ARTICLES

Remote Check Point Upgrades and the Dreaded Initial Policy – Fear No More!

Remote Check Point Upgrades and the Dreaded Initial Policy – Fear No More!

In years past, to perform an upgrade without physical access, remote hands, or out-of-band connectivity to a Check Point firewall would have spelled certain disaster. This was due to the default block all policy which is solved via a quick one-liner of “fw unloadlocal”.

Beginning in R70 and above, the default policy has changed, but it depends on the underlying operating system.

SPLAT default behavior allows SSH, HTTPS and SIC

Gaia default behavior allows SSH, HTTPS and SIC

IPSO default behavior allows only SIC

Now, go forth and upgrade your infrastructure!

Request a Demo

Fill out the form below and we'll get in touch via email.
We look forward to talking to you!
Thank you! We'll be in touch.
Oops! Something went wrong while submitting the form.
Top ^