Print
Category: SecureTrack

When monitoring a Check Point Management Server and its firewalls with SecureTrack, sometimes an issue is found after upgrading Check Point.
The error message regarding a device is "Inconsistent SSL data stored in db for device...".

To solve this problem, a backup needs to be done first (!).

 

A first approach to solve this issue is to renew the certificate of the Check Point Management. This can be done using these steps:

TOS Classic:
Go to Menu > Settings > Administration > Monitoring. Select the device delivering the message and select "Edit configuration". Go through the first steps using "Next". In step 4 the user name and password are provided for the connection to the Check Point Management. Provide these data and press "Establish connection".
By doing so, the certificate is going to be replaced. After going through the remaining steps with "Next", save the modified configuration. This should solve the problem.

TOS Aurora:
Go to Menu > Monitoring > Manage Devices. Select the device delivering the message and select "Edit configuration". Go through the first steps using "Next". In step 4 the user name and password are provided for the connection to the Check Point Management. Provide these data and press "Establish connection". By doing so, the certificate is going to be replaced. After going through the remaining steps with "Next", save the modified configuration. This should solve the problem.

 

If the steps shown above don't solve the problem, direct access to the database is necessary. This is officially supported for TOS Classic only. If you need this procedure for Aurora, please contact AERAsec directly.

First, find the Management-ID of the problematic Check Point Management device. This can be done via WebUI (see also here) or via CLI with administrative permissions (e.g. root or using the sudo command). These steps will help:

This procedure should solve the issue. If not, please contact Tufin Support.