Security Before Firewall Activation

In This Section:

To protect the Security Gateway and network, Check Point Security Gateway has baseline security:

Baseline Security	Name of Policy	Description
Boot Security	`defaultfilter`	Security during boot process.
Initial Policy	`InitialPolicy`	Security before a policy is installed for the first time, or when Security Gateway failed to load the policy.

Important - If you disable the boot security or unload the currently installed policy, you leave your Security Gateway, or a Cluster Member without protection. Before you disable the boot security, we recommend to disconnect your Security Gateway, or a Cluster Member from the network completely.

For additional information, see these commands in the R80.20 Command Line Reference Guide:

Command	Description
`$CPDIR/bin/cpstat -f policy fw`	Shows the currently installed policy
`$FWDIR/bin/control_bootsec {-r \| -R}`	Disables the boot security
`$FWDIR/bin/control_bootsec [-g \| -G]`	Enables the boot security
`$FWDIR/bin/comp_init_policy [-u \| -U]`	Deletes the local state policy
`$FWDIR/bin/comp_init_policy [-g \| -G]`	Creates the local state Initial Policy
`$FWDIR/bin/fw unloadlocal`	Unloads the currently installed policy