From the SMC server, you can manage and configure the static, dynamic, return and default routes of your firewalls in version 4.2.4 and upwards.
Go to the settings of the firewall in question and select Configure network interfaces and routing for this firewall from SMC.
If this option is not selected, the firewall’s Routing tab will be in read-only mode. The objects contained in read-only routes will therefore not be retrieved on SMC.
The Routing tab automatically displays the routes of your SNS firewall. You will then be able to configure the following from a central point:
|Static and return routes||To create new static and return routes, click on Add at the top of the grid.|
Double-click on the line where dynamic routing appears in the grid. You can change the routing configuration to BIRD format and select advanced options. For more information, refer to the Dynamic routing section in the Stormshield Network User Configuration Manual.
Double-click on the line in the grid and select a gateway.
When the configuration is deployed, the network configuration deployed from SMC takes priority over the firewall’s local configuration and overwrites it.
For more information on route configuration, refer to the Routing section in the Stormshield Network User Configuration Manual.
When the Routing tab is in read-only mode, SMC retrieves the firewall's routes every time the tab is opened.
In the firewall's settings, you can force the retrieval of the interface and routing configuration, as long as SMC supports the configuration:
Currently, configuration in IPv6 is not supported.
If the default gateway set on an SNS firewall does not match any object in the firewall's object database, route retrieval will not be supported. An error log will be generated in the server's logs, explaining that the IP address must be represented by an object.
Objects containing only IPv6 and/or MAC addresses cannot be used.
Router objects can be used as gateways to a static route on SNS firewalls in at least version 4.3.0.
In SMC, "firewall_" objects are used in routes in exactly the same way they are used on SNS firewalls. So during a deployment, if the firewall detects such objects being used wrongly, the deployment will fail.
Dynamic routing - SMC does not support the following parameters. If necessary, configure them directly from the SNS firewall. They will not be overwritten by the routing configuration originating from SMC: