Warning: Before implementing this procedure in a VSX environment, consult Check Point Support. Also refer to sk34098 - How to reset SIC on a VSX Gateway for a specific Virtual System
Important: On the Embedded OS platforms, the menu given by cpconfig is not available. However, you can initialize SIC by running the CLISH command: set sic_init password <one-time-password>
The WebUI of the Administration portal also provides this option in the "Home->Security Management" page in the "Security Management Server" section.
For Open Servers and other appliances, perform this procedure on the Security Gateway:
- Connect to the command line on the Security Gateway / Cluster member (over SSH, or console).
Note: For cluster, perform this procedure on Standby member first and then on the Active.
- Go to the Check Point menu:
[Expert@HostName]# cpconfig
- Choose option 5 "Secure Internal Communication" from the menu by typing number 5 and pressing "Enter":
- You will be asked if you wish to re-initialize the communication. Press on "y" and then press "Enter":
- You will be asked again if you want to reinitialize the communication, Press on "y" and then press "Enter":
- You will be prompted to enter the new "SIC" key. Make sure to enter the same key in both fields. Once done typing, press "Enter":
- The key will be reinitialized, wait until you see the key was "successfully initialized". Once done choose the option "Exit" and press "Enter":
- The Check Point processes will be restarted. This will take a few minutes. Once completed, you will be returned to the command line. This ends the process on the Security Gateway side:

Notes:
- The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset on your Management Server.
- In a VSX environment, a Policy Installation is required on VS0, otherwise policy installation will fail on other VSs.
Perform this procedure on the Security Management Server:
- Connect with SmartConsole to Security Management Server / Domain Management Server (CMA).
- Open the Security Gateway object, for which you reset the SIC:
- Click on the "Communication" button:
Note: For cluster, perform this procedure on each cluster member. On the Standby member first and then on the Active.
- Click the "Reset" button:
- You will be asked if you are sure you want to reset, click "Yes":
- You will receive a notification the reset is done. Click "OK":
- Type in the new SIC key you have created on the Security Gateway, and click "Initialize":
- Once the SIC has been initialized, you will see the certificate state icon turn green and the note "Trust established":
- Click "OK" to close the Properties windows.
- Save the database: '
File
' menu - 'Save
'.
- Install policy on the Security Gateway.
Notes:
- The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset.
- In a VSX environment, a Policy Installation is required on VS0, otherwise policy installation will fail on other VSs.
Related solutions: