Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

Untrusted Gateway - Remote Fix

Hi all. Our standalone firewall in our remote office has an 'untrusted' status due to a SIC reset from what I understand from a CP article (only SNMP settings and FW rules were configured). Trouble is, there is no-one at the office at the moment and I was wondering whether I could do anything remotely to bring the firewall back up.

I have done a 'vpu tu' on our local gateway and can see the remote firewall SA in the list of IKE SAs.

If I reset the tunnel would this fix the issue, or would I have to get someone on-site to physically reset the box?

Thanks

0 Kudos
Reply
6 Replies
Champion
Champion

A StandAlone Firewall has SIC only with itself - so i do not quite understand the issue. To fix this from Remote (or at least try to) i would involve TAC for a quick RAS...

0 Kudos
Reply
Participant

Hi. Thanks for the response. Sorry, wrong terminology. I meant it's a single firewall (no HA)!

0 Kudos
Reply

Tbgaz,
Please share with us which model do you have on your branch office and on your HQ as well as Gaia OS versions installed.

What happens when you try yo test SIC from the management?

You can try to reset the tunnel but it seems that you will need someone on the other side to reboot it.
For next time set up a backup entry on your branch office firewall like a remote VPN o allowing only some IPs (Such as the one from your HQ) to access it via the public IP.
___
____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
Reply
Participant

Hi Federico,

It is a R77.20 (an upgrade is imminent) 1450 Appliance. When I test the status it says 'Could not establish TCP connection with <public IP>'.

I am waiting for a colleague to get into the office so they can connect to the Gaia config page on the LAN to reboot as the FW is behind a locked door (serviced office) for which we have to open a ticket for IT to give us physical access.

Hopefully a reboot will fix.

0 Kudos
Reply

Can you confirm that the site has internet connectivity? If yes then it seems that reboot is your only option. You may want to set up an alternative way to access the gateway in the future 🙂

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
Reply
Admin
Admin

If SIC trust is truly broken through a reset, there's nothing you can do remotely unless you have some sort of out-of-band access.
0 Kudos
Reply