Reinstall Checkpoint UTM-1 firewall, the hard way...


Update 2022: This article was written for UTM-1 appliances, the first appliance offered by Checkpoint in 2009. It is no longer available, nor exists anywhere, to the best of my knowledge. The procedure of reinstalling a Checkpoint Appliance (new ones) has changed, and became much easier. So, see this article as a historical reference only, not applicable anymore in real life.

Sometimes machines fail , in the end all machines fail some day anyway. When it happens to the firewall (Checkpoint ) it might be a very frustrating event . By failing I mean machine turns on but doesn’t boot or boots into unusable state. If you have Checkpoint Open Server (i.e. Checkpoint VPN-1 software installed on a 3rd party server) then most probably you have CD/DVD-drive in it and what  left is to find installation CD  of the Checkpoint – 30 minutes, some basic rules and your network partially but starts to work. But if you have a Checkpoint UTM-1  appliance you have a problem. A big one. There is no button to restore to factory defaults nor CD/DVD drive to start formatting/reinstalling the firewall immediately.  Not that Checkpoint didn’t think about that situation, just reinstalling/reimaging  procedure is a bit involved. I won’t say new things as all is neatly documented in SecureKnowledgebase of checkpoint.com (sk37231) . I will only list the steps to reimage UTM-1 appliance:
- You download from checkpoint.com a UTM .ISO image matching your UTM version ;
- You burn it to DVD disk (It is 1,5 Gigabyte in size) ;
- You connect USB DVD drive to USB port in UTM, reboot from it and start install from scratch.

That is it.

PS If you happen to forget SSH password of the expert user you are also left with this option to try to boot appliance from some bootable DVD and reset password, or just plain reinstall the whole firewall. So be very careful about SSH passwords for the UTM appliances.

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.