- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- About change Name of the management server R80.10...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
About change Name of the management server R80.10 Question.
@
Hi Guys,
Have a good day!
Our customer has already established the management server R80.10, Name of the management server is CPSMC01,
CPSMC01 is including ICA of the management server R80.10.
But unfortunately the customer's leader wants to change name of management server from CPSMC01 to CheckPointSMC01.
Question:
if we change from CPSMC01 to CheckPointSMC01, not do fwm SIC_reset, what happen for the management ICA ?
or I must do fwm sic_reset to create a new ICA.
Thanks a lot
Lei Liu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi you will have to re-do ICA as per SK below
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have already followed sk14532, sk92752,sk66265,sk34373, unfortunately the ICA still can not reset successfully, via fwm sic_reset.
Thanks a lot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you follow through all steps described in sk42071? If you have and it does not work, raise TAC case with CP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kaspars,
Thank you for your response!
Yes, i have followed sk42071, when do fwm sic_reset, there were some errors:
[Expert@NF-307-Mgmt-202-236:0]# fwm sic_reset
***************** Warning: ****************
This operation will reset the Secure Internal Communication (SIC).
The internal Certificate Authority will be destroyed and ALL remote Check Point Components,
including VPN and Endpoint clients, will not be able to communicate.
In case of Endpoint & VPN clients, this action is not REVERSIBLE which means that clients
will lose connection with the Server and the only way to re-establish it can be done by
re-issuing all certificates (for VPN) or by the re-connect tool for Endpoint clients.
Server communication can be re-established if the following operations are implemented:
1. Re-initialize the Internal Certificate Authority (use cpconfig).
2. Restart Check Point Services (cpstart, cpridstart).
3. Reset SIC on each Station that is managed by this Security Management Server.
4. Re-establish Trust with each Station that is managed by
this Security Management Server.
*******************************************
This operation will stop all Check Point Services (cpstop)
Are you sure you want to reset? (y/n) [n] ? y
*** Checking IKE Certificates ***
There are IKE Certificates that were generated by the
internal Certificate Authority.
Please remove them (using the SmartDashboard) so that
the internal Certificate Authority can be destroyed.
SIC Reset operation could not be completed
By the way, in fact, we did not enable vpn software blade in any gateway with the management server.
BRs,
Lei Liu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should have removed all certs in step 5 of the procedure. What do you get when you run this:
grep -in cert $FWDIR/conf/objects_5_0.C | grep -A 4 ': (defaultCert'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kaspars,
Thank you for your reply!
You are right. i established a gateway via wizard, enable vpn software blade, and then remove certificate of the gateway. after install database, at once i check objects_5_0.C included : certificate( ) refer to sk62695 , Now i can execute fwm sic_reset successfully.
Thank you very much!
BRs,
Lei Liu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lei_Liu,
May I know if you successfully change the hostname after resetting and regenerate SIC cert?
Thanks,
