Disable Checkpoint Endpoint Security Policy

Question

I have the same problem as this (How to disable the security policy with check point VPN-1 secure client?) but with an other client from checkpoint.

I have the Checkpoint Endpoint Security Version E80.62 After having this client installed on a Server 2012 and making the first connection, the virtual machine can't access network and internet any more.

The network traffic is blocked. If I am using an older version of this client under Windows XP, no network traffic is blocked.

Now I want to get this to run under server 2012. We have several customers with this VPN-Client and it is pretty timespending when you can't work via RDP on this virtual machines.

UPDATE: So far I found out that this can be configured with the "trac.exe", but I can't deactivate the firewall. Error: You are not allowed to disable the firewall!

Answer 1

Using this script finally worked for me: https://gist.github.com/bubenkoff/4043130

It allowed me to disable the Check Point Endpoint VPN Security firewall policy on macOS.

Getting the script

• Download the script and save it somewhere as checkpoint.sh

• Open a terminal and cd into the same directory of the checkpoint.sh file

• Make the script executable with: chmod 755 checkpoint.sh

Use the script

• Open a terminal and cd into the same directory of the checkpoint.sh file

From now on you can use sudo ./checkpoint.sh to turn on/off the checkpoint endpoint VPN service (including the firewall).

---

Below a copy of the script:

#!/bin/bash
#
# The reason of creating this script is that Endpoint Security VPN installs it's own application firewall kext cpfw.kext
# which prevents for example PPTP connections from this computer, which is not appropriate if you need subj connection just
# from time to time
#
# Usage: ./checkpoint.sh
#
# The script checks if Enpoint Security VPN is running. If it is, then it shuts it down, if it is not, it fires it up.
# Or, make an Automator action and paste the script.
# You will need sudo power, of course
#
# To prevent Endpoint Security VPN from starting automatically whenever you restart your Mac, edit this file:
# `/Library/LaunchAgents/com.checkpoint.eps.gui.plist`
# And change the values of `RunAtLoad` and `KeepAlive` to `false`
# [Source](https://superuser.com/questions/885273)

SERVICE='Endpoint_Security_VPN'

if pgrep $SERVICE > /dev/null
then
    # $SERVICE is running. Shut it down
    [ -f /Library/LaunchDaemons/com.checkpoint.epc.service.plist ] && sudo launchctl unload /Library/LaunchDaemons/com.checkpoint.epc.service.plist
    [ -d /Library/Extensions/cpfw.kext ] && sudo kextunload /Library/Extensions/cpfw.kext
    [ -d '/Applications/Check Point Firewall.app' ] && open -W -n -a '/Applications/Check Point Firewall.app' --args --disable
    killall $SERVICE
else
    # $SERVICE is not running. Fire it up
    [ -f /Library/LaunchDaemons/com.checkpoint.epc.service.plist ] && sudo launchctl load /Library/LaunchDaemons/com.checkpoint.epc.service.plist
    [ -d /Library/Extensions/cpfw.kext ] && sudo kextload /Library/Extensions/cpfw.kext
    [ -d '/Applications/Check Point Firewall.app' ] && open -W -n -a '/Applications/Check Point Firewall.app' --args --enable
    [ -d '/Applications/Endpoint Security VPN.app' ] && open '/Applications/Endpoint Security VPN.app'
fi