Security Before Firewall Activation

Important - This section does not apply to Scalable Platforms (ElasticXL, Maestro, and Chassis).

To protect the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and network, Check Point Security Gateway has baseline security:

Baseline Security

Name of Policy

Description

Boot Security

defaultfilter

Security during boot process.

Initial Policy

InitialPolicy

Security before a policy is installed for the first time, or when Security Gateway failed to load the policy.

Important - If you disable the boot security or unload the currently installed policy, you leave your Security Gateway, or a Cluster MemberClosed Security Gateway that is part of a cluster. without protection.

Best Practice - Before you disable the boot security, we recommend to disconnect your Security Gateway, or a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Member from the network completely.

For additional information, see these commands in the R82 CLI Reference Guide:

Command

Description

$CPDIR/bin/cpstat -f policy fw

Shows the currently installed policy

$FWDIR/bin/control_bootsec {-r | -R}

Disables the boot security

$FWDIR/bin/control_bootsec [-g | -G]

Enables the boot security

$FWDIR/bin/comp_init_policy [-u | -U]

Deletes the local state policy

$FWDIR/bin/comp_init_policy [-g | -G]

Creates the local state Initial Policy

$FWDIR/bin/fw unloadlocal

Unloads the currently installed policy