Solution
Note that this method is not suitable for SMB appliances as the SIC-related process (CPD) is integrated into the FW process and cannot be restarted separately.
1. To reset SIC on Security Gateway (not Scalable Platform), the following commands should be run:
[Expert@HostName]# cp_conf sic init New_Activation_Key norestart
(example: [Expert@HostName]# cp_conf sic init pass123456 norestart)
[Expert@HostName]# cpwd_admin stop -name CPD -path “$CPDIR/bin/cpd_admin” -command “cpd_admin stop”
[Expert@HostName]# cpwd_admin start -name CPD -path “$CPDIR/bin/cpd” -command “cpd”
2. For Scalable Platform in Security Gateway Mode:
[Expert@HostName]# g_all cp_conf sic init New_Activation_Key norestart
[Expert@HostName]# gexec -f -b all -c ‘cpwd_admin stop -name CPD -path “$CPDIR/bin/cpd_admin” -command “cpd_admin stop”‘
[Expert@HostName]# gexec -f -b all -c ‘cpwd_admin start -name CPD -path “$CPDIR/bin/cpd” -command “cpd”‘
3. In SmartConsole
– Click the Security Gateway object.
– Click Communication.
– Click Reset and confirm.
– Enter the New_Activation_Key (used in the ‘cp_conf sic init …’ command on Security Gateway).
– Click Initialize.
– Install the policy if necessary.
It is important to note that these commands are specific to the type of security gateway used and the process may vary depending on that.
Notes
- Please be advised that when resetting the SIC, it is essential to ensure that the Management Server IP address is set back to the same address. This will ensure that the current firewall policy remains in place.
- Additionally, if the user has “Stealth Rules” or “Cleanup Rules” in place, the current policy may only allow communication between the Gateway and the IP address of the Management Server.
- If the IP address of the Management Server needs to be changed, it is important to first create a “Dummy host” with the new IP address and add it to the “Fetch Policy” of the gateways and all affected rules. The policy should then be installed. After the SIC reset, any unnecessary access to the old Management IP should be removed by cleaning the rules. If control connections are disabled, ensure the policy is updated with the new Management IP address. For instructions on how to change the IP address of a Security Management, refer to sk40993.
- Please note that if the device is reset or powered off before the SIC is reset from SmartConsole, the ‘Initial’ policy will be loaded, similar to a regular ‘cpconfig’ reset.