CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page Firewall lost its SIC
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-12-27
infrared013 infrared013 is offline
Junior Member
  
Join Date: 2006-05-23
Posts: 9
Rep Power: 0
infrared013 has an average reputation (10+)
Default Firewall lost its SIC
Hello,

I have a firewall that we noticed was not logging anymore, and has not been for some time now. After looking into it we noticed that SIC was no longer established. I plan to reset SIC on both sides but am wondering, does the cpstop/cpstart actually stop all traffic from passing or does it still allow traffic to pass but just does not filter it? I am wondering for customer impact reasons and whether or not it should be performed off hours.

Thanks in advance for any help
Reply With Quote
  #2 (permalink)  
Old 2007-12-27
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 862
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: Firewall lost its SIC
Yes, a cpstop will stop all traffic. You can stack the commands to save time by separating them with a ; as in

cpstop;cpstart <Enter>

Does a SIC reset require a cpstop? I don't recall that it does.

Are you sure it's not just an expired certificate on the firewall or management server? Having to do a SIC reset is not a common occurrence in a running firewall.

Ray
Reply With Quote
  #3 (permalink)  
Old 2007-12-27
infrared013 infrared013 is offline
Junior Member
  
Join Date: 2006-05-23
Posts: 9
Rep Power: 0
infrared013 has an average reputation (10+)
Default Re: Firewall lost its SIC
thanks for the reply...
I am pretty sure it needs SIC reset because when you look under communication it says "initialized but trust not established"

I am also pretty sure that it performs a cpstop because this is what it says when I run the option #6 under cpconfig:

This program will let you re-configure
your Check Point products configuration.


Configuration Options:
----------------------
(1) Licenses
(2) SNMP Extension
(3) Group Permissions
(4) PKCS#11 Token
(5) Random Pool
(6) Secure Internal Communication
(7) Enable cluster membership for this gateway
(8) Enable Check Point SecureXL
(9) Automatic start of Check Point Products

(10) Exit

Enter your choice (1-10) :6



Configuring Secure Internal Communication...
============================================
The Secure Internal Communication is used for authentication between
Check Point components

Trust State: Trust established

Would you like re-initialize communication? (y/n) [n] ? y

Note: The Secure Internal Communication will be reset now,
and all Check Point Services will be stopped (cpstop).
No communication will be possible until you reset and
re-initialize the communication properly!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 01:48.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0