I second what @the_rock mentioned.

Ours was not a dynamic ip gateway, but I recently I had similar issues with the gateway status in S1C, where the status didn't change to all-green after a gateway finished rebooting but I was still able to install policy.

After I rebooted the S1C instance from Infinity Portal, the issue resolved.

Im glad rebooting s1c instance had been possible by customers for 2-3 years now, because before that, only TAC could do it.

Do you know if it could be an issue with a specific process on the firewall or what the suspected cause might be?

For now, the symptom still persists.

Im pretty positive thats not the issue.

It’s not behind NAT and GGNAT. too ,also it have a Proper public ip

and i just wonder about that 

I can see logs showing the same public IP being renewed in the system log. Does this have any impact?

a proper public

The issue still persists

Have you tried things we suggested?

Are you referring to the database installation and restarting the SIC instance? If so, we haven’t tried that yet

Thats right.

I have installed the database, but there is no response. I will reboot the SIC instance and let you know the results.

I really hope that fixes it.

For now, TAC plans to upgrade to R81.10.17, and as you mentioned, the instance reboot is scheduled to take place on October 30th, Korea time.

Hope that fixes it!

Sorry that failed, too bad. Keep us posted how it gets solved.

Have you ever seen any cases where a gateway using a dynamic IP is integrated and used with S1C?

I have, but never smb.

It seems that they haven’t encountered the same situation as mine.

Maybe ask them if this is indeed expected, because if so, then not a big issue. I know its little annoying, but if everything else works, thats what matters.

Here is what AI gave...

**********************

That’s a good, detailed observation — and this is a known behavioral issue that can occur with Check Point gateways using dynamic public IPs managed via Smart-1 Cloud / SmartConsole, especially when:

• The gateway’s external IP is obtained via DHCP or PPPoE,

• The IP has not actually changed, but

• The dynamic IP tracking mechanism in the management plane times out or loses synchronization.

Let’s break it down clearly:

🔍 Symptoms

• Dynamic IP gateway shows no "Status" or “Not Available” in SmartConsole or Smart-1 Cloud.

• Policy installs, SIC, logs, and monitoring continue to work normally.

• The IP hasn’t changed (confirmed at OS level).

• No visible connectivity issues between the gateway and the management server.

⚙️ Root Cause

Check Point management (including Smart-1 Cloud) periodically polls dynamic IP gateways to update their current external IP.
This update relies on:

• The CPD and CPMI channels staying synchronized.

• Dynamic object resolution (LocalGatewayExternal).

• Proper reporting of the IP by the DAIP mechanism within the gateway (fwd and cpd processes).

Over time, if:

• The gateway has been up for a long time without IP refresh,

• The DAIP update timer expires without a new DHCP/PPP event, or

• A temporary desync occurs between the management and the gateway’s object cache in Smart-1 Cloud,

then the status field may stop showing an IP even though SIC and policy communication continue to work.

This is cosmetic but can persist until a trigger refreshes the value.

✅ What You Can Check

On the gateway CLI:

# Check actual external IP and DAIP info
clish -c "show interfaces all"
clish -c "show asset"

On the management (Smart-1 Cloud) — from SmartConsole or CPView:

1. Verify SIC trust and policy install timestamp → still current ✅

2. Run cpstat mg or cpstat fw on the gateway if you have SSH access → no communication issues ✅

🧩 Known Workarounds / Fixes

1. Force the management to refresh the IP record:

   • From SmartConsole → right-click the gateway → Edit → Network Management tab

   • Temporarily change the interface type (Static → Dynamic → back to Dynamic).

   • Save & install policy → this triggers a new DAIP update event.

2. Restart the CPD service on the gateway (non-disruptive to traffic):

   cpstop; cpstart
   

   or less intrusive:

   cprestart
   

   This reinitializes DAIP reporting.

3. Rebooting the gateway (if maintenance window allows) always resets the dynamic IP advertisement process.

4. Ensure time sync (NTP) — if NTP drifts significantly, the Smart-1 Cloud may discard stale IP updates.

🧱 Additional Notes

• The issue doesn’t affect routing, policy, or VPN.

• Smart-1 Cloud will still identify the gateway via SIC name, not IP.

• In some R81.10 / R81.20 builds, a fix was included to make DAIP reporting more persistent. Check Point recommended upgrading to R81.20 JHF T139 or later if you see recurring DAIP visibility problems.

🧩 Summary