This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
yesterday
Jump to solution

SIC - License

Hi Mates!!
Quick question:
If I reset the SIC on the firewall, could this cause any issues with the licenses?
Or are licenses completely independent from the SIC?

0 Kudos
3 Solutions

Accepted Solutions
_Val_
Admin
Admin
yesterday
Jump to solution

This really depends.

If you are using a central license, it will remain intact on the management, but may need to be reassigned to the GW after setting new SIC.

If the license is local, it will remain on the GW.

In either case, resetting SIC on the GW side will revert GW to the initial policy state.

View solution in original post

the_rock
MVP Platinum
MVP Platinum
yesterday
Jump to solution

Hey brother,

Put it this way. That would not do anything to the license...resetting SIC actually loads initial policy, so you need to install correct policy afterwards to get thigs working. Regardless of license type, it will stay there, wont be removed.

Best,
Andy

View solution in original post

0 Kudos
NicklasBargell
Employee Employee
Employee
yesterday
In response to RemoteUser
Jump to solution

Please bear in mind that when SIC reset is performed the firewall will not process traffic according to your policy, it will be processed according to what we call the "initial policy": The Initial Policy.

This can cause a traffic interruption if not done in the correct order. Here is some useful information: sk65764 - How to reset SIC

Regards,

Nicklas

View solution in original post

12 Replies
_Val_
Admin
Admin
yesterday
Jump to solution

This really depends.

If you are using a central license, it will remain intact on the management, but may need to be reassigned to the GW after setting new SIC.

If the license is local, it will remain on the GW.

In either case, resetting SIC on the GW side will revert GW to the initial policy state.

RemoteUser
Advisor
yesterday
In response to _Val_
Jump to solution

thanks @_Val_ 

0 Kudos
NicklasBargell
Employee Employee
Employee
yesterday
In response to RemoteUser
Jump to solution

Please bear in mind that when SIC reset is performed the firewall will not process traffic according to your policy, it will be processed according to what we call the "initial policy": The Initial Policy.

This can cause a traffic interruption if not done in the correct order. Here is some useful information: sk65764 - How to reset SIC

Regards,

Nicklas

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to NicklasBargell
Jump to solution

One way to get around it is to use below method, reset sic without cprestart, that would not load initial policy.

https://korkutozcan.com/how-to-reset-sic-without-restarting-check-point-gw/#:~:text=The%20normal%20w....

Best,
Andy
0 Kudos
_Val_
Admin
Admin
yesterday
In response to the_rock
Jump to solution

The post is very old, the rest is irrelevant and proven incorrect.

I have to say, this hack is absolutely NOT SUPPORTED and is essentially very old in the first place. Mentioning of obsolete appliances would be the first sign

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to _Val_
Jump to solution

Ohhh...honestly, had no idea. I had given it to few people recently, worked really well, even in brand new versions. Anyway, good to know.

Best,
Andy
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
yesterday
In response to _Val_
Jump to solution

It's definitely supported, and listed as working on R82.10:

sk86521 - How to reset SIC with a Security Gateway without restarting the Check Point services

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to Bob_Zimmerman
Jump to solution

Thanks for confirming Bob!

Best,
Andy
0 Kudos
_Val_
Admin
Admin
yesterday
In response to Bob_Zimmerman
Jump to solution

@Bob_Zimmerman, that's fair. I did not look it up. I modified my original response to make sure there is no confusion.

0 Kudos
PhoneBoy
Admin
Admin
yesterday
In response to _Val_
Jump to solution

There's an actual SK on resetting SIC without restarting: https://support.checkpoint.com/results/sk/sk86521 
Believe it's the same commands as mentioned in this post. 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
Jump to solution

Hey brother,

Put it this way. That would not do anything to the license...resetting SIC actually loads initial policy, so you need to install correct policy afterwards to get thigs working. Regardless of license type, it will stay there, wont be removed.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to the_rock
Jump to solution

@RemoteUser 

If you feel more comfortable, we can do quick remote and I can demonstratre this in the lab on one of my R82 firewalls.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events