# Check Point VPN > Integrate Check Point Harmony Mobile VPN with Applivery for zero-touch VPN configuration on managed iOS Devices. Source: https://docs.applivery.com/en/device-management/apple/apple-policies/checkpoint-vpn/ • Last updated: 2026-06-09 **Key topics:** Check Point Harmony Mobile VPN, Applivery Integration, Mobile Security, Zero-Touch Deployment, VPN Configuration, Check Point Harmony Mobile, Applivery, VPN, HTTPS --- **TL;DR:** Integrate Check Point Harmony Mobile VPN with Applivery to provide secure, always-on mobile device protection with zero-touch VPN configuration. Integrating **Check Point Harmony Mobile VPN** within your Applivery Workspace strengthens device protection by ensuring all network traffic is securely routed through Check Point’s trusted infrastructure. The **VPN feature** adds a critical security layer to Harmony Mobile’s threat prevention capabilities, helping protect users from malicious or unsafe connections even when they’re outside corporate networks. By combining **Harmony Mobile’s Zero-touch deployment** with automated VPN configuration, organizations can deliver consistent, always-on protection for mobile Devices without requiring any manual setup from end users. ## Implementation steps **Generate the Policy Certificate in Check Point** To begin, access the [Check Point Portal](https://portal.checkpoint.com/) and open the **Policy** 1 section. Expand the **Global Policy** 2 (or the workspace policy relevant to your environment) and navigate to the **Network Protection** 3 settings. ![policy-checkpoint](https://www.applivery.com/wp-content/uploads/2025/11/policy-checkpoint-1024x611.png "policy-checkpoint | Applivery") Within this section, locate the **HTTPS Settings** 4 panel and generate a new **network policy certificate** 5. Be sure to save this certificate securely, as it will be required later when configuring the Policy in Applivery. Before leaving this page, it is also recommended to enable the **Use next generation ONP** 6 option to ensure the most up-to-date protection features are applied. ![https-settings](https://www.applivery.com/wp-content/uploads/2025/11/https-settings-1024x643.png "https-settings | Applivery") **Configure the Policy in Applivery** Once in the [**Applivery Dashboard**](https://dashboard.applivery.io), go to any of your **Policies** 7. Choose the Policy where you want to configure the VPN. From the left-hand menu, navigate to the **\+ Add configuration** option and then choose **VPN** 8. :::info If you haven’t yet integrated Check Point Harmony Mobile into your Workspace, or haven’t added the App to your Policy, you can learn how by following this [link](https://docs.applivery.com/en/device-management/integrations/security/checkpoint-harmony-mobile-integration/). ::: ![vpn](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/1400b15f-2657-4175-b3c3-6d118a8c3092.png) You will need to make the following configurations: - **Authentication Method**: Password. - **Provider Type**: Packet-tunnel. - **Enable HTTPS**: 0. - **User Defined Name**: Check Point Local Tunnel. - **VPN Subtype**: `com.checkpoint.capsuleprotect`. - **Type**: VPN. - **Vendor Config**:`{ "zero_touch": "true" }`. - **Remote Address**: [www.checkpoint.com](http://www.checkpoint.com) - **Enable VPN On Demand**: 1. Within the **On-Demand Rules** section: - Add rules for **Connect + Wi-Fi** and **Connect + Mobile**. - Optionally, you can include **Connect + Ethernet** for wired connections by selecting Connect in the **On-Demand Action** field and Ethernet in the **Interface Type Match** field. Within the **VPN** section: - **Account Username**: `{{device.serialnumber}}`. - **Authentication Method**: Certificate. **Certificate configuration** From the left-hand menu, navigate to the **\+ Add configuration** option and then choose **Certificate (Trusted CA)** 9. ![certificate ca](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/db596520-b782-4c75-b0ae-a2ba42947c1e.png) In the **Payload Content** field, upload the certificate you previously downloaded from the Check Point portal. Once uploaded, the certificate will appear in the Policy list, ready for deployment. Finally, **save** the Policy and **deploy** it.