Support Center > Search Results > SecureKnowledge Details
Check Point Capsule VPN available for Windows 10 Technical Level
Click Here to Show the Entire Article


Check Point Capsule VPN uses SSL. It is available for Windows 10.

Important: You have to first download an app from Windows store. (

To learn how to configure Capsule VPN, refer to "Capsule VPN for Windows Phone 10 and 8.1" in the  Capsule Connect and Capsule VPN Clients Administration Guide.


  • What is the behavior when a compatible version of Endpoint Security client is installed on the Windows 8 device. Does this VPN plugin then get disabled?
    There is no integration between the two. If the user wishes to use Endpoint Security Client, there is no need to use Capsule VPN.
  • How does the VPN plugin get upgraded? Who controls the distribution: Microsoft, Check Point or can the user force an upgrade for VPN plugin using his/hers software distribution architecture in the future?
    Capsule VPN will be upgraded via Microsoft Store. It cannot be upgraded in another way.
  • What realm does VPN plugin use?
    VPN plugin uses the default realm. For additional information about realms, refer to sk86240 (Multiple Authentication Schemes for Mobile Access).
  • Is "On demand" feature available on Windows 8 or 10 phones?
    On demand is available for Windows 8.1 and Windows 10. It can be configured via PowerShell, as described below:

    Automatically Triggering VPN Connections in Windows 8.1 PowerShell cmdlets

    Windows 8.1 has the “auto-triggered VPN” feature to easily and automatically connect with corporate virtual private networks (VPNs). The capability is available with Microsoft and third-party inbox VPN clients. User just clicks a corporate application requiring VPN and the network will trigger itself if it is disconnected.
    For administrators, you can use PowerShell to manage the VPN profile and perform complex tasks in scripts. Here are useful PowerShell cmdlets for automatically triggering VPN connections in Windows 8.1.

    Name based triggering. (Good for configuring a lot of name suffixes)

    Add-VpnConnectionTriggerDnsConfiguration [-Name] –DnsSuffix [-DnsIPAddress ] –PassThru
    Name is the connection name and cannot be modified.
    DnsSuffix is the suffix for the triggered VPN connection.
    DnsIPAddress is the IP-Address/URL of the remote server to which the connection is to be established.

    If you want to remove name suffixes, try the command:

    Remove-VpnConnectionTriggerDnsConfiguration [-Name] –DnsSuffix -PassThru

    Application based triggering

      • How to add applications to the VPN profile

        Add-VpnConnectionTriggerApplication [-Name] –ApplicationID -PassThru
        ApplicationID: Modern apps use their identifier. (For example, Skype app is Microsoft.SkypeApp_kzf8qxf38zg5c.) Traditional software uses the binary installed path. For example, Note is C:\Windows\System32\notepad.exe.

    • How to remove applications from the VPN profile

      Remove-VpnConnectionTriggerApplication [-Name] –ApplicationID -PassThru

    Trusted networks for auto triggered VPN connections

    Add-VpnConnectionTriggerTrustedNetwork [-Name] [-DnsSuffix]

    Remove-VpnConnectionTriggerTrustedNetwork [-Name] [-DnsSuffix]

    When you need to revert back to default auto-population, try:

    Set-VpnConnectionTriggerTrustedNetwork [-Name] [-DefaultDnsSuffixes]

    In addition, you cannot create multiple auto-triggered profiles in a computer. Because one enabled profile will cause other subsequent trigger-capable profiles to be disabled.

Related solutions:

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document