This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jus_soul
Explorer
‎2024-11-25 03:41 AM

SIC

Hello! I have some problem with install unified policy. When I want to install policy on A-GW and B-GW, I got errors: Layer "DMZ traffic": The Intranet Community member A-GW must have a signed certificate and Policy verification failed on both gateways.

How I can fix this error?

Thank you for your helping!

2024-11-25 16.40.13.jpg
Preview file
131 KB
0 Kudos
9 Replies
_Val_
Admin
Admin
‎2024-11-25 03:49 AM

You need SIC to be established before you can install policy. Go to that GW object and establish SIC. 

0 Kudos
jus_soul
Explorer
‎2024-11-25 03:51 AM
In response to _Val_

I did it, but it still gives an error.  I reset SIC, then enter new OTP, but nothing

0 Kudos
jus_soul
Explorer
‎2024-11-25 03:54 AM
In response to _Val_

Thank you for your answer, but but it still gives an error. We already have trust established

2024-11-25 16.54.32.jpg
Preview file
158 KB
0 Kudos
the_rock
Legend
Legend
‎2024-11-25 06:29 AM
In response to jus_soul

Did you try what @Tal_Paz-Fridman suggested? To me, it implies cert might be expired. Lets do quick remote if you are allowed and I can check it for you.

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2024-11-25 04:09 AM

It seems that for some reason the Security Gateway in the Community does not have a certificate.

You might want to try to add or renew the VPN Certificate (or enable / disable IPsec VPN Blade):

Security Gateway object > IPsec VPN > Add or Renew

0 Kudos
_Val_
Admin
Admin
‎2024-11-25 06:29 AM
In response to Tal_Paz-Fridman

@jus_soul, please do what @Tal_Paz-Fridman suggests. It seems A-GW does not have a VPN certificate. 

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2024-11-25 08:59 AM
In response to _Val_

Note that you need vpn cert even if you do not have vpn blade enabled. If so temporarily enable vpn blade renew cert and disable blade again.

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
‎2024-11-25 09:25 AM
In response to Lesley

Very true!

0 Kudos
the_rock
Legend
Legend
‎2024-11-25 05:21 AM

I would certainly verify what both @Tal_Paz-Fridman and @_Val_ mentioned. Dont worry about warnings, you can ommit those for now, as they never cause policy to fail, its the actual error.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top