Explanations on usage

Using VTI objects generated by route-based VPN topologies

When a route-based VPN topology is modified or deleted in SMC, Host VTI objects that this topology automatically generates to represent remote peers will also be modified or deleted. If you are using such objects in the local configuration of your SN firewalls, first ensure that you delete them before modifying or deleting a topology in SMC.

VPN topologies deployment

It is not possible to deploy a VPN topology from the SMC server if the name of a firewall is too long. The names of VPN topologies on firewalls cannot contain more than 127 characters.

Configuring routing on SMC

Several of the interfaces used for contacting the SMC server can be configured, but only one default gateway can be declared on a single interface. Routing must be configured manually for the other interfaces. An article in the Stormshield Knowledge base sets out the procedure to follow.

Using global network objects in a local configuration

On SN firewalls, global objects may be used in local configurations. However, when SMC deploys a configuration on a firewall, existing global objects on the firewall will be deleted and replaced with objects defined in the SMC configuration. To keep the local configuration running, you need to impose the deployment of necessary global objects on affected firewalls.

For more information, refer to the section Warning before connecting SN firewalls to the SMC server.

Migrating a V model virtual firewall to an EVA model

V-50, V-100 and V-200 virtual firewalls can no longer be upgraded to EVA models using the variable %FW_UPD_SUFFIX% in an SNS CLI script run from the SMC server.

To work around this issue, replace the variable %FW_SIZE% with the value "XL-VM" in the upgrade script.