Solved: Re: Reset SIC On R80.10 Gateway?

Daniel_Taney · ‎2017-08-08

This may be the dumbest question, but... how do you reset SIC on an R80.10 gateway? I'm not sure what key was used when an appliance was originally configured, so I went to cpconfig in the CLI on the Gateway, but I don't see the option on the menu anymore.

I'm sure I'm missing something really obvious here, but an advice is greatly appreciated!

R80 CCSA / CCSE

PhoneBoy · ‎2017-08-08

It's showing on my gateway...

[Expert@GW:0]# fw ver

This is Check Point's software version R80.10 - Build 423

[Expert@GW:0]# cpconfig

This program will let you re-configure

your Check Point products configuration.

Configuration Options:

----------------------

(1) Licenses and contracts

(2) SNMP Extension

(3) PKCS#11 Token

(4) Random Pool

(5) Secure Internal Communication

(6) Enable cluster membership for this gateway

(7) Disable Check Point SecureXL

(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Only thing I can think of is maybe the gateway is configured as standalone (with firewall and management on same box)?

When I run cpconfig on my management box, the "SIC" option is not shown:

[Expert@mgmt:0]# cpconfig

This program will let you re-configure

your Check Point Security Management Server configuration.

Configuration Options:

----------------------

(1) Licenses and contracts

(2) Administrator

(3) GUI Clients

(4) SNMP Extension

(5) Random Pool

(6) Certificate Authority

(7) Certificate's Fingerprint

(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

In which case, your best course of action is reimage the appliance.

View solution in original post

PhoneBoy · ‎2017-08-08

It's showing on my gateway...

[Expert@GW:0]# fw ver

This is Check Point's software version R80.10 - Build 423

[Expert@GW:0]# cpconfig

This program will let you re-configure

your Check Point products configuration.

Configuration Options:

----------------------

(1) Licenses and contracts

(2) SNMP Extension

(3) PKCS#11 Token

(4) Random Pool

(5) Secure Internal Communication

(6) Enable cluster membership for this gateway

(7) Disable Check Point SecureXL

(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Only thing I can think of is maybe the gateway is configured as standalone (with firewall and management on same box)?

When I run cpconfig on my management box, the "SIC" option is not shown:

[Expert@mgmt:0]# cpconfig

This program will let you re-configure

your Check Point Security Management Server configuration.

Configuration Options:

----------------------

(1) Licenses and contracts

(2) Administrator

(3) GUI Clients

(4) SNMP Extension

(5) Random Pool

(6) Certificate Authority

(7) Certificate's Fingerprint

(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

In which case, your best course of action is reimage the appliance.

Daniel_Taney · ‎2017-08-08

My cpconfig output looks like the 2nd one, so it must have been set up as standalone. I agree re-imaging will be much easier. I never would have thought of that, thanks!

R80 CCSA / CCSE

PhoneBoy · ‎2017-08-08

It's worth nothing that in the second case, you can reset SIC by using the command fwm sic_reset

This resets the internal CA and will break anything that relies on it (SIC with other gateways, VPN certificates, etc).

However, that won't turn a standalone gateway into a gateway that can be externally managed.

Are you a member of CheckMates?

Reset SIC On R80.10 Gateway?