Resetting the Trust State revokes the Security Gateway's SIC certificate. This must be done if the security of the Security Gateway has been breached, or if for any other reason the Security Gateway's functionality must be stopped. When the SIC certificate is reset, the Certificate Revocation List (CRL) is updated to include the name of the revoked certificate.
The CRL is signed by the Internal CA on the Check Point Management Server and issued to all the managed Security Gateways the next time a SIC connection is made. If there is a discrepancy between the CRL of two communicating components, the newest CRL is always used. The Security Gateways refer to the latest CRL and deny a connection from an imposter posing as a Security Gateway and using a SIC certificate that has already been revoked.
Follow the instructions in sk65764 - How to reset SIC.
For more information regarding SIC, see the Security Management Administration Guide for your version.