SIC - Reinitialize between the Security Gateway and the SmartCenter server

Symptoms

* Error when trying to initialize SIC with the Security Gateway.
* Error: "Failed to connect the module".

Solution
-

To reinitialize SIC (Secure Internal Communication) between the Security Gateway and the SmartCenter server, proceed as follows:

Scenario 1: Security Gateway is installed on a UNIX machine

1. On the Security Gateway, run cpconfig and reinitialize the Secure Internal Communication as follows.

2. In the Configuration Options screen, type in the &ltSecure Internal Communication Option number> and press 'Enter'.

3. In the Configuring Secure Internal Communication screen, when prompted to re-initialize communication, type in "y" and press 'Enter'.

4. The next screen verifies that you want to reset Secure Internal Communication now. Type in "y" and press 'Enter'.

5. Enter Activation Key: ****** (For example, abc123)

6. Again Activation Key: ****** (For example, abc123)

7. The Secure Internal Communication Successfully Initialized screen is displayed. Type in the &ltExit Option number> and press 'Enter'.

8. The next screen prompts you to restart ALL Check Point modules (performing cpstop & cpstart) in order to activate the changes you have made. Type in "y" and press 'Enter'.
9. In SmartDashboard, select 'Manage > Network Objects'.

10. In Network Objects Manager, select the Security Gateway network object.

11. Click 'Edit'.

12. In the dialog box, select General Properties from the left pane.

13. In General Properties, click 'Communication' in the Secure Internal Communication section.

14. In the Communication dialog box, click 'Reset'. The dialog box will be seen with the following message:

For the reset operation to be complete, you must also reset
the module in the configuration tool. No communication will
be possible until you reset and re-initialize the communication
properly.
Are you sure you want to reset?


15. Click 'Yes'.
16. The dialog box displays the following message:

Reset is done.
Please re-install the Security Policy in order to update the CRL list.
You must install the Security Policy to ALL Modules.

Click 'OK'.

17. In the Communication dialog box, enter the one time password (abc123) in the Activation Key field.

18. Re-enter the one time password (abc123) in the Confirm Activation Key field.

Note: The one time password, entered in the Activation Key field and Confirm Activation Key field, needs to be the same one time password that has been set as the Activation Key on the Security Gateway.


19. Click 'Initialize'.

20. Verify the Trust state field is changed to "Trust established".

21. To test Secure Internal Communication status, click 'Test SIC status'.

22. Verify that the message in the SIC Status dialog box is similar to:

SIC Status for fw_module: Communicating


23. Click 'Close' in the SIC Status dialog box.

24. Click 'Close' in the Communication dialog box.

25. Click 'OK' in the Check Point Gateway dialog box.

26. Install policy.

Scenario 2: Security Gateway is installed on a Windows machine

1. On the Security Gateway, access cpconfig.

2. In the Check Point Configuration Tool dialog box, select the Secure Internal Communication tab.

3. In the Secure Internal Communication tab, click 'Reset' in the Initialization section.

The Warning dialog box will display the following message:

For the reset operation to be complete you must also reset the module in the Policy Editor.
No communication will be possible until you reset and re-initialize the communication properly.

Note: The Secure Internal Communication will be reset now.

Are you sure you want to reset?


4. Click 'Yes'.

5. In the Secure Internal Communication tab, enter the one time password (For example, def456) in the Activation Key field.

6. Re-enter the one time password (def456) in the Confirm Activation Key field.
7. Click 'OK' in the Check Point Configuration Tool.

The cpconfig dialog box will be seen with the following message:

You have changed the system configuration.
It is recommended to restart Check Point services.

Do you wish to restart the services now?


8. Click 'Yes'.


9. In SmartDashboard, select 'Manage > Network Objects'.

10. In the Network Objects Manager, select the Security Gateway network object.

11. Click 'Edit'.

12. In the Check Point Gateway dialog box, select General Properties from the left pane.

13. In General Properties, click 'Communication' in the Secure Internal Communication section.

14. In the Communication dialog box, click 'Reset'.

The dialog box displays the following message:

For the reset operation to be complete, you must also reset the module in the configuration tool. No communication will be possible until you reset and re-initialize the communication properly.
Are you sure you want to reset?


15. Click 'Yes'. The dialog box will display the following message:

Reset is done.
Please re-install the Security Policy in order to update the CRL list.
You must install the Security Policy to ALL Modules.


16. Click 'OK'.
17. In the Communication dialog box, enter the one time password (def456) in the Activation Key field.

18. Re-enter the one time password (def456) in the Confirm Activation Key field.

Note: The one time password, entered in the Activation Key field and Confirm Activation Key field, needs to be the same password set as the Activation Key on the Security Gateway.


19. Click 'Initialize'.

20. Verify that the message in the Trust state field is changed to "Trust established".

21. To test Secure Internal Communication status, click 'Test SIC status'.

22. Verify message in the SIC Status dialog box is similar to:

SIC Status for fw_module: Communicating


23. Click 'Close' in the SIC Status dialog box.

24. Click 'Close' in the Communication dialog box.

25. Click 'OK' in the Check Point Gateway dialog box.

26. Install policy.