How to reset SIC without restarting Check Point GW

The normal way of resetting SIC is to automatically restart Check Point services (cpstop;cpstart ). This requires a maintenance window for some environments.

In addition, since SIC was reset, the Security Gateway will load the ‘InitialPolicy’, which in some cases, mandates console access to the Security Gateway.

Note: This procedure is not supported on SMB appliances. In SMB, the SIC related process (CPD) is integrated into the FW process, so it cannot be restarted separately.

On the Security Gateway (not 61000), run these commands:

  1. [[email protected]]# cp_conf sic init New_Activation_Key norestart

  2. [[email protected]]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

  3. [[email protected]]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

In 61k Security Gateway Mode:

  1. [[email protected]]# g_all cp_conf sic init New_Activation_Key norestart

  2. [[email protected]]# gexec -f -b all -c 'cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"'

  3. [[email protected]]# gexec -f -b all -c 'cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"'

In SmartDashboard:

  1. Click on the Security Gateway object.
  2. Click on ‘Communication‘.
  3. Click ‘Reset‘ and confirm.
  4. Enter the New_Activation_Key (that was used in the ‘cp_conf sic init ...‘ command on Security Gateway).
  5. Click on ‘Initialize‘.
  6. Install policy, if needed.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir