Support Center > Search Results > SecureKnowledge Details
Check Point VPN Plugin for Windows 8.1 Powershell Configuration Utility Usage Technical Level
Solution

This command line tool can be used to easily add, delete and configure VPN tunnels to Check Point gateways in Check Point VPN Plugin for Windows 8.1. It is usable from the command line, or can be called by user-written scripts.

In order to use the tool, download the attached config.ps1 file to your local disk first.

Note: On the download page, you can right-click the Download button and save it as a .txt file. After downloading, you will need to change the extension of the file to .ps1.

  1. Once downloaded, open PowerShell command prompt (Press the [Win]+[R] keys combination, then type the word "powershell" and press Enter).
  2. In the command prompt, change the working directory to the one you downloaded the "config.ps1" script to, and launch the script with ".\config.ps1". Note that PowerShell script execution must be unrestricted for the script to run.

Note: To change the PowerShell to Unrestricted policy (Run Windows PowerShell in administarator mode) follow this command:

PS C:\Users\admin\Desktop> Set-ExecutionPolicy Unrestricted

Usage:

To add/refresh a VPN connection:

config.ps1 -gateway GATEWAY [-remove] [-name NICKNAME] [-force]

[-debug LEVEL] [-timeout TIMEOUT] [-port PORT]

[-fingerprint FINGERPRINT -cn CN] [-auth AUTH]

[-regkey REGKEY] [-p12file P12FILE] [-sso true|false]

[-lowcost true|false] [-routes ROUTE-LIST]

To remove a VPN connection:

config.ps1 -name NAME –remove
 



The following parameters can be used:

Parameter Description
-gateway GATEWAY
IPv4 address or FQDN of the VPN gateway. Mandatory for site creation.
-remove removes the existing connection with the given nickname ("-name" parameter must be specified). Can be used with "-gateway" to refresh an entry. 
-name NICKNAME name of the VPN connection (e.g. "CorpNet")
-force
do not prompt, assume default actions. 
-debug LEVEL

set the debug level of the plugin (logs can be found in the Event Viewer under "Application and Services Logs\Microsoft\Windows\Vpn Plugin Platform"). Available options:

• 0 – errors

• 1 – warnings

• 2 – debug

• 3 – verbose

• 4 – trace (including packet dumps)

-timeout TIMEOUT
Specify the timeout for a network API (such as ConnectAsync).
-port PORT
The TCP port number used by the VPN server (default is 443)
-fingerprint FINGERPRINT  expected fingerprint of the root CA signing the VPN server's certificate 
-cn CN
expected common name (CN) of the VPN server's certificate
-auth AUTH

authentication method in use. Available options:

• p – username and password

• u – certificate

• t – smart card

• i – RSA SecurID PinPad

• k – RSA SecurID keyfob

• r – challenge response

-regkey REGKEY
one-time password used to enroll a certificate (relevant only when auth is 'c' or 'u')
-p12file P12FILE
is a filename of PKCS#12 file. It is used for importing an existing p12 certificate into the plugin certificate storage.
-sso
If this flag is set and the VPN is connected, credential pop-ups from some business applications and internal corporate network sites will not appear, and the VPN credentials will be used. This is applicable for password, certificate and smart card authentication only.
-lowcost
enable low-cost network optimization.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment