This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
P_Williams
Contributor
‎2025-05-20 07:34 AM

SIC Failure when creating new virtual systems in VSX

I have been trying to create a new virtual system and virtual switch today, I have run into an issue though which I haven't in the past. 

For both I got

B-02: VSX configuration was applied successfully.
B-01: VSX configuration was applied successfully.
Virtual System Processing Completed Successfully
Establishing Trust with - B.....
The certificate is not valid.
Failed to establish trust with B......
Establishing Trust with - B.......
The certificate is not valid.
Failed to establish trust with B.......

Initiating trust with Virtual System operation has finished with warnings.
Make sure that all Virtual Systems/Routers are accessible from the management server,
and that you have a valid license. Edit the failed object and click OK.
If the problem persists contact Check Point Technical Support.
Initiating trust with Virtual System operation has finished with warnings.
Make sure that all Virtual Systems/Routers are accessible from the management server,
and that you have a valid license. Edit the failed object and click OK.
If the problem persists contact Check Point Technical Support.

Operation has finished with warnings.

And on the SMS I can see that the command cpca_client lscert -kind SIC

Subject = CN=B.........VSY-05,O=SMS-01........unyjpc
Status = Pending Kind = SIC Serial = 83632, OTP validity = none

Subject = CN=B.........VSW-03,O=SMS-01........unyjpc
Status = Pending Kind = SIC Serial = 66503, OTP validity = none

I am wondering if it is because there wasn't networking between the virtual devices when I initially created the devices that SIC then failed and now I just need to reset it? Or is there something else possibly wrong.

If I go to the vsenv <number> of the new created devices and cpconfig and choose (5) to reset SIC am I just resetting SIC for that VS or is it for whole environment?

 

0 Kudos
2 Replies
emmap
Employee
Employee
‎2025-05-20 10:36 PM

If the VS is not in use yet it's probably best to just delete it and recreate it. 

That being said, this is the article for VS SIC reset.

https://support.checkpoint.com/results/sk/sk34098

 

0 Kudos
P_Williams
Contributor
‎2025-05-21 03:53 AM
In response to emmap

Thank you for your reply, in deleting and reapplying the config I ran into the same issue. I did some zdebug captures as I applied the config and it is a routing issue between the SMS and one of the pre-existing virtual systems. I can see that the pre-existing virtual system is not advertising via BGP one of its directly connected networks. When I fix that I believe the problem will be resolved.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events