Solved

Checkpoint Firewall Manager and FW (SPLAT) SIC error

Posted on 2008-09-30
4
5,651 Views
Last Modified: 2013-11-16
hello all,

When I am trying to apply a policy to firewall members, it fails. I believe it is due to SIC problem. When a communication SIC test is undertaken I receive the following message:

"SIC Status for SAUSFW01: Not Communicating
Internal SSL authentication error [ Certificate expired]"

Do i need to a new certificate? or there something else that might be causing this problem?

thanks
0
Comment
Question by:sheepsheep
  • 2
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 250 total points
ID: 22612441
Which node is giving the SSL cert error?  Is it the firewall or the management server?

If its the firewall and you are using a full public SSL cert (ie from comodo etc) then renew the cert via the providers means.

If not, then you should be able to renew the GW cert via dashboard by going to :

VPN > Certs > click on the VPN cert and select "renew".

This should renew the cert with the ICA on the smartcentre and the error "should" go away.

If it does not, then you will need to reset SOC between firewall and management server as follows:

1.  On firewall, run cpconfig, sleect SIC
2.  Jump through the hoops to reset sic and set a new one time password

NOTE : This will kill all comms with the management server but will NOT stop processing traffic!!!!

3.  ON smartcentre dashboard, select the GW object and click on the communications button.
4.  In resulting window, click reset.
5.  Enter the OTP as set in 2
6.  If all goes well, they will be communication.

I always test the connection again, just to make sure.

Once they are all talking, you should be able to push policy
0
 

Author Comment

by:sheepsheep
ID: 22612926
Thanks Delmark.

I am assuming it is the firewall member(s)? - after I log into SMARTDashboard and click on the firewall member > properties > Communication > Test SIC , I receive this error. How can I tell if it is the firewall or manager?

How might I view the firewall and manager certifications to check the expiration dates and signing authority?
0
 
LVL 18

Expert Comment

by:deimark
ID: 22613219
OK, thats a bit more info :P

If its the gateway object you see the SIC error, then its the GW thats at fault here.

SIC is normally related to an internally generated certificate from the ICA on the management server (the management server is the one that you connect to using smartdashboard

Note, the management system can ALSO be installed on the firewall.  These installs are called standalone, ie all the systems you need to run the set up is on one box

On the GW object VPN tab, this should list all the certs as issued.  CP can only have one cert per CA, so I assume that you should have 2 listed there.

The defaultcert as issued by the ICA and a full SSL cert as issued by comodo, geotrust etc.

If you click on "view cert" while highlighting one, it will open up and give you all the details you need re expiry etc

Let me know how that goes
0
 

Author Closing Comment

by:sheepsheep
ID: 31501832
Thanks Deimark. A  reset of SOC between firewall and management server was needed. Issue resolved.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question