I thought SIC was simply SSL. What is the error message you're seeing? If you're using implied rules, this URL should bring up the CA page: http://129.174.1.8:18264 but it doesn't (maybe it's not up right now?)
The only time I could not get SIC working was when there was no route from the SmartCenter NIC to the EXTERNAL interface of the gateway. SmartCenter was actually on the same subnet as the internal gateway interface, but the router in the middle was dropping traffic to the external interface.
Ray
From: cisco4ng <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[email protected]> To: [email protected] Subject: [FW-1] SIC between SmartCenter and Enforcement Modules with SmartCenter behind a NAT device Date: Mon, 28 Mar 2005 03:34:28 -0800
I have the following situation:
I have Checkpoint Management server is NG with AI R55W HFA_02 on SPLAT. This management server (aka smartcenter Server) has a private IP address of 192.168.1.10/24. The SmartCenter Server is sitting a Cisco Pix firewall running Pix OS 6.3(4).
The SmartCenter is being statically NATed by the Cisco Pix firewall to a public IP address of 129.174.1.8 because the management server needs to be able to manage about four others "remote" Checkpoint Enforcement Modules across the Internet.
The problem I am having with is that when I try to perform SIC between the SmartCenter Server and the Enforcement Modules. SIC KEEPS FAILING. I've been told that SIC does NOT work via NAT if the NAT device in front of the SmartCenter is NOT A CHECKPOINT FIREWALL. Checkpoint has a documentation on the workaround but it is really messy and not 100% full-proof. EVEN WITH CHECKPOINT FIREWALL, THERE ARE STILL LIMITATIONS WITH SIC VIA STATIC NAT.
It seems the ONLY solution to this problem is to assign public IP address to the SmartCenter if there is non-checkpoint NAT device in front of the SmartCenter Server.
Checkpoint SEs keeps telling me that this problem will be "fixed" in the next release (aka Dallas).
Anyone is having similar issues that I have when using Smartcenter Server behind a NAT device (non-Checkpoint) to manage other remote Enforcement Modules and having big issue with SIC?
Thanks.
cisco4ng
--------------------------------- Do you Yahoo!? Yahoo! Small Business - Try our new resources site!
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
