Warning: Before implementing this procedure in a VSX environment, consult Check Point Support. Also refer to sk34098 - How to reset SIC on a VSX Gateway for a specific Virtual System

Important: On the Embedded OS platforms, the menu given by cpconfig is not available. However, you can initialize SIC by running the CLISH command: set sic_init password <one-time-password>

The WebUI of the Administration portal also provides this option in the "Home->Security Management" page in the "Security Management Server" section.

---

 

For Open Servers and other appliances, perform the following procedure on the Security Gateway:

1. Connect to the command line on the Security Gateway / Cluster member (over SSH, or console).
   
   Note: For cluster, perform this procedure on Standby member first and then on the Active.
   
   
2. Go to the Check Point menu: [Expert@HostName]# cpconfig
   
   
   
   
3. Choose option 5 "Secure Internal Communication" from the menu by typing number 5 and clicking "Enter":
   
   
   
   
4. You will be asked if you wish to re-initialize the communication. Press on "y" and then click "Enter":
   
   
   
   
5. You will be asked again if you want to reinitialize the communication, Press on "y" and then click "Enter":
   
   
   
   
6. You will be prompted to enter the new "SIC" key. Make sure to enter the same key in both fields. Once done typing, click "Enter":
   
   
   
   
7. The key will be reinitialized, wait until you see the key was "successfully initialized". Once done choose the option "Exit" and click "Enter":
   
   
   
   
8. The Check Point processes will be restarted. This will take a few minutes. Once completed, you will be returned to the command line. This ends the process on the Security Gateway side:
   
   

Note: The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset on your Management Server.

 

Perform the following procedure on the Security Management Server:

1. Connect with SmartDashboard to Security Management Server / Domain Management Server (CMA).
   
   
2. Open the Security Gateway object, for which you reset the SIC:
   
    
   
   
3. Click on the "Communication" button:
   
   Note: For cluster, perform this procedure on each cluster member. On the Standby member first and then on the Active.
   
   
4. Click the "Reset" button:
   
    
   
   
5. You will be asked if you are sure you want to reset, click "Yes":
   
   
   
   
6. You will receive a notification the reset is done. Click "OK":
   
   
   
   
7. Type in the new SIC key you have created on the Security Gateway, and click "Initialize":
   
   
   
   
8. Once the SIC has been initialized, you will see the certificate state icon turn green and the note "Trust established":
   
   
   
   
9. Click "OK" to close the Properties windows.
   
   
10. Save the database: 'File' menu - 'Save'.
    
    
11. Install policy on the Security Gateway.

Note: The Security Gateway will run the default policy until a policy is installed. It is recommended to install policy as soon as the SIC has been reset.

 

---

 

Related solutions:

• sk30579 - Troubleshooting SIC
• sk34098 - How to reset SIC on a VSX Gateway for a specific Virtual System
• sk32491 - How to reset SIC on a CMA
• sk37422 - How to reset SIC on CMA / Domain Management Server in Multi-Domain Server High Availability environment
• sk36359 - How to reset SIC between CLM / Domain Log Server and the respective CMA / Domain Management Server
• sk14532 - "fwm sic_reset" command fails on the Security Management Server with "There are IKE Certificates that were generated by the internal Certificate Authority"