Detecting changes to the local configuration on firewalls

After a configuration is deployed for the first time, SMC will regularly check whether the configuration deployed from the server continues to match the one found on the firewall. The SMC server can therefore detect changes made directly on the SNS firewall without going through SMC.

You can manage verifications by using an environment variable:

Variable Description

FWADMIN_CONFIG_STATUS_CHECK_PERIOD

By default: 120000 ms

The variable defines the frequency with which SMC will check the configuration on firewalls.

The value is defined in milliseconds.

Setting a variable to 0 disables the feature; the configuration on firewalls will no longer be verified.

If SMC detects changes to the configuration that were made locally, the status of the firewall switches to Critical and the “Local modification” health indicator will appear.

The version number will therefore be struck through in red because it no longer matches the configuration on the firewall.

Do note that SMC detects only changes to the files that it deploys. An SNS firewall update will not be considered a local modification.