Print Download PDF Send Feedback

Previous

Next

Security Before Firewall Activation

In This Section:

Boot Security

The Initial Policy

Monitoring Security

Unloading Default Filter or Initial Policy

Troubleshooting: Cannot Complete Reboot

To protect the Security Gateway and network, Check Point Security Gateway has baseline security:

Baseline Security

Name of Policy

Description

Boot Security

defaultfilter

Security during boot process.

Initial Policy

InitialPolicy

Security before a policy is installed for the first time, or when Security Gateway failed to load the policy.

Important - If you disable the boot security or unload the currently installed policy, you leave your Security Gateway, or a Cluster Member without protection. Before you disable the boot security, we recommend to disconnect your Security Gateway, or a Cluster Member from the network completely.

For additional information, see these commands in the R80.20 Command Line Reference Guide:

Command

Description

$CPDIR/bin/cpstat -f policy fw

Shows the currently installed policy

$FWDIR/bin/control_bootsec {-r | -R}

Disables the boot security

$FWDIR/bin/control_bootsec [-g | -G]

Enables the boot security

$FWDIR/bin/comp_init_policy [-u | -U]

Deletes the local state policy

$FWDIR/bin/comp_init_policy [-g | -G]

Creates the local state Initial Policy

$FWDIR/bin/fw unloadlocal

Unloads the currently installed policy