Support Center > Search Results > SecureKnowledge Details
Check Point VPN Plugin for Windows 10 Powershell Configuration Utility Usage Technical Level

This command line tool can be used to easily add, delete and configure VPN tunnels to Check Point gateways in Check Point VPN Plugin for Windows 10. It is usable from the command line, or can be called by user-written scripts.

In order to use the tool, download the attached config.ps1 file to your local disk first.

  1. Once downloaded, open PowerShell command prompt (Press the [Win]+[R] keys combination, then type the word "powershell" and press Enter).
  2. In the command prompt, change the working directory to the one you downloaded the "config.ps1" script to, and launch the script with ".\config.ps1". Note that PowerShell script execution must be unrestricted for the script to run.


To add/refresh a VPN connection:

config.ps1 -gateway GATEWAY [-remove] [-name NICKNAME] [-force]

[-debug LEVEL] [-timeout TIMEOUT] [-port PORT]

[-fingerprint FINGERPRINT -cn CN] [-auth AUTH]

[-regkey REGKEY] [-p12file P12FILE] [-sso true|false]

[-lowcost true|false] [-routes ROUTE-LIST]

To remove a VPN connection:

config.ps1 -name NAME –remove

The following parameters can be used:

Parameter Description
-gateway GATEWAY IPv4 address or FQDN of the VPN gateway. Mandatory for site creation.
-remove removes the existing connection with the given nickname ("-name" parameter must be specified). Can be used with "-gateway" to refresh an entry. 
-name NICKNAME name of the VPN connection (e.g. "CorpNet")
-force do not prompt, assume default actions. 
-debug LEVEL

set the debug level of the plugin (logs can be found in the Event Viewer under "Application and Services Logs\Microsoft\Windows\Vpn Plugin Platform"). Available options:

• 0 – errors

• 1 – warnings

• 2 – debug

• 3 – verbose

• 4 – trace (including packet dumps)

-timeout TIMEOUT Specify the timeout for a network API (such as ConnectAsync).
-port PORT The TCP port number used by the VPN server (default is 443)
-fingerprint FINGERPRINT  expected fingerprint of the root CA signing the VPN server's certificate 
-cn CN expected common name (CN) of the VPN server's certificate
-auth AUTH

authentication method in use. Available options:

• p – username and password

• u – certificate

• t – smart card

• i – RSA SecurID PinPad

• k – RSA SecurID keyfob

• r – challenge response

-regkey REGKEY one-time password used to enroll a certificate (relevant only when auth is 'c' or 'u')
-p12file P12FILE is a filename of PKCS#12 file. It is used for importing an existing p12 certificate into the plugin certificate storage.
-sso If this flag is set and the VPN is connected, credential pop-ups from some business applications and internal corporate network sites will not appear, and the VPN credentials will be used. This is applicable for password, certificate and smart card authentication only.
-lowcost enable low-cost network optimization.

Give us Feedback
Please rate this document