Check Point Capsule

This VPN connection type is supported on iOS, macOS, and Windows devices only.

Use the following guidelines to configure the Check Point Capsule VPN connection type:

Proxy - None (default)
Proxy - Manual
Proxy - Automatic

Within these selections, you may make settings for:

Custom Data

Proxy - None (default)

Use the following guidelines to configure a Check Point Capsule VPN without a proxy.

**Table 52.** Proxy - None settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select Check Point Capsule.
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	None is the default setting. To configure a Manual or Automatic proxy, go to Proxy - Manual or Proxy - Automatic.
Username	Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: $USERID$:$EMAIL$ $USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: Password - see next row for information. Certificate - If you select Certificate, select the identity certificate to be used as the account credential. If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
Send All Traffic	Select to send all traffic from the Windows device through the VPN gateway. When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table. When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway.

Continue to Custom Data.

Proxy - Manual

If you select Manual, you must specify the proxy server, port number. and proxy domain information.

**Table 53.** Proxy - Manual settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select Check Point Capsule.
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Select Manual. For an Automatic proxy, see Proxy - Automatic.
Proxy Server	Enter the name for the proxy server.
Proxy Server Port	Enter the port number for the proxy server. Type - Select Static or Variable for the type of authentication to be used for the proxy server.
Type	Select Manual proxy to see this option. Select Static or Variable.
Proxy Server User Name	If the authentication type is Static, enter the user name for the proxy server. If the authentication type is Variable, the default variable selected is $USERID$.
Proxy Server Password	If the authentication type is Static, enter the password for the proxy server. Confirm the password in the field below. If the authentication type is Variable, the default variable selected is $PASSWORD$.
Proxy Domains (iOS only)	The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported. Select Add+ to add a domain.
Username	Specify the user name to use. The default value is $USERID$. Use this field to specify an alternate format, such as: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: $USERID$:$EMAIL$ $USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username. Some enterprises have a strong preference concerning which identifier is exposed.
User Authentication	Select the user authentication to use: Password - see next row for information. Certificate - If you select Certificate, select the identity certificate to be used as the account credential. If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
Send All Traffic	Select to send all traffic from the Windows device through the VPN gateway. When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table. When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway.

Continue to Custom Data.

Proxy - Automatic

If you selected an Automatic proxy, you must specify the proxy server URL and proxy domain(s).

**Table 54.** Proxy - Automatic settings
Item	Description
Name	Enter a short phrase that identifies this VPN setting.
Description	Provide a description that clarifies the purpose of these settings.
Channel	For macOS only. Select one of the following distribution options: Device channel - the configuration is effective for all users on a device. This is the typical option. User channel - the configuration is effective only for the currently registered user on a device.
Connection Type	Select Check Point Capsule.
Server	Enter the IP address, hostname, or URL for the VPN server.
Proxy	Select Automatic. For a manual proxy, see Proxy - Manual
Proxy Server URL	Enter the URL for the proxy server. Enter the URL of the location of the proxy auto-configuration file.
Proxy Domains (iOS only)	The VPN will only proxy for the domain and domain suffixes specified here (.com and .org are examples of top-level domain suffixes). Domain suffixes can be used to match multiple domains. For example, .com would include all .com domains, and example.com would include all domains ending in example.com, such as pages.example.com and mysite.example.com. Wildcards are not supported. Select Add+ to add a domain.
Username	Specify the user name to use (required.) The default value is $USERID$. Include at least one of the following variables: $USERID$, $EMAIL$, $SAM_ACCOUNT_NAME$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as the following: $USERID$:$EMAIL$ $USERID$_$EMAIL$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant username.
User Authentication	Select the user authentication to use: Password - see next row for information. Certificate - If you select Certificate, select the identity certificate to be used as the account credential. If you select Certificate, and extended authentication (EAP) is not used, this certificate will be sent out for IKE client authentication. If extended authentication is used, this certificate can be used for EAP-TLS.
Password	Specify the password to use (required.) The default value is $PASSWORD$. Include at least one of the following variables: $USERID$, $EMAIL$, $PASSWORD$, $USER_CUSTOM1$, $USER_CUSTOM2$, $USER_CUSTOM3$, $USER_CUSTOM4$, $CUSTOM_DEVICE_Attributename$, $CUSTOM_USER_Attributename$, $NULL$ You can use combinations such as $EMAIL$:$PASSWORD$ Enter $NULL$ if you want the field presented to the user to be blank. Users will need to fill in the relevant password.
Send All Traffic	Select to send all traffic from the Windows device through the VPN gateway. When Send All Traffic is checked, all traffic is sent through the VPN gateway with the exception of traffic from the resources you enter in this table. When Send All Traffic is unchecked, only traffic from the resources you enter in this table is sent through the VPN gateway.

Continue to Custom Data.

Custom Data

Add+ - Click to add a new key / value pair.
Key / Value - Enter the Key / value pairs necessary to configure the VPN setting. The app creator should provide the necessary key / value pairs.