May 20, 2012

You are here: Home / Archives for 2009

Creating Pre-Configured VPN Client – Checkpoint

December 23, 2009 By Comments

How to configure a custom install package for your secure vpn clients.

There are many options here but I want to do a simple one and then elaborate on it further in another post.

  1. Download the latest client build from Checkpoint
  2. Obtain the MSI packaging tool provided by Checkpoint.  If you have the smart dashboard installed you can find this program in c:\program files\Checkpoint\Smartconsole\R65\program\util
  3. With cpmsi_tool.exe we will extract the MSI downloaded in step 1
  • Create a directory x:\secureclient
  • place the latest secureclient and the cpmsi_tool.exe in this directory
  • Rename the downloaded msi package to Base.msi
  • Open a command line prompt and change to the new directory secureclient
  • Type:  cpmsi_tool.exe Base.msi out all (this will extract the files from the msi file.

Once these files are extracted you can edit them in notepad.  The product.ini file has many options that you can research to make changes.
examples: show welcome screen, force options etc. etc.

After you have made any options changes to these files you need to re-package the files back into the msi file.

At command prompt again Type:  cpmsi_tool Base.msi in all

Now install the Base package on a laptop.

Configure the settings to connect to your firewall.  Connect to the firewall and make sure the connections works.  This updates the topology etc.

Disconnect the vpn client and then go to control panel services and stop the checkpoint services.  Now go and get this file:  c:\program files\checkpoint\secuRemote\database\userc.C

Now we have the basic configuration file.  So lets re-assemble the msi file with the updated userc file.

Note here:  you can edit this userc.C file to make many changes.  For this example we are just going to leave it alone.

copy the userc.C file back to the directory on the computer that we were working on originally (not the test laptop)

Lets make sure we have all this separate:

Make a new directory called finished and copy the base.msi file to this directory. Rename it to (whateveryouwant.msi).  Extract it by Typing:  cpmsi_tool.exe whateveryouwant.msi out all.  Then copy the userc.C file that you copied from your laptop to this directory and allow it to overwrite the file.  This contains all the changes you made.

Repackage the file by Typing:  cpmsi_tool.exe whateveryouwant.msi in all

Now you have a pre-configured package to work test.

There are many variables to change in there but this is a quick and dirty way to create this.  Please check Checkpoint’s secure knowledge for more definitive ways to customize this file.

Filed Under: Checkpoint

Checkpoint Unveils Network Security Blades

March 13, 2009 By Comments

Check Point, the leader in network security has released its latest security architecture.  Security Blades is the new security innovation from Check Point.  These are logical independent security blocks that are centrally managed.  

For example ,you can have your standard Firewall blade and then add an IPS blade to further the security of your network.  Then later if you decide you want Anti-virus and Malware protection you can just turn on that blade.  Other Blade options are, Monitoring, URL Filtering, IPSEC VPN, etc…

Blade architecture can be deployed on Check Point UTM-1 and Power-1 appliances, open servers and within virtualized environments. New blades can be added by simply enabling their functionality in software; no additional hardware, firmware or drivers are necessary. This enables organizations to deploy security dynamically, as needed, with lower total cost of deployment.

This looks to be a good move by Check Point and it offers some excellent options for all size businesses.  I will be evaluating these blades soon and I will report my findings here.

thelv

Filed Under: Check Point, Hardware