Connecting a firewall with a factory configuration to the server
The three following steps are required to connect a firewall with a factory configuration to the SMC server:
- In the SMC server web interface, select Monitoring > Firewalls and click Create a firewall.
- Complete the firewall properties. The Firewall name, Description and Location fields are filled in for information only and do not have any impact on the configuration.
- For more information on the VPN contact address, refer to the section Defining the contact IP address of firewalls for VPN topologies.
- For more information on the VPN output interface, refer to the section Selecting the output interface of firewalls for VPN topologies.
- Select the folder in which you wish to organize the firewall. Folders are created in the Configuration > Firewalls and folders menu on the left. For more information, please refer to the section Organizing firewalls by folders.
- In the same window, select Generate the connecting package to generate the package while adding the new firewall. This connecting package will have to be installed on the firewall to connect to the SMC server.
You can build the package later, by editing the firewall in the Firewalls menu.
- Click on Create.
- In the Generating the connecting package panel, click on Next then select The firewall still has a factory configuration.
- On next panel, select the version of the firewall and complete the minimum network configuration information for the firewall that would enable access to the SMC server.
- Fill in the information to connect to the SMC server. According to the firewall version, the panel is not the same. In 3.9.0 and higher versions:
- IP address or FQDN: the firewall connects using these addresses to contact the SMC server. Depending on network topology, they can either be the SMC server's IP addresses or external IP addresses that the firewall can reach, and which are redirected to the SMC server through destination translation. You can set up to ten addresses or FQDNs to contact the SMC server, by order of priority. The firewall browses the addresses from 1 to 10 and connects to the SMC server through the first address reachable. If the address currently used has not the highest priority, the firewall regularly tries to reach an address with greatest priority.
- Port: depending on network topology, they can either be the SMC server's ports (1754 by default) or external ports that the firewall can reach, and which are redirected to the SMC server's port through destination translation.
- OUT interface: you can specify a different outgoing interface for each contact address.
- For firewalls in version 3.3.X to 3.8.X, only one outgoing interface can be specified, and which will apply for all contact addresses.
- On firewalls in versions lower than 3.3.X, only one address and a single contact port can be specified. The default outgoing interface cannot be changed.
- Click on Generate and download.
The connecting package makes it possible to establish a connection from the firewall to the SMC server. Share this package only with trusted users.
- Provide the connecting package to the administrator in charge of deploying the new firewall on the remote site.
- Ensure the administrator:
- copies the connecting package (.pack) and a SNS update file (.maj) to an empty USB drive. The required formats of the drive is FAT32, FAT16 or UFS. The version 2.3.0 of SNS is the minimum version required.
- plugs the USB drive into the new firewall and connects the OUT interface to the network.
- starts the firewall. The firewall first installs the SNS update file and reboots. After restarting, the firewall installs the connecting package: the IP addresses of the SMC server and of the OUT interface of the firewall are configured and the firewall connects to the SMC server.
- In the SMC server web interface, verify that the state of the firewall changes in the Firewalls menu. It must be "On line".
- To ensure the security of your appliance, log on directly to the firewall's administration interface by clicking on the icon and changing the firewall's administration password. For more information on direct access to the firewall's interface, refer to the section Accessing the web administration interface of firewalls.
The firewall administrator can see the connection settings to the SMC server on the firewall web administration interface: in the dashboard component and in the menu Configuration > System > Management Center. He/she can also install a new connecting package from the web administration interface.