This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Taney
Advisor
‎2017-08-08 03:21 PM
Jump to solution

Reset SIC On R80.10 Gateway?

This may be the dumbest question, but... how do you reset SIC on an R80.10 gateway? I'm not sure what key was used when an appliance was originally configured, so I went to cpconfig in the CLI on the Gateway, but I don't see the option on the menu anymore.

I'm sure I'm missing something really obvious here, but an advice is greatly appreciated!

R80 CCSA / CCSE
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2017-08-08 03:50 PM
Jump to solution

It's showing on my gateway...

[Expert@GW:0]# fw ver

This is Check Point's software version R80.10 - Build 423

[Expert@GW:0]# cpconfig

This program will let you re-configure

your Check Point products configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  SNMP Extension

(3)  PKCS#11 Token

(4)  Random Pool

(5)  Secure Internal Communication

(6)  Enable cluster membership for this gateway

(7)  Disable Check Point SecureXL

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Only thing I can think of is maybe the gateway is configured as standalone (with firewall and management on same box)?

When I run cpconfig on my management box, the "SIC" option is not shown:

[Expert@mgmt:0]# cpconfig

This program will let you re-configure

your Check Point Security Management Server configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  Administrator

(3)  GUI Clients

(4)  SNMP Extension

(5)  Random Pool

(6)  Certificate Authority

(7)  Certificate's Fingerprint

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

In which case, your best course of action is reimage the appliance. 

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2017-08-08 03:50 PM
Jump to solution

It's showing on my gateway...

[Expert@GW:0]# fw ver

This is Check Point's software version R80.10 - Build 423

[Expert@GW:0]# cpconfig

This program will let you re-configure

your Check Point products configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  SNMP Extension

(3)  PKCS#11 Token

(4)  Random Pool

(5)  Secure Internal Communication

(6)  Enable cluster membership for this gateway

(7)  Disable Check Point SecureXL

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Only thing I can think of is maybe the gateway is configured as standalone (with firewall and management on same box)?

When I run cpconfig on my management box, the "SIC" option is not shown:

[Expert@mgmt:0]# cpconfig

This program will let you re-configure

your Check Point Security Management Server configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  Administrator

(3)  GUI Clients

(4)  SNMP Extension

(5)  Random Pool

(6)  Certificate Authority

(7)  Certificate's Fingerprint

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

In which case, your best course of action is reimage the appliance. 

Daniel_Taney
Advisor
‎2017-08-08 04:19 PM
In response to PhoneBoy
Jump to solution

My cpconfig output looks like the 2nd one, so it must have been set up as standalone. I agree re-imaging will be much easier. I never would have thought of that, thanks!

R80 CCSA / CCSE
0 Kudos
PhoneBoy
Admin
Admin
‎2017-08-08 06:59 PM
In response to Daniel_Taney
Jump to solution

It's worth nothing that in the second case, you can reset SIC by using the command fwm sic_reset

This resets the internal CA and will break anything that relies on it (SIC with other gateways, VPN certificates, etc).

However, that won't turn a standalone gateway into a gateway that can be externally managed.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top