- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
All,
We're anxious to share with you an exciting new feature in R81 that already shows exceptional results among our EA customers: Accelerated Access Install Policy.
UPDATE: Join a live demo of the Accelerated Access Install Policy as part of "Delivering Security Consolidation Across the Enterprise" webinar at 28 Oct 2020. Register here
The policy installation is accelerated depending on the changes that were made to the Access Control policy since the last installation.
The new accelerated flow optimizes common use-cases and drastically speeds up the installation with up to 90% improvement as shown already in production of EA customers. When the policy installation is accelerated, the icon will appear under the "Install Policy Acceleration" column. For example:
We strongly invite everyone to try out the Accelerated Access Install Policy in R81!
The feature is the outcome of a significant team effort and deep collaboration between the Gateway R&D team (led by @Meital_Natanson) and the Management R&D team (which I lead) and our excellent QA teams (led by @IrinaAstanovsky and @Ilya_Yusupov).
To learn more about Accelerated Policy Installation refer to: http://downloads.checkpoint.com/dc/download.htm?ID=108670 (or see PDF attached).
For further information, feel free to post your question here or to reach our privately to me or @Meital_Natanson.
Regards,
Eran and Meital
Thanks for further improving policy installation time. We all remember Check Points efforts on this topic in R80.10 as well as in R80.20 as documented here.
Your screen shot shows that Access Control and Threat Prevention Policy are installed together. We've been recently told by Check Point support that in order to avoid any issues these should not be installed together. What about this in R81?
The only issue I'm aware of is the very first Access Policy installation, namely Threat Prevention cannot be installed until an Access Policy has been installed.
Are there others?
There is no such limitation/guideline, in R80.x you can trigger installation of several blades at the same time. If such advice was given by TAC under specific circumstances it might be related to specific issue. Let's discuss it offline.
By the way, this is the place to also share that in R81 we added for the first time the ability to run several policy installations at the same time - which wasn't possible in R80.x:
Very Welcomed solution, to successfully deal with the competitors where only the delta changes are pushed which makes policy push fast
Indeed @Mark_Gurevich, the new Accelerated Policy installation relies heavily on the "delta", we do major parts of the flow based on the changes that were made since last installation (some parts still use the entire policy). On the Management side, we also do some of the work as part of the Publish operation rather than waiting for the installation itself. For those reasons (and other) - the new flow is much faster.
Hi Eran,
I love to hear that news! Accelerated Policy installation and multiple synchronous policy installations are outstanding features we are waiting for.
But I found a point in the admin guide that made my heart bleeding: Limitation: Maestro.
Why? Will it be possible with later releases?
Thanks in advance.
Regards
Sven
Certain gateway types require a different policy compilation/installation process.
My guess is that those processes haven’t been updated with the accelerated policy install framework yet.
Hopefully it’s something we’ll address in later releases.
Hi @Sven_Glock, excellent question 😀
Indeed that's something we want and plan to do soon, we will update when we have good news.
Does the acceleration apply to customers who use connection rematch during policy install?
Don’t believe so as it doesn’t materially affect policy compilation at all.
I was wondering if there are numbers about how much faster is the accelerated policy installation.
Let's say for example a policy-package of 500 rules and a change of 5 new objects or something like that.
When the Accelerated Policy installation applies, it should be under a minute.
It has more to do with the types of changes being made versus the number of them.
I can share that based on diagnostic data we have, in most cases the acceleration reduces the installation significantly under 1 minutes, for many customers it takes seconds end to end 😀
I can't provide exact estimation for a specific policy because there are many parameters that might influence, but I do expect to see improvement of dozens of % in compare to "normal" installations which aren't accelerated.
@Luis_Miguel_Mig how much time does it take you to install the policy today?
I have upgraded both management and gateway to R81. But i dont see the symbol of acceleration during policy install.
So is it automatic or we need to enable something?
Hi @Gaurav_Pandya,
The acceleration is automatic (nothing should enabled manually), but in some cases the installation cannot be accelerated. For more info see: http://downloads.checkpoint.com/dc/download.htm?ID=108670 (look for "Cases in which Install Policy will not be accelerated").
If you "hover" the icon of the download arrow (under Install Policy Acceleration column - see below) you'll see why the acceleration wasn't enabled.
Ok. Got it
Thanks.
Hi Eran,
I know this is a bit older post, but just to be 100% sure, is this ONLY applicable if both mgmt and gateways are on R81?
Gateways and management must be on R81 or above, yes.
Thank you D! Im glad you confirmed, because I was under impression it was applicable if using R81 mgmt and R80.40 gateways.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
21 | |
12 | |
6 | |
6 | |
4 | |
4 | |
4 | |
3 | |
3 | |
2 |
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 02:00 PM (EDT)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - AMERAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY