Support Center > Search Results > SecureKnowledge Details
How to reset SIC
Solution

Warning: Before implementing this procedure in a VSX environment, consult Check Point Support. Also refer to sk34098 - How to reset SIC on a VSX Gateway for a specific Virtual System


Important: On the Embedded OS platforms, the menu given by cpconfig is not available. However, you can initialize SIC by running the CLISH command: set sic_init password <one-time-password>

The WebUI of the Administration portal also provides this option in the "Home->Security Management" page in the "Security Management Server" section.


 

For Open Servers and other appliances, perform the following procedure on the Security Gateway:

  1. Connect to the command line on the Security Gateway / Cluster member (over SSH, or console).

    Note: For cluster, perform this procedure on Standby member first and then on the Active.

  2. Go to the Check Point menu: [Expert@HostName]# cpconfig

    Reset_Sic_1.jpg

  3. Choose option 5 "Secure Internal Communication" from the menu by typing number 5 and clicking "Enter":

    Reset_Sic_2.jpg

  4. You will be asked if you wish to re-initialize the communication. Press on "y" and then click "Enter":

    Reset_Sic_3.jpg

  5. You will be asked again if you want to reinitialize the communication, Press on "y" and then click "Enter":

    Reset_Sic_4.jpg

  6. You will be prompted to enter the new "SIC" key. Make sure to enter the same key in both fields. Once done typing, click "Enter":

    Reset_sic_5

  7. The key will be reinitialized, wait until you see the key was "successfully initialized". Once done choose the option "Exit" and click "Enter":



  8. The Check Point processes will be restarted. This will take a few minutes. Once completed, you will be returned to the command line. This ends the process on the Security Gateway side:

    Reset_Sic_7.jpg

Note: The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset on your Management Server.

 

Perform the following procedure on the Security Management Server:

  1. Connect with SmartDashboard to Security Management Server / Domain Management Server (CMA).

  2. Open the Security Gateway object, for which you reset the SIC:

     

  3. Click on the "Communication" button:

    Note: For cluster, perform this procedure on each cluster member. On the Standby member first and then on the Active.

  4. Click the "Reset" button:

     

  5. You will be asked if you are sure you want to reset, click "Yes":

    Reset_Sic_11

  6. You will receive a notification the reset is done. Click "OK":

    Reset_Sic12

  7. Type in the new SIC key you have created on the Security Gateway, and click "Initialize":

    Reset_Sic_13.jpg

  8. Once the SIC has been initialized, you will see the certificate state icon turn green and the note "Trust established":

    Reset_Sic_14.jpg

  9. Click "OK" to close the Properties windows.

  10. Save the database: 'File' menu - 'Save'.

  11. Install policy on the Security Gateway.

Note: The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset.

 


 

Related solutions:

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment