Warning before connecting SN firewalls to the SMC server

Take note of the following information if you wish to associate the SMC server with an environment of firewalls containing global configuration items already used in production.

When SMC deploys a configuration on a firewall, all existing global configuration items on this firewall will be deleted and replaced with configuration items defined in the SMC configuration, if any.

This includes:

  • global objects defined on the firewall
  • global filter rules defined on the firewall,
  • global VPN tunnels defined on the firewall

These elements are invisible by default in the SNS web configuration interface. To display them, go to the firewall Preferences, section Application settings and enable the option Display global policies (Filter, NAT, IPsec VPN and Objects).

If you connect a firewall to SMC, you accept that any global items you may have created on this firewall will be overwritten as soon as the first configuration is deployed by SMC.

However, local objects, rules and VPN tunnels (used by default in the firewall web administration interface) will never be modified or deleted by SMC in a configuration deployment.

We recommend that you recreate these global items in the form of local items on the firewall or rewrite the rules in SMC before connecting the firewall to SMC, in order to avoid losing any configuration items and disrupting production.

In most frequent cases, the firewall does not have any global configuration elements and then no special precaution must be taken before connecting the firewall to SMC. Production will not be impacted.

In any case, we advise you to perform a backup of your firewall's configuration before connecting it to SMC.