Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

A question on SIC

Jump to solution

Considering that SIC uses certificates can I confirm that there is no keep-alive mechanism involved in the protocol at all (in the sense of the manager sending any keep-alive packets to the gateway at a certain frequency)? 

Please note that this question is purely educational and that there is no issue that needs to be resolved.

Thanks in advance.

1 Solution

Accepted Solutions
Highlighted

Here a small picture for "Secure Internal Communication" between Security Management Server and Security Gateway.

Screenshot_20200115-231913_Edge.jpg

SIC is used for the following policy install, get topology,...

More read here: R80.x - Ports Used for Communication by Various Check Point Modules

Check Point components communicate with each other using SIC. SIC is based on SSL with digital Certificates. When a Security Management Server is installed, a Certificate Authority (CA) is created. The CA issues Certificates for all components that need to communicate with one another.

For example, a remote Security Gateway needs a Certificate from the Security Management Server before a Security Policy is installed, or before a license can be attached to the Security Gateway. Whenever any two entities in a site (Security Management Server, Security Gateway) need to communicate, the sic_policy.conf file is referenced.

Communication takes place over the Check Point communication layer. This channel is encrypted in various ways. This layer can be called the SIC layer. The SIC ports used are:

  • Port 18209, which is used for communication between the Security Gateway and the CA for status, to issue, and revoke.
  • Port 18210, which is used to pull certificates from the CA.
  • Port 18211, which is the port used by the cpd daemon on the Security Gateway to receive the Certificate (by clicking "Initialize" in SmartDashboard).
  • Port 18191, which is used for policy install,... ( More read here: R80.x - Policy Installation Flowchart )
  • Port 18192, which is used for get topology,...
  • Other ports...

PS:
There is no keep-alive mechanism involved.

 

View solution in original post

Tags (1)
4 Replies
Highlighted
Over SIC it's simply management talking to gateways and pulling/pushing data.
0 Kudos
Highlighted
Nickel

keepalive for what?
this can help you if i get your question fine...

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_LoggingAndMonitoring_Admi...

0 Kudos
Highlighted

Here a small picture for "Secure Internal Communication" between Security Management Server and Security Gateway.

Screenshot_20200115-231913_Edge.jpg

SIC is used for the following policy install, get topology,...

More read here: R80.x - Ports Used for Communication by Various Check Point Modules

Check Point components communicate with each other using SIC. SIC is based on SSL with digital Certificates. When a Security Management Server is installed, a Certificate Authority (CA) is created. The CA issues Certificates for all components that need to communicate with one another.

For example, a remote Security Gateway needs a Certificate from the Security Management Server before a Security Policy is installed, or before a license can be attached to the Security Gateway. Whenever any two entities in a site (Security Management Server, Security Gateway) need to communicate, the sic_policy.conf file is referenced.

Communication takes place over the Check Point communication layer. This channel is encrypted in various ways. This layer can be called the SIC layer. The SIC ports used are:

  • Port 18209, which is used for communication between the Security Gateway and the CA for status, to issue, and revoke.
  • Port 18210, which is used to pull certificates from the CA.
  • Port 18211, which is the port used by the cpd daemon on the Security Gateway to receive the Certificate (by clicking "Initialize" in SmartDashboard).
  • Port 18191, which is used for policy install,... ( More read here: R80.x - Policy Installation Flowchart )
  • Port 18192, which is used for get topology,...
  • Other ports...

PS:
There is no keep-alive mechanism involved.

 

View solution in original post

Tags (1)
Highlighted

Hi,

Could you please explain difference between the two steps 18210 and 18211

It seems 18211 is sufficient since this would allow to push certificates from ICA (SMS) to Security Gateway...

You said that port 18210 is used to pull certificate from CA, and I am just wondering why do we need this since security Gateway could receive certificates from SMS (port 18211)

what am I missing??

Thank you

0 Kudos