The Initial Policy

Until the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. administrator installs the Security PolicyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. on the Security Gateway for the first time, security is enforced by an Initial Policy.

The Initial Policy operates by adding the predefined implied rules to the Default Filter policy.

These implied rules forbid most communication, yet allow the communication needed for the installation of the Security Policy.

The Initial Policy also protects the Security Gateway during Check Point product upgrades, when a SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. certificate is reset on the Security Gateway, or in the case of a Check Point product license expiration.

Note - During a Check Point upgrade, a SIC certificate reset, or license expiration, the Initial Policy overwrites the user-defined policy.

The sequence of actions during boot of the Security Gateway until a Security Policy is loaded for the first time:




The Security Gateway boots up.


The Security Gateway disables IP Forwarding and loads the Default Filter policy.


The Security Gateway configures the interfaces.


The Security Gateway services start.


The Security Gateway fetches the Initial Policy from the local directory.


Administrator installs the user-defined Security Policy from the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

The Security Gateway enforces the Initial Policy until administrator installs a user-defined policy.

In subsequent boots, the Security Gateway loads the user-defined policy immediately after the Default Filter policy.

There are different Initial Policies for StandaloneClosed Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. and distributed setups: