Support Center > Search Results > SecureKnowledge Details
Recommended Internet Access Settings for Automatic Downloads Technical Level

Refer to sk111080 - How to configure Check Point software to upload data to Check Point / download data from Check Point.


Table of Contents:

  1. Introduction
  2. Offline Mode Limitations
    • Blade Contracts
    • SmartConsole
    • General
  3. Offline Mode Scope
  4. Related solutions



In the First Time Configuration Wizard on Gaia OS, you have the option to enable or disable automatic downloads of Blade Contracts, Check Point Releases / Hotfixes via CPUSE, and data for complete functionality of Software Blades and features.

It is highly recommended that you keep this option enabled to ensure the smooth operation of Check Point products.


  • The type of downloaded data may change from version to version.
  • In some cases, the download process sends required minimal data of your Check Point installation to the Download Center.

If you disable this setting, the Security Gateways of this version and higher will enter Offline mode. Blade Contracts and updates will not be downloaded automatically.


Offline Mode Limitations

Blade Contracts

Blade Contracts are annual blade licenses. Their renewal, from the UserCenter, is necessary for complete product functionality. If you disable this setting, Blade Contracts cannot be automatically updated. If your local contract is missing or expired, these limitations apply:

Blade / Feature Limitation
Threat Emulation local mode Files will not be emulated.
Data Loss Prevention blade Will operate in Bypass mode if there is no valid contract installed on Security Gateway
(the contract can be installed manually via SmartUpdate, and DLP will enforce its policy on the traffic).
Compliance blade Will not execute scans.
Endpoint Security Policy Management License report in SmartEndpoint will not be accurate.
CPinfo Self-update is not applicable.



Blade / Feature Limitation
  • IPS updates from UserCenter will fail.
Application & URL Filtering
  • AppWiki will not work.
  • No update of "Messages and Actions" frame in Overview view.
  • No update of the applications picker in the Policy view.
  • Search for categorization of sites via overview tab will fail.
Threat Prevention
  • ThreatWiki will not work.
  • No protections picker in Global Exceptions view.
  • No Protections view.
  • No search for malware from Overview.
  • No RSS feed.
Threat Emulation
  • No image and file type updates.



  • Trusted Certificate Authorities (CAs) list will not be updated.
  • No update of Check Point certificate bundle.
  • Relevant upgrade packages will not be shown by CPUSE Agent (in Gaia Portal / Gaia Clish).


Offline Mode Scope

Even in Offline mode, if an activated Software Blade requires external services, it will still connect to Check Point to get the required data:

Blade / Feature Limitation
  • Download GEO protections updates
  • Download malicious IPs lists
  • Validate Blade contract entitlement
Application Control
  • Download applications database
  • Detect social network widgets
  • Run and return results of cloud-based application analysis
  • Validate Blade contract entitlement
URL Filtering
  • Download initial local database
  • Run and return results of cloud-based categorization
  • Validate Blade contract entitlement
HTTPS Inspection
  • Update bypass list
  • Download updates to the local signature database
  • Run and return results of cloud-based security analysis
  • Validate Blade contract entitlement
  • Download latest regulations and best practices
Endpoint Policy Management
  • Download updates to the malware database
Endpoint Anti-Malware
  • Run and return results of cloud-based malware categorization
Endpoint Application Control
  • Download application database
  • Run and return results of cloud-based application analysis

This setting on a Security Management Server applies to all managed Security Gateways (R77 and higher).

To change this setting after completing the First Time Configuration Wizard:

  1. Connect with SmartConsole to Security Management Server / Domain Management Server.

  2. Go to 'Policy' menu - go to 'Global Properties' - go to 'Security Management Access' pane.

  3. Check the box 'Automatically download Contracts and other important data (Recommended)'.

  4. Click on 'OK' to apply the changes.

  5. Save the changes: go to 'File' menu - click on 'Save'.

  6. Close the SmartConsole.

  7. Connect with SmartConsole to Security Management Server / Domain Management Server.

  8. Install policy on all Security Gateways.

Note: On the Security Management Server / Multi-Domain Security Management Server, install the database (go to "Policy" menu - click on "Install Database...").


Give us Feedback
Please rate this document