That' won't work. It is very likely the same policy compiled for different GWs will be different. 

You are correct. Policy for GWs without new policy install on SMS are still the compiled old version, and identical to the local GW policy, so no pull will occur. Just tested that to be sure 8)

Aha, LSM profiles ... i never worked with them so far ...
i will take a look on that ...

i was thinking there is a way to compile a policy for all gateways, but not to send the data to the remote gateways but let them fetch the policy manually.

i will take a look on those LSM profiles!
Thank you.

If you are installing the same package to 100 GWs, LSM is the best way. The policy file is not push to the GWs, but resides on MGMT, and then GW is fetching it automatically.

Very close to what you are trying to achieve, but by supported means.

Aha, with "SmartProvisioning" ... this will need an extra licence right?

yes

Hi,
well as always in the Check Point world, it depends!
Sometimes of course i choose only a few policy targets and push a policy to only a small amount of gateways.
But sometimes i have to push a policy because of global relevant policies/settings to ALL gateways on my management.
Selecting 100+ gateways and pressing "install" is not the thing iam concerned about ... but the waiting until all 100+ gateways are finished is a nightmare.
So iam thinking on ways to mitigate that.

So compiling a policy ... and do some magic stuff to let the gateways fetch this new policy package by themself would be great!
its now the question if this would really speed up the process.
a procedure like on SMB GW´s with a scheduled policy fetch is better then nothing, but not what i want.

Of course, all other ways to speed up policy install would be great too! perhaps R81 will help.
But 2h waiting for 100+ GW is not funny!


best regards
Thomas

I see. Have you considered "Install policy presets"? So the policy can be pushed at night

Policy presets? Never heard of that...where do you set that up?

Well, you have it in MDM context

Well no, i would consider this a workaround and not a solution.
when i have to install a policy i have to install it now. When the policy is installed later on it could cause issues with other changes my colegues might have done earlier... hiding and all those funny stuff.
But anyhow this Policy Presets are a good feature!
But not all customers are lucky to have a MDM on their hand!

Maybe you could do some coding using management api and for instance python or bash scripts. 

"mgmt_cli install-policy...."

Here you can use "prepare-only" and when all are prepared, the gateways should be able to fetch the prepared policies. 

Did not test that, just an idea to be verified.

Cheers