CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 5 of 5

Thread: cprid and SIC

  1. #1
    Join Date
    2008-01-14
    Posts
    37
    Rep Power
    0

    Default cprid and SIC

    Hi All,

    I'd like to have some clarifcation from you all about cprid and sic.

    What i understand:
    SIC is some kind of secure tunnel built by the power of the Activation key and be used by all checkpoint module communication purposes. Such as: logging, Policy verification, Policy Installation, Module Information gathering, Monitoring.

    where CPRID is a program/service/daemon in the enforcement module that will be used by Smartcenter to upgrade packages, licenses, and gather gateway info (mostly done in smartupdate). And all cprid activities will be go through the tunnel (SIC).

    Please correct me if iam wrong.

    Thank you

    regards

    kalem

  2. #2
    Join Date
    2006-10-16
    Location
    Mexico
    Posts
    38
    Rep Power
    0

    Default Re: cprid and SIC

    Quote Originally Posted by anakalem View Post
    And all cprid activities will be go through the tunnel (SIC).
    I'm not so sure about that...

    SIC seems to use TCP port 18191 (CPD: Check Point Daemon Protocol) and cprid (FW1_CPRID: Check Point Remote Installation Protocol) is on TCP port 18208.
    just an end-user, Provider-1@R75.40, testing GAIA

  3. #3
    Join Date
    2016-12-01
    Posts
    1
    Rep Power
    0

    Default Re: cprid and SIC

    Quote Originally Posted by anakalem View Post
    Hi All,

    I'd like to have some clarifcation from you all about cprid and sic.

    What i understand:
    SIC is some kind of secure tunnel built by the power of the Activation key and be used by all checkpoint module communication purposes. Such as: logging, Policy verification, Policy Installation, Module Information gathering, Monitoring.

    where CPRID is a program/service/daemon in the enforcement module that will be used by Smartcenter to upgrade packages, licenses, and gather gateway info (mostly done in smartupdate). And all cprid activities will be go through the tunnel (SIC).

    Please correct me if iam wrong.

    Thank you

    regards

    kalem

    Yes all CPRID Operations are done over SIC. SIC is Secure Internal Communications and is a certificate based communication that happens between the Gateways and the Management Servers. The activation key can be used only once and then the certificate based communication takes over.

  4. #4
    Join Date
    2006-03-19
    Location
    Northern Ohio
    Posts
    1,363
    Rep Power
    13

    Default Re: cprid and SIC

    Quote Originally Posted by changes165 View Post
    The activation key can be used only once and then the certificate based communication takes over.
    Yeah, I used to think that as well because that's what the docs say. It doesn't seem to be true. It feels like the "activation key" is the certificate private key or something. Or the key encrypting key. We've re-used it a couple of times without having to reset SIC completely. So now we save it in case we need it again.

    Ray

  5. #5
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    942
    Rep Power
    12

    Default Re: cprid and SIC

    Quote Originally Posted by RayPesek View Post
    Yeah, I used to think that as well because that's what the docs say. It doesn't seem to be true. It feels like the "activation key" is the certificate private key or something. Or the key encrypting key. We've re-used it a couple of times without having to reset SIC completely. So now we save it in case we need it again.

    Ray
    SIC one time password is not an encryption key. SIC has a TLS based encryption and uses certificates. SIC password is used one time to pull GW certificate from the management. Yes, you can put in place the same password when resetting SIC over and over. That does not mean much. SIC password is only to make sure you are sending a new cert to your own GW and not to a third party fake device pretending to be your FW.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. cprid connection is not succeed
    By goldarrow in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 8
    Last Post: 2009-12-21, 00:29
  2. CPRID process hangs when running cprestart
    By jsond in forum Miscellaneous
    Replies: 0
    Last Post: 2006-05-17, 13:31

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •