https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70510#M14285 <P>Hello guys,</P><P>&nbsp;</P><P>My topology is as follows:</P><P>HQ ---- MGR----FW1 ----- Internet ------ FW2 ----- BR</P><P>&nbsp;</P><P>So I'm connecting to the Security Mgmt Server to configure FW1 and FW2. I have successfully established SIC to the FW1 and there is no problem when i'm pushing policies to FW1. But FW2 SIC status keeps failing, and once i reset the SIC connection through "cpconfig" on the FW2 CLI, the communication establishes and again after sometime goes down.&nbsp;</P><P>When i check the SIC status, it always shows up error related to TCP/443. I have to go to the FW2 cli again, do a reset of SIC via "cpconfig", again the SIC starts communicating.&nbsp;</P><P>Has anyone faced this issue? any work around for this please?&nbsp;</P><P>I have also reinstalled FW2, but still the same.</P><P>&nbsp;</P><P>Thank you!</P><P>Sagar Hiremath</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 15 Dec 2019 13:07:06 GMT Sagar_Hiremath 2019-12-15T13:07:06Z https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70510#M14285 <P>Hello guys,</P><P>&nbsp;</P><P>My topology is as follows:</P><P>HQ ---- MGR----FW1 ----- Internet ------ FW2 ----- BR</P><P>&nbsp;</P><P>So I'm connecting to the Security Mgmt Server to configure FW1 and FW2. I have successfully established SIC to the FW1 and there is no problem when i'm pushing policies to FW1. But FW2 SIC status keeps failing, and once i reset the SIC connection through "cpconfig" on the FW2 CLI, the communication establishes and again after sometime goes down.&nbsp;</P><P>When i check the SIC status, it always shows up error related to TCP/443. I have to go to the FW2 cli again, do a reset of SIC via "cpconfig", again the SIC starts communicating.&nbsp;</P><P>Has anyone faced this issue? any work around for this please?&nbsp;</P><P>I have also reinstalled FW2, but still the same.</P><P>&nbsp;</P><P>Thank you!</P><P>Sagar Hiremath</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 15 Dec 2019 13:07:06 GMT https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70510#M14285 Sagar_Hiremath 2019-12-15T13:07:06Z https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70535#M14288 What are the exact error messages that you see?<BR />Is FW1 doing NAT? Mon, 16 Dec 2019 04:31:33 GMT https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70535#M14288 PhoneBoy 2019-12-16T04:31:33Z https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70537#M14289 <P>Hello there!</P><P>Yes, FW1 is doing NAT. The fact that i'm able to establish SIC communication with FW2 from the Mgmt Server in the beginning indicates the NAT is indeed working.&nbsp;</P><P>Error message: make sure TCP connectivity is allowed from the Security Mgmt Server to IP &lt;&gt;, port 18191.&nbsp;&nbsp;<BR /><SPAN>"Policy installation fails with 'TCP connection failure port=18191 [error no. 10]"&nbsp;</SPAN></P><P>FYI, i tried allowing the SIC-TCP service between the Manager and the Firewall2, but still got the same error.</P><P>Let me know if you need any other info.</P> Mon, 16 Dec 2019 06:02:45 GMT https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70537#M14289 Sagar_Hiremath 2019-12-16T06:02:45Z https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70555#M14296 <P>Use automatic static NAT for your Management server and set it for GW1 only. It seems that once you push policy on GW2, it loses connectivity to MGMT. Most probably, because of incorrect NAT settings on that GW</P> Mon, 16 Dec 2019 08:26:10 GMT https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70555#M14296 _Val_ 2019-12-16T08:26:10Z https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70681#M14316 I will test this and get back to you asap. Thank you! Tue, 17 Dec 2019 14:27:41 GMT https://community.checkpoint.com/t5/General-Topics/Checkpoint-SIC-status-keeps-failing-to-Firewall2/m-p/70681#M14316 Sagar_Hiremath 2019-12-17T14:27:41Z