SIC not available in cpconfig menu

lobotiger · #1 (**permalink**) 2007-03-24

Hi everyone. This is my first post so I hope that it's in the right section. I've tried searching for an answer on here for this problem but only one other thread had the same thing and no one really responded to that one...

So I've just installed SPLAT on a PC and VPN-1 Power and SmartCenter as well on the same PC. I've gone through all the necessary configuations as per the user guides but I have noticed that nowhere has it given me an option for entering the SIC code. I know that it's normally supposed to show with a cpconfig after doing the Certificate of Authority option. Have I done or missed something to warrant the menu option not being there? Right now I'm prevented from creating a new gateway because I cannot secure the internal communication.

Any advice would be appreaciated.

Thanks.

LoboTiger

P.S. This install is with the 15 day trial period for now.

RayPesek · #2 (**permalink**) 2007-03-24

What menu options show when you type cpconfig <Enter> from a command prompt?

Ray

lobotiger · #3 (**permalink**) 2007-03-24

I only have the following:

1) Licenses
2) Administrator
3) GUI Clients
4) SNMP Extension
5) PKCS#11 Token
6) Random Pool
7) Certificate Authority
8) Certificate's Fingerprint
9) Disable Advanced Routing
10) Automatic start of Checkpoint Products
11) Exit

LoboTiger

lobotiger · #4 (**permalink**) 2007-03-24

Oh I thought I would add that this is NGX R62.

LoboTiger

inetd · #5 (**permalink**) 2007-03-25

Are you running in standalone mode? The gateway should have been created automatically, if so. There shouldn't even really be a need to establish SIC in a standalone environment.

lobotiger · #6 (**permalink**) 2007-03-25

Yes I guess it is in standalone mode in that both the SmartCenter and FW module are on the same machine with SPLAT. I would think the same way as you but the problem comes in when I try and create a new VPN-1 gateway and it wants me to establish SIC. It prompts me for the key even though I've never had to input a key on the server. ????

LoboTiger

lobotiger · #7 (**permalink**) 2007-03-26

Just thought I'd post an update as I got an answer from a guy at my work who knows some things about Checkpoint. Turns out that inetd was kinda right in that you don't have to create a SIC if both the fw module and smartcenter are on the same box:

The SIC question only gets asked (and is only necessary) if you are installing a Firewall without SmartCenter on the same host. If SmartCenter is on the same host, you don’t need SIC (and you don’t need two different objects in your database, because it’s all on one host), because all the traffic between them is local and never travels out to the network where SIC is necessary. If you were to now add another VPN-1 Power host somewhere else, that install would prompt you for a SIC activation key, and you would need to create a separate object for that in your database to establish SIC.

LoboTiger

srahman · #8 (**permalink**) 2008-05-13

Hello,

Can you please help. I have recently installed CheckPoint NGX (R60) on a Windows server and have two nokia's (IP560) with build 4.2 (R65). I have installed the CheckPoint Configuration program with Standalone mode and now realised this prevent me from running SIC. Can someone please tell me how I can reset the Nokia boxes back to Configuration mode, but leaving the interface details alone.

Also can you have the Management station on R60 and the nokia boxes on R65?

Look forward to your reply.

Thank you kindly.
Shaz

mcnallym · #9 (**permalink**) 2008-05-15

Your SMARTCenter needs to be the same version or newer then your gateways, you cannot run an R60 SMARTCenter and R65 gateways. You need to downgrade the gateways or upgrade the SMARTCenter.

Resetting the Nokia config will not reset the Check Point packages configuration. I would uninstall and do a clean CHeck Point install afterwards.

srahman · #10 (**permalink**) 2008-05-17

Hello,

Thank you for your reply.

Please can you describe the step on how to do a clean install of CheckPoint? Would installing a newer build ie from Build 69 to Build 78 work?
I have tried to uninstall the packages and this fails to work.

Please help.
Thank you.
Shaz

srahman · #11 (**permalink**) 2008-05-17

Hello,

Where can I download IPSO 4.2 BUILD 78 from?

Thanks

Yasushi Kono · #12 (**permalink**) 2008-05-19

Quote:

Originally Posted by srahman

Hello,

Thank you for your reply.

Please can you describe the step on how to do a clean install of CheckPoint? Would installing a newer build ie from Build 69 to Build 78 work?
I have tried to uninstall the packages and this fails to work.

Please help.
Thank you.
Shaz

What you have to do is a clean installation of IPSO. The Nokia appliance comes with the original Nokia IPSO CDROM. As far as you have Software Download Support contract, you can download ipso.tgz from the download pages of Nokia. This image should be transferred to an FTP Server. Then, you reboot your machine and wait until the following message appears:

Type any character to enter command mode

Upon typing any character, you will get the BOOTMGR prompt. There, you have to type

install

From now on, the installation is interactive (I have described all the steps in my book "Check Point VPN-1 Power" (ISBN 978-3898428972), but in German language.

What you need before is:

ipso.tgz and IPSO_wrapper_NGX_R6x.tgz in a directory of an FTP Server.

If you have to know IPSO, visit a 5-day course ("Check Point NGX Security Administration I on Nokia IO Security Platforms"). I am also one of the contributors of this courseware! These five days will change your life!

Kind regards,

Yasushi

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode