Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Taney
Advisor
Jump to solution

Reset SIC On R80.10 Gateway?

This may be the dumbest question, but... how do you reset SIC on an R80.10 gateway? I'm not sure what key was used when an appliance was originally configured, so I went to cpconfig in the CLI on the Gateway, but I don't see the option on the menu anymore.

I'm sure I'm missing something really obvious here, but an advice is greatly appreciated!

R80 CCSA / CCSE
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It's showing on my gateway...

[Expert@GW:0]# fw ver

This is Check Point's software version R80.10 - Build 423

[Expert@GW:0]# cpconfig

This program will let you re-configure

your Check Point products configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  SNMP Extension

(3)  PKCS#11 Token

(4)  Random Pool

(5)  Secure Internal Communication

(6)  Enable cluster membership for this gateway

(7)  Disable Check Point SecureXL

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Only thing I can think of is maybe the gateway is configured as standalone (with firewall and management on same box)?

When I run cpconfig on my management box, the "SIC" option is not shown:

[Expert@mgmt:0]# cpconfig

This program will let you re-configure

your Check Point Security Management Server configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  Administrator

(3)  GUI Clients

(4)  SNMP Extension

(5)  Random Pool

(6)  Certificate Authority

(7)  Certificate's Fingerprint

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

In which case, your best course of action is reimage the appliance. 

View solution in original post

3 Replies
PhoneBoy
Admin
Admin

It's showing on my gateway...

[Expert@GW:0]# fw ver

This is Check Point's software version R80.10 - Build 423

[Expert@GW:0]# cpconfig

This program will let you re-configure

your Check Point products configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  SNMP Extension

(3)  PKCS#11 Token

(4)  Random Pool

(5)  Secure Internal Communication

(6)  Enable cluster membership for this gateway

(7)  Disable Check Point SecureXL

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

Only thing I can think of is maybe the gateway is configured as standalone (with firewall and management on same box)?

When I run cpconfig on my management box, the "SIC" option is not shown:

[Expert@mgmt:0]# cpconfig

This program will let you re-configure

your Check Point Security Management Server configuration.

Configuration Options:

----------------------

(1)  Licenses and contracts

(2)  Administrator

(3)  GUI Clients

(4)  SNMP Extension

(5)  Random Pool

(6)  Certificate Authority

(7)  Certificate's Fingerprint

(8)  Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :

In which case, your best course of action is reimage the appliance. 

Daniel_Taney
Advisor

My cpconfig output looks like the 2nd one, so it must have been set up as standalone. I agree re-imaging will be much easier. I never would have thought of that, thanks!

R80 CCSA / CCSE
0 Kudos
PhoneBoy
Admin
Admin

It's worth nothing that in the second case, you can reset SIC by using the command fwm sic_reset

This resets the internal CA and will break anything that relies on it (SIC with other gateways, VPN certificates, etc).

However, that won't turn a standalone gateway into a gateway that can be externally managed.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events