Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fjulianom
Advisor
Jump to solution

Do I need to reset SIC if I change my gateway IP address?

Hi community,

 

This is my scenario. Version R80.30, SMS and a cluster of two gateways. The SMS management IP address and the gateways management IP addresses are in the same network. Now I need to change the gateways management IP addresses, and also the cluster VIP address, but they will be still in the same network. Do I need to reset SIC? Some people says SIC is based on certificates and not IP addresses, but at the end of the following post Timothy doesn't believe exactly the same:

 

https://community.checkpoint.com/t5/Security-Gateways/changing-IP-address-on-security-gateway-and-SI...

 

What do you think?

 

Regards,

Julián

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

SIC uses certificate-based authentication and isn't dependent on IP address.
The implied rules that allow the various SIC connections to work are a different story.
When you change IP addresses, you will likely need to implement the things @Timothy_Hall mentions in that thread or be prepared to do an "fw unloadlocal" from the gateway (which will cause an outage).

View solution in original post

7 Replies
_Val_
Admin
Admin

No, you do not need to reset SIC. 

the_rock
Legend
Legend

No need to do SIC reset as Val said, you are good to go.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No, Timothy does not talk about SIC but implied rules. To follow his suggestion should not hurt...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
fjulianom
Advisor

Hi,

 

Yes, Timothy does not talk about SIC but implied rules, but he says SIC can be affected by these implied rules.

 

"...and be forced to perform a fw unloadlocal on the firewall for SIC to start working after an IP change."

 

Regards,

Julián

0 Kudos
G_W_Albrecht
Legend Legend
Legend

This concerns not SIC itself but the management connection - SIC can not work if any connection from this IP is blocked.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
fjulianom
Advisor

Yes, I understand that doesn't concerns to SIC itself. Then it is a good idea to create the temporary explicit rule that Timothy talk about, otherwise after I change my gateways IP addresses SIC can be down.

0 Kudos
PhoneBoy
Admin
Admin

SIC uses certificate-based authentication and isn't dependent on IP address.
The implied rules that allow the various SIC connections to work are a different story.
When you change IP addresses, you will likely need to implement the things @Timothy_Hall mentions in that thread or be prepared to do an "fw unloadlocal" from the gateway (which will cause an outage).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events