Hi, This process definitely works on R55 so will probably be good for R54.
1. Perform a backup of the management and the module prior any change. 2. Edit the GW object - remove him from all the vpn communities. 3. Press OK to save the change 4. Edit the GW object again - in the General section uncheck the VPN option and press OK. - this will delete the certificate. 5. Now edit the GW again and check the VPN option, it will regenerate a certificate. Press OK. 6. Open and edit the GW again �C now add all the communities back. 7. Save all changes, and install the policy. Regard, Dave Allen CCSE, NCSP TAC Team Leader Phoenix IT Group -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bob Grabbe Sent: 29 July 2008 20:06 To: [email protected] Subject: Re: [FW-1] Checkpoint certificate renewal problem No luck with any of that. I'm running NGAI R54, so I'm thinking that some of the tools in later versions might not be available to me. Bob Grabbe Michigan Proteome Consortium [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Genius Chung Sent: Thursday, July 31, 2008 1:56 PM To: [email protected] Subject: Re: [FW-1] Checkpoint certificate renewal problem Hi Bob, You can try to refer to the Check Point KB Solution ID "sk14532" for re-new the cert and perform the fwm sic_reset. By the way, the easy solution is. You can try to delete the cert in the GUI. And then add the new cert again. (for NGAI) For the NGX version, you can just click the "renew" button in the GUI. Thanks, Regards, Alan --- 2008年8月1日 星期五,Bob Grabbe <[EMAIL PROTECTED]> ��道�s > 寄件人: Bob Grabbe <[EMAIL PROTECTED]> > 主�}: Re: [FW-1] Checkpoint certificate renewal problem > 收件人: [email protected] > 日期: 2008 8 1 星期五 上午 1:08 > At this point I am almost where I can delete and recreate > the vpn > certificate, I have disabled vpn-1 on the gateway and am > trying to delete > the certificate through the checkpoint dashboard. When I > try this, though, I > get an error that I'm unable to contact the certificate > authority on the > management station. > Trying fwm sic_reset doesn't work because the > certificate is still there, > cpstop and cpstart haven't helped any either. > I'd appreciate any suggestions from anyone as to what > to try that would let > me regenerate the certificate. > Thanks > > Bob Grabbe > Michigan Proteome Consortium > [EMAIL PROTECTED] > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On > Behalf Of Bob Grabbe > Sent: Thursday, July 31, 2008 9:10 AM > To: [email protected] > Subject: [FW-1] Checkpoint certificate renewal problem > > I'm hoping I can get some help on this. My firewall > appears to be having a > problem renewing it's internal certificate, although > I'm not sure that's the > right problem. > What I'm having happen is that vpn clients get a > message that the > certificate has expired, and on my desktop when I try to > run the > Smartdashboard, I get the same thing. > When I look at the certificate it does say that it's > expired as of > yesterday, but I thought it was supposed to automatically > renew itself. > One suggestion I found through a google search was to set > the firewall clock > back, cpstop and cpstart. This didn't do anything. I > also found a suggestion > to do fwm sic_reset, but it's not able to reset because > of the following: > "There are IKE Certificates that were generated by the > internal Certificate Authority. > Please remove them (using the SmartDashboard) so that > the internal Certificate Authority can be destroyed." > Besides being unsure whether this is the right thing to do, > I haven't been > able to find the ike certificate to delete it in > Smartdashboard. I am able > to run the dashboard if I set my desktop date to before > today. > If there's any way I can get any suggestions I'd > really appreciate it. > BTW, this is R54 Ngx, but there's no way I'm able > to upgrade. > Thanks > Bob Grabbe > Michigan Proteome Consortium > [EMAIL PROTECTED] > > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= Yahoo! [EMAIL PROTECTED] ���]地址,想登��你的新身份? ��前往 http://hk.promo.yahoo.com/mail/ymail/ 了解更多相�P�Y��! Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
