PROBLEM
The following issue has been posted by Manfred Reinholdt on Feb 2, 2010.
Hei,
after installing EndPoint Security Server R73 HFA1 i try to initialize the SIC but when executing cpconfig the option Secure Internal Communication is not avaliable.
Some idea ?
It seems like I’m having similar issue here. I’ll do more research on this and will update this post once I’ve the solution. If you have any info regarding this, please let me know.
[Expert@R60-FW]# cpconfig
This program will let you re-configure
your Check Point products configuration.
Configuration Options:
———————-
(1) Licenses
(2) Administrator
(3) GUI Clients
(4) SNMP Extension
(5) Group Permissions
(6) PKCS#11 Token
(7) Random Pool
(8) Certificate Authority
(9) Certificate’s Fingerprint
(10) Disable Advanced Routing
(11) Disable Check Point SecureXL
(12) Automatic start of Check Point Products
(13) Exit
Enter your choice (1-13) :
SIMILAR ISSUE
https://forums.checkpoint.com/forums/message.jspa?messageID=35542
SOLUTION
Do not select SmartCenter (Management) for CPHA setup
During installation, you’ll be presented with the following option.
The following products are available in this version
Please select product(s)
1 [*] VPN-1 Power
2 [ ] UserAuthority
3 [ ] SmartCenter
4 [ ] Eventia Suite
5 [ ] Integrity
6 [*] Performance Pack
7 [ ] SmartPortal
Thanks to Brandon who left a comment below. According to him, my firewall is defined as a management server and firewall gateway. That’s the main reason why I never see SIC menu.
Now I understand that in order to configure High Availability in Check Point, Management Server and Firewall Gateway can’t be installed together. In the other words, never select option 3 which is SmartCenter if you want to configure it as HA.
If you select it, the following option will never appear. Type y for yes for the following option:
Would you like to install a Check Point clustering product (CPHA, CPLS or State Synchronization)? (y/n) [n] ? y
Full menu looks like below
Welcome to Check Point Configuration Program
=================================================
Is this a Dynamically Assigned IP Address gateway installation ? (y/n) [n] ?
Would you like to install a Check Point clustering product (CPHA, CPLS or State Synchronization)? (y/n) [n] ? y
After that, install as usual, reboot the firewall and run cpconfig again.
Finally, menu 5, Secure Internal Communication is appear.
[Expert@R65-FW]# cpconfig
This program will let you re-configure your Check Point products configuration.
Configuration Options:
———————-
(1) Licenses
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable Advanced Routing
(7) Disable cluster membership for this gateway
(8) Disable Check Point SecureXL
(9) Automatic start of Check Point Products
(10) Exit
Enter your choice (1-10) : 5