Remote Check Point Upgrades and the Dreaded Initial Policy – Fear No More!

February 25, 2015 | Filed Under: Check PointHow To

In years past, to perform an upgrade without physical access, remote hands, or out-of-band connectivity to a Check Point firewall would have spelled certain disaster. This was due to the default block all policy which is solved via a quick one-liner of “fw unloadlocal”.

Beginning in R70 and above, the default policy has changed, but it depends on the underlying operating system.

SPLAT default behavior allows SSH, HTTPS and SIC
Gaia default behavior allows SSH, HTTPS and SIC
IPSO default behavior allows only SIC

Now, go forth and upgrade your infrastructure!

Tags: , , , ,