Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
j77rmn1
Explorer

Do I need to Install Policy after HFA Installation?

Jump to solution

Hello Team,

This might be a silly question but after installing HFA, we saw less traffic hitting the GWs.

We did a "Install Policy" then more traffic seems to be hitting our GWs.

Do we need to Install Policy after installing HFA?

Thank you very much.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

The answer is “it depends.”
Generally installing a JHF on a gateway requires a reboot (usually not on management).

When you’re doing a version upgrade on the gateway (going from say R80.30 to R80.40), that most definitely requires a policy install afterwords.
If the JHF has content that impacts policy compilation (obviously on management), which changing gateway version does, then you may need to reinstall policy for the relevant changes to take effect.
However, I would expect the need for this to be documented in the JHF notes.

View solution in original post

8 Replies
Dima_M
Employee
Employee

Were you installing the HFA on Security Management or Gateway?

0 Kudos
Henrik_Noerr1
Contributor

Actually I would like the answer for both.

0 Kudos
PhoneBoy
Admin
Admin

The answer is “it depends.”
Generally installing a JHF on a gateway requires a reboot (usually not on management).

When you’re doing a version upgrade on the gateway (going from say R80.30 to R80.40), that most definitely requires a policy install afterwords.
If the JHF has content that impacts policy compilation (obviously on management), which changing gateway version does, then you may need to reinstall policy for the relevant changes to take effect.
However, I would expect the need for this to be documented in the JHF notes.

View solution in original post

Rabindra_Khadka
Contributor

hello @PhoneBoy 

Does a backup restore requires a policy installation ? Last time when i restore the backup on Security Gateway it worked only after installing the policy.

 

Thank you

0 Kudos
PhoneBoy
Admin
Admin

Again, it depends.
If management is on the same version as when you took the backup, it may not be required, but if management has changed version at all, it is required.
But I'm with @HristoGrigorov on this, it's a good idea to do a policy install afterwords just to make sure everything is working. 

0 Kudos
j77rmn1
Explorer
On Gateways.
0 Kudos

I always install policy as part of validation procedure that upgrade went well and things are working as they should. 

JonnyV
Contributor

Historically no, policy install on a JHF wasn't necessary...

However CP changed something in JHF 196+ that seems to require an policy install for GW connections to function post JHF install.

ref: https://community.checkpoint.com/t5/General-Topics/r80-30-take196-fw-unable-to-accept-new-conne...

0 Kudos