cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Employee
Employee

About change Name of the management server R80.10 Question.

@

Hi Guys,

Have a good day!

 Our customer has already established the management server R80.10, Name of the management server is CPSMC01,

CPSMC01 is including ICA  of the management server R80.10. 

 But unfortunately the customer's leader  wants to change  name of management server  from CPSMC01 to CheckPointSMC01. 

Question:

if we change from CPSMC01 to CheckPointSMC01, not do fwm SIC_reset,  what happen for the management ICA ?

 or I must do fwm sic_reset  to create a new ICA.

Thanks a lot

Lei Liu

0 Kudos
7 Replies
Highlighted

Re: About change Name of the management server R80.10 Question.

Hi you will have to re-do ICA as per SK below

Changing a Security Management (SmartCenter) Name 

0 Kudos
Highlighted
Employee
Employee

Re: About change Name of the management server R80.10 Question.

I have already followed sk14532, sk92752,sk66265,sk34373, unfortunately the ICA still can not reset successfully, via fwm sic_reset.

Thanks a lot.

0 Kudos
Highlighted

Re: About change Name of  the management server R80.10 Question.

Did you follow through all steps described in sk42071? If you have and it does not work, raise TAC case with CP

0 Kudos
Highlighted
Employee
Employee

Re: About change Name of  the management server R80.10 Question.

Hi Kaspars,

Thank you for your response!

Yes, i have followed sk42071, when do fwm sic_reset, there were some errors:

[Expert@NF-307-Mgmt-202-236:0]# fwm sic_reset
***************** Warning: ****************
This operation will reset the Secure Internal Communication (SIC).
The internal Certificate Authority will be destroyed and ALL remote Check Point Components,
including VPN and Endpoint clients, will not be able to communicate.

In case of Endpoint & VPN clients, this action is not REVERSIBLE which means that clients
will lose connection with the Server and the only way to re-establish it can be done by
re-issuing all certificates (for VPN) or by the re-connect tool for Endpoint clients.

Server communication can be re-established if the following operations are implemented:
1. Re-initialize the Internal Certificate Authority (use cpconfig).
2. Restart Check Point Services (cpstart, cpridstart).
3. Reset SIC on each Station that is managed by this Security Management Server.
4. Re-establish Trust with each Station that is managed by
this Security Management Server.
*******************************************
This operation will stop all Check Point Services (cpstop)
Are you sure you want to reset? (y/n) [n] ? y

*** Checking IKE Certificates ***
There are IKE Certificates that were generated by the
internal Certificate Authority.
Please remove them (using the SmartDashboard) so that
the internal Certificate Authority can be destroyed.

SIC Reset operation could not be completed

By the way, in fact, we did not enable vpn software blade in any gateway with the management server.

BRs,

Lei Liu 

0 Kudos
Highlighted

Re: About change Name of the management server R80.10 Question.

You should have removed all certs in step 5 of the procedure. What do you get when you run this:

grep -in cert $FWDIR/conf/objects_5_0.C | grep -A 4 ': (defaultCert'

0 Kudos
Highlighted
Employee
Employee

Re: About change Name of the management server R80.10 Question.

Hi Kaspars, 

Thank you for your reply!

You are right. i established a gateway via wizard, enable vpn software blade,  and then remove certificate of the gateway. after install database, at once  i check objects_5_0.C  included  : certificate( )  refer to sk62695 , Now  i can execute fwm sic_reset successfully.

Thank you very much!

BRs,

Lei Liu

Highlighted
Ivory

Re: About change Name of the management server R80.10 Question.

Hi Lei_Liu,

 

May I know if you successfully change the hostname after resetting and regenerate SIC cert?

 

Thanks,

0 Kudos