This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
H2-F1
Participant
‎2020-03-25 12:27 PM

R80.40 SIC on Specific VS

Hello Checkmates

 

After completed the upgrade of a VSX Cluster (through CLI), I've went through the vsx_util upgrade and reconfigure of the various Virtual Systems. I can now from smartconsole see that both the VSX, Gateways and VS are showing as being on R80.40. opened all VS properties and ensured that this was successful,

I successfully pushed the existing policies to the VSX cluster, however, when I tried to push the policies to any VS, the installation fails with an error: "Peer SIC Certificate has been revoked try to reset SIC on the peer and re-establish the trust"

I followed SK34098

and got the following results

ID | Type & Name           | Access Control Policy | Installed at | Threat Prevention Policy | SIC Stat
-----+-------------------------+-----------------------+-----------------+--------------------------+---------
1   |  W VSW                      | <Not Applicable>        |                       | <Not Applicable>              | Trust
2   |  S CPX_NYC_VS1     | <No Policy>                  |                       | <No Policy>                       | Trust
3   |  S CPX_NYC_VS2     | <No Policy>                  |                       | <No Policy>                       | Trust

[Expert@CPX01NYC:0]# vsenv 3
Context is set to Virtual Device CPX_NYC_VS2 (ID 3).
[Expert@CPX01NYC:3]# fw vsx sicreset
Failed to initialize SIC!

[Expert@CPX01NYC:0]# vsenv 2
Context is set to Virtual Device CPX_NYC_VS1 (ID 2).
[Expert@CPX01NYC:2]# fw vsx sicreset
Failed to initialize SIC!

also step from the following link to no avail

https://sc1.checkpoint.com/documents/R76SP.10/CP_R76SP.10_SecuritySystem_AdminGuide/105046.htm

Has anyone come across this, any idea how I can reset the SIC for a specific VS in R80.40?

Thanks

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-03-25 05:22 PM

I'd get the TAC involved here
0 Kudos
Shimroze_Khaja
Employee Employee
Employee
‎2021-05-07 07:46 AM

 

According to sk168393 (updated May 3) - SIC reset per Virtual System does not work in R80.40, R81

 

An official hotfix for 'fw vsx sicreset' per Virtual System will be integrated in a future Jumbo Hotfix Accumulator. A workaround procedure is provided in the SK (sk168393)

 

 

0 Kudos
cosmos
Advisor
‎2021-07-18 09:29 PM
In response to Shimroze_Khaja

What the? This worked in r77.30 and I'm facing the same issue in 80.40. If only my project had a bucket for SK rabbitholes...

0 Kudos
Kaspars_Zibarts
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2021-05-07 10:56 AM

I would reset gw and re-do reconfigure. Easiest way to get SIC back on whole system

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events