a QR image. Check Point Mobile applications have a built-in QR scanner that can read the URL and create a VPN Site. You can create a QR Code that creates VPN Sites on handheld devices.

 

Creating QR Code

  1. Download the CPQRGen Tool to your Windows computer.

  2. Extract the CPQRCodeGenerator.exe tool from the ZIP file.

  3. Open Windows Command Prompt:

    Start menu - Run... - cmd - click on OK.

  4. Run the CPQRCodeGenerator.exe tool with mandatory parameters:

    CPQRCodeGenerator.exe name="VPN_SITE_NAME" host="VPN_SITE_ADDRESS" fingerprint="FINGERPRINT" file="PNG_FILE_NAME" [other parameters]

    • Mandatory Parameters:

      Parameter Description Product
      VPN_SITE_NAME The name of the VPN Site that is shown to the user. All
      VPN_SITE_ADDRESS

      The address of the host. Example: androdemo.checkpoint.com

      All
      FINGERPRINT Fingerprint that is used for server validation. If you set the value to the server fingerprint, and the certificate is valid and signed by a trusted CA, users will not be prompted to decide if they trust the server. All
      PNG_FILE_NAME The file name of the output *.PNG image with the QR Code. Example: MySite.png All

      Example:

      C:\> cpQRCodeGenerator name="Demo_VPN_Site" host="demo.example.com" fingerprint="DEMO FING ERP RINT FOR CODE" user="John Doe" file="DemoQR.png"
      
      __________ Check Point QR Code Generator __________
                   Version: 1
      
      Encoding...
      
      _____Arguments and values_____
      name = Demo_VPN_Site
      host = demo.example.com
      fingerprint = DEMO+FING+ERP+RINT+FOR+CODE
      user = John+Doe
      
      Output string: cpvpn:///?V1&name=Demo_VPN_Site&host=demo.example.com&fingerprint=DEMO+FING+ERP+RINT+FOR+CODE&user=John+Doe
      
      Encoding to file "DemoQR.png" completed successfully!
      
      C:\>
      

      Result:

    • Optional Parameters:

      Parameter Description Default Value Product
      user Login name for the user. No value All
      tun

      The valid values are:

      • kmp (IPsec tunnel)
      • snx (SSL tunnel)
      kmp Mobile VPN
      auth

      Authentication method. The valid values are:

      • username (User name and Password)
      • RSA (RSA SecurID)
      • Certificate
      • PinPad (Keypad for PIN code)
      • KeyFob (Security token key fob)
      • Challenge (Challenge and Response method)
      username All
      port Port to use 443 All
      url This URL will be opened after each connection to this VPN Site. No value Mobile VPN
      remoteActions

      Enables using the VPN Site API. The valid values are:

      • yes
      • no
      no Mobile VPN
      realm

      When Multi-Realm (Multi-factor authentication) is configured on the VPN site, this key should be used instead of the 'auth' key.
      The value should be the realm (Login Option) Name as configured on the dashboard (not the display name shown to the user).

      No value Mobile VPN
      wifiOnly Allow the vpn site to connect only while the device is on wifi networks.
      The valid values are:

      • yes
      • no
      no Mobile VPN
      tcptimeout

      The default timeout for connection attempts on the client is 20 seconds. Sometimes authentication through external servers and user challenges may take longer and it is possible to set a longer timeout.
      Value is number of seconds.

      20 Mobile VPN


    • Parameters for Certificate Authentication:

      Parameter Description Default Value Product
      regKey Activation key that enrolls a certificate. No value All
      onDemand

      The valid values are:

      • yes
      • no
      • askUser
      no Mobile VPN
      domainAlways An array of hosts, to which the client always tries to connect.
      Example: domainAlways="example1.com example2.com checkpoint.com"
      Mobile VPN
      domainNever An array of hosts, to which the client never tries to connect.
      Example: domainNever="example1.com example2.com checkpoint.com"
      Mobile VPN
      domainIfNeeded An array of hosts, to which the client tries to connect when necessary.
      Example: domainIfNeeded="example1.com example2.com checkpoint.com"
      Mobile VPN

 

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment