Re-establishing SIC (Secure Internal Communications) for Checkpoint

 Checkpoint Re-establishing SIC: This article will give you the steps to establish SIC in a Checkpoint Firewall. FirewallA[admin]# cpconfig This program will let you re-configure your Check Point products configuration. Configuration Options: ---------------------(1) Licenses (2) SNMP Extension (3) PKCS#11 Token (4) Random Pool (5) Secure Internal Communication (6) Enable Check Point High Availability/State Synchronization (7) Automatic start of Check Point Products (8) Exit Enter your choice (1-8) :5 Configuring Secure Internal Communication... ============================================ The Secure Internal Communication is used for authentication between Check Point components Trust State: Trust established Would you like re-initialize communication? (y/n) [n] ? y Note: The Secure Internal Communication will be reset now. No communication will be possible until you reset and re-initialize the communication properly! Are you sure? (y/n) [n] ? y Enter Activation Key: abc123 Again Activation Key: abc123 initial_module: Compiled OK. Hardening OS Security: Initial policy will be applied until the first policy is installed The Secure Internal Communication was successfully initialized Configuration Options: ----------------------

1 Fetch failed: Connection failed . Hardening OS Security: Initial policy will be applied until the first policy is installed cpstart: Start product .FireWall-1 FireWall-1: starting external VPN module -.SVN Foundation SVN Foundation: Starting cpWatchDog SVN Foundation: Starting cpd SVN Foundation started cpstart: Start product . You have changed Check Point products Configuration. You need to restart ALL Check Point modules (performing cpstop & cpstart) in order to activate the changes you have made.1.all@FirewallA Fetching Security Policy from localhost succeeded Fetching Security Policy From: 10.SIC failure Policy Fetch Failed Failed to fetch policy from masters in masters file FireWall-1 started . Would you like to do now? (y/n) [y] ? y VPN-1/FW-1 stopped SVN Foundation: cpd stopped SVN Foundation: cpWatchDog stopped SVN Foundation stopped initial_module: Compiled OK.OK FireWall-1: Starting VPN-1 Accelerator Card VPN-1: The VPN Accelerator driver is not responding VPN-1 Accelerator Card is not enabled FireWall-1: Failed to start VPN-1 Accelerator Card FireWall-1: Starting fwd Installing Security Policy InitialPolicy on all..(1) (2) (3) (4) (5) (6) (7) Licenses SNMP Extension PKCS#11 Token Random Pool Secure Internal Communication Enable Check Point High Availability/State Synchronization Automatic start of Check Point Products (8) Exit Enter your choice (1-8) :8 Thank You..1.

Click on Communication. marked as not active. cpridstop: cprid stopped cpridstart: Starting cprid [1] 21300 FirewallA[admin]# FirewallA[admin]# Also Reset SIC on the firewall object from the Security Policy: 1.Click on Reset Button. cpstart error: SmartView Monitor was not started.Click on Test SIC status.Double click on the Firewall Object on Policy 2. 3. 7. 8. marked as not active.Put the activation Key on Confirm Activation Key 6. 4.cpstart error: UserAuthority was not started.Push the policy Verify the policy push on the firewall. cpstart error: FloodGate-1 was not started. . marked as not active.Click on Initialize button.Put the activation key 5.

Sign up to vote on this title
UsefulNot useful