We recently had to reboot our firewall, and somehow the hostname of the box was different at next boot. Well this sure screwed up CheckPoint!
First problem was "too many gateways in objects file" because it auto-created a new one with the new hostname. After fixing the hostname this went away and the policy loaded up.
Next problem was that I had 2 gateway objects, and the one with the incorrect hostname was listed as the primary management server. The real gateway was listed as secondary mangement.
I next tried to delete the extra gateway, but couldn't because it had IKE certificates (or whatever they are called). Instructions for deleting those said to go into the object properties in the GUI, click VPN, click IKE in on the right and then Edit. Well, I had no IKE listed in the box at right, and clicking Edit just crashed the GUI.
Also when installing a policy on the correct gateway, I was getting the "add_ca_cert_hash: failed corrupt internal_ca object" error. This had actually been a problem from before this hostname issue. So my next attempt was to try and fix this, and I tried the manual edit method of deleting cert information from objects_5_0.C, ICA*, etc. Then did a cpstop, and fwm sic_reset. The fwm sic_reset just never came back (gave it about 10-15 minutes!). I tried it with the -yes parameter, no difference.
So after a cpstart, the policy still loads and all, but now I cannot get into the GUI (authentication failed). I presume this is because the SIC is screwed up from my deletion of cert info and incomplete sic_reset.
Any suggestions on how to fix this mess are much appreciated!
First problem was "too many gateways in objects file" because it auto-created a new one with the new hostname. After fixing the hostname this went away and the policy loaded up.
Next problem was that I had 2 gateway objects, and the one with the incorrect hostname was listed as the primary management server. The real gateway was listed as secondary mangement.
I next tried to delete the extra gateway, but couldn't because it had IKE certificates (or whatever they are called). Instructions for deleting those said to go into the object properties in the GUI, click VPN, click IKE in on the right and then Edit. Well, I had no IKE listed in the box at right, and clicking Edit just crashed the GUI.
Also when installing a policy on the correct gateway, I was getting the "add_ca_cert_hash: failed corrupt internal_ca object" error. This had actually been a problem from before this hostname issue. So my next attempt was to try and fix this, and I tried the manual edit method of deleting cert information from objects_5_0.C, ICA*, etc. Then did a cpstop, and fwm sic_reset. The fwm sic_reset just never came back (gave it about 10-15 minutes!). I tried it with the -yes parameter, no difference.
So after a cpstart, the policy still loads and all, but now I cannot get into the GUI (authentication failed). I presume this is because the SIC is screwed up from my deletion of cert info and incomplete sic_reset.
Any suggestions on how to fix this mess are much appreciated!