CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 5 of 5

Thread: Issue with SIC establishment

  1. #1
    Join Date
    2012-08-10
    Posts
    18
    Rep Power
    0

    Default Issue with SIC establishment

    Hello Guys,

    I have a single firewall in one of our branch offices to which I am trying to establish SIC and I am getting error "failed to connect to gateway". Let me give a brief on what all troubleshooting steps which I have carried out.


    1. This particular firewall is already managed by a different Management server, however we want start managing this Firewall from a different SMS which is were I am currently facing the issue

    2. I see that ping to the Firewall from New SMS is working fine. Observed the tracker logs on the existing SMS, each and every time when I try to establish SIC the traffic is getting accepted by the gateway, however I see the error message!!!!.

    3. According to fw monitor and tcpdump all packets are hitting there is a ACK going back, however what I observe here is for S flag a reply is going back as R flag. Here's the fw monitor output below,

    [vs_0][fw_1] bond1:I[60]: 10.10.1.6 -> 10.11.50.1 (TCP) len=60 id=18281
    TCP: 60485 -> 18211 .S.... seq=9a728d24 ack=00000000
    [vs_0][fw_1] bond1:o[40]: 10.11.50.1 -> 10.10.1.6 (TCP) len=40 id=0
    TCP: 18211 -> 60485 ..R.A. seq=00000000 ack=9a728d25

    4. I did the CPD debug and didn't find anything at all in cpd.elg.

    Appreciate any feedback on this !!!!

    Regards,
    Krishna

  2. #2
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    8

    Default Re: Issue with SIC establishment

    What appliance you are using and what software version?
    Did you start by reestablishing the SIC on the FW first?

  3. #3
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    857
    Rep Power
    16

    Default Re: Issue with SIC establishment

    I had very problem today..
    Turned out that the clock on the remote gateway was way off..

  4. #4
    Join Date
    2008-07-31
    Location
    Netherlands, Europe
    Posts
    1,147
    Rep Power
    14

    Default Re: Issue with SIC establishment

    Did you reset SIC through the cpconfig util on the gateway?
    the reset will only occur when you have not yet told the gateway to listen to the SIC setup.

    The gateway can only have a SIC with 1 management server at any given time.
    Regards, Maarten.
    Triple MDS on R77.30, MDS on R80.10, VSX, GAIA.

  5. #5
    Join Date
    2012-08-10
    Posts
    18
    Rep Power
    0

    Default Re: Issue with SIC establishment

    Quote Originally Posted by msjouw View Post
    Did you reset SIC through the cpconfig util on the gateway?
    the reset will only occur when you have not yet told the gateway to listen to the SIC setup.

    The gateway can only have a SIC with 1 management server at any given time.
    Yea i pretty figured out that the same day, sorry of the delay in response. Got the information clarified and got my requirement fixed

Similar Threads

  1. Establishment of SIC to the secondary SmartCenter failed
    By bruceus in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2013-01-21, 05:43
  2. SIC re-establishment.
    By bvanniekerk in forum SmartDashboard
    Replies: 5
    Last Post: 2006-04-12, 03:00

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •