This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
cdooer
Contributor
‎2026-02-23 10:02 AM
Jump to solution

Completely erasing config without doing factory reset

Hey folks. I've got a pair of Checkpoint 6k's running in a cluster, on R82. I'm repurposing these to replace an existing EOL cluster (5k's), and was wondering what the best way was to completely reset the config's on the 6k's, without having to factory reset them. The issue is that they came with R81.10, and I'd rather not have to go through the upgrade process again. Is there an easy way to accomplish this?

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-02-23 12:14 PM
Jump to solution

To be sure you're aware, you can always wipe the box and install a new "factory default" image using a tool called ISOmorphic (sk66205). Check Point's branded boxes are pretty ordinary amd64 servers, just with weird PCIe slots. This tool takes a Check Point installation ISO image and builds a thumb drive. When you boot from the drive, it wipes the server's internal storage, sets up a new md(4) mirror (if you have two drives), sets up a new lvm(8) volume group on it, adds the "factory default" logical volume, copies the contents of the ISO image you provide to it, then reverts to that volume.

Then in the future, if you "restore to factory defaults", it will go back to R82 (for example) instead of whatever it actually shipped with.

This is the surest way to remove all existing configuration from a system you plan to repurpose.

View solution in original post

14 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-02-23 10:07 AM
Jump to solution

Maybe below, though have not done it in ages...

rm -rf /config/active
reboot

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-23 10:28 AM
In response to the_rock
Jump to solution

Have you tested that?

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-23 10:34 AM
In response to Vincent_Bacher
Jump to solution

Not in a long time.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-02-23 10:08 AM
Jump to solution

Via the CPUse agent download the R82 and there you can pick 2 options, clean install and upgrade. Use the clean install option (check under major version). 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
cdooer
Contributor
‎2026-02-23 12:09 PM
In response to Lesley
Jump to solution

So I've already got R82 take 44 installed, and there doesn't seem to be an option to do anything in CPUSE. This new version of CPUSE is garbage though, wish we had the option of going back to the old one. 

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-02-23 01:39 PM
In response to cdooer
Jump to solution

Shoud be there, just checked my lab R82 take 44. It is under major versions in cpuse

Edit, i see you have no access to CP cloud that could explain it. I think via cpuse is a quick way. ISO can be a struggle and you have to be onsite. 

image.png

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
WiliRGasparetto
MVP Diamond
MVP Diamond
‎2026-02-23 11:46 AM
Jump to solution

Using the firewall Web UI, you can perform the installation via CPUSE. If the devices have Internet connectivity, they can download the required packages directly from there.

If they do not have Internet access, you will need to:

  • Download the R82 image/package,

  • Upload it to the firewall, and

  • Download and upload the Deployment Agent package as well.

That said, I would recommend choosing the Clean Install option. This will remove all existing firewall configuration, and you can also install the latest recommended Jumbo Hotfix during the same maintenance window. This approach helps avoid version-related bugs, improves stability, and saves you from having to schedule an additional maintenance window later.

(1)
cdooer
Contributor
‎2026-02-23 12:15 PM
In response to WiliRGasparetto
Jump to solution

So I've already got R82 take 44 installed, and there doesn't seem to be an option to do anything in CPUSE. This new version of CPUSE is garbage though, wish we had the option of going back to the old one. pic10.jpg

0 Kudos
Alex-
MVP Silver
MVP Silver
‎2026-02-23 12:14 PM
Jump to solution

Isomorphic

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-02-23 12:14 PM
Jump to solution

To be sure you're aware, you can always wipe the box and install a new "factory default" image using a tool called ISOmorphic (sk66205). Check Point's branded boxes are pretty ordinary amd64 servers, just with weird PCIe slots. This tool takes a Check Point installation ISO image and builds a thumb drive. When you boot from the drive, it wipes the server's internal storage, sets up a new md(4) mirror (if you have two drives), sets up a new lvm(8) volume group on it, adds the "factory default" logical volume, copies the contents of the ISO image you provide to it, then reverts to that volume.

Then in the future, if you "restore to factory defaults", it will go back to R82 (for example) instead of whatever it actually shipped with.

This is the surest way to remove all existing configuration from a system you plan to repurpose.

the_rock
MVP Diamond
MVP Diamond
‎2026-02-23 06:05 PM
In response to Bob_Zimmerman
Jump to solution

Excellent point, Bob. I always keep forgetting about the isomorphic tool, but definitely worth considering here.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2026-02-23 11:02 PM
Jump to solution

In addition to what others already said, make sure you reset also LOM settings, if available and used. LOM settings are independent from OS and will stay configured even after you do FCD.

Kind regards,
Jozko Mrkvicka
0 Kudos
cdooer
Contributor
‎2026-02-24 09:18 AM
In response to JozkoMrkvicka
Jump to solution

Thx for all the advice folks. Since I was on prem and in a bit of a hurry, I just ended up factory resetting all 3 boxes back to R81.10, and doing a clean install/upgrade from there. 

the_rock
MVP Diamond
MVP Diamond
‎2026-02-24 09:24 AM
In response to cdooer
Jump to solution

Glad you got it working!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events