Академический Документы
Профессиональный Документы
Культура Документы
sic_reset Command
25 September 2011
© 2011 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under
licensing restricting their use, copying, distribution, and decompilation. No part of this product or related
documentation may be reproduced in any form or by any means without prior written authorization of Check
Point. While every precaution has been taken in the preparation of this book, Check Point assumes no
responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
RESTRICTED RIGHTS LEGEND:
Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR
52.227-19.
TRADEMARKS:
Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.
Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of
relevant copyrights and third-party licenses.
Important Information
Latest Software
We recommend that you install the most recent software release to stay up-to-date with the latest functional
improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Latest Documentation
The latest version of this document is at:
http://supportcontent.checkpoint.com/documentation_download?ID=12487
For additional technical information, visit the Check Point Support Center
(http://supportcenter.checkpoint.com).
Revision History
Date Description
Feedback
Check Point is engaged in a continuous effort to improve its documentation.
Please help us by sending your comments
(mailto:cp_techpub_feedback@checkpoint.com?subject=Feedback on How to Use the fwm sic_reset
Command ).
Contents
Supported Versions
Any Check Point version
Supported OS
Any OS
Supported Appliances
Any appliance that can be run as a management server.
Check Point HCL (http://www.checkpoint.com/services/techsupport/hcl/index.html).
There are different ways to remove IKE certificates from a management server:
If SmartDashboard is available, use the solution explained in: sk14532
(http://supportcontent.checkpoint.com/documentation_download?ID=sk14532)
This file is generated without IKE certificates, so you can use it to delete the current CA.
a) Take the new objects_5_0.C file from the CPinfo.
b) Backup the current one on the management server, under $FWDIR/conf/, and replace it with the
new file.
Step 2: Run the command and delete the CA.
After all IKE certificates are removed from the management server that the ICA resides on, run fwm
sic_reset.
This operation deletes the ICA.
The management server does not contain a CA now. It cannot perform any secured communication with
other Check Point or OPSEC devices.
You can also run the fwm sic_reset command on Multi-Domain Security Management environments. It is
important to run it on the relevant level.
On Domain Management Server: # mdsenv <cma_ip_or_name>
On Multi-Domain Server: # mdsenv
For further information, refer to steps 1-2 in sk32491
(http://supportcontent.checkpoint.com/documentation_download?ID=sk32491).
Step 3: Recreate the Internal CA.
Make sure the management server has a valid certificate (search for cp_mgmt in the CN field) with:
# cpca_client lscert –kind SIC –stat Valid