https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211877#M40191 <P>We always prepare the GWs in our HQ before sending them out to the Sites. Including all Gaia Settings, established SIC and correct policy installed. Last thing before shipping is to change the WAN IP and default Route in Gaia and change the Main IP also in the Management. Only thing to do When it gets connected at the Site is to install the policy again to „activate“ the new WAN IP.</P> Fri, 19 Apr 2024 21:34:14 GMT D_W 2024-04-19T21:34:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211860#M40189 <P>Hi all,</P> <P>sometimes it happens that we need to configure FWs and then sent to Datacenter/branch offices.</P> <P>At startup FWs load Initial Policy, so we cannot connect from MPLS or Internet. Every time console access is needed to perform fw unloadlocal.</P> <P>Any workaround?</P> Fri, 19 Apr 2024 14:36:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211860#M40189 CheckPointerXL 2024-04-19T14:36:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211871#M40190 <P>You can customize the default filter policy:</P><P>&nbsp;</P><P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_NextGenSecurityGateway_Guide/Topics-FWG/Boot-Security.htm?tocpath=Security%20Before%20Firewall%20Activation%7C_____1#" target="_blank">Boot Security (checkpoint.com)</A></P> Fri, 19 Apr 2024 18:47:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211871#M40190 Lloyd_Braun 2024-04-19T18:47:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211877#M40191 <P>We always prepare the GWs in our HQ before sending them out to the Sites. Including all Gaia Settings, established SIC and correct policy installed. Last thing before shipping is to change the WAN IP and default Route in Gaia and change the Main IP also in the Management. Only thing to do When it gets connected at the Site is to install the policy again to „activate“ the new WAN IP.</P> Fri, 19 Apr 2024 21:34:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211877#M40191 D_W 2024-04-19T21:34:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211878#M40192 <P>Good to know that this is also possible. <span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></P> Fri, 19 Apr 2024 21:35:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211878#M40192 D_W 2024-04-19T21:35:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211880#M40193 <P>You realize we have a Zero Touch service that can assist with this:? <A href="https://sc1.checkpoint.com/documents/SMB_R80.20.15/AdminGuides/Locally_Managed/EN/Topics/Zero-Touch-Cloud-Service.htm" target="_blank">https://sc1.checkpoint.com/documents/SMB_R80.20.15/AdminGuides/Locally_Managed/EN/Topics/Zero-Touch-Cloud-Service.htm</A>&nbsp;<BR />See also: <A href="https://welcome.checkpoint.com" target="_blank">https://welcome.checkpoint.com</A>&nbsp;(production) or <A href="https://welcome-stg.checkpoint.com" target="_blank">https://welcome-stg.checkpoint.com</A>&nbsp;(Staging) which offers another mechanism to onboard appliances.</P> Fri, 19 Apr 2024 22:06:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Avoid-Initial-Policy-quot-Zero-Touch-quot-Deployment/m-p/211880#M40193 PhoneBoy 2024-04-19T22:06:38Z