| How to reset SIC | Technical Level |
| Solution ID | sk65764 | | Technical Level | | Product | Quantum Security Gateways, VSX | | Version | R76, R77, R77.10, R77.20, R77.30, R80.10, R80.20, R80.30, R80.40, R81 | | Platform / Model | All | | Date Created | 09-Nov-2011 | | Last Modified | 18-Feb-2021 |
Warning: Before implementing this procedure in a VSX environment, consult Check Point Support. Also refer to sk34098 - How to reset SIC on a VSX Gateway for a specific Virtual System
Important: On the Embedded OS platforms, the menu given by cpconfig is not available. However, you can initialize SIC by running the CLISH command: set sic_init password <one-time-password>
The WebUI of the Administration portal also provides this option in the 'Home->Security Management' page in the 'Security Management Server' section. For Open Servers and other appliances, perform the following procedure on the Security Gateway:- Connect to the command line on the Security Gateway / Cluster member (over SSH, or console).
Note: For cluster, perform this procedure on Standby member first and then on the Active.
- Go to the Check Point menu:
[Expert@HostName]# cpconfig
- Choose option 5 'Secure Internal Communication' from the menu by typing number 5 and pressing 'Enter':
- You will be asked if you wish to re-initialize the communication. Press on 'y' and then press 'Enter':
- You will be asked again if you want to reinitialize the communication, Press on 'y' and then press 'Enter':
- You will be prompted to enter the new 'SIC' key. Make sure to enter the same key in both fields. Once done typing, press 'Enter':
- The key will be reinitialized, wait until you see the key was 'successfully initialized'. Once done choose the option 'Exit' and press 'Enter':
- The Check Point processes will be restarted. This will take a few minutes. Once completed, you will be returned to the command line. This ends the process on the Security Gateway side:
Notes: - The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset on your Management Server.
- In a VSX environment, a Policy Installation is required on VS0, otherwise policy installation will fail on other VSs.
Perform the following procedure on the Security Management Server:- Connect with SmartDashboard to Security Management Server / Domain Management Server (CMA).
- Open the Security Gateway object, for which you reset the SIC:
- Click on the 'Communication' button:
Note: For cluster, perform this procedure on each cluster member. On the Standby member first and then on the Active.
- Click the 'Reset' button:
- You will be asked if you are sure you want to reset, click 'Yes':
- You will receive a notification the reset is done. Click 'OK':
- Type in the new SIC key you have created on the Security Gateway, and click 'Initialize':
- Once the SIC has been initialized, you will see the certificate state icon turn green and the note 'Trust established':
- Click 'OK' to close the Properties windows.
- Save the database: '
File' menu - 'Save'.
- Install policy on the Security Gateway.
Notes: - The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset.
- In a VSX environment, a Policy Installation is required on VS0, otherwise policy installation will fail on other VSs.
Related solutions: |
|
|
