This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sagar_Hiremath
Explorer
‎2019-12-15 05:07 AM

Checkpoint SIC status keeps failing to Firewall2

Hello guys,

 

My topology is as follows:

HQ ---- MGR----FW1 ----- Internet ------ FW2 ----- BR

 

So I'm connecting to the Security Mgmt Server to configure FW1 and FW2. I have successfully established SIC to the FW1 and there is no problem when i'm pushing policies to FW1. But FW2 SIC status keeps failing, and once i reset the SIC connection through "cpconfig" on the FW2 CLI, the communication establishes and again after sometime goes down. 

When i check the SIC status, it always shows up error related to TCP/443. I have to go to the FW2 cli again, do a reset of SIC via "cpconfig", again the SIC starts communicating. 

Has anyone faced this issue? any work around for this please? 

I have also reinstalled FW2, but still the same.

 

Thank you!

Sagar Hiremath

 

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-12-15 08:31 PM

What are the exact error messages that you see?
Is FW1 doing NAT?
0 Kudos
Sagar_Hiremath
Explorer
‎2019-12-15 09:35 PM
In response to PhoneBoy

Hello there!

Yes, FW1 is doing NAT. The fact that i'm able to establish SIC communication with FW2 from the Mgmt Server in the beginning indicates the NAT is indeed working. 

Error message: make sure TCP connectivity is allowed from the Security Mgmt Server to IP <>, port 18191.  
"Policy installation fails with 'TCP connection failure port=18191 [error no. 10]" 

FYI, i tried allowing the SIC-TCP service between the Manager and the Firewall2, but still got the same error.

Let me know if you need any other info.

0 Kudos
_Val_
Admin
Admin
‎2019-12-16 12:26 AM
In response to Sagar_Hiremath

Use automatic static NAT for your Management server and set it for GW1 only. It seems that once you push policy on GW2, it loses connectivity to MGMT. Most probably, because of incorrect NAT settings on that GW

Sagar_Hiremath
Explorer
‎2019-12-17 06:27 AM
In response to _Val_

I will test this and get back to you asap. Thank you!
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top