Checkpoint Secure Internal Communication (SIC)

Secure Internal Communication (SIC)
===================================
SMS<------>SG
-Used to create trust communication b/w SMS--SG
-128bit aes encryption between SMS and SG
-certificate and Password of SMS to have trust b/w SMS and SG
-While installing SMS, we have to create ICA(internal cert authority)
-ICA=issues certificates
Working
---------
SMS-----SG
-Time has to be synchronised
-in SC goto>gateway network obj>general properties>click on comm to initialise SIC
-Enter some Key
-Now ICA issues cert to SG
-Once The certificate is downloaded securely and stored on the gateway, then SG can communicate with any checkpoint with SIC CERTIFICATE.

PORT     TYPE     SERVICE DESCRIPTION
18209     tcp          NGX Gateways <> ICAs (status, issue, or revoke).
18210     tcp          Pulls Certificates from an ICA.
18211     tcp          Used by the cpd daemon (on the gateway) to receive Certificates.

=============================================================================
functions:
=========
CPD
---
-used for SIC, Licensing,status report
FWM:
---
-responsible for all activities of SC
like policies installation,HA,
FWD:
----
-responsible for logging

-Using cpstop and then cpstart will restart all Check Point services, including the SVN foundation. ( stop your SMARTCenter)
-Using fwstop and then fwstart will only restart VPN-1/FireWall-1.
stop your SMARTCenter (not any other Check Point services.)
-after giving XXstart then only it will restart the services

0 Response to "Checkpoint Secure Internal Communication (SIC)"

Post a Comment

Powered by Blogger