Check Point Policy Installation Process
See below diagram which shows the files involved in the policy installation process followed by the actual policy installation flow process later in the post.
Policy Install flow process
1. Assuming the initiation was made by a Smart Console application, as opposed to using command line options such as fmw load or fw fetch, the Check Point Management Interface (CPMI) policy installation command is sent to FMW on the management server where the verification and compilation takes place.
2. FWM forwards the command to CPD for code generation and compilation.
3. CPD invokes the Checkpoint policy transfer agent (CPTA) command which sends the policy to all applicable security gateways.
4. CPD on the security gateway receives the policy and verifies it’s integrity.
5. FWD on the security gateway updates all of the user-mode processes responsible for enforcement aspects. These include VPND for VPN issues, FWSSD processes for security server issues and so on. Once complete, the CPD then initiates the kernel replacement.
6. The new policy is prepared, and the kernel halts the traffic and starts queuing all incoming traffic.
7. The Atomic load takes place. This process should take a fraction of a second.
8. The queue is released and all of the packets are handled by the new policy.
See Below Diagram for above process steps;
fwknowledge.wordpress.com
FW Knowledge 
Leave a comment