Technical data
VSX Diagnostics and Troubleshooting
Check Point VSX Administration Guide NGX R67 | 181
Possible Causes
How to Resolve
Time or time zone mismatch between
the management and the gateway.
For proper SIC operation, the time, date
and time zone must be synchronized
between the management server and
gateways/ cluster members.
Execute the /bin/date -u command on
all machines, to obtain the correct
UTC/GMT time. The machines can be in
different time zones, as long as their
UTC/GMT times match.
Change the time, date and time zone on the
management and/or the gateway(s) so that their
UTC/GMT times match. Refer to you operating
system documentation for the exact commands
needed to accomplish this.
Re-establishing SIC Trust with Virtual Devices
In the event that you encounter connectivity problems due to the loss of SIC trust for a specific virtual
device, you can use the following procedure to manually re-establish trust.
To manually re-establish SIC Trust with virtual devices:
1. Execute the following command from the VSX Gateway command line (In the expert mode): vsx sic
reset <vsid>.
vsid: Identification number of the virtual device
2. Execute the following command(s) on the management server:
a) # MDSsnv <target_domain_name>
(Multi-Domain Security Management only)
b) # cpca_client revoke_cert -n <vs_sic_name>
vs_sic_name: Virtual device SIC name. To determine the SIC name, run guidbedit.exe and search
for the sic_name attribute on the virtual device network object.
3. In SmartDashboard, open the virtual device object and click OK. This action creates a new SIC
certificate for the virtual device and saves it on the VSX gateway.
Sync Networks Do Not match
If you click Get Configuration in the VSX Cluster Creation wizard and an error message shows that the
sync networks do not match, see if the IP addresses on the sync interface are valid. The Addresses must be
unique for each member, must belong to the same network and must have the same Net mask. The
interface that is used for Sync was defined during the initial configuration phase on the VSX gateway.
To resolve, change the IP address/Net mask of the Sync interface, restart the VSX gateway(s), and click
Get Configuration again.
Install Policy Error Using VSX Creation Wizard
After completing the VSX creation wizard, a failure occurs and the following message appears in the
Operation Report window: Error: Default policy installation failed on VSX. Install
policy manually using SmartDashboard.
Possible Causes
How to Resolve
Missing or invalid license on the
management server.
Execute cplic check on the
management server to verify that you
have the required licenses.
Obtain and install the appropriate licenses.