Checkpoint SIC status keeps failing to Firewall2

Sagar_Hiremath · ‎2019-12-15

Hello guys,

My topology is as follows:

HQ ---- MGR----FW1 ----- Internet ------ FW2 ----- BR

So I'm connecting to the Security Mgmt Server to configure FW1 and FW2. I have successfully established SIC to the FW1 and there is no problem when i'm pushing policies to FW1. But FW2 SIC status keeps failing, and once i reset the SIC connection through "cpconfig" on the FW2 CLI, the communication establishes and again after sometime goes down.

When i check the SIC status, it always shows up error related to TCP/443. I have to go to the FW2 cli again, do a reset of SIC via "cpconfig", again the SIC starts communicating.

Has anyone faced this issue? any work around for this please?

I have also reinstalled FW2, but still the same.

Thank you!

Sagar Hiremath

PhoneBoy · ‎2019-12-15

What are the exact error messages that you see?
Is FW1 doing NAT?

Sagar_Hiremath · ‎2019-12-15

Hello there!

Yes, FW1 is doing NAT. The fact that i'm able to establish SIC communication with FW2 from the Mgmt Server in the beginning indicates the NAT is indeed working.

Error message: make sure TCP connectivity is allowed from the Security Mgmt Server to IP <>, port 18191.
"Policy installation fails with 'TCP connection failure port=18191 [error no. 10]"

FYI, i tried allowing the SIC-TCP service between the Manager and the Firewall2, but still got the same error.

Let me know if you need any other info.

_Val_ · ‎2019-12-16

Use automatic static NAT for your Management server and set it for GW1 only. It seems that once you push policy on GW2, it loses connectivity to MGMT. Most probably, because of incorrect NAT settings on that GW

Sagar_Hiremath · ‎2019-12-17

I will test this and get back to you asap. Thank you!

Are you a member of CheckMates?

Checkpoint SIC status keeps failing to Firewall2