Enabling the consistency check for the “Diffusion Restreinte” mode

WARNING
Folder administrators whose read access privileges are restricted to certain folders on SMC cannot perform this operation. For more information, refer to the section Restricting folder administrators' access privileges.

A consistency checker in SMC makes it possible to verify whether the configurations on connected firewalls are compatible with DR mode requirements:

  • Signature algorithms and key sizes of firewall and authority certificates,
  • Encryption profiles, authentication method and IKE version in VPN topologies. We recommend that you use the DR encryption profile that SMC provides by default. To look up this profile, go to Configuration > Encryption profiles. For more information on selecting encryption profiles in topologies, refer to Creating and monitoring VPN tunnels.
  • Versions of firewalls connected to SMC.

This consistency check is mandatory prior to enabling DR mode.

To enable the DR mode consistency check:

  1. Go to Maintenance > SMC Server > Settings tab > “ANSSI Diffusion Restreinte (DR)" mode.
  2. Select Enable consistency check for the “Diffusion Restreinte (DR)” mode.Enable “ANSSI Diffusion Restreinte (DR)” mode
  3. Click on Apply.

If there are any messages indicating that there are incompatibilities in the configuration, they will be shown in the consistency check at the bottom of the screen. You can select Display only DR mode inconsistencies to see only messages from the DR mode consistency check.