Scribd
Upload
365 views

Re-Establishing SIC SecureInternalCommunications For CheckPoint

This document provides steps to re-establish secure internal communication (SIC) for Checkpoint firewalls. It involves using the cpconfig program to reset and re-initialize SIC, entering an activation key twice, and restarting all Checkpoint modules. The SIC status should then be tested and policies pushed to verify successful communication.

Uploaded by

gconus
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
365 views

Re-Establishing SIC SecureInternalCommunications For CheckPoint

This document provides steps to re-establish secure internal communication (SIC) for Checkpoint firewalls. It involves using the cpconfig program to reset and re-initialize SIC, entering an activation key twice, and restarting all Checkpoint modules. The SIC status should then be tested and policies pushed to verify successful communication.

Uploaded by

gconus
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Re-establishing SIC (Secure Internal Communications)

for Checkpoint
 Checkpoint

Re-establishing SIC:
This article will give you the steps to establish SIC in a Checkpoint Firewall.

FirewallA[admin]# cpconfig
This program will let you re-configure
your Check Point products configuration.

Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable Check Point High Availability/State Synchronization
(7) Automatic start of Check Point Products

(8) Exit

Enter your choice (1-8) :5

Configuring Secure Internal Communication...


============================================
The Secure Internal Communication is used for authentication between
Check Point components

Trust State: Trust established

Would you like re-initialize communication? (y/n) [n] ? y

Note: The Secure Internal Communication will be reset now.


No communication will be possible until you reset and re-initialize the
communication properly!
Are you sure? (y/n) [n] ? y

Enter Activation Key: abc123

Again Activation Key: abc123

initial_module:
Compiled OK.

Hardening OS Security: Initial policy will be applied until the first


policy is installed

The Secure Internal Communication was successfully initialized

Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable Check Point High Availability/State Synchronization
(7) Automatic start of Check Point Products

(8) Exit

Enter your choice (1-8) :8

Thank You...

You have changed Check Point products Configuration.


You need to restart ALL Check Point modules (performing cpstop &
cpstart)
in order to activate the changes you have made.
Would you like to do now? (y/n) [y] ? y
VPN-1/FW-1 stopped

SVN Foundation: cpd stopped


SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
initial_module:
Compiled OK.

Hardening OS Security: Initial policy will be applied


until the first policy is installed

cpstart: Start product - SVN Foundation

SVN Foundation: Starting cpWatchDog


SVN Foundation: Starting cpd
SVN Foundation started

cpstart: Start product - FireWall-1

FireWall-1: starting external VPN module -- OK


FireWall-1: Starting VPN-1 Accelerator Card
VPN-1: The VPN Accelerator driver is not responding
VPN-1 Accelerator Card is not enabled
FireWall-1: Failed to start VPN-1 Accelerator Card
FireWall-1: Starting fwd

Installing Security Policy InitialPolicy on all.all@FirewallA


Fetching Security Policy from localhost succeeded

Fetching Security Policy From: 10.1.1.1

Fetch failed: Connection failed - SIC failure


Policy Fetch Failed
Failed to fetch policy from masters in masters file
FireWall-1 started
cpstart error: UserAuthority was not started, marked as not active.

cpstart error: FloodGate-1 was not started, marked as not active.

cpstart error: SmartView Monitor was not started, marked as not active.

cpridstop: cprid stopped

cpridstart: Starting cprid


[1] 21300
FirewallA[admin]#
FirewallA[admin]#

Also Reset SIC on the firewall object from the Security Policy:

1.Double click on the Firewall Object on Policy


2.Click on Communication.
3.Click on Reset Button.
4.Put the activation key
5.Put the activation Key on Confirm Activation Key
6.Click on Initialize button.
7.Click on Test SIC status.
8.Push the policy

Verify the policy push on the firewall.

You might also like