This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LeeBingKang
Advisor
‎2022-07-27 08:20 PM

ICA in the security management server

Hi All,

 

Recently, i just found out my client's security management ICA will be expired on next year July. With this item, i wonder if the ICA will be automatically renewed by the security management? If yes, when it will automatically renewed ( 1 month before expired)?

 

I appreciate if someone able to advise me on this.

 

Thank you.

 

Labels
0 Kudos
8 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-07-27 08:44 PM

Please refer: sk158096: How to renew an Internal Certificate Authority (ICA) certificate

As prerequisite to updating your internal CA Certificate, please verify that your Security Management and Gateways are installed with the below versions, or higher:

• R81 Jumbo Hotfix Accumulator Take 25 or higher
• R80.40 Jumbo Hotfix Accumulator Take 114 or higher
• R80.30 Jumbo Hotfix Accumulator Take 235 or higher
• R80.20 Jumbo Hotfix Accumulator Take 202 or higher
• R80.10 Jumbo Hotfix Accumulator Take 290 or higher

CCSM R77/R80/ELITE
0 Kudos
LeeBingKang
Advisor
‎2022-07-28 12:34 AM
In response to Chris_Atkinson

Hi,

Thanks for your reply to my post. I have a question would like to ask you, what if my security gateway doesn't meet the jumbo hotfix requirement but I don't wish to jumbo hotfix it because reboot required? What is the potential impact if i do so?

 

Thank you.

 

Thank you.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-07-28 12:40 AM
In response to LeeBingKang

SIC might be lost with the Gateways.

Hopefully in the next 12-months you can find a window, this should be feasible especially for a cluster.

With that said the minimal gateway level should be at least:

• R81 or higher
• R80.40 Jumbo Hotfix Accumulator Take 69 or higher
• R80.30 Jumbo Hotfix Accumulator Take 163 or higher
• R80.20 Jumbo Hotfix Accumulator Take 129 or higher
• R80.10 Jumbo Hotfix Accumulator Take 262 or higher

 

 

 

CCSM R77/R80/ELITE
0 Kudos
LeeBingKang
Advisor
‎2022-07-28 12:58 AM
In response to Chris_Atkinson

Hi,

 

With your description, that's mean:

 

the security management with R8040 jumbo hotfix 156, and security gateway with R8040 jumbo hotfix 102 should be enough to fulfill the pre-requisite. 

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-07-28 01:01 AM
In response to LeeBingKang

Yes, you should be able to complete the procedure without concern prior to expiry.

CCSM R77/R80/ELITE
LeeBingKang
Advisor
‎2022-08-04 12:50 AM
In response to Chris_Atkinson

Hi Chris,

 

Good day to you and i hope you are doing fine.

 

I have a concern would like to seek for your help to clarify it.

 

If the management server's internal certificate being renewed, may i know is the capsule connect/vpn user's certificate (signed by old management server certificate) need to be renewed manually via re-enroll?

 

Thank you.

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-08-04 01:21 AM
In response to LeeBingKang

The finger print will change, to help avoid pop-ups on the end user side you can distribute an updated registry key via GPO or similar following the renewal process.

As the renewal process involves TAC assistance I suggest engaging them to advise further on considerations for your specific scenario / deployment.

CCSM R77/R80/ELITE
LeeBingKang
Advisor
‎2022-08-07 06:59 PM
In response to Chris_Atkinson

Hi,

 

Noted on your suggestion and i will open a case to ask TAC regarding my question. I will update at here if have any update.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events