Hello All

We have a problem with our checkpoint firewall.

OS : Gaia R80.20

When we try to push a new rule we get an error message “Authentication error [ SIC error no. 147 ] check that peer SIC is configured properly and that the system date and time on the security Management Server and peer are synchronized”.

We did not modify anything as regards the configuration and the time seems correct on all the devices involved (plus ntp is configured). Other than that, the gateways are operating normally for the moment.

For the time being, we do not have access to the Security Management Server GUI, when we click on the  cluster icon, nothing happens. We are afraid that if we re-initialization the communication from the gateway’s, we will not be able to complete the procedure and end up with a bigger problem than the one we are facing at the moment.

We have found that there is a multitude of certificates for “cp_mgmt” on the Management box that were recently created and valid.

However the expiry value is still the same “Mon Jun 12 11:13:34 2023”. As the renewal time is set to “0.75” , the renewal process will take place over and over again.

Is that something that you have encountered before ?

We also found out the trace of a “new_sic_cert.p12” in /opt/CPshrd-R80.20/conf from yesterday. Is that something normal ?

**********************************************************************

[Expert@ZSSAP2-MGMT:0]# ls -halt | grep .p12

-rw-rw---- 1 admin root   3.3K Mar 20 00:58 new_sic_cert.p12

-rw-rw---- 1 admin root   2.7K Jun 25  2019 old_sic_cert.p12

-rw-rw---- 1 admin config 3.3K Jun 25  2019 sic_cert.p12

-r--r----- 1 admin bin    2.4K Sep 20  2018 sic_local_cert.p12

********************************************************************

[Expert@ZSSAP2-MGMT:0]# cpca_client lscert -stat Valid -kind SIC

Operation succeeded. rc=0.

13 certs found.

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 1716   DP = 0

Not_Before: Fri Mar 11 22:13:39 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 9533   DP = 0

Not_Before: Tue Mar 15 00:38:40 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 19867   DP = 0

Not_Before: Thu Mar 17 00:48:40 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 30565   DP = 0

Not_Before: Fri Mar 18 00:53:40 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 30884   DP = 0

Not_Before: Sat Mar 12 00:23:39 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 33557   DP = 0

Not_Before: Sat Mar 19 00:58:40 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 67366   DP = 0

Not_Before: Wed Mar 16 00:43:39 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 85133   DP = 0

Not_Before: Fri Mar 11 23:18:39 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 89587   DP = 0

Not_Before: Sun Mar 13 00:28:39 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=cp_mgmt,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 94770   DP = 0

Not_Before: Mon Mar 14 00:33:39 2022   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=ZSCPM2,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 88487   DP = 0

Not_Before: Sat Oct  5 22:47:23 2019   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=ZSGATE2,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 53035   DP = 0

Not_Before: Wed Jun 26 13:27:13 2019   Not_After: Mon Jun 12 11:13:34 2023

Subject = CN=ZSGATE1,O=Zetes..qp4sad

Status = Valid   Kind = SIC   Serial = 99811   DP = 0

Not_Before: Wed Jun 26 16:14:28 2019   Not_After: Mon Jun 12 11:13:34 2023