Menü Kapat

How to reset SIC without restarting Check Point GW

The normal way of resetting SIC is to automatically restart Check Point services (cpstop;cpstart ). This requires a maintenance window for some environments.

In addition, since SIC was reset, the Security Gateway will load the ‘InitialPolicy’, which in some cases, mandates console access to the Security Gateway.

Note: This procedure is not supported on SMB appliances. In SMB, the SIC related process (CPD) is integrated into the FW process, so it cannot be restarted separately.

On the Security Gateway (not 61000), run these commands:

  1. [Expert@HostName]# cp_conf sic init New_Activation_Key norestart

  2. [Expert@HostName]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

  3. [Expert@HostName]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

In 61k Security Gateway Mode:

  1. [Expert@HostName]# g_all cp_conf sic init New_Activation_Key norestart

  2. [Expert@HostName]# gexec -f -b all -c 'cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"'

  3. [Expert@HostName]# gexec -f -b all -c 'cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"'

In SmartDashboard:

  1. Click on the Security Gateway object.
  2. Click on ‘Communication‘.
  3. Click ‘Reset‘ and confirm.
  4. Enter the New_Activation_Key (that was used in the ‘cp_conf sic init ...‘ command on Security Gateway).
  5. Click on ‘Initialize‘.
  6. Install policy, if needed.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir