Resetting SIC on reboot (with Mgmt server as Vmware guest) NGX R65

[Packet]

This is a scenario I'm playing with and I got it working mostly.

Scenario: NGX R65 as enforcement only module with DAIP on Windows 2003 SP2.
Mgmt server NGX R65 on Windows 2003 SP2 running in a Vmware session on same machine.
Everything (except VPN) works just fine - hide nat for the mgmt server to get windows updates as needed and for another internal network to get out as hide nat, etc. so the connectivity between the mgmt server and the enforcement module is all good.

however, i've noticed that on rebooting the physical machine (and a clean/normal shutdown and reboot of the vmware session as well), SIC stays established - shows 'SIC established' but on testing SIC status, i get an unable to resolve object ip. (cant recall exact error, but basically it cant resolve the ip of the module)
so, cant push a new policy at that moment either because it cant resolve the object.
cpstop/cpstart on both vmware mgmt server and DAIP enforcement module doesnt do anything.
From trial and error, i found out that if i reset SIC status between the two and specify the current ip obtained via DHCP (on the DAIP), SIC status is good and it stays fine, can push policies, et all.
Until the next reboot...

Is there a simpler way to do this rather than having to reset SIC status each reboot?

[dantro]

You already wrote the answer yourself.

[mcnallym]

Why not define the gateway object with it's internal IP object. That way then the object can be resolved and a policy pushed.

[Packet]

dantro: thanks for confirming - but some kinda cmd line/scriptable/automated thing would be ideal - if you know of any.

mcnallym: not sure about that, honestly.
when i installed the enforcement module as part of the checkpoint install on the host, it asked me if an interface was DAIP and i chose 'yes' to that.

i just tried adding a new gateway object - now i might be doing something wrong here, but it seems to me that i cant define any interface properties to be dhcp enabled if i dont choose the checkbox next to 'dynamic address' in 'general properties' (side-effect of dynamic address is that the 'remote access' etc settings disappear - which is the next battle coz i wanted a client to site vpn)

now whether this is due to the fact that i had chosen DAIP when i first installed the said enforcement module, i dont know for sure.

seems to be that if a static address is defined in the 'general properties' page, it will not allow any other interface to be set to dhcp/dynamic.
atleast that's how it appears to me in the topology section.
as ever, open to all suggestions.