What must you do first if "fwm sic_reset" could not be completed?
A. Cpstop then find keyword "certificate" in objects_5_0.C and delete the section
B. Reinitialize SIC on the security gateway then run "fw unloadlocal"
C. Reset SIC from Smart Dashboard
D. Change internal CA via cpconfig
The question is CLEARLY mentioning if the command is not completed . Meaning you prob weren’t able to run . Well that because you probably have IKE certificates in use so what to do you say ? we follow this and i quote chkp
Manually remove all IKE certificates from the database.
a)
Open
$FWDIR/conf/objects_5_0.C
for editing.
b)
Search for
:certificates
. Make sure that in each instance, it is empty:
:certificates ()
. If it has value
(object has an IKE certificate), remove the value.
c)
Save the changes
Answer given D is what you do AFTER you run the command
You are welcome …
Answer is D:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk14532
answer is A