Remote Check Point Upgrades and the Dreaded Initial Policy – Fear No More!
In years past, to perform an upgrade without physical access, remote hands, or out-of-band connectivity to a Check Point firewall would have spelled certain disaster. This was due to the default block all policy which is solved via a quick one-liner of “fw unloadlocal”.
Beginning in R70 and above, the default policy has changed, but it depends on the underlying operating system.
Now, go forth and upgrade your infrastructure!