Deploy Checkpoint Client using GPO

To build the script and create the GPO you first need to install the client on your pc and go to this location to find the build number of your checkpoint client version.

After you find the “build number” you need to enter him to the script and save it on your desktop.

@Echo Off
Find “986100112” “C:\Program Files (x86)\CheckPoint\Endpoint Connect\ver.ini” 2> nul
IF %errorlevel% equ 0 (goto end) ELSE goto install
:install
msiexec /i “\DOMAIN.COM\SysVol\DOMAIN.COM\Policies{5CC0B310-3CA0-4D3B-9A10-6ADFBFD7427C}\Machine\Scripts\Startup\E80.90_CheckPointVPN.msi” /quiet /norestart
:end
exit



Click on “ADD” it will generate a new folder path.

Put your script and your Checkpoint MSI in this folder.

Notice that the folder path that you put your script and client in.
Must include in the script!


Don’t forget to apply this GPO to your computers OU.

Configure CheckPoint Firewall to use LDAPS

Before continuing with this guide you must first enable LDAPS in your environment.


So after we enable LDAPS we can continue…..

  1. connect to your Smart Console.

2. Go to your “Gateway Properties”

3. Locate “Identity Awareness” and click on Active Directory Query Settings.

4. Click on “Servers” Tab, Select LDAP host and then Click on “Edit”.

5. Check “Use Encryption (SSL)”, and Click on “Fetch”.

6. When it will finish successfully you will get Fingerprint.

7. Press Ok to finish.

Now your firewall has a secure connection to the LDAP Server.

%d bloggers like this: