�Click Here to Show the Entire Article
Check Point Capsule VPN uses SSL. It is available for Windows 10.
Important: You have to first download an app from Windows store. (https://www.microsoft.com/en-us/store/apps/check-point-capsule-vpn/9wzdncrdjxtj)
To learn how to configure Capsule VPN, refer to "Capsule VPN for Windows Phone 10 and 8.1" in the Capsule Connect and Capsule VPN Clients Administration Guide.
- What is the behavior when a compatible version of Endpoint Security client is installed on the Windows 8 device. Does this VPN plugin then get disabled?
There is no integration between the two. If the user wishes to use Endpoint Security Client, there is no need to use Capsule VPN.
- How does the VPN plugin get upgraded? Who controls the distribution: Microsoft, Check Point or can the user force an upgrade for VPN plugin using his/hers software distribution architecture in the future?
Capsule VPN will be upgraded via Microsoft Store. It cannot be upgraded in another way.
- What realm does VPN plugin use?
- Is "On demand" feature available on Windows 8 or 10 phones?
On demand is available for Windows 8.1 and Windows 10. It can be configured via PowerShell, as described below:
Automatically Triggering VPN Connections in Windows 8.1 PowerShell cmdlets
Windows 8.1 has the “auto-triggered VPN” feature to easily and automatically connect with corporate virtual private networks (VPNs). The capability is available with Microsoft and third-party inbox VPN clients. User just clicks a corporate application requiring VPN and the network will trigger itself if it is disconnected.
For administrators, you can use PowerShell to manage the VPN profile and perform complex tasks in scripts. Here are useful PowerShell cmdlets for automatically triggering VPN connections in Windows 8.1.
Name based triggering. (Good for configuring a lot of name suffixes)
Add-VpnConnectionTriggerDnsConfiguration [-Name] –DnsSuffix [-DnsIPAddress ] –PassThru
Name is the connection name and cannot be modified.
DnsSuffix is the suffix for the triggered VPN connection.
DnsIPAddress is the IP-Address/URL of the remote server to which the connection is to be established.
If you want to remove name suffixes, try the command:
Remove-VpnConnectionTriggerDnsConfiguration [-Name] –DnsSuffix -PassThru
Application based triggering
- How to add applications to the VPN profile
Add-VpnConnectionTriggerApplication [-Name] –ApplicationID -PassThru
ApplicationID: Modern apps use their identifier. (For example, Skype app is Microsoft.SkypeApp_kzf8qxf38zg5c.) Traditional software uses the binary installed path. For example, Note is C:\Windows\System32\notepad.exe.
- How to remove applications from the VPN profile
Remove-VpnConnectionTriggerApplication [-Name] –ApplicationID -PassThru
Trusted networks for auto triggered VPN connections
Add-VpnConnectionTriggerTrustedNetwork [-Name] [-DnsSuffix]
Remove-VpnConnectionTriggerTrustedNetwork [-Name] [-DnsSuffix]
When you need to revert back to default auto-population, try:
Set-VpnConnectionTriggerTrustedNetwork [-Name] [-DefaultDnsSuffixes]
In addition, you cannot create multiple auto-triggered profiles in a computer. Because one enabled profile will cause other subsequent trigger-capable profiles to be disabled.