Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

How to Troubleshoot SIC on Check Point Firewall

SIC (Secure Internal Communication) is used to establish trust between firewalls and managers. This is how to troubleshoot SIC:

SIC is actually a certificate based challenge, and the cert is generated by the one time password process. SIC is based on SSL with digital certificates. The CA (certificate authority) is created when the manager is installed. This CA issues certs afterwards to all processes/servers that communicate using SIC. Basically SIC establishes trust and allows the gateway to communicate with other Check Point devices that possess a SIC certificate, signed by the same ICA.

Check Point Support Center

There is an article on the Check Point support site that describes other things to look at relating to SIC: SK30579

Port 18209

Used for communication between the Security Gateway and the CA for status, to issue, and revoke.

Port 18210

Used to pull certificates from the CA.

Port 18211

Used by the cpd daemon on the Security Gateway to receive the Certificate (by clicking "Initialize" in SmartDashboard).

Basic SIC Troubleshooting

  • Make sure the routes and connectivity exist between the gateway and Security Management Server.

  • Allow any rules or ACLs that might block communication.

  • Make sure server and gateway use the same SIC key.

  • Verify date and time are accurate on both devices.

  • Remote gateways need the /etc/hosts IP/name to resolve the management IP

CPD is used for the SIC process. In the process of start/stopping CPD to debug SIC, you could affect the following services:

  • Policy Fetch/Installation

  • SIC (sic of course)

  • Messaging for other SmartCenter Daemons

  • Licensing

CPD can sometimes consume all available memory. Check the output of the “top” command (look at RES and CPU columns):

Restarting CPD Process


# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"
# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"


Inspect SIC Packets with FW Monitor


fw monitor -e 'accept (dport=18209 or dport=18210 or dport=18211);'


What to look for:

  • Look at the i I o O chain to tell interface entrance/exit or if it hits firewall at all

  • If it goes through part of the i I o O chain but not all, it is dropped on the firewall and the drop may appear in the logs

Verify SIC Service is Listening


(windows)c:\> netstat -na | findstr 18211
(linux)expert# netstat -na | grep 18211


Failure to Initialize SIC


Failed to connect the module


Policy install fails on a rebuilt VSX cluster member


SIC Status for  not communicating.  Peer does not have a certificate for SIC


Rmote Security gateway does not receive the certificate

SIC General Failure


CPD process consumes high CPU during SIC status test


SIC general failure error no. 148


CPD reaches high CPU after install QoS Policy with User Access

SIC Error no. 147


Installing Policy to a VPN-1 gateway from a CMA fails with SIC error 147


CPD debug shows: "SIC Error for CpdPing: received bad message length from peer"


SIC Status for  Not communicating Authentication error err no 147

Misc SIC Errors


Automatic SIC renewal mechanism does not function in R70.xx


Security Gateway randomly loses SIC with SmartCenter


Undefined Error in SmartDashboard when establing Trust with Virtual Device


SIC fails even though SIC certificate was renewed
Last updated on 15 Jul 2018
Published on 15 Jul 2018