SIC operation is handled by cpd process and it is based on PKI and SSL/TLS. The gateways listen on TCP ports 18211. Traffic from the gateways to SM on TCP port 18209 should be also permitted. Another requirement for SIC to succeed is time synchronization within few minutes.
Also included in SIC procedure:
- SM Internal Certificate Authority (ICA) generate both SM and firewall certificates (SMS-cert and FW-cert).
- The initial established secure communication tunnel, using the One-Time SIC Activation Key, helps provide the gateways with this information.
SmartUpdate
We use the Check Point SmartUpdate (that provides a centralized way to guarantee that internet security throughout the enterprise network is always up to date) to check the attached licences like in the following figure :
Evaluation licences could be easily retrieved from Check Point UserCenter in case some of them are needed. They are valid for a month which is more than enough. Thank you Check Point!
Now that we’ve set up our 3 VM machines (SM, SG1, SG2) and get them synchronized (Host interface using Windows loopbacks) let’s move to our network configuration using GNS3 (our network emulator). In GNS3 we connect router R3 to the intranet network also defined by the corresponding security zone. The R2 router emulated internet access. Routers R1 and R4 are in our DMZ.
