Configure network interfaces
From the SMC server, configure your firewalls’ network interfaces.
Go to the System > Configuration tab of the firewall in question and select Configure network interfaces and routing for this firewall from SMC to indicate that SMC manages the network for this firewall.
Next, go to the Interfaces > Interfaces and Interfaces > IPsec interfaces (VTI) tabs to configure the interfaces.
If this option is not selected, SMC will not manage the network for this firewall and the firewall’s Interfaces tab will be in read-only mode.
If you select this option when a firewall is already part of a route-based VPN topology, any associated IPsec interfaces (VTI) that are missing will automatically be created and shown in the IPsec interfaces (VTI) tab. For further information, refer to the section Configuring IPsec interfaces (VTI).
When the Interfaces tab is in read-only mode, SMC retrieves the firewall's interfaces every time the page of the firewall's settings is opened. This is not the case when routing and network configuration is managed by SMC.
In the firewall's settings, you can then force the retrieval of the interface and routing configuration:
-
Go to the firewall's settings,
-
In the System > Configuration tab, select Configure network interfaces and routing for this firewall from SMC if it has not already been selected.
-
Expand Firewall information and configuration retrieval (advanced) and click on Retrieve configuration of interfaces and routing.
When you force a firewall's interfaces to be retrieved, and if the firewall has virtual IPsec interfaces (VTI), we recommend that you look up the server's logs to ensure that there is no conflict in the interface name, IP address or mask between the IPsec interfaces created on SMC and the IPsec interfaces created on the firewall. Identical names or addresses may delete interfaces used in routes or rules.