https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237034#M3093 <P>To add on top what&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp; said, I would ensure you allow all communication between mgmt and gateways.</P> <P>Andy</P> Sat, 28 Dec 2024 00:18:58 GMT the_rock 2024-12-28T00:18:58Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/236938#M3091 <P><SPAN>I don't understand how the 3-component architecture works and how the certification(SIC) process works?</SPAN></P> Fri, 27 Dec 2024 08:06:20 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/236938#M3091 Khanhdc_1509 2024-12-27T08:06:20Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237014#M3092 <P>There are three main pieces: Gateway, Management, and SmartConsole/API.</P> <UL> <LI><STRONG>Gateways</STRONG> do the enforcement of the Access Policy and Threat Prevention</LI> <LI><STRONG>Management</STRONG> is where the policy and logs are defined/stored as well as the Internal Certificate Authority (ICA)</LI> <LI><STRONG>SmartConsole/API</STRONG> is the front end used to create/update the various elements of your access policy</LI> </UL> <P>Gateways and Management run on physical appliances or virtual machines that run a purpose-built operating system.<BR />SmartConsole runs on a Windows machine, but you can also use a web browser and/or REST API to manage many functions.</P> <P>SIC (Secure Internal Communication) secures communication between all components (SmartConsole/API to Management, and Management/Gateway communication).<BR />As gateways are onboarded to management, they are issued a certificate from the ICA, which is used to authenticate and encrypt all communications.<BR />This is done through industry-standard TLS.</P> Fri, 27 Dec 2024 22:58:34 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237014#M3092 PhoneBoy 2024-12-27T22:58:34Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237034#M3093 <P>To add on top what&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp; said, I would ensure you allow all communication between mgmt and gateways.</P> <P>Andy</P> Sat, 28 Dec 2024 00:18:58 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237034#M3093 the_rock 2024-12-28T00:18:58Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237060#M3094 <P>You can use these commands to see the ICA database on the Security Management Server and the SIC trust state on the Security Gateway:</P> <P>cpca_client lscert</P> <P>cp_conf sic state</P> <P>&nbsp;</P> <P><A href="https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/Topics-CLIG/FWG/cp_conf-sic.htm" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CLI_ReferenceGuide/Content/Topics-CLIG/FWG/cp_conf-sic.htm</A></P> <P>&nbsp;</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/MDSG/cpca_client.htm" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/MDSG/cpca_client.htm</A></P> Sat, 28 Dec 2024 09:30:42 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237060#M3094 Don_Paterson 2024-12-28T09:30:42Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237105#M3096 <P><SPAN>Also when I deploy standalone how are the CPU resources shared, 50-50?<BR />and&nbsp;<SPAN class="">Can the admin port assign data ports to access the admin?</SPAN> <SPAN class="">If so, can other ports be blocked from accessing the admin?</SPAN></SPAN></P> Sun, 29 Dec 2024 08:32:27 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237105#M3096 Khanhdc_1509 2024-12-29T08:32:27Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237107#M3097 <P><A href="https://community.checkpoint.com/t5/The-CheckMates-Blog/Welcome-to-Check-Point-for-Beginners/ba-p/31877" target="_blank">https://community.checkpoint.com/t5/The-CheckMates-Blog/Welcome-to-Check-Point-for-Beginners/ba-p/31877</A></P> <P>&nbsp;</P> Sun, 29 Dec 2024 09:45:50 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237107#M3097 Don_Paterson 2024-12-29T09:45:50Z https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237197#M3098 <P>The resources are shared, but not exactly 50/50.<BR />You can restrict access to the administrative functions, yes.</P> Mon, 30 Dec 2024 16:28:40 GMT https://community.checkpoint.com/t5/Training-and-Certification/SIC/m-p/237197#M3098 PhoneBoy 2024-12-30T16:28:40Z