cp_conf sic

Description

Manages SICClosed Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

For additional information, see sk65764: How to reset SIC.

Note - This command corresponds to the option Secure Internal Communication in the cpconfig menu.

Syntax on a Security Gateway / Cluster Member in Gaia Clish or the Expert mode

cp_conf

      -h

      sic

            cert_pull <Management Server> <DAIP GW object>

            init <Activation Key> [norestart]

            state

Syntax on a Scalable Platform Security Group in Gaia gClish

cp_conf

      -h

      sic

            cert_pull <Management Server> <DAIP GW object>

            init <Activation Key> [norestart]

            state

Syntax on a Scalable Platform Security Group in the Expert mode

g_all cp_conf

      -h

      sic

            cert_pull <Management Server> <DAIP GW object>

            init <Activation Key> [norestart]

            state

Parameters

Parameter

Description

-h

Shows the built-in usage.

cert_pull <Management Server> <DAIP GW object>

For DAIP Security Gateways, pulls a SIC certificate from the specified Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. for the specified DAIP Security Gateway:

init <Activation Key> [norestart]

Resets the one-time SIC activation key.

The optional parameter "norestart" specifies not to restart Check Point services.

state

Shows the current state of the SIC Trust.

Example

[Expert@MyGW:0]# cp_conf sic state
 
Trust State: Trust established
 
[Expert@MyGW:0]#