The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: Install an 'accept all' policy on the firewall module

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


If you tried to install the policy from the management console and failed, log onto the console of 'gateway' and do a:

fw fetch control

If that fails, try the following:

  • Logon to the console of "gateway"

    IMPORTANT: You are about to uninstall the security policy. This will probably stop existing connections through the firewall (depending on whether or not you allow FireWall-1 to control IP Forwarding) and will also expose your firewall to potential attack.

  • Unload the existing security policy: fw unload localhost or fw unloadlocal

  • From "control", load a new security policy: fw load policy.pf gateway

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.