Checkpoint Secure Internal Communication (SIC)
Secure Internal Communication (SIC)
===================================
SMS<------>SG
-ICA=issues certificates
Working
---------
SMS-----SG
-Time has to be synchronised
-in SC goto>gateway network obj>general properties>click on comm to initialise SIC
-Enter some Key
-Now ICA issues cert to SG
-Once The certificate is downloaded securely and stored on the gateway, then SG can communicate with any checkpoint with SIC CERTIFICATE.
PORT TYPE SERVICE DESCRIPTION
18209 tcp NGX Gateways <> ICAs (status, issue, or revoke).
18210 tcp Pulls Certificates from an ICA.
18211 tcp Used by the cpd daemon (on the gateway) to receive Certificates.
===================================
SMS<------>SG
-Used to create trust communication b/w SMS--SG
-128bit aes encryption between SMS and SG
-certificate and Password of SMS to have trust b/w SMS and SG
-While installing SMS, we have to create ICA(internal cert authority)-ICA=issues certificates
Working
---------
SMS-----SG
-Time has to be synchronised
-in SC goto>gateway network obj>general properties>click on comm to initialise SIC
-Enter some Key
-Now ICA issues cert to SG
-Once The certificate is downloaded securely and stored on the gateway, then SG can communicate with any checkpoint with SIC CERTIFICATE.
PORT TYPE SERVICE DESCRIPTION
18209 tcp NGX Gateways <> ICAs (status, issue, or revoke).
18210 tcp Pulls Certificates from an ICA.
18211 tcp Used by the cpd daemon (on the gateway) to receive Certificates.
=============================================================================
functions:
=========
CPD
---
-used for SIC, Licensing,status report
FWM:
---
-responsible for all activities of SC
like policies installation,HA,
FWD:
----
-responsible for logging
-Using cpstop and then cpstart will restart all Check Point services, including the SVN foundation. ( stop your SMARTCenter)
-Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
stop your SMARTCenter (not any other Check Point services.)
-after giving XXstart then only it will restart the services
=========
CPD
---
-used for SIC, Licensing,status report
FWM:
---
-responsible for all activities of SC
like policies installation,HA,
FWD:
----
-responsible for logging
-Using cpstop and then cpstart will restart all Check Point services, including the SVN foundation. ( stop your SMARTCenter)
-Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
stop your SMARTCenter (not any other Check Point services.)
-after giving XXstart then only it will restart the services
0 Response to "Checkpoint Secure Internal Communication (SIC)"
Post a Comment