https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243242#M47254 <P>If you haven't installed a different policy (after the uninstall) then just running <STRONG>fw fetch localhost</STRONG> will fetch the Initial Policy.</P> <P>If you want to install / fetch Initial Policy when there is a different policy you will need compile it and perform additional steps</P> Fri, 07 Mar 2025 08:48:10 GMT Tal_Paz-Fridman 2025-03-07T08:48:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243221#M47243 <P>I used the command fw unloadlocal on my cluster XL gateways, but I would like to install the initial policy. How could I do that?</P> Fri, 07 Mar 2025 00:50:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243221#M47243 SecdetKrypton 2025-03-07T00:50:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243229#M47250 <P>This is in the Installation and upgrade guide:</P> <P><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Guide/Content/Topics-IUG/Security-Before-Firewall-Activation.htm?TocPath=Special%20Scenarios%20for%20Security%20Gateways%7CSecurity%20Before%20Firewall%20Activation%7C_____0" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Guide/Content/Topics-IUG/Security-Before-Firewall-Activation.htm?TocPath=Special%20Scenarios%20for%20Security%20Gateways%7CSecurity%20Before%20Firewall%20Activation%7C_____0</A></P> <P>&nbsp;</P> <P>You may (or may not) need to run the initial policy compiler first:</P> <TABLE class="TableStyle-TP_Table_Dark_Header_and_Pattern" cellspacing="0"> <TBODY> <TR class="TableStyle-TP_Table_Dark_Header_and_Pattern-Body-White_Background"> <TD class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyE-Column_Style-White_Background"> <P><CODE>$FWDIR/bin/comp_init_policy [-g | -G]</CODE></P> </TD> <TD class="TableStyle-TP_Table_Dark_Header_and_Pattern-BodyD-Column_Style-White_Background"> <P>Creates the local state Initial Policy</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>Then load the policy manually:</P> <LI-CODE lang="markup">fw fetchlocal -d $FWDIR/state/local/FW1/</LI-CODE> <P>&nbsp;</P> <P><SPAN>InitialPolicy loaded:</SPAN></P> <LI-CODE lang="markup">[Expert@cpgw01:0]# fw stat HOST POLICY DATE localhost InitialPolicy 7Mar2025 0:11:41 : [&gt;eth0] [&lt;eth0] </LI-CODE> <P>&nbsp;</P> <P>Please test this on your own before trying on a production gateway, however! &nbsp; After InitialPolicy is loaded, you can still SSH to the gateway and run various CPD management commands from SmartConsole (or wherever). &nbsp;You can't ping the gateway, however.</P> <P>&nbsp;</P> <P>If you want to build your own custom default filter, review the documentation section:</P> <P><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Guide/Content/Topics-IUG/Boot-Security.htm?tocpath=Special%20Scenarios%20for%20Security%20Gateways%7CSecurity%20Before%20Firewall%20Activation%7C_____1" target="_blank">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Guide/Content/Topics-IUG/Boot-Security.htm?tocpath=Special%20Scenarios%20for%20Security%20Gateways%7CSecurity%20Before%20Firewall%20Activation%7C_____1</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 07 Mar 2025 05:19:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243229#M47250 Duane_Toler 2025-03-07T05:19:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243242#M47254 <P>If you haven't installed a different policy (after the uninstall) then just running <STRONG>fw fetch localhost</STRONG> will fetch the Initial Policy.</P> <P>If you want to install / fetch Initial Policy when there is a different policy you will need compile it and perform additional steps</P> Fri, 07 Mar 2025 08:48:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/How-install-InitialPolicy-after-use-fw-unloadlocal/m-p/243242#M47254 Tal_Paz-Fridman 2025-03-07T08:48:10Z